Draytek Vigor2850 Series Скачать руководство пользователя страница 141 | Manualshive

Страница: 141 / 387

background image

Vigor2850 Series User’s Guide

131

Enable ICMP flood
defense

Check the box to activate the ICMP flood defense function.
Similar to the UDP flood defense function, once if the
Threshold of ICMP packets from Internet has exceeded the
defined value, the router will discard the ICMP echo
requests coming from the Internet. The default setting for
threshold and timeout are 50 packets per second and 10
seconds, respectively.

Enable PortScan
detection

Port Scan attacks the Vigor router by sending lots of packets
to many ports in an attempt to find ignorant services would
respond. Check the box to activate the Port Scan detection.
Whenever detecting this malicious exploration behavior by
monitoring the port-scanning Threshold rate, the Vigor
router will send out a warning. By default, the Vigor router
sets the threshold as 150 packets per second.

Block IP options

Check the box to activate the Block IP options function.
The Vigor router will ignore any IP packets with IP option
field in the datagram header. The reason for limitation is IP
option appears to be a vulnerability of the security for the
LAN because it will carry significant information, such as
security, TCC (closed user group) parameters, a series of
Internet addresses, routing messages...etc. An eavesdropper
outside might learn the details of your private networks.

Block Land

Check the box to enforce the Vigor router to defense the
Land attacks. The Land attack combines the SYN attack
technology with IP spoofing. A Land attack occurs when an
attacker sends spoofed SYN packets with the identical
source and destination addresses, as well as the port number
to victims.

Block Smurf

Check the box to activate the Block Smurf function. The
Vigor router will ignore any broadcasting ICMP echo
request.

Block trace router

Check the box to enforce the Vigor router not to forward any
trace route packets.

Block SYN fragment

Check the box to activate the Block SYN fragment function.
The Vigor router will drop any packets having SYN flag and
more fragment bit set.

Block Fraggle Attack

Check the box to activate the Block fraggle Attack function.
Any broadcast UDP packets received from the Internet is
blocked.
Activating the DoS/DDoS defense functionality might
block some legal packets. For example, when you activate
the fraggle attack defense, all broadcast UDP packets
coming from the Internet are blocked. Therefore, the RIP
packets from the Internet might be dropped.

Block TCP flag scan

Check the box to activate the Block TCP flag scan function.
Any TCP packet with anomaly flag setting is dropped. Those
scanning activities include

no flag scan

,

FIN without ACK

scan

,

SYN FINscan

,

Xmas scan

and

full Xmas scan

.

Block Tear Drop

Check the box to activate the Block Tear Drop function.

«
...
139
140
141
142
143
...
»

Содержание Vigor2850 Series

Страница 1: ......

Страница 2: ...Vigor2850 Series User s Guide ii...

Страница 3: ...Vigor2850 Series User s Guide iii Vigor2850 Series VDSL2 Security Firewall User s Guide Version 2 0 Firmware Version V3 6 2_RC1 Date 12 03 2012...

Страница 4: ...ons on conservation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from...

Страница 5: ...radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will no...

Страница 6: ...Vigor2850 Series User s Guide vi...

Страница 7: ...Changing Password 19 2 3 Quick Start Wizard 20 2 3 1 For WAN1 ADSL VDSL 21 2 3 2 For WAN2 Ethernet 26 2 3 3 For WAN3 USB 34 2 4 Service Activation Wizard 35 2 5 Online Status 38 2 5 1 Physical Connect...

Страница 8: ...gs 141 3 6 1 IP Object 141 3 6 2 IP Group 143 3 6 3 IPv6 Object 145 3 6 4 IPv6 Group 147 3 6 5 Service Type Object 148 3 6 6 Service Type Group 150 3 6 7 Keyword Object 151 3 6 8 Keyword Group 153 3 6...

Страница 9: ...Call Control 263 3 14 Wireless LAN 264 3 14 1 Basic Concepts 264 3 14 2 General Setup 266 3 14 3 Security 270 3 14 4 Access Control 272 3 14 5 WPS 273 3 14 6 WDS 276 3 14 7 Advanced Setting 279 3 14 8...

Страница 10: ...and Headquarter 336 4 4 Create a Remote Dial in User Connection Between the Teleworker and Headquarter 344 4 5 QoS Setting Example 348 4 6 Upgrade Firmware for Your Router 353 4 7 Request a certifica...

Страница 11: ...s supports USB interface for connecting USB printer to share printing function or 3G USB modem for network connection Vigor2850 series provides two level management to simplify the configuration of ne...

Страница 12: ...s ready to access Internet through ADSL link ADSL Blinking Slowly The ADSL connection is ready Quickly The connection is training On The router is ready to access Internet through VDSL link VDSL Blink...

Страница 13: ...ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration GigaLAN 1 3 Connecters for local network devices 4 WAN Connecter for l...

Страница 14: ...r is ready to access Internet through ADSL link ADSL Blinking Slowly The ADSL connection is ready Quickly The connection is training On The router is ready to access Internet through VDSL link VDSL Bl...

Страница 15: ...settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router wi...

Страница 16: ...king Slowly The ADSL connection is ready Quickly The connection is training On The router is ready to access Internet through VDSL link VDSL Blinking Slowly The VDSL connection is ready Quickly The co...

Страница 17: ...T LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default c...

Страница 18: ...On The router is ready to access Internet through VDSL link VDSL Blinking Slowly The VDSL connection is ready Quickly The connection is training On The DoS DDoS function is active DoS Blinking It will...

Страница 19: ...blink rapidly than usual release the button Then the router will restart with the factory default configuration ISDN Connecter for ISDN line GigaLAN 1 3 Connecters for local network devices 4 WAN Con...

Страница 20: ...to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect the telephone set with phone lines for using VoIP function For the model w...

Страница 21: ...s via the router The example provided here is made based on Windows XP 2000 For Windows 98 SE Vista please visit www DrayTek com Before using it please follow the steps below to configure settings for...

Страница 22: ...Series User s Guide 12 4 Click Local printer attached to this computer and click Next 5 In this dialog choose Create a new port Type of port and use the drop down list to select Standard TCP IP Port C...

Страница 23: ...following dialog type 192 168 1 1 router s LAN IP in the field of Printer Name or IP Address and type IP_192 168 1 1 as the port name Then click Next 7 Click Standard and choose Generic Network Card 8...

Страница 24: ...rrect driver loaded onto your PC When you finish the selection click Next 10 For the final stage you need to go back to Control Panel Printers and edit the property of the new printer you have added 1...

Страница 25: ...or other additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ find out the link...

Страница 26: ...Vigor2850 Series User s Guide 16 This page is left blank...

Страница 27: ...ure your PC connects to the router correctly You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the defa...

Страница 28: ...ferent slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configurati...

Страница 29: ...en to ask for username and password 2 Please type admin admin as Username Password for accessing into the web configurator with admin mode 3 Go to System Maintenance page and choose Administrator Pass...

Страница 30: ...een of Quick Start Wizard is entering login password After typing the password please click Next On the next page as shown below please select the WAN interface that you use If DSL interface is used p...

Страница 31: ...or example you should select PPPoE mode if the ISP provides you PPPoE interface In addition the field of For ADSL Only will be available only when ADSL is detected Then click Next for next step P PP P...

Страница 32: ...ress Type the IP address if Fixed IP is enabled Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in the future Back Click it to return...

Страница 33: ...assword Retype the password 3 Please manually enter the Username Password provided by your ISP Then click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup...

Страница 34: ...re two modes offered for you to choose for WAN1 interface Choose MPoA Static or Dynamic IP as the protocol For ADSL Only Such field is provided for ADSL only You have to choose encapsulation and type...

Страница 35: ...the next setting page Cancel Click it to give up the quick start wizard 2 Please type in the IP address mask gateway information originally provided by your ISP Then click Next for viewing summary of...

Страница 36: ...ick Next On the next page as shown below please select the appropriate Internet access type according to the information from your ISP For example you should select PPPoE mode if the ISP provides you...

Страница 37: ...valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password Back Click it to return to previous setting page Next Click it to get int...

Страница 38: ...status of this protocol will be shown 5 Now you can enjoy surfing on the Internet P PP PT TP P L L2 2T TP P 1 Choose WAN2 as the WAN Interface and click the Next button The following page will be open...

Страница 39: ...ubnet Mask Type the subnet mask Gateway Type the IP address of the gateway Primary DNS Type in the primary IP address for the router Second DNS Type in secondary IP address for necessity in the future...

Страница 40: ...St ta at ti ic c I IP P 1 Choose WAN2 as the WAN Interface and click the Next button The following page will be open for you to specify Internet Access Type 2 Click Static IP as the Internet Access t...

Страница 41: ...ss for necessity in the future Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type in the I...

Страница 42: ...cess Type 2 Click DHCP as the Internet Access type Simply click Next to continue Available settings are explained as follows Item Description Host Name Type the name of the host MAC Some Cable service...

Страница 43: ...ick it to give up the quick start wizard 3 After finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the...

Страница 44: ...3 3 U US SB B 1 Choose WAN3 as WAN Interface 2 Then click Next for viewing summary of such connection 3 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this pr...

Страница 45: ...located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activat...

Страница 46: ...filter based on Commtouch operated in the worldwide There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets 4 Setting co...

Страница 47: ...splay the service that you have activated according to your selection s The valid time for the free trial of these services is one month Later if you need to extend the license valid time for the same...

Страница 48: ...on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n f fo or r...

Страница 49: ...the interface IP Displays the IP address of the WAN interface GW IP Displays the IP address of the default gateway TX Packets Displays the total transmitted packets at the WAN interface TX Rate Displa...

Страница 50: ...gateway Note The words in green mean that the WAN connection of that interface is ready for accessing Internet the words in red mean that the WAN connection of that interface is not ready for accessi...

Страница 51: ...tatus the firmware version of such router the profile used by such VDSL2 line the rates for upstream and downstream and so on 2 2 6 6 2 2 V VD DS SL L S Se et tu up p This page allows you to set VDSL2...

Страница 52: ...DS SL L D De eb bu ug g Such feature can offer a system log while encountering the compatibility problem for VDSL connection Simply click the Generate button The system will generate the log for conne...

Страница 53: ...register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router b...

Страница 54: ...n 5 When the following page appears please type in Nickname for the router and choose the right registration date from the popup calendar it appears when you click on the box of Registration Date Afte...

Страница 55: ...If you have not activated web content filter service by using Service Activation Wizard you can activate the service from this step Please click the serial number link 9 From the Device s Service sect...

Страница 56: ...Vigor2850 Series User s Guide 46 11 When this page appears click Register 12 Wait for a moment until the following page appears 13 Click Close...

Страница 57: ...In nt te er rn ne et t P Pr ro ot to oc co ol l I IP P N Ne et tw wo or rk k IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP addr...

Страница 58: ...a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated via PAP or CHAP with R...

Страница 59: ...ed and switched to the normal communication port for proper operation Please configure WAN1 WAN2 and WAN3 settings This webpage allows you to set general setup for WAN1 WAN2 and WAN3 respectively In d...

Страница 60: ...rt is enabled W WA AN N1 1 w wi it th h A AD DS SL L V VD DS SL L Vigor router will detect the physical line is connected by ADSL or VDSL automatically Therefore this page allows you to configure sett...

Страница 61: ...e priority for the packets sending by WAN1 Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority nu...

Страница 62: ...nterface disconnects When all WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect W WA AN N2 2 w wi it th h E Et th he er rn ne et t WAN2 is fixed with phys...

Страница 63: ...ber for such VLAN The range is from 0 to 7 Send SMS if the drops out Use the drop down list to choose one of the profiles which will be used to notify the administrator when the network connection is...

Страница 64: ...g to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such WAN interface The unit is kbps Active Mode Choose Always On to make the WAN3 connection being...

Страница 65: ...ects When all WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect 3 3 1 1 3 3 I In nt te er rn ne et t A Ac cc ce es ss s For the router supports multi WAN...

Страница 66: ...e Use the drop down list to choose a proper access mode The details page of that mode will be popped up If not click Details Page for accessing the page to configure the settings Details Page This but...

Страница 67: ...gs that you adjusted in this page will be invalid Modem Settings for ADSL only Set up the DSL parameters required by your ISP These settings configured here are specified for ADSL only Multi PVC chann...

Страница 68: ...se choose PPPoA protocol and check the box es here The router will behave like a modem which only serves the PPPoE client on the LAN That s the router will offer PPPoA dial up connection WAN Connectio...

Страница 69: ...ease contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set...

Страница 70: ...et Access WAN1 page The following web page will appear Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this f...

Страница 71: ...er available the backup line will be activated automatically and always on until the broadband connection is restored We recommend you to enable this feature if you host a web server for your customer...

Страница 72: ...ess and check the Enable box Then click OK to exit the dialog Obtain an IP address automatically Click this button to obtain the IP address automatically Router Name Type in the router name provided b...

Страница 73: ...click Disable this function will be closed and all the settings that you adjusted in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters ac...

Страница 74: ...tion Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN d...

Страница 75: ...in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MA...

Страница 76: ...ature you must create a dial backup profile first Please click ISDN Dialing to a Single ISP to create the backup profile None Disable the backup function Packet Triggering The backup line is not on un...

Страница 77: ...e to Live Displays value for your reference TTL value is set by telnet command RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables in...

Страница 78: ...router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them D De et ta ai il...

Страница 79: ...tting is only available for the router supporting ISDN function Before utilizing the ISDN dial backup feature you must create a dial backup profile first Please click ISDN Dialing to a Single ISP to c...

Страница 80: ...eld Please contact your ISP before you want to use this function Click Yes to use this function and type in a fixed IP address in the box Fixed IP Address Type a fixed IP address WAN IP Network Settin...

Страница 81: ...ou adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet Modem Initial String Such value is used to initialize USB modem Please use the...

Страница 82: ...o execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live Displays value for your reference TTL value is se...

Страница 83: ...ion which could help you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before yo...

Страница 84: ...gogo6 com page freenet6 account Password Type the password assigned with the user name Confirm Password Type the password again to make the confirmation Tunnel Broker Type the address for the tunnel b...

Страница 85: ...address for the tunnel broker IP FQDN or an optional port number Subnet Prefix Type the subnet prefix address getting from service provider D De et ta ai il ls s P Pa ag ge e f fo or r I IP Pv v6 6 D...

Страница 86: ...Available settings are explained as follows Item Description Static IPv6 Address configuration IPv6 Address Type the IPv6 Static IP Address Prefix Length Type the fixed value for prefix length Add Cli...

Страница 87: ...t PVC line that will be used as multi PVCs Available settings are explained as follows Item Description Enable Check this box to enable that channel The channels that you enabled here will be shown in...

Страница 88: ...ng to the protocol setting that you choose WAN link for Channel 5 6 and 7 are provided for router borne application such as TR 069 The settings must be applied and obtained from your ISP For your spec...

Страница 89: ...C will be effective for VoIP data transmitting and receiving For other settings refer to Details Page for PPPoE PPPoA in WAN1 A AT TM M Q Qo oS S Such configuration is applied to upstream packets Such...

Страница 90: ...ox to designate the LAN port for channel 3 to 8 Service Type Normally service type is used for the service of video stream e g IPTV It can divide the packets from remote control and from video stream...

Страница 91: ...stem allows you to set up to eight channels for multi VLAN Available settings are explained as follows Item Description Channel Display the number of each channel Enable Check this box to enable that...

Страница 92: ...oose the router service for channel 5 6 or 7 Management It can be specified for general management Web configuration telnet TR069 If you choose Management the configuration for this VLAN will be effec...

Страница 93: ...ble Check this box to enable that channel Only channel 3 to 8 can be set in this page for channel 1 to 2 are reserved for NAT using P1 to P4 It means the LAN port 1 to 4 Check the box to designate the...

Страница 94: ...d as follows Item Description Index Click the number of index to access into the load balance policy configuration web page Enable Check this box to enable this policy Protocol Use the drop down menu...

Страница 95: ...tart Type the source IP start for the specified WAN interface Src IP End Type the source IP end for the specified WAN interface If this field is blank it means that all the source IPs inside the LAN w...

Страница 96: ...does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assign...

Страница 97: ...t ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simpl...

Страница 98: ...explained as follows Item Description General Setup Allow to configure settings for each subnet respectively Index Display all of the LAN items Status Basically LAN1 status is enabled in default LAN2...

Страница 99: ...able deactivate the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Default Enable activate the RIP protocol DHCP Server Configuration DHCP stands for Dy...

Страница 100: ...DNS server converts the user friendly name into its equivalent IP address Primary IPAddress You must specify a DNS server IP address here because your ISP should provide you with usually more than one...

Страница 101: ...re explained as follows Item Description RADVD Configuration Enable Click it to enable RADVD server The router advertisement daemon radvd sends Router Advertisement messages specified by RFC 2461 to a...

Страница 102: ...6 Address Type the start and end address for IPv6 server DNS Server IPv6 Address Primary DNS Sever Type the IPv6 address for Primary DNS server Secondary DNS Server Type another IPv6 address for DNS s...

Страница 103: ...network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a...

Страница 104: ...n Network Configuration Enable Disable Click Enable to enable such configuration click Disable to disable such configuration For Routing Usage Click this radio button to invoke this function IPAddress...

Страница 105: ...an 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Use LAN Port Specify an IP for IP Route...

Страница 106: ...R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Index The number 1 to 10 under Index allows you to open next page to set up static route Destination...

Страница 107: ...er 1 to 40 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Set t...

Страница 108: ...e et tw wo or rk ks s Here is an example based on IPv4 of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Inter...

Страница 109: ...192 168 10 0 24 can access the Internet via the router and continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Check the...

Страница 110: ...tion Enable Click it to enable VLAN configuration VLAN Tag Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the LAN while sending them out Please...

Страница 111: ...at least to prevent from not connecting to Vigor router due to unexpected error To add or remove a VLAN please refer to the following example 1 If VLAN 0 is consisted of hosts linked to P1 and P2 and...

Страница 112: ...Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the...

Страница 113: ...te Before you select Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web configurator of the router might not be accessed 3...

Страница 114: ...orize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s public IP address and the router will do the inversion based on...

Страница 115: ...y located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with publi...

Страница 116: ...ias that can be selected and used for port redirection The default setting is All which means all the incoming data from any port will be redirected to specified range of IP address and port Public Po...

Страница 117: ...l access the admin screen of by suffixing the IP address with 8080 e g http 192 168 1 1 8080 instead of port 80 3 3 3 3 2 2 D DM MZ Z H Ho os st t As mentioned above Port Redirection can redirect inco...

Страница 118: ...ypassed if you set up DMZ host We suggest you to add additional filter rules or a secondary firewall Click DMZ Host to open the following page DMZ Host for WAN2 and WAN3 is slightly different with WAN...

Страница 119: ...function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window...

Страница 120: ...explained as follows Item Description Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit...

Страница 121: ...t Port Specify the starting port number of the service offered by the local host End Port Specify the ending port number of the service offered by the local host 3 3 3 3 4 4 A Ad dd dr re es ss s M Ma...

Страница 122: ...vate IP Display the private IP set for this address mapping e g 192 168 1 10 Mask Display the subnet mask selected for this address mapping Status Display the status for the entry enable or disable Cl...

Страница 123: ...address e g 192 168 1 10 or a subnet to be compared with the Public IP address for incoming packets Subnet Mask Select a value of subnet mask for private IP address 3 3 3 3 5 5 P Po or rt t T Tr ri i...

Страница 124: ...t for the incoming data of such triggering profile Status Display if the rule is active or de active Click the index number link to open the configuration page Available settings are explained as foll...

Страница 125: ...he users on the LAN are provided with secured protection by the following firewall facilities z User configurable IP filter Call Filter Data Filter z Stateful Packet Inspection SPI tracks packets and...

Страница 126: ...ually categorized into two types the flooding type attacks and the vulnerability attacks The flooding type attacks will attempt to exhaust all your system s resource while the vulnerability attacks wi...

Страница 127: ...l Filter or Data Filter Under some circumstance your filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply...

Страница 128: ...is in higher priority you cannot enable Accept large incoming fragmented UDP or ICMP Packets Enable Strict Security Firewall Check the box to enable such function All the packets while transmitting t...

Страница 129: ...hoose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later Load Balance Policy Choose the WAN interface for applying Lo...

Страница 130: ...er for applying with this router Please set at least one profile for choosing in CSM URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile...

Страница 131: ...setting is ANSI 1252 Latin I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choose a codepage If you do not have any idea of choosing suit...

Страница 132: ...Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active E...

Страница 133: ...description Maximum length is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Sch...

Страница 134: ...access into the following dialog to choose the source destination IP or IP ranges To set the IP address manually please choose Any Address Single Address Range Address Subnet Address as the Address Ty...

Страница 135: ...available for this service type when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all th...

Страница 136: ...filter rule any more Sessions Control The number typed here is the total sessions of the packets that do not match the filter rule configured in this page The default setting is 60000 MAC Bind IP Stri...

Страница 137: ...r for applying with this router Please set at least one profile for anti virus in CSM Web Content Filter web page first Or choose Create New from the drop down list in this page to create a new profil...

Страница 138: ...se a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Wind...

Страница 139: ...two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can...

Страница 140: ...ecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Time...

Страница 141: ...outside might learn the details of your private networks Block Land Check the box to enforce the Vigor router to defense the Land attacks The Land attack combines the SYN attack technology with IP spo...

Страница 142: ...ent function Any ICMP packets with more fragment bit set are dropped Block Unknown Protocol Check the box to activate the Block Unknown Protocol function Individual IP packet has a protocol field in t...

Страница 143: ...nt User Management accounts This is more flexible and convenient for network management Not only offering the basic checking for Internet access User Management also provides additional firewall rules...

Страница 144: ...plied to every user Available settings are explained as follows Item Description Mode There are two modes offered here for you to choose Each mode will bring different filtering effect to the users in...

Страница 145: ...up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile To set the user profile please click any index number link to open the following pag...

Страница 146: ...he user has to type the password specified here to pass the authentication When the user passes the authentication he she can access Internet via this router with the limitation configured in this use...

Страница 147: ...ayed on the screen with time remaining for connection if Idle Timeout is set However the system will update the time periodically to keep the connection always on Thus Idle Timeout will not interrupt...

Страница 148: ...d by the router for the user with such profile Check the box to enable the function of time quota The first box displays the remaining time of the network connection The second box allows to type the...

Страница 149: ...er objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User defined profiles will be numbered with 3 4 5 and so on Selected Keyw...

Страница 150: ...sers which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Address Display the IP address of the device Last Login Ti...

Страница 151: ...m with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object...

Страница 152: ...choose LAN as the Interface here and choose LAN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule...

Страница 153: ...e Address type is selected Subnet Mask Type the subnet mask if the Subnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied l...

Страница 154: ...Item Description Name Type a name for this profile Maximum 15 characters are allowed Interface Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP O...

Страница 155: ...s with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Click the number under Index column for settings in detail Available...

Страница 156: ...ddress if this object contains any IPv6 address Select Mac Address if this object contains Mac address MAC Address Type the MAC address of the network card which will be controlled Start IP Address Ty...

Страница 157: ...allows you to bind several IPv6 objects into one IPv6 group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Click the number under Index column...

Страница 158: ...Pv6 Objects Click button to add the selected IPv6 objects in this box 3 3 6 6 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects with different...

Страница 159: ...the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all...

Страница 160: ...3 3 6 6 6 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Fa...

Страница 161: ...ble Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the se...

Страница 162: ...column for setting in detail Available settings are explained as follows Item Description Name Type a name for this profile e g game Contents Type the content for such profile For example type gamblin...

Страница 163: ...he keyword groups set here will be chosen as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profil...

Страница 164: ...lected Keyword objects in this box 3 3 6 6 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter Al...

Страница 165: ...le settings are explained as follows Item Description Profile Name Type a name for this profile Type a name for such profile and check all the items of file extension that will be processed in the rou...

Страница 166: ...Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor r...

Страница 167: ...ed in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the prof...

Страница 168: ...ion Profile Name Type a name for the CSM profile Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes The profiles configured here can be applied in the...

Страница 169: ...Vigor2850 Series User s Guide 159 The items categorized under P2P The items categorized under Misc...

Страница 170: ...ayload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes fr...

Страница 171: ...ol and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First When all the packages...

Страница 172: ...clear your browser cache first so that the URL content filtering facility operates properly on a web page that you visited before Action This setting is available only when Either URL Access Control...

Страница 173: ...cessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Cookie Check...

Страница 174: ...pts the mechanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy y...

Страница 175: ...L2 the router will check the URL that the user wants to access via WCF If the data has been accessed previously the IP addresses of source and destination IDs will be memorized for a short time about...

Страница 176: ...ass allow accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with t...

Страница 177: ...ll the actions Pass and Block will be recorded in Syslog 3 3 8 8 B Ba an nd dw wi id dt th h M Ma an na ag ge em me en nt t Below shows the menu items for Bandwidth Management 3 3 8 8 1 1 S Se es ss s...

Страница 178: ...plained as follows Item Description Session Limit Enable Click this button to activate the function of limit session Disable Click this button to close the function of limit session Default session li...

Страница 179: ...Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administra...

Страница 180: ...ick Bandwidth Limit to open the web page To activate the function of limit bandwidth simply click Enable and set the default upstream and downstream limit Available settings are explained as follows I...

Страница 181: ...e list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Smart Bandwidth Limit Check this box to have the bandwi...

Страница 182: ...apply DSCP Differentiated Service Code Point and IP Precedence disciplines at Layer 3 Compared with legacy IP Precedence that uses Type of Service ToS field in the IP header to define 8 service classe...

Страница 183: ...ick the Setup link to access into next page for the general setup of WAN interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for...

Страница 184: ...N N I In nt te er rf fa ac ce e When you click Setup you can configure the bandwidth ratio for QoS of the WAN interface There are four queues allowed for QoS control The first three Class 1 to Class 3...

Страница 185: ...default value is 10000kbps Reserved Bandwidth Ratio It is reserved for the group index in the form of ratio of reserved bandwidth to upstream speed and reserved bandwidth to downstream speed Enable UD...

Страница 186: ...usted for your necessity To add edit or delete the class rule please click the Edit link of that one After you click the Edit link you will see the following page Now you can define the name for that...

Страница 187: ...dress you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the sys...

Страница 188: ...e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e To add a new service type edit or delete an existed service type please click the Edit link under Service Type field After y...

Страница 189: ...ns s Below shows the menu items for Applications 3 3 9 9 1 1 D Dy yn na am mi ic c D DN NS S The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP It means...

Страница 190: ...lear all profiles and recover to factory settings View Log Display DDNS log status Force Update Force the router updates its information to DDNS server Auto Update interval Set the time for the router...

Страница 191: ...ing the router will use WAN1 WAN2 WAN3 as the only channel for such account Service Provider Select the service provider for the DDNS account Service Type Select a service type Dynamic Custom or Stati...

Страница 192: ...by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users c...

Страница 193: ...od for the schedule Action Specify which action Call Schedule should apply during the period of the schedule Force On Force the connection to be always on Force Down Force the connection to be always...

Страница 194: ...been pre defined in the schedule profiles 3 3 9 9 3 3 R RA AD DI IU US S Remote Authentication Dial In User Service RADIUS is a security authentication client server protocol that supports authentica...

Страница 195: ...complexity of other directory service protocols For LDAP is defined to perform inquire and modify the information within the directory and acquire the data in the directory securely therefore users ca...

Страница 196: ...and the router provide the associated support for MSN Messenger to allow full use of the voice video and messaging features Available settings are explained as follows Item Description Enable UPNP Ser...

Страница 197: ...cessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating t...

Страница 198: ...ill be executed through WAN port In addition such function is available in NAT mode Enable IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have m...

Страница 199: ...le settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host...

Страница 200: ...is that Vigor router sends a message to user s mobile through specified service provider to assist the user knowing the real time abnormal situations Vigor router allows you to set up to 8 SMS profil...

Страница 201: ...can use to register to selected SMS provider Password Type a password that the sender can use to register to selected SMS provider Destination Number Type the telephone number that you want it to rece...

Страница 202: ...shows the menu items for VPN and Remote Access 3 3 1 10 0 1 1 V VP PN N C Cl li ie en nt t W Wi iz za ar rd d Such wizard is used to configure VPN settings for VPN client Such wizard will guide to se...

Страница 203: ...or2850 Series User s Guide 193 Please choose a LAN to LAN Profile There are 32 VPN profiles for users to set 2 When you finish the mode and profile selection please click Next to open the following pa...

Страница 204: ...ifferent type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made z When...

Страница 205: ...llowing graphic z When you choose L2TP over IPSec Nice to Have or L2TP over IPSec Must you will see the following graphic Available settings are explained as follows Item Description Profile Name Type...

Страница 206: ...gnature X 509 Click Digital Signature to invoke this function Use the drop down list to choose one of the certificates for using You have to configure one certificate at least previously in Certificat...

Страница 207: ...ilable settings are explained as follows Item Description Go to the VPN Connection Management Click this radio button to access VPN and Remote Access Connection Management for viewing VPN Connection s...

Страница 208: ...by step 1 Open VPN and Remote Access VPN Server Wizard The following page will appear Available settings are explained as follows Item Description VPN Server Mode Selection Choose the direction for t...

Страница 209: ...choose any one of dial in user account profiles Next you have to select suitable dial in type for the VPN server profile There are several types provided here similar to VPN Client Wizard Different Di...

Страница 210: ...User s Guide 200 z When you check PPTP you will see the following graphic z When you check PPTP IPSec L2TP three types or PPTP IPSec two types or L2TP with Policy Nice to Have Must you will see the f...

Страница 211: ...Confirm Pre Shared Key Type the pre shared key again for confirmation Digital Signature X 509 Check the box of Digital Signature to invoke this function Use the drop down list to choose one of the ce...

Страница 212: ...n Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuratio...

Страница 213: ...Optional MPPE This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encrypt...

Страница 214: ...hat starts the negotiation proposes all its policies to the remote peer and then remote peer tries to find a highest priority match with its policies Eventually to set up a secure tunnel for IKE Phase...

Страница 215: ...y Currently only support Pre Shared Key authentication Pre Shared Key Specify a key for IKE authentication Confirm Pre Shared Key Retype the characters to confirm the pre shared key IPSec Security Met...

Страница 216: ...certificates for peer dial in users Available settings are explained as follows Item Description Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into...

Страница 217: ...ific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask...

Страница 218: ...he following figure shows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Index Click the number below Index to access...

Страница 219: ...PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user...

Страница 220: ...ock This is default setting Click this button to let multicast packets be blocked by the router Subnet Chose one of the subnet selections for such VPN profile Assign Static IP Address Allows you to sp...

Страница 221: ...n the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode Callback Function The callback function provides a callback service only for the ISDN LAN to LAN connec...

Страница 222: ...mmary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Name Indicate the name of the LAN to LAN profile The symbol represents that t...

Страница 223: ...ection Enable this profile Check here to activate this profile VPN Dial Out Through Use the drop down menu to choose a proper WAN interface for this profile This setting is useful for dial out only z...

Страница 224: ...er will drop the connection Enable PING to keep alive This function is to help the router to determine the status of IPSec VPN connection especially useful in the case of abnormal VPN IPSec tunnel dis...

Страница 225: ...he most common selection due to wild compatibility VJ compression This field is applicable when you select PPTP or L2TP with or without IPSec policy above VJ Compression is used for TCP IP protocol he...

Страница 226: ...cryption algorithms to the VPN peers and get its feedback to find a match Two combinations are available for Aggressive mode and nine for Main mode We suggest you select the combination that covers th...

Страница 227: ...to callback for the connection afterwards Provide ISDN Number to Remote In the case that the remote peer requires the Vigor router to callback the local ISDN number will be provided to the remote pee...

Страница 228: ...in the general settings User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above Password This field is applicable when you select PPTP or L2TP with or witho...

Страница 229: ...unication Logical Traffic Such technique comes from RFC2890 Define logical traffic for data transmission between both sides of VPN tunnel by using the characteristic of GRE Even hacker can decipher IP...

Страница 230: ...n enable disable one of direction here Herein we provide four options TX RX Both TX Only RX Only and Disable From first subnet to remote network you have to do If the remote network only allows you to...

Страница 231: ...e es s o of f V VP PN N T TR RU UN NK K V VP PN N L Lo oa ad d B Ba al la an nc ce e M Me ec ch ha an ni is sm m VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balan...

Страница 232: ...profile Status v means such profile is enabled x means such profile is disabled Name Display the name of VPN TRUNK VPN Backup mechanism profile Member1 Display the dial out profile selected from the...

Страница 233: ...nce mechanism profile Status v means such profile is enabled x means such profile is disabled Name Display the name of VPN TRUNK VPN Load Balance mechanism profile Member1 Display the dial out profile...

Страница 234: ...mote Access LAN to LAN for you to choose for grouping under certain VPN TRUNK VPN Backup Load Balance mechanism profile z No Index number of LAN to LAN dial out profile z Name Profile name of LAN to L...

Страница 235: ...n ng g V VP PN N T TR RU UN NK K D Di ia al l o ou ut t w wh he en n V VP PN N L Lo oa ad d B Ba al la an nc ce e D Di is sc co on nn ne ec ct te ed d For there is one Tunnel created and connected suc...

Страница 236: ...N to LAN to set a profile with IPSec 2 If the router will be used as the VPN Server i e with virtual address 192 168 50 200 Please type 192 168 50 200 in the field of My GRE IP Type IP address 192 168...

Страница 237: ...ound Robin Based on packet base both tunnels will send the packet alternatively Such method can reach the balance of packet transmission with fixed rate Weighted Round Robin Such method can reach the...

Страница 238: ...tion port and fragment conditions match with the settings specified here and TCP Service Port also fits the number here such binding tunnel table can be established UDP means when the source IP destin...

Страница 239: ...dvanced Backup Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make...

Страница 240: ...d as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode d...

Страница 241: ...09 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the...

Страница 242: ...Import Click this button to import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings...

Страница 243: ...ick IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use t...

Страница 244: ...ed SIP is an end to end signaling protocol that establishes user presence and mobility in VoIP structure Every one who wants to talk using his her SIP Uniform Resource Identifier SIP Address The stand...

Страница 245: ...d of that you will only have to using dial plan or directly dial your friend s account name if you are with the same SIP Registrar z Peer to Peer Before calling you have to know your friend s IP Addre...

Страница 246: ...on established vigor router A will send SAS voice prompt to A and vigor router B will send the SAS voice prompt to B 2 Then the RTP traffic is secured until the call ends 3 If vigor router A wants to...

Страница 247: ...honebook for you to store all your friends and family members SIP addresses Loop through and Backup Phone Number will be displayed if you are using Vigor2850Vn for setting the phone book Click any ind...

Страница 248: ...one call will be changed from VoIP phone into PSTN call according to the loop through direction chosen Note that during the phone switch the blare of phone will appear for a short time And when the Vo...

Страница 249: ...ce When you choose this mode the OP number will be replaced by the prefix number for calling out through the specific VoIP interface Take the above picture Prefix Table Setup web page as an example th...

Страница 250: ...settings configured in VoIP Phone Settings Move UP Move Down Click the link to move the selected entry up or down C Ca al ll l B Ba ar rr ri in ng g Call barring is used to block phone calls coming fr...

Страница 251: ...ring according to the preconfigured schedules Refer to section Applications Schedule for detailed configuration Additionally you can set advanced settings for call barring such as Block Anonymous Bloc...

Страница 252: ...Vigor2850 Series User s Guide 242...

Страница 253: ...n this web page You can change the number based on the region that the router is placed Available settings are explained as follows Item Description Enable Regional Check this box to enable this funct...

Страница 254: ...e number typed in this field to make your phone number ID not displayed on the display panel of remote end Hide caller ID Deact Dial the number typed in this field to release this function Call Waitin...

Страница 255: ...d 3 3 1 12 2 2 2 S SI IP P A Ac cc co ou un nt ts s In this section you set up your own SIP settings When you apply for an account your SIP service provider will give you an Account Name or user name...

Страница 256: ...which port will ring when receiving a phone call Set Phone ISDN1 S0 or ISDN TE as the default ring port for the SIP account If you choose Phone or ISDN1 S0 the ISDN2 TE selection will be dimmed vice...

Страница 257: ...s profile for identifying You can type similar name with the domain For example if the domain name is draytel org then you might set draytel 1 in this field Register via If you want to make VoIP call...

Страница 258: ...ntication ID Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar If this setting value is the same as Account Name it is not necessary for...

Страница 259: ...etting is 30 sec Ring Port Set Phone 1 and or Phone 2 as the default ring port s for this SIP account Ring Pattern Choose a ring tone type for the VoIP phone call Prefer Codec Select one of five codec...

Страница 260: ...0 Voice Active Detector This function can detect if the voice on both sides is active or not If not the router will do something to save the bandwidth for other using Click On to invoke this function...

Страница 261: ...that configured in the advanced settings page of Phone Index Default SIP Account draytel_1 is the default SIP account You can click the number below the Index field to change SIP account for each phon...

Страница 262: ...ess into the following page for configuring Phone settings Available settings are explained as follows Item Description Hotline Check the box to enable it Type in the SIP URL in the field for dialing...

Страница 263: ...ponse Click hook flash to pick up the waiting phone call Call Transfer Check this box to invoke this function Click hook flash to initiate another phone call When the phone call connection succeeds ha...

Страница 264: ...h you are located The common settings of Caller ID Type Dial tone Ringing tone Busy tone and Congestion tone will be shown automatically on the page If you cannot find out a suitable one please choose...

Страница 265: ...The smaller the number is the louder the dial tone is It is recommended for you to use the default setting Ring Frequency This setting is used to drive the frequency of the ring tone It is recommended...

Страница 266: ...Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message Payload Type rfc2833 Choose a number from 96 to 127 the default value was 101 Th...

Страница 267: ...as hours minutes seconds Tx Pkts Total number of transmitted voice packets during this connection session Rx Pkts Total number of received voice packets during this connection session Rx Losts Total...

Страница 268: ...rotocol as Point to Point Configure ISDN port to use static TEI Terminal Endpoint Identifier Point to Multipoint Configure ISDN port to use Dynamic TEI Own Number Enter your ISDN number that you got f...

Страница 269: ...in ng gl le e D Du ua al l I IS SP Ps s Select Dialing to a Single ISP if you access the Internet via a single ISP Available settings are explained as follows Item Description ISP Access Setup ISP Na...

Страница 270: ...AP or CHAP is to configure the PPP session to use the PAP or CHAP protocols to negotiate the username and password with the ISP Idle Timeout Idle timeout means the router will be disconnect after bein...

Страница 271: ...to negotiate the username and password with the ISP Idle Timeout Idle timeout means the router will be disconnect after being idle for a preset amount of time The default is 180 seconds If you set the...

Страница 272: ...you will see Goto ISDN Diagnostic link appears on the bottom of the webpage To have an ISDN connection please click this link Now the system will guide you to click Dial ISDN Wait for a moment after...

Страница 273: ...to 5 for each triggered packet the router will dial 5 times until it is connected to the ISP or remote access router Dial Delay Interval It specifies the interval between dialup retries By default the...

Страница 274: ...r Time the additional channel will be activated Thus the total link speed will be 128kbps two B channels Low Water Mark and Low Water Time These parameters specify the situation in which the second ch...

Страница 275: ...channel etc M Mu ul lt ti ip pl le e S SS SI ID Ds s Vigor router supports four SSID settings for wireless connections Each SSID can be defined with different name and download upload rate for selecti...

Страница 276: ...time Separate the Wireless and the Wired LAN WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons To isolate means neither of the partie...

Страница 277: ...e box to enable wireless function Mode At present the router can connect to 11n Only 11g Only Mixed 11b 11g Mixed 11a 11n Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mixe...

Страница 278: ...l characters The default SSID is DrayTek We suggest you to change it Isolate VPN Check this box to make the wireless clients stations with different VPN not accessing for each other Member Check this...

Страница 279: ...install it into your PC for matching with Packet OVERDRIVE refer to the following picture of Vigor N61 wireless utility window choose Enable for TxBURST on the tab of Option Note means the real transm...

Страница 280: ...default security mode is Mixed WPA WPA2 PSK Default Pre Shared Key PSK is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet...

Страница 281: ...and the encryption key is obtained dynamically from RADIUS server with 802 1X protocol WPA PSK Accepts only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clie...

Страница 282: ...o on nt tr ro ol l In the Access Control the router may restrict wireless access to certain wireless clients only by locking their MAC address into a black or white list The user may block wireless cl...

Страница 283: ...list Edit Edit the selected MAC address in the list Cancel Give up the access control set up OK Click it to save the access control list Clear All Clean all entries in the MAC address list 3 3 1 14 4...

Страница 284: ...rt PBC button of network card z If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor...

Страница 285: ...de of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless cli...

Страница 286: ...Ns through the air y Extend the coverage range of a WLAN To meet the above requirement two WDS modes are implemented in Vigor router One is Bridge the other is Repeater Below shows the function of WDS...

Страница 287: ...do WDS to WDS packet forwarding In the following examples hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links However hosts connected to Bridge 1 CANNOT...

Страница 288: ...tween AP and the router Key Type 8 63 ASCII characters or 64 hexadecimal digits leading by 0x Bridge If you choose Bridge as the connecting mode please type in the peer MAC address in these fields Fou...

Страница 289: ...nly In addition it does not have protection mechanism to avoid the conflict with neighboring devices of 802 11a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving b...

Страница 290: ...re explained as follows Item Description WMM Capable To apply WMM parameters for wireless data transmission please click the Enable radio button APSD Capable The default setting is Disable Aifsn It co...

Страница 291: ...he box means the AP router will answer the response request while transmitting WMM packets through wireless connection It can assure that the peer must receive the WMM packets Check the box means the...

Страница 292: ...WDS settings please type in the AP s MAC address on the bottom of the page and click Bridge or Repeater Next click Add to Later the MAC address of the AP will be added to Bridge or Repeater field of W...

Страница 293: ...l L Lo og g i in n This page allows you to specify an URL for accessing into or display a message when a remote user connects to Internet through this router No matter what purpose of the wireless cli...

Страница 294: ...es here The message will be displayed on the screen for several seconds when the wireless users access into the web page through the router 3 3 1 15 5 U US SB B A Ap pp pl li ic ca at ti io on n USB s...

Страница 295: ...FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename Available settings are explained as follows Item Description General Settings Simult...

Страница 296: ...an have as many as 23 characters Both them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router 3 3 1 15 5 2 2 U US SB B U Us se...

Страница 297: ...rd is specified for accessing into web pages of Vigor router only Also it is reserved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on t...

Страница 298: ...uch profile Any user who uses such profile for accessing into USB storage disk must follow the rule specified here File Check the items Read Write and Delete for such profile Directory Check the items...

Страница 299: ...con to add a new folder Current Path Display current folder Upload Click this button to upload the selected file to the USB storage disk The uploaded file in the USB diskette can be shared for other u...

Страница 300: ...r s host which connecting to the FTP server Username It displays the username that user uses to login to the FTP server When you insert USB storage disk into the Vigor router the system will start to...

Страница 301: ...the system Time Display the time of the event occurred Message Display the information for each event F Fo or r U US SB B S Sy ys sl lo og g This page displays the syslog recorded on the USB storage d...

Страница 302: ...Maintenance 3 3 1 16 6 1 1 S Sy ys st te em m S St ta at tu us s The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the...

Страница 303: ...us Firmware Version It indicates information about equipped WLAN miniPCi card This also helps to provide availability of some features that are bound with some WLAN miniPCi SSID Display the SSID of th...

Страница 304: ...r detailed information CPE Client Such information is useful for Auto Configuration Server Enable Disable Allow Deny the CPE Client to connect with Auto Configuration Server Port Sometimes port confli...

Страница 305: ...request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the maximum period A value of 1 indicates that no maximum period is specified 3 3 1 16 6 3 3 A...

Страница 306: ...into the web configurator with the password typed here for simple web configuration The settings on simple web configurator will be different with full web configurator accessed by using the administr...

Страница 307: ...low the steps below to backup your configuration 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Backup button to get into the following...

Страница 308: ...e Note Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to Sy...

Страница 309: ...save the log to Syslog server Check USB Disk to save the log to the attached USB storage disk Router Name Display the name for such router configured in System Maintenance Management If there is no n...

Страница 310: ...ntication Check this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Chec...

Страница 311: ...Vigor2850 Series User s Guide 301...

Страница 312: ...m the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time pro...

Страница 313: ...nt Access Control Allow management from the Internet Enable the checkbox to allow system administrators to login from the Internet There are several servers provided by the system to allow you managin...

Страница 314: ...specify certain host Trap Community Set trap community by typing a proper name The default setting is public Notification Host IP Set the IP address of the host that will receive the trap community Tr...

Страница 315: ...dule for performing system reboot All the schedules can be set previously in Applications Schedule web page and you can use the number that you have set in that web page If you want to reboot the rout...

Страница 316: ...ng an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayT...

Страница 317: ...mechanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate...

Страница 318: ...Vigor2850 Series User s Guide 308 Below shows the successful activation of Web Content Filter...

Страница 319: ...i ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Trigger to open the web page The internet connection e g PPPoE is triggered by a package sending from the source...

Страница 320: ...ttings are explained as follows Item Description Refresh Click it to reload the page 3 3 1 17 7 3 3 A AR RP P C Ca ac ch he e T Ta ab bl le e Click Diagnostics and click ARP Cache Table to view the co...

Страница 321: ...ou ur r T Ta ab bl le e The table shows a mapping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address co...

Страница 322: ...Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for s...

Страница 323: ...settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer...

Страница 324: ...eb page Available settings are explained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to p...

Страница 325: ...a F Fl lo ow w M Mo on ni it to or r This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is confi...

Страница 326: ...speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent...

Страница 327: ...ng different traffic graph Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 WAN3Bandwidth chart the numbers d...

Страница 328: ...n the web page This page allows you to trace the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or...

Страница 329: ...through Protocol Use the drop down list to choose the protocol that you want to ping through Host IP Address It indicates the IP address of the host Trace Host IP Address It indicates the IPv6 address...

Страница 330: ...own for your reference Available settings are explained as follows Item Description Enable Web Syslog Check this box to enable the function of Web Syslog Syslog Type Use the drop down list to specify...

Страница 331: ...splay the type of the record Message Display the information for each event 3 3 1 17 7 1 12 2 T TS SP PC C S St ta at tu us s IPv6 TSPC status web page could help you to diagnose the connection status...

Страница 332: ...v vi ic ce es s This page allows you to enable or disable the function of detecting external devices Available settings are explained as follows Item Description External Device Auto Discovery Check t...

Страница 333: ...other via existing IPv4 network environment The IPv6 packets will be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive...

Страница 334: ...use the drop down list to choose a proper connection type Different connection types will bring out different configuration page Refer to the following z PPP Dual Stack application IPv4 and IPv6 servi...

Страница 335: ...Vigor2850 Series User s Guide 325 Click OK and open Online Status If the connection is successful you will get the IP address for IPv4 and IPv6 at the same time...

Страница 336: ...nformation for TSPC service Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after ap...

Страница 337: ...Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the ser...

Страница 338: ...Guide 328 z DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection w...

Страница 339: ...User s Guide 329 z Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be s...

Страница 340: ...the subnet of LAN1 supports IPv6 feature 2 In the field of RADVD Configuration the default setting is Enable The client s PC will ask RADVD service for the Prefix of IPv6 address automatically and ge...

Страница 341: ...mmand of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 webs...

Страница 342: ...pe an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a...

Страница 343: ...be done through SAMBA server or FTP server Samba service is based on the original USB FTP service You will need to setup USB FTP first We would like to give brief instructions on USB FTP setup here 1...

Страница 344: ...Vigor2850 Series User s Guide 334 4 Click OK to save the configuration 5 Make sure the FTP service is running properly Please open a browser and type ftp 192 168 1 1 Use the account user1 to login...

Страница 345: ...SB Application USB Disk Status The information for FTP server will be shown as below Now users in LAN of Vigor2710 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They...

Страница 346: ...own in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in Router A in headquarter 1 Go to VPN a...

Страница 347: ...ser s Guide 337 3 Go to LAN to LAN Click on one index number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start t...

Страница 348: ...d If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection If a PPP based service is...

Страница 349: ...d you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup...

Страница 350: ...r B in the remote office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have...

Страница 351: ...connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSe...

Страница 352: ...ression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router A dial in to build VPN connection If an IPSec based service is selected you may further specify the remote...

Страница 353: ...rther specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can dir...

Страница 354: ...as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Go to VPN...

Страница 355: ...tings to as shown below to allow the remote user dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and...

Страница 356: ...or Win2000 XP please use Network and Dial up connections or Smart VPN Client complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or...

Страница 357: ...based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be consistent with the one set up in th...

Страница 358: ...ometimes works at home and takes care of children When working time he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email...

Страница 359: ...an the real bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS perfor...

Страница 360: ...r will set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP 6 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In this index the user will set reserved ba...

Страница 361: ...luent other application Click OK 9 If the worker has connected to the headquarter using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter...

Страница 362: ...52 11 Click Add to open the following window Check the ACT box first 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address L...

Страница 363: ...ll the Router Tools The Firmware Upgrade Utility is included in the tools 1 Go to www DrayTek com 2 Access into Support Downloads Please find out Firmware menu and click it Search the model you have a...

Страница 364: ...Programs and choose Router Tools XXX Firmware Upgrade Utility 8 Type in your router IP usually 192 168 1 1 9 Click the button to the right side of Firmware file typing box Locate the files that you d...

Страница 365: ...are Note that this example is running over Windows OS Operating System 1 Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web...

Страница 366: ...356 4 4 7 7 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Go to Certificate Management...

Страница 367: ...Enter the information in the certificate request 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use 4 Connect to CA server via web browser Follow the instructi...

Страница 368: ...st using a base64 encoded PKCS 7 file Import the X509 Local Certificate Requet text file Select Router Offline request or IPSec Offline request below Then you have done the request and the server now...

Страница 369: ...ificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below window showing BEGINE CERTIFICATE 6 You may...

Страница 370: ...ti if fi ic ca at te e a an nd d S Se et t a as s T Tr ru us st te ed d o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Use web browser connecting to the CA server that you would like to retr...

Страница 371: ...d CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration 4 You may review the...

Страница 372: ...m Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor 4...

Страница 373: ...es User s Guide 363 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and...

Страница 374: ...Vigor2850 Series User s Guide 364 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue...

Страница 375: ...ART 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The fol...

Страница 376: ...click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want 4 4 9 9 2 2 C Cr re ea at ti in ng g a an n A Ac cc co ou un nt t v vi ia a...

Страница 377: ...User s Guide 367 2 Check to confirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer an...

Страница 378: ...ART 6 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The fol...

Страница 379: ...password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account h...

Страница 380: ...Vigor2850 Series User s Guide 370 This page is left blank...

Страница 381: ...king to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 5 1 1 C Ch he ec ck...

Страница 382: ...er trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Wi...

Страница 383: ...tically and Obtain DNS server address automatically F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Netw...

Страница 384: ...uter correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will...

Страница 385: ...ff f You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2850 Later the USB LED will light on which means the installation of USB Modem is successful If the USB LED does not...

Страница 386: ...g g I If f N Ne ec ce es ss sa ar ry y Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Such function is available in A...

Страница 387: ...Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 5 7 7 C Co on n...

Отзывы:

Нет отзывов

Похожие инструкции для Vigor2850 Series

Бренд: Lanner Страницы: 45

Бренд: Clavister Страницы: 76

Бренд: Fortinet Страницы: 2

Бренд: Fortinet Страницы: 388

FortiBridge-1000

Бренд: Fortinet Страницы: 2

Proventia Management SiteProtector SP2001

Бренд: IBM Страницы: 57

Бренд: Fortinet Страницы: 398

TECHDOCS ION 9000

Бренд: PaloAlto Networks Страницы: 32

Бренд: Sophos Страницы: 2

Бренд: Sophos Страницы: 4

Бренд: Sophos Страницы: 2

Бренд: Sophos Страницы: 8

Бренд: Sophos Страницы: 9

Бренд: Sophos Страницы: 15

Бренд: Sophos Страницы: 14

Бренд: Sophos Страницы: 28

Бренд: Sophos Страницы: 32

Бренд: Sophos Страницы: 65

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды