Draytek Vigor3910 Series Скачать руководство пользователя страница 173 | Manualshive

Страница: 173 / 627

background image

Vigor3910 Series User’s Guide

163

Available settings are explained as follows:

Item Description

IKE Authentication
Method

This usually applies to those are remote dial-in user or node
(LAN-to-LAN) which uses dynamic IP address and

IPsec-related VPN connections such as L2TP over IPsec and
IPsec tunnel. There are two methods offered by Vigor router

for you to authenticate the incoming data coming from
remote dial-in user, Certificate (X.509) and Pre-Shared

Key.
Certificate – X.509 certificates can be used for IKE

authentication. To set up certificates on the router, go to
the Certificate Management section.
Preferred Local ID - Specify the preferred local ID
information (Alternative Subject Name First or Subject

Name First) for IPsec authentication while the client is using
the general setting (without a specific Peer IP or ID in the

VPN profile).
General Pre-Shared Key- Define the PSK key for general

authentication.
Confirm General Pre-Shared Key- Re-enter the characters

to confirm the pre-shared key.
XAuth User Pre-Shared Key - Define the PSK key for IPsec

XAuth authentication.
Confirm XAuth User Pre-Shared Key- Re-enter the
characters to confirm the pre-shared key for IPsec XAuth

authentication.
Note: Any packets from the remote dial-in user which does

not match the rule defined in VPN and Remote
Access>>Remote Dial-In User will be applied with the

method specified here.

IPsec Security Method

Available mthods include Basic, Medium and High. Each
method offers different encryption, HMAC and DH Group.
Basic - Authentication Header (AH) means data will be
authenticated, but not be encrypted. By default, this option

is active.
Medium - When this option is selected, the Authentication

Header (AH) protocol can be used to provide authentication
to IPsec traffic.
High - When this option is selected, the Encapsulating
Security Payload (ESP) protocol can be used to provide

authentication and encryption to IPsec traffic. Three
encryption standards are supported for ESP: DES, 3DES and

AES, in ascending order of security.

After finishing all the settings here, please click OK to save the configuration.

«
...
171
172
173
174
175
...
»

Содержание Vigor3910 Series

Страница 1: ......

Страница 2: ...Vigor3910 Series User s Guide ii Vigor3910 Series Multi WAN Security Router User s Guide Version 1 0 Firmware Version V3 9 1 2 For future update please visit DrayTek web site Date December 18 2019 ...

Страница 3: ...e warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty work...

Страница 4: ...nnectivity 31 II 1 Port Setup 32 II 2 WAN 33 Web User Interface 35 II 2 1 General Setup 35 II 2 2 Internet Access 38 II 2 2 1 Details Page for PPPoE in Etherenet WAN 40 II 2 2 2 Details Page for Static or Dynamic IP in Etherenet WAN 42 II 2 2 3 Details Page for IPv6 Offline in Ethernet WAN 46 II 2 2 4 Details Page for IPv6 PPP in Ethernet WAN 46 II 2 2 5 Details Page for IPv6 TSPC in Etherenet WAN...

Страница 5: ...main Diagnose 104 II 5 4 Schedule 105 II 5 5 RADIUS TACACS 108 II 5 5 1 External RADIUS 108 II 5 5 2 Internal RADIUS 110 II 5 5 3 External TACACS 112 II 5 6 Active Directory LDAP 113 II 5 7 IGMP 116 II 5 7 1 General Setting 116 II 5 7 2 Working Group 117 II 5 8 Wake on LAN 118 II 5 9 SMS Mail Alert Service 119 II 5 10 Bonjour 121 II 5 11 High Availability 124 II 5 11 1 General Setup 124 II 5 11 2 ...

Страница 6: ...al in User 168 III 1 7 LAN to LAN 171 III 1 8 VPN Trunk Management 182 III 1 9 Connection Management 191 Application Notes 193 A 1 How to Build a LAN to LAN VPN Between Remote Office and Headquarter via IPsec Tunnel Main Mode 193 III 2 SSL VPN 198 Web User Interface 199 III 2 1 General Setup 199 III 2 2 User Account 200 III 3 Certificate Management 204 Web User Interface 205 III 3 1 Local Certific...

Страница 7: ...62 Part V Management 267 V 1 System Maintenance 268 Web User Interface 269 V 1 1 System Status 269 V 1 2 TR 069 271 V 1 2 1 ACS and CPE Settings 271 V 1 2 2 Reporting Configuration 273 V 1 2 3 Export Parameters 274 V 1 3 Administrator Password 275 V 1 4 User Password 278 V 1 5 Login Page Greeting 281 V 1 6 Configuration Backup 283 V 1 7 Configuration Export 285 V 1 8 Syslog Mail Alert 286 V 1 9 Ti...

Страница 8: ... their social media accounts e g Facebook Google 363 A 2 How to allow hotspot clients to get login PIN code via SMS 371 Part VI Others 379 VI 1 Objects Settings 380 Web User Interface 381 VI 1 1 IP Object 381 VI 1 2 IP Group 385 VI 1 3 IPv6 Object 386 VI 1 4 IPv6 Group 388 VI 1 5 Service Type Object 389 VI 1 6 Service Type Group 391 VI 1 7 Keyword Object 393 VI 1 8 Keyword Group 395 VI 1 9 File Ex...

Страница 9: ... Flood Table 433 VII 1 18 Route Policy Diagnosis 434 VII 2 Checking If the Hardware Status Is OK or Not 436 VII 3 Checking If the Network Connection Settings on Your Computer Is OK or Not 437 VII 4 Pinging the Router from Your Computer 440 VII 5 Checking If the ISP Settings are OK or Not 442 VII 6 Backing to Factory Default Setting If Necessary 443 VII 7 Contacting DrayTek 444 Part VIII DrayTek To...

Страница 10: ......

Страница 11: ...Vigor3910 Series User s Guide 1 P Pa ar rt t I I I In ns st ta al ll la at ti io on n This part will introduce Vigor router and guide to install the device in hardware and software ...

Страница 12: ...layer QoS NAT session bandwidth management to help users control works well with large bandwidth By adopting hardware based VPN platform and hardware encryption of AES DES 3DES the router increases the performance of VPN greatly and offers several protocols such as IPSec PPTP L2TP with up to 100 VPN tunnels The object based design used in SPI Stateful Packet Inspection firewall allows users to set...

Страница 13: ...hernet link is established Blinking L The data is transmitting On Right The Ethernet link is established on corresponding port with 1G Mbps or above P3 P12 Off Right The Ethernet link is established on corresponding port with less than 1G Mbps LED on Connector On The port is connected Off The port is disconnected Left LED Green Blinking The data is transmitting On The port is connected with 1000Mb...

Страница 14: ...nnectors for remote network devices or local network devices WAN LAN with the rate of 1G 100M 10M bps GbE P9 P12 Connecter for local network devices LAN with the rate of 1G 100M 10M bps The Factory Reset button is used to restore the default settings Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual re...

Страница 15: ...e also can connect to other computers to form a small area network The LAN LED for that port on the front panel will light up 3 Connect a server router depends on your requirement to any WAN port of Vigor3910 with Ethernet cable RJ 45 The WAN LED will light up 4 Connect the power cord to Vigor3910 s power port on the rear panel and the other side into a wall outlet 5 Power on the device by pressin...

Страница 16: ...ttach the brackets to the chassis of a rack The second bracket attaches the other side of the chassis After the bracket installation the Vigor3910 Series chassis can be installed in a rack by using four screws for each side of the rack Desktop Type Installation Rubber pads are included with the Vigor3910 Series These rubber pads improve the air circulation and decrease unnecessary rubbing on the d...

Страница 17: ...PCs connected this router can print documents via the router The example provided here is made based on Windows 7 For other Windows system please visit www DrayTek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open All Programs Getting Started Devices and Printers...

Страница 18: ...User s Guide 8 4 A dialog will appear Click Add a local printer and click Next 5 In this dialog choose Create a new port In the field of Type of port use the drop down list to select Standard TCP IP Port Then click Next ...

Страница 19: ...s User s Guide 9 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Hostname or IP Address and type 192 168 1 1 as the Port name Then click Next 7 Click Standard and choose Generic Network Card ...

Страница 20: ... your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next 9 Type a name for the chosen printer Click Next ...

Страница 21: ...Vigor3910 Series User s Guide 11 10 Choose Do not share this printer and click Next 11 Then in the following dialog click Finish ...

Страница 22: ...Guide 12 12 The new printer has been added and displayed under Printers and Faxes Click the new printer icon and click Printer server properties 13 Edit the property of the new printer you have added by clicking Configure Port ...

Страница 23: ...Vigor3910 Series User s Guide 13 14 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name ...

Страница 24: ...the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password 3 Please type admin admin as the Username Password and click Login Info If you fail to access to the web configu...

Страница 25: ...fferent slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configuration system will logout after 5 minutes without any operation Change the setting for your necessity ...

Страница 26: ...ype admin admin as Username Password for accessing into the web user interface with admin mode 3 Go to System Maintenance page and choose Administrator Password 4 Enter the login password the default is admin on the field of Old Password Type New Password and Confirm Password Then click OK to continue Info The maximum length of the password you can set is 23 characters 5 Now the password has been ...

Страница 27: ...Vigor3910 Series User s Guide 17 Info Even the password is changed the Username for logging onto the web user interface is still admin ...

Страница 28: ... status including System Information IPv4 Internet Access IPv6 Internet Access Interface physical connection Security and Quick Access Click Dashboard from the main menu on the left side of the main page A web page with default selections will be displayed on the screen Refer to the following figure ...

Страница 29: ...move and click the mouse cursor on LAN or WAN related web setting page will be open for you to configure if required Port Color Description Black LAN port is disconnected Orange LAN port is connected at 10 100 Mbps LAN Green LAN port is connected at 1 Gbps Black WAN port is disconnected Orange WAN port is connected at 10 100 Mbps WAN Green WAN port is connected at 1 Gbps For detailed information a...

Страница 30: ... common used functions grouped under Quick Access The function links of System Status Dynamic DDNS TR 069 User Management IM P2P Block Schedule Syslog Mail Alert LDAP RADIUS Firewall Object Setting and Data Flow Monitor are displayed here Move your mouse cursor on any one of the items and click on it The corresponding setting page will be open immediately Besides LAN IP Routed Subnet WAN interface...

Страница 31: ...ss indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s I I 5 5 3 3 G GU UI I M Ma ap p All the functions the router supports are listed with table clearly in this page Users can click the function link to access into the setting page of the function for detailed configuration Click the icon on the top ...

Страница 32: ...Vigor3910 Series User s Guide 22 ...

Страница 33: ...Web Console also can be reviewed on the web user interface Click the Web Console icon on the top of the main screen to open the following screen I I 5 5 5 5 C Co on nf fi ig g B Ba ac ck ku up p There is one way to store current used settings quickly by clicking the Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Mainten...

Страница 34: ...nu ua al l D Do ow wn nl lo oa ad d Click this icon to open online user s guide of Vigor router This document offers detailed information for the settings on web user interface I I 5 5 7 7 L Lo og go ou ut t Click this icon to exit the web user interface ...

Страница 35: ...e e S St ta at tu us s I I 5 5 8 8 1 1 P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on Physical Connection for IPv4 Protocol ...

Страница 36: ...ess for WAN interface IP Address Displays the IP address of the LAN interface TX Packets Displays the total transmitted packets at the LAN interface RX Packets Displays the total received packets at the LAN interface WAN1 to WAN8 Status Enable Yes in red means such interface is available but not enabled Yes in green means such interface is enabled Line Displays the physical connection VDSL ADSL Et...

Страница 37: ...he LAN interface TX Bytes Displays the speed of transmitted octets at the LAN interface RX Bytes Displays the speed of received octets at the LAN interface WAN1 to WAN8 IPv6 Status Enable No in red means such interface is available but not enabled Yes in green means such interface is enabled No in red means such interface is not available Mode Displays the type of WAN connection e g TSPC Up Time D...

Страница 38: ...o register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password 2 Click Support Area Production Registration from the home page 3 A Login page will be shown on the screen Please type the account and password that you cre...

Страница 39: ... to create your own one Please read the articles on the Agreement regarding user rights carefully while creating a user account 4 The following page will be displayed after you logging in MyVigor Type a nickname for the router then click Add 5 When the following page appears your router information has been added to the database ...

Страница 40: ...Vigor3910 Series User s Guide 30 6 After clicking OK you will see the following page Your router has been registered to myvigor website successfully ...

Страница 41: ... subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network DNS LAN DNS IGMP WOL RADIUS Stat...

Страница 42: ...r P3 is changed P4 is changed too and vice versa Available settings are explained as follows Item Description Port Display the physical ports on Vigor router Function P1 P8 These ports are switchable between WAN and LAN ports Speed P1 P2 Available options include Auto 10G and 1G P3 P4 Available options include Auto and 2 5G Due to the hardware limitation the speed for P4 is the same as P3 P5 P12 A...

Страница 43: ...c private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection G Ge et t Y Yo ou ur r P Pu ub bl li ic c I IP P A Ad dd dr re es ss s f fr ro om m I IS SP P In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE Poin...

Страница 44: ... still can be used and Load Balance can be done in the router Besides 3G 4G USB Modem in WAN3 WAN4 also can be used as backup device Therefore when WAN1 and WAN2 are not available the router will use 3 5G for supporting automatically The supported 3G 4G USB Modem will be listed on DrayTek web site Please visit www draytek com for more detailed information ...

Страница 45: ...ge allows you to set general setup for WAN respectively Available settings are explained as follows Item Description Load Balance Mode This option is available for multiple WAN for getting enough bandwidth for each WAN port If you know the practical bandwidth for your WAN interface please choose the setting of According to Line Speed Otherwise please choose Auto Weight to let the router reach the ...

Страница 46: ...disabled Load Balance V means the function of load balance for such WAN interface is enabled Info In default each WAN port is enabled After finished the above settings click OK to save the settings To configure WAN interface settings click the WAN link to open the following page Available settings are explained as follows Item Description Enable Choose Yes to invoke the settings for this WAN inter...

Страница 47: ...s WAN interface When the data traffic is large the WAN interface with the function enabled will balance the data transmission automatically among all of the WAN interfaces in connection status Failover Choose it to make the WAN connection as a backup connection WAN Failure When the active WAN failed such WAN will be activated as the main network connection Traffic Threshold When the data traffic o...

Страница 48: ...ork connection Access Mode Use the drop down list to choose a proper access mode The details page of that mode will be popped up If not click Details Page for accessing the page to configure the settings Details Page This button will open different web page based on IPv4 according to the access mode that you choose in WAN interface Note that Details Page will be changed slightly based on physical ...

Страница 49: ...l be seen in DHCP reply packets Interface Specify the WAN interface s that will be overwritten by this function WAN13 WAN52 can be located under WAN Multi VLAN Option Number Type a number for such function DataType Choose the type ASCII or Hex for the data to be stored Data Type the content of the data to be processed by the function of DHCP option Info If you choose to configure option 61 here th...

Страница 50: ...will be closed and all the settings that you adjusted in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your ISP Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in the password provided by ISP in this fi...

Страница 51: ...ings for the following items Primary Secondary Ping IP If you choose Ping Detect as detection mode you have to type Primary or Secondary IP address in this field for pinging Ping Gateway IP If you choose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is on o...

Страница 52: ... page and you can use the number that you have set in that web page TTL Change the TTL value Check the box to enable the TTL Time to Live for a packet transmitted through Vigor router If enabled TTL value will be reduced 1 when it passess through Vigor router It will cause the client accessing Internet through Vigor router be blocked by certain ISP when TTL value becomes 0 If disabled TTL value wi...

Страница 53: ...in an IP address automatically Click this button to obtain the IP address automatically if you want to use Dynamic IP mode More Options It shows optional settings for configuration Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned Enable DHCP Client Identifier Check the box to specify username and password as the DHCP client identifier f...

Страница 54: ... for the following items Primary Secondary Ping IP If you choose Ping Detect as detection mode you have to type Primary or Secondary IP address in this field for pinging Ping Gateway IP If you choose Ping Detect as detection mode you also can enable this setting to use current WAN gateway IP address for pinging With the IP address es pinging Vigor router can check if the WAN connection is on or of...

Страница 55: ...TTL value becomes 0 If disabled TTL value will not be reduced Then when a packet passes through Vigor router it will not be cancelled That is the client who sends out the packet will not be blocked by ISP RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function Bridge Mode Enable...

Страница 56: ...cept RA to acquire the IPv6 prefix address such as 2001 B010 7300 200 64 offered by the ISP In addition PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix No need to type any other information for PPP mode Available settings are explained as follows Item Description WAN Connection Detection Such function allows you to verify whether network con...

Страница 57: ...SP PC C i in n E Et th he er re en ne et t W WA AN N Tunnel setup protocol client TSPC is an application which could help you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before you try to use TSPC for network connection TSPC would connect to tunnel broker and requests a tunnel ...

Страница 58: ...Broker Type the address for the tunnel broker IP FQDN or an optional port number WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choo...

Страница 59: ...The maximum length of the name you can set is 19 characters Password Type the password assigned with the user name The maximum length of the password you can set is 19 characters Tunnel Broker It means a server of AICCU The server can provide IPv6 tunnels to sites or end users over IPv4 Type the address for the tunnel broker IP FQDN or an optional port number Tunnel ID One user account may have se...

Страница 60: ...tect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value After finished the above settings click OK to save the settings ...

Страница 61: ... not like IPv4 ARP Detect Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Ping Detect as detection mode you have to type TTL value RIPng Protocol RIPng RIP next generation offers the same functions and benefits as I...

Страница 62: ...tic IPv6 Address configuration IPv6 Address Type the IPv6 Static IP Address Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Update Click it to modify an existed entry Delete Click it to remove an existed entry Current IPv6 Address Table Display current interface IPv6 address Static IPv6 Gateway Configuration IPv6 Gateway Address Type your IPv6 gateway address h...

Страница 63: ...all check boxes are enabled the settings configured user profiles under User Management will be ignored And all of the filter rules defined and enabled in Firewall menu will be activated Bridge Subnet Make a bridge between the selected LAN subnet and such WAN interface After finished the above settings click OK to save the settings I II I 2 2 2 2 9 9 D De et ta ai il ls s P Pa ag ge e f fo or r I ...

Страница 64: ...allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to execute for WAN detection Always On means no detection will be executed The network connection will be on always Ping IP Hostname If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live If you choose Pi...

Страница 65: ...ical across all CE IPv4 addresses within a given 6rd domain It may be any value between 0 and 32 6rd Prefix Type the 6rd IPv6 address 6rd Prefix Length Type the IPv6 prefix length for the 6rd IPv6 prefix in number of bits WAN Connection Detection Such function allows you to verify whether network connection is alive or not through Ping Detect Mode Choose Always On or Ping Detect for the system to ...

Страница 66: ...Vigor3910 Series User s Guide 56 Below shows an example for successful IPv6 connection based on 6rd mode ...

Страница 67: ... al l The system allows you to set up to eight channels used as multi VLAN Available settings are explained as follows Item Description Channel Display the number of each channel Channels 1 8 are used by the Internet Access web user interface and can not be configured here Channels 13 52 are configurable Enable Display whether the settings in this channel are enabled checked or not unchecked WAN T...

Страница 68: ...l be able to select the physical WAN interface the channel shall use here General Settings VLAN Tag Type the value as the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the same VLAN tag value Priority Choose the number to determine the ...

Страница 69: ... connection always Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action ISP Address from ISP Specifies how the WAN IP address of the channel configured Fixed IP Yes IP address entered in the Fixed IP Address field will be used as the IP address of the virtual WAN No Virtual WAN IP address will be assigned by the ISP s PPPoE PPPoA server WAN ...

Страница 70: ...the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a pub...

Страница 71: ...St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co on ...

Страница 72: ...ixed with NAT mode only LAN2 LAN50 can be operated under NAT or Route mode IP Routed Subnet can be operated under Route mode Available settings are explained as follows Item Description General Setup Allow to configure settings for each subnet respectively Index Display all of the LAN items Enable Basically LAN1 status is enabled in default LAN2 LAN50 and IP Routed Subnet can be configured after e...

Страница 73: ...o be interconnected or isolated It is only available when the VLAN functionality is enabled Refer to section II 3 2 VLAN on how to set up VLANs In the Inter LAN Routing matrix a selected checkbox means that the 2 intersecting LANs can communicate with each other When you finish the configuration please click OK to save and exit this page Info To configure a subnet select its Detials Page button to...

Страница 74: ...tches related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network If you want to use another DHCP server in the network other than the Vigor Router s you can let Relay Agent help you to redirect the DHCP request to the specified location Disable Server Let you manuall...

Страница 75: ...are going to use so the Relay Agent can help to forward the DHCP request to the DHCP server DNS Server IP Address DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Primary IP Address You must specify a DNS se...

Страница 76: ...or example if your LAN uses the 192 168 1 x subnet and you have 20 DHCP clients and 20 static IP clients you could configure 192 168 1 10 as the Start IP Address 50 as the IP Pool Counts enough for the current number of DHCP clients plus room for future expansion and use addresses greater than 192 168 1 100 for static assignment I II I 3 3 1 1 2 2 D De et ta ai il ls s P Pa ag ge e f fo or r L LA ...

Страница 77: ...Vigor3910 Series User s Guide 67 It provides 2 daemons for LAN side IPv6 address configuration One is SLAAC stateless and the other is DHCPv6 Server Stateful ...

Страница 78: ... Type the IPv6 address for Primary DNS server Secondary DNS Server Type another IPv6 address for DNS server if required Management Configures the Managed Address Configuration flag M bit in Route Advertisements Off No configuration information is sent using Route Advertisements SLAAC stateless M bit is unset DHCPv6 stateful M bit is set which indicates to LAN clients that they should acquire all I...

Страница 79: ...ss End IPv6 Address Type the start and end address for IPv6 server Advance setting Click the Edit button to configure advanced IPv6 settings for DHCPv6 server Advance setting The Advanced Settings page has additional settings for Router Advertisement and enabling multiple WANs for IPv6 traffic Router Advertisement Server Click Enable to enable router advertisement server The router advertisement d...

Страница 80: ...to is selected the router will determine the MTU value for LAN RIPng Protocol RIPng RIP next generation offers the same functions and benefits as IPv4 RIP v2 Extension WAN In addition to the default WAN used for IPv6 traffic specified in the WAN Primary Interface in the LAN IPv6 Setup page additional WANs can be selected to carry IPv6 traffic by enabling them in the Extension WAN section Available...

Страница 81: ...s using the Routing Information Protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your ne...

Страница 82: ...f MAC Address for 2nd DHCP server will help router to assign the correct IP address of the correct subnet to the correct host So those hosts in 2nd subnet won t get an IP address belonging to 1st subnet Add Type the MAC address in the boxes and click this button to add Delete Click it to delete the selected MAC address Edit Click it to edit the selected MAC address Cancel Click it to cancel the jo...

Страница 83: ... to f Example 2f70617468 Address List One or more IPv4 addresses delimited by commas Data Data of this DHCP option Add To add a DHCP option entry modeled after an existing entry click the model entry in Customized List The data entry fields will be populated with values from the model entry After making all necessary changes for the new entry click Add to create it Update To modify an existing DHC...

Страница 84: ...gh an onward Ethernet switch to specific ports The specific VLAN clients can also pick up this identifier as it is just passed to the LAN You can set the priorities for LAN side QoS You can assign each of VLANs to each of the different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based multi subnet Info Settings in this page only app...

Страница 85: ... the lowest priority followed by 0 and finally from 2 to 7 in increasing order of priority Permit untagged device in P12 to access router Select to allow untagged hosts connected to LAN port P12 to access the router In case you have incorrectly configured VLAN functionality you will still be able to access the router via the Web UI and telnet and SSH shells to adjust the configuration The Vigor ro...

Страница 86: ...dress is associated with a Media Access Control MAC address Click LAN and click Bind IP to MAC to open the setup page Available settings are explained as follows Item Description Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the settings on this page...

Страница 87: ...IP Bind List by clicking Add below Select All Select all entries in the ARP Table for manipulation Sort Reorder the entry based on the IP address Refresh Refresh the ARP table listed below to obtain the newest ARP table information Add Update to IP Bind List IP Address Type the IP address to be associated with a MAC address Mac Address Type the MAC address of the LAN client s network interface Com...

Страница 88: ...ish the configuration click OK to save the settings I II I 3 3 4 4 P PP PP Po oE E S Se er rv ve er r LAN users can access into Internet through built in PPPoE server on Vigor router PPPoE server is a mechanism which can authenticate LAN users configured in User Management User Profile and prevent ARP attack completely Available settings are explained as follows Item Description PPPoE Server Enabl...

Страница 89: ...ic IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf of...

Страница 90: ...ss domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server The port redirection can only apply to incom...

Страница 91: ...ce WAN Interface Display the WAN IP address used by the profile Protocol Display the transport layer protocol TCP or UDP Public Port Display the port number which will be redirected to the specified Private IP and Port of the internal host Source IP Display the IP object of the source IP Private IP Display the IP address of the internal host providing the service Press any number under Index to ac...

Страница 92: ...pecify which port can be redirected to the specified Private IP and Port of the internal host If you choose Range as the port redirection mode you will see two boxes on this field Type the required number on the first box as the starting port and the second box as the ending port Source IP Use the drop down list to specify an IP object Or click IP Object link to create a new one for applying Priva...

Страница 93: ...er in the local network http 192 168 1 13 80 Therefore you need to change the router s http port to any one other than the default port 80 to avoid conflict such as 8080 This can be set in the System Maintenance Management Setup You then will access the admin screen of by suffixing the IP address with 8080 e g http 192 168 1 1 8080 instead of port 80 ...

Страница 94: ...ngle host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The security properties of NAT are somewhat bypassed if you set up DMZ host We sugg...

Страница 95: ... private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the screen Click OK to save the setting DMZ Host for other WAN interface is slightly different with WAN1 Active True IP selection is available for WAN1 only See the following figure If you pre...

Страница 96: ...Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the screen Click OK to save the setting After finishing all the settings here pl...

Страница 97: ...loits Click Open Ports to open the following page Available settings are explained as follows Item Description Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Enable Check the box to enable the open port profile Comment Specify the name for the defined n...

Страница 98: ...WAN IP Specify the WAN IP address that will be used for this entry This setting is available when WAN IP Alias is configured Source IP Use the drop down list to specify an IP object Or click IP Object link to create a new one for applying Private IP Enter the private IP address of the local host or click Choose PC to select one Choose IP Click this button and subsequently a window having a list of...

Страница 99: ...tton is clicked and the configuration has taken effect open port keeps the ports opened forever Once the OK button is clicked and the configuration has taken effect port triggering will only attempt to open the ports once the triggering conditions are met The duration that these ports are opened depends on the type of protocol used The default durations are shown below and these duration values ca...

Страница 100: ...ort Triggering profile Comment Display the text which memorizes the application of this rule Triggering Protocol Display the protocol of the triggering packets Source IP Display the source IP address Triggering Port Display the port of the triggering packets Incoming Protocol Display the protocol for the incoming data of such triggering profile Incoming Port Display the port for the incoming data ...

Страница 101: ...source IP Triggering Protocol Select the protocol TCP UDP or TCP UDP for such triggering profile Triggering Port Type the port or port range for such triggering profile Incoming Protocol When the triggering packets received it is expected the incoming packets will use the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such triggering profile Incoming Port Type th...

Страница 102: ...o be transmitted and received correctly via NAT by Vigor router However SIP ALG makes SIP message and RTP packets of voice be transmitted and received correctly via NAT by Vigor router Available settings are explained as follows Item Description Enable ALG Check to enable such function Listen Port Type a port number for SIP or RTSP protocol TCP Check the box to make correspond protocol message pac...

Страница 103: ...ecified private IP address S Sc ch he ed du ul le e The Vigor router has a built in clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say bus...

Страница 104: ...uter is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router W Wa ak ke e o on n L LA AN N A PC client on LAN can be woken up by the router it connects When a user wants to wake up a specified PC through the router he she must type correct MAC address of the specified PC on this web page of Wake on LAN WOL of this route...

Страница 105: ... a registered domain name from the DDNS provider say hostname dyndns org and an account with username test and password test 2 In the DDNS setup menu check Enable Dynamic DNS Setup Available settings are explained as follows Item Description Set to Factory Default Clear all profiles and recover to factory settings Enable Dynamic DNS Setup Check this box to enable DDNS function View Log Display DDN...

Страница 106: ...d Domain Name Display the domain name that you set on the setting page of DDNS setup 3 Select Index number 1 to add an account for the router Check Enable Dynamic DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Passwor...

Страница 107: ...omain that is chosen in the Domain Name field Domain Name Type in one domain name that you applied previously Use the drop down list to choose the desired domain Login Name Type in the login name that you set for applying domain Password Type in the password that you set for applying domain Wildcard and Backup MX The Wildcard and Backup MX Mail Exchange features are not supported for all Dynamic D...

Страница 108: ...as follows Item Description Enable Dynamic DNS Account Check this box to enable the current account If you did check the box you will see a check mark appeared on the Active column of the previous web page in step 2 Service Provider Choose DrayTek Global as the service provider Status Display if the license is actvtaed or not Determine WAN IP If a Vigor router is installed behind any NAT router yo...

Страница 109: ...e ea ar r a al ll l D Dy yn na am mi ic c D DN NS S A Ac cc co ou un nt ts s In the DDNS setup menu uncheck Enable Dynamic DNS Setup and push Clear All button to disable the function and clear all accounts from the router D De el le et te e a a D Dy yn na am mi ic c D DN NS S A Ac cc co ou un nt t In the DDNS setup menu click the Index number you want to delete and then push Clear All button to de...

Страница 110: ...an specify specific private IP address es to correspondent servers Thus even the remote PC is adopting public DNS as the DNS server the LAN DNS resolution on Vigor3910 Series will respond the specified private IP address Simply click Application LAN DNS DNS Forwarding to open the following page Each item is explained as follows Item Description Set to Factory Default Clear all profiles and recover...

Страница 111: ...s are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for LAN DNS and click OK to save the configuration the name also will be applied to conditional DNS forwarding automatically Domain Name Type the domain name for such profile CNAME Alias Domain Name CNAME is abbreviation of Canonical name record...

Страница 112: ...tings 4 If you need to configure LAN DNS settings click index 1 to edit the LAN DNS profile just created Or you can click index 2 to use this profile as conditional DNS forwarding Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Note If you type a name here for conditional DNS forwarding and click OK to s...

Страница 113: ... are explained as follows Item Description Interface There are four WAN interfaces allowed to be set with DNS security enabled Enable Check the box to enable the DNS security management Primary DNS Display the IP address of primary DNS obtained from DHCP server or specified by Static WAN Secondary DNS Display the IP address of secondary DNS obtained from DHCP server or specified by Static WAN Bogu...

Страница 114: ...ings are explained as follows Item Description Domain Type the domain name or IP address IPv4 IPv6 that you want to query Interface Specify the interface required for executing diagnose DNS Server Type the IP address of the DNS Server which will diagnose the domain specified above Diagnose Click it to perform the diagnosis for the domain Result The diagnosed information will be displayed on such f...

Страница 115: ...enu press Inquire Time button to set the Vigor router s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Available settings are explained as follows...

Страница 116: ...tings of the call schedule with index 1 are shown below Available settings are explained as follows Item Description Enable Schedule Setup Check to enable the schedule Comment Type a short description for such schedule Start Date yyyy mm dd Specify the starting date of the schedule Start Time hh mm Specify the starting time of the schedule Duration Time hh mm Specify the duration or period for the...

Страница 117: ...fined on the Start Date 3 Click OK button to save the settings Example Suppose you want to control the PPPoE Internet access connection to be always on Force On from 9 00 to 18 00 for whole week Other time the Internet access connection should be disconnected Force Down Office Hour Force On Mon Sun 9 00 am to 6 00 pm 1 Make sure the PPPoE connection and Time Setup is working properly 2 Configure t...

Страница 118: ...uter supports the RADIUS client function The built in RADIUS client feature allows the router to authenticate the remote dial in VPN users the wireless connections through 802 1X and the access to the Internet When it operates as the RADIUS client Vigor Router needs to work with an External Radius server and the External RADIUS Server setting should be configured here Item Description RADIUS Serve...

Страница 119: ...form reconnection with RADIUS server If the connection with the Primary Server still fails stop the connection attempt and begin to make connection with the secondary server Secondary Server Secondary Server Enter the IP address of RADIUS server Authentication Port The UDP port number that the RADIUS server is using The default value is 1812 based on RFC 2138 Secret The RADIUS server and client sh...

Страница 120: ...henticated by Vigor router directly Available settings are explained as follows Item Description Enable Select to enable the router s internal RADIUS server Authentication Port The UDP port for authentication message RADIUS Client Access List Only clients that meet the criteria configured in the access list are allowed to access the RADIUS server Index The index number of the client entry Enable S...

Страница 121: ...be required for identity authentication Before configuring such page create at least one user profile in User Management User Profile first Select All Click to move all user profiles under the Available List to the Authentication List Clear All Click to remove all user profiles from the Authentication List Available List User profiles created in User Management User Profile that have not been adde...

Страница 122: ...tem Description Enable Select to enable the use of the external TACACS server Server IP Address Enter the IP address of TACACS server Destination Port The UDP port used by the TACACS server Shared Secret A text string that is known to both the TACACS server and client the router is used to authenticate messages sent between them Maximum length is 36 characters Confirm Shared Secret Enter the Share...

Страница 123: ...tory object inquire or manage the active directory G Ge en ne er ra al l S Se et tu up p This page allows you to enable the function and specify general settings for LDAP server Available settings are explained as follows Item Description Enable Check to enable such function Bind Type There are three types of bind type supported Simple Mode Just simply do the bind authentication without any search...

Страница 124: ...Available settings are explained as follows Item Description Name Type a name for such profile The length of the user name is limited to 19 characters Common Name Identifier Type or edit the common name identifier for the LDAP server The common name identifier for most LDAP server is cn Additional Filter Type the condition for additional filter Base Distinguished Name Group Distinguished Name Type...

Страница 125: ...Vigor3910 Series User s Guide 115 the setup After finished the above settings click OK to save and exit this page A new profile has been created ...

Страница 126: ...ets passing through IGMP version At present two versions v2 and v3 are supported by Vigor router Choose the correct version based on the IPTV service you subscribe General Query Interval Vigor router will periodically check which IP obtaining IPTV service by sending query It might cause inconvenience for client Therefore set a suitable time unit second as the query interval to limit the frequency ...

Страница 127: ... are explained as follows Item Description Refresh Click this link to renew the working multicast group status Group ID This field displays the ID port for the multicast group The available range for IGMP starts from 224 0 0 0 to 239 255 255 254 P2 to P12 It indicates the LAN port used for the multicast group ...

Страница 128: ...ned as follows Item Description Wake by Two types provide for you to wake up the binded IP MAC Address If you choose Wake by MAC Address you have to enter the correct MAC address of the host in MAC Address boxes IP Address It is available when LAN Bind IP to MAC is enabled If you choose Wake by IP Address select an IP address IP Address The IP addresses that have been configured in LAN Bind IP to ...

Страница 129: ...tent is and when the SMS will be sent Available settings are explained as follows Item Description Enable Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Recipient Number Type the phone number of the one who will receive the SMS Notify Profile Use the drop down list to choose a message ...

Страница 130: ... Mail Service Option If there is no object listed click Mail Service link to define a new one with specified service provider Mail Address Type the e mail address of the one who will receive the notification message Notify Profile Use the drop down list to choose a message profile The recipient will get the content stated in the message profile You can click the Notify Profile link to define the c...

Страница 131: ...on e g IP setting If the host and user s computer have the plug in bonjour driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients users need to know is the name of the router only To enable the Bonjour service click Application Bonjour to open the following page Check the box es of the server service s that you want to share to ...

Страница 132: ...aintenance Management Type a name e g DrayTek as the Router Name and click OK 4 Next open Applications Bonjour Check the service that you want to use via Bonjour 5 Open the DNSSD page again The available items will be changed as the follows It means the Vigor router based on Bonjour protocol is ready to be used as a printer server FTP server SSH Server Telnet Server and HTTP Server ...

Страница 133: ...Vigor3910 Series User s Guide 123 6 Now any page or document can be printed out through Vigor router installed with a printer ...

Страница 134: ...kup component the secondary router and the availability of network resources are preserved and partially failed transactions are recovered In a matter of seconds the system returns to normal operation In order to set up High Availability at least 2 DrayTek routers have to be configured in the following manner Enable High Availability on both the primary and secondary routers Set a high priority ID...

Страница 135: ...led to synchronize most configuration settings between the primary and secondary routers All routers must be set to the same redundancy method Group ID Type a value 1 255 In LAN environment multiple routers can be devided into several groups Each router must be specified with one group ID Different routers with the same ID value will be categoried into the same group Only one of the routers in the...

Страница 136: ...e and exit this page I II I 5 5 1 11 1 2 2 C Co on nf fi ig g S Sy yn nc c This page is used to specify the synchronization time for such Vigor router and only available when Hot Standby method is specified and High Availability is enabled Available settings are explained as follows Item Description Enable Config Sync Max Sync to 10 routers Check this box to enable configuration synchronization To...

Страница 137: ...selectable LAN LAN IPv6 router name admin and user passwords E Ex xa am mp pl le e Take the following picture as an example The upper Vigor3910 is regarded as primary device the lower Vigor3910 is regarded as secondary device When primary Vigor3910 Series is broken down the secondary device could replace the primary role to take over all jobs as soon as possible However once the primary device is ...

Страница 138: ...ss into the web user interface of the Vigor router 2 Open Applications Active Directory LDAP to get the following page for configuring LDAP related settings There are three types of bind type supported Simple Mode Just simply do the bind authentication without any search action Anonymous Perform a search action first with Anonymous account then do the bind authentication Regular Mode Mostly it is ...

Страница 139: ...Vigor3910 Series User s Guide 129 and 4 Click OK to save the settings above 5 Open User Management General Setup Select User Based as the Mode option ...

Страница 140: ...rvice providers user can set up user defined profile to update the DDNS even the service provider is not on the list Now DrayTek starts to support our own DDNS service DrayDDNS We will provide a domain name for each Vigor router this single domain name can record IP addresses of all WAN S Se et t u up p D Dr ra ay yD DD DN NS S o on n D Dr ra ay yO OS S R Ro ou ut te er r 1 Go to Applications Dyna...

Страница 141: ... 131 c Make sure you have read the License Agreement Check I have read and accept the above Agreement then click Next 3 Confirm the information then click Activate 4 MyVigor server will reply with the service activation information ...

Страница 142: ...activating the license it may due to the router does not trigger the process which to connect and get the license from MyVigor server You may reboot the router to trigger the process M Mo od di if fy y D Dr ra ay yD DD DN NS S D Do om ma ai in n N Na am me e Currently only the domain name is allowed to be modified MyVigor website We will need to register the router to MyVigor server and log in to ...

Страница 143: ...igor Website choose the profile then click Edit DDNS settings 3 Input the desired Domain name and click Update 4 Vigor router will get the modified domain name when the it performs next DDNS updating We can click Sync domain to accelerate this process ...

Страница 144: ...Vigor3910 Series User s Guide 134 5 After few seconds the router will get the new domain name and print it on the profiles list ...

Страница 145: ...ork interface Specify Interface Through dedicated interface WAN LAN VPN the data can be sent from the source IP to the destination IP Address Mapping Allows you specify the outgoing WAN IP address es for an internal private IP address or a range of internal private IP addresses Priority The router will determine which policy will be adopted for transmitting the packet according to the priority of ...

Страница 146: ...i ic c R Ro ou ut te e Go to Routing to open setting page and choose Static Route The router offers IPv4 and IPv6 for you to configure the static route Both protocols bring different web pages I II I 6 6 1 1 1 1 S St ta at ti ic c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows ...

Страница 147: ...d d P Pu ub bl li ic c N Ne et tw wo or rk ks s Here is an example based on IPv4 of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the router works properly use the Main Router to surf the Internet create a private subnet 192 168 10 0 using an internal Router A 192 168 ...

Страница 148: ...nd click on the Index Number 1 Check the Enable box Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK Available settings are explained as follows Item Description Enable Click it to enable this profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet ma...

Страница 149: ... Available settings are explained as follows Item Description Index The number 1 to 40 under Index allows you to open next page to set up static route Enable Check the box to enable such profile Destination Address Displays the destination address of the static route Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Table Displays the rout...

Страница 150: ...oa ad d B Ba al la an nc ce e R Ro ou ut te e P Po ol li ic cy y It allows network administrator to manage the outbound traffic more specifically The policy set in Load Balance Route Policy always has higher priority than Default Route and Auto Load Balance set in WAN Internet Access and always has lower priority than the Firewall Rules Administrator may also define a priority to this policy I II ...

Страница 151: ...s for the end of the source IP Dest IP Start Display the IP address for the start of the destination IP Dest IP End Display the IP address for the end of the destination IP Dest Port Start Display the IP address for the start of the destination port Dest Port End Display the IP address for the end of the destination port Move UP Move Down Use Up or Down link to move the order of the policy Wizard ...

Страница 152: ...on IP Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface Country Object Choose a country object All the traffic from destination IPs in that country is allowed pass through the WAN interface 3 Click Ne...

Страница 153: ... interface setting 4 After specifying the interface click Next to get the following page Available settings are explained as follows Item Description Force NAT Force Routing It determines which mechanism that the router will use to forward the packet to WAN 5 After choosing the mechanism click Next to get the summary page for reference 6 If there is no error click Finish to complete wizard setting...

Страница 154: ...ia Protocol Use the drop down menu to choose a proper protocol for the WAN interface Source Any Any IP can be treated as the source IP IP Range Define a range of IP address as source IP addresses Start Type an address as the starting IP for such profile End Type an address as the ending IP for such profile IP Subnet Define a subnet containing IP address and mask address Network Type an IP address ...

Страница 155: ...t Dest Port Range Start Type the destination port start for the destination IP End Type the destination port end for the destination IP If this field is blank it means that all the destination ports will be passed through the WAN interface Send via if criteria Matched Interface Use the drop down list to choose a WAN or LAN interface or VPN profile Packets match with the above criteria will be tran...

Страница 156: ...te policy is 200 which means it has higher priority than the default route 3 When you finish the configuration please click OK to save and exit this page I II I 6 6 2 2 2 2 D Di ia ag gn no os se e f fo or r R Ro ou ut te e P Po ol li ic cy y With the analysis done by such page possible path static route routing table or policy route of the packets sent out of the router can be traced Click the Di...

Страница 157: ...P TCP ANY Specify a protocol for diagnosis Src IP Type an IP address as the source IP Dst IP Type an IP address as the destination IP Dst Port Use the drop down list to specify the destination port Analyze Click it to perform the job of analyzing The analyzed result will be shown on the page If required click export analysis to export the result as a file Input File Select Click the download link ...

Страница 158: ... up to OSPF version 2 only for IPv4 The Autonomous System AS used in OSPF can be divided into several areas Usually Area 0 will be used as OSPF backbone which distributing the routing information among areas When you need faster convergence than distance vector want to support much larger networks or want to have less susceptible to bad routing information you can enable OSPF feature to fit your r...

Страница 159: ...MD5 Auth Enable disable the MD5 authentication mechanism for such profile Password Enter characters as the password for MD5 authentication Key ID 1 255 Specify the IP address of such Vigor router Such ID will help Vigor router to be identified in an autonomous system However if no address is specified then an IP address of the active interface will be used by system automatically Neighborhoods Dis...

Страница 160: ... routing information for each other A BGP router is the neighbor of other BGP routers Define the IP address AS number for the router is essential for TCP connection of BGP routing information exchange AS the abbreviation of Autonomous System is a group interconnected with multiple IP addresses Each AS shall be assigned with one AS number ASN The ASN is is a unique identifier for AS to distinguish ...

Страница 161: ...e peer within the time Connect Retry Time If the router fails to connect to neighboring router it requires a period of time to reconnect Set the time interval to do reconnection Router ID Specify the LAN subnet for the router Neighbor Index Click the index number link to configure neighbor profile Enable Check the box to enable the basic BGP function for neighboring router AS Number Display the AS...

Страница 162: ...rk k This page allows you to configure up to eight neighboring routers for exchanging the routing information with the local router Available settings are explained as follows Item Description Select Check the box to enable the configuration for the selected index entry IP Address Enter the IP address for a router Subnet Mask Choose the mask value for the IP address ...

Страница 163: ...he following figure a LAN to LAN VPN tunnel is built between DrayTek VPN router e g Vigor3910 Series and the remote router Firewall Router can receive all of the traffic coming from remote PC which wants to access into Internet and send back the packets to Remote Router through VPN Router 1 Establish a VPN tunnel between VPN Router and the Remote Router 2 Change to default route for the router loc...

Страница 164: ...t value is fixed as 250 And Routes in Routing Table are fixed as 150 You can adjust the value for such route policy with lower value e g 100 to ensure it will be applied to packets transmission with the highest priority 5 After finished the above settings click OK to save the configuration 6 To route the packets coming from the Firewall Router back to the remote router access into the web user int...

Страница 165: ...r A to break through the Internet censorship circumvention A VPN tunnel has been established between Router A and router B 1 Access into the web user interface of Router A 2 Open Routing Load Balance Route Policy and click Advance Mode 3 Click any index number e g 1 in this case 4 In the following web page check Enable type 192 168 1 10 as Src IP Range type 213 57 89 100 as the Destination IP for ...

Страница 166: ...Vigor3910 Series User s Guide 156 This page is left blank ...

Страница 167: ...in a manner that emulates the properties of a point to point private link It is a form of VPN that can be used with a standard Web browser A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing authority so that a recipient can...

Страница 168: ... VPN technology you can send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link The VPN built is suitable for Communication between home office and customer Secure connection between Teleworker staff on business trip and main office Exchange data between remote office and main office POS between chain store and hea...

Страница 169: ...e the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as DMZ or open port After finishing all the settings here please click OK to save the configuration ...

Страница 170: ...ryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Require MPPE 40 128bits Selecting this option will force the router to encrypt packets by using the MPPE encryption algo...

Страница 171: ...er a start IP address for the dial in PPP connection You should choose an IP address from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address PPP Authentication Methods Select the method s to be used for authentication in PPP connection While using Radius or LDAP Authentication If PPP connection will...

Страница 172: ...tual examination of the secure tunnel establishment There are two encapsulation methods used in IPsec Transport and Tunnel The Transport mode will add the AH ESP payload and use original IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over IPsec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsul...

Страница 173: ...d Key Re enter the characters to confirm the pre shared key XAuth User Pre Shared Key Define the PSK key for IPsec XAuth authentication Confirm XAuth User Pre Shared Key Re enter the characters to confirm the pre shared key for IPsec XAuth authentication Note Any packets from the remote dial in user which does not match the rule defined in VPN and Remote Access Remote Dial In User will be applied ...

Страница 174: ...er dial in users Available settings are explained as follows Item Description Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into the setting page of IPsec Peer Identity Enable Check the box to enable such profile Name Display the profile name of that index Click each index to edit one peer digital certificate There are three security levels of di...

Страница 175: ...ick to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail address The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Accept Subject Name Click to check the specific fields of digital signature to accept the peer with matching value The field includes Country ...

Страница 176: ... ne er ra al l S Se et tu up p Before establishing OpenVPN connection general settings for OpenVPN service shall be configured first Available settings are explained as follows Item Description Enable UDP Check the box to enable UDP port setting for OpenVPN UDP Port Enter a number Enable TCP Check the box to enable TCP port setting for OpenVPN TCP Port Enter a number Cipher Algorithm Two encryptio...

Страница 177: ...o enter a domain name for the remote server Transport Protocol Simply choose UDP or TCP as protocol for building OpenVPN connection between the server and the remote client Fine Name Enter a name for the configuration file CA cert Enter the certificate authority CA file name obtained from 3rd party provider Client cert Each client in an OpenVPN connection must have its certificate and private key ...

Страница 178: ...rresponding security methods etc The router provides 500 access accounts for dial in users Besides you can extend the user accounts to the RADIUS server through the built in RADIUS client function The following figure shows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes View All Click it to display the all of the use...

Страница 179: ...ou may leave it untouched The following explanation will guide you to fill all the necessary fields Available settings are explained as follows Item Description User account and Authentication Enable this account Select to enable this profile to be used by remote dial in users Idle Timeout Allowed idle time before the router disconnects the VPN connection Default timeout value is 300 seconds Allow...

Страница 180: ...net Assign Static IP Address Alternatively a static IP address can be set by selecting the Assign Static IP Address checkbox User Name Used for PPTP L2TP or SSL Tunnel dial in type The length of the name is limited to 23 characters Password Used for PPTP L2TP or SSL Tunnel dial in type The length of the password is limited to 19 characters Enable Mobile One Time Passwords mOTP Select to enable one...

Страница 181: ...IKE aggressive mode After finishing all the settings here please click OK to save the configuration I II II I 1 1 7 7 L LA AN N t to o L LA AN N Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPTP IPsec Tunnel and ...

Страница 182: ...o LAN VPN is connected Offline LAN to LAN VPN is disconnected Profile is disabled Pass Routing LAN to VPN Check the box to allow the packets from the Routing LAN to pass over the VPN tunnel Default setting is Disable Pass Packets to NAT when VPN disconnects If enabled the Vigor router will send the packets to the default gateway once the VPN disconnects Default setting is Enable Backup Click Backu...

Страница 183: ...Nx First While connecting the router will use WANx as the first channel for VPN connection If WANx fails the router will use another WAN interface instead WANx Only While connecting the router will use WANx as the only channel for VPN connection WAN1 Only Only establish VPN if WAN2 down If WAN2 failed the router will use WAN1 for VPN connection WAN2 Only Only establish VPN if WAN1 down If WAN1 fai...

Страница 184: ...note below Check to enable the transmission of PING packets to a specified IP address Enable PING to keep alive is used to handle abnormal IPsec VPN connection disruption It will help to provide the state of a VPN connection for router s judgment of redial Normally if any one of VPN peers wants to disconnect the connection it should follow a serial of packet exchange procedure to inform each other...

Страница 185: ...s as pre shared key Digital Signature X 509 Select one predefined Profiles set in the VPN and Remote Access IPsec Peer Identity Peer ID Select one of the predefined Profiles set in VPN and Remote Access IPsec Peer Identity Local ID Specify a local ID Alternative Subject Name First or Subject Name First to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be ...

Страница 186: ... propose the local available algorithms to the VPN peers and get its feedback to find a match Three combinations are available for both modes We suggest you select the combination that covers the most algorithms IKE phase 1 key lifetime For security reason the lifetime of key should be defined The default value is 28800 seconds You may specify a value in between 900 and 86400 seconds IKE phase 2 k...

Страница 187: ...through the Internet You can select to use L2TP alone or with IPsec Select from below None Do not apply the IPsec policy Accordingly the VPN connection employed the L2TP without IPsec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPsec policy first if it is applicable during negotiation Otherwise the dial in VPN connection becomes one pure L2TP connection Must Specify the...

Страница 188: ...re to invoke this function and select one predefined Profiles set in the VPN and Remote Access IPsec Peer Identity Local ID Specify which one will be inspected first Alternative Subject Name First The alternative subject name configured in Certificate Management Local Certificate will be inspected first Subject Name First The subject name configured in Certificate Management Local Certificate will...

Страница 189: ...te Gateway PPP IP address from the remote router during the IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you do not select PPTP or L2TP Remote Network IP Remote Network Mask Add a static route to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection Fo...

Страница 190: ...he box of IPSec VPN with the Same subnet the options under TCP IP Network Settings will be changed as shown below Remote Network IP Remote Network Mask Add a static route to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection For IPSec this is the destination clients IDs of phase 2 quick mode Translated Local Network This function is enabled...

Страница 191: ...wo types for you to choose Whole Subnet Specific IP Address Virtual IP Mapping A pop up dialog will appear for you to specify the local IP address and the mapping virtual IP address 2 After finishing all the settings here please click OK to save the configuration ...

Страница 192: ... be activated when initial connection of single VPN tunnel is off line Before setting VPN TRUNK VPN Backup mechanism backup profile please configure at least two sets of LAN to LAN profiles with fully configured dial out settings first otherwise you will not have selections for grouping Member1 and Member2 F Fe ea at tu ur re es s o of f V VP PN N T TR RU UN NK K V VP PN N L Lo oa ad d B Ba al la ...

Страница 193: ...VPN Backup mechanism profile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Member...

Страница 194: ...ile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPsec PPTP L2TP L2TP over IPsec NICE L2TP over IPsec MUST and so on Member2 Display the dial out pr...

Страница 195: ...e Status Enable or Disable profile name member1 or member2 Delete Click this button to delete the selected VPN TRUNK profile The corresponding members LAN to LAN profiles grouped in the deleted VPN TRUNK profile will be released and that profiles in LAN to LAN will be displayed in black T Ti im me e f fo or r a ac ct ti iv va at ti in ng g V VP PN N T TR RU UN NK K V VP PN N B Ba ac ck ku up p m m...

Страница 196: ... one of the LAN to LAN profiles from Member1 drop down list choose one of the LAN to LAN profiles from Member2 drop down list and click Add at last 4 Take a look for LAN to LAN profiles Index 1 is chosen as Member1 index 2 is chosen as Member2 For such reason LAN to LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed If you delete the VPN TRUNK VPN Backup Load Balance ...

Страница 197: ...ver 192 168 50 200 in the field of Peer GRE IP A Ad dv va an nc ce ed d L Lo oa ad d B Ba al la an nc ce e a an nd d B Ba ac ck ku up p After setting profiles for load balance you can choose any one of them and click Advance for more detailed configuration The windows for advanced load balance and backup are different Refer to the following explanation ...

Страница 198: ... rate It can be divided into Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 10Mbps 100Mbps and switch with fixed value ratio 3 7 for packet transmission If the transmission rate for packets on both sides of the tunnels is the same the value of Auto Weighted should be 50 50 According to Speed Ratio allows user to adjust suitable rate manually There are 100 grou...

Страница 199: ...such binding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and UDP Service Port also fits the number here such binding tunnel table can be established TCP UPD means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP UDP...

Страница 200: ... ICMP or Other as Binding Protocol A Ad dv va an nc ce ed d B Ba ac ck ku up p Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make all dial out VPN TRUNK backup profiles being activated alternatively Resume when VPN connection breaks down or disconnects ...

Страница 201: ...ly Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Backup Mode This filed displays the profile name saved in VPN TRUNK Manag...

Страница 202: ...Vigor3910 Series User s Guide 192 information among 5 10 and 30 Refresh Click this button to refresh the whole connection status ...

Страница 203: ...ti io on n o on n V Vi ig go or r R Ro ou ut te er r f fo or r H He ea ad d O Of ff fi ic ce e 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this ...

Страница 204: ... Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for remote side 6 Click OK to save the settings 7 Open VPN and Remote Access Connection Management to check the dial in connection status from branch office ...

Страница 205: ...cess LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Client and check the box of Enable This Profile For such Vigor router will be set as a client the call direction shall be set as Dial out Check the box of ...

Страница 206: ...service and type the remote server IP host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for the remote side 6 Click OK to save the settings ...

Страница 207: ...Vigor3910 Series User s Guide 197 7 Open VPN and Remote Access Connection Management to check the dial in connection status from head office ...

Страница 208: ...cryption protocol on the Internet most networks have few restrictions on SSL traffic and as a result SSL VPN is more likely to work when other VPN technologies experience difficulties due to obstacles such as firewalls and Network Address Translation NAT In short It is not necessary for users to preinstall VPN client software for executing SSL VPN connection There are less restrictions for the dat...

Страница 209: ...r This is separate from the management port which is configured in System Maintenance Management The default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTPS and SSL VPN server Specify the certificate to be used for SSL connections Select a certificate from imported or generated certificates on the router or choose Self signe...

Страница 210: ...such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mode Now Vigor3910 Series allows up to 16 simultaneous incoming users SSL VPN authentication and permissions management are implemented through user accounts SSL VPN user accounts are shared with the remote dial in user accounts used by other VPN protocols such as PPTP and L2TP and hence SSL VPN s User Account...

Страница 211: ...IPsec policy above The length of the name password is limited to 23 characters Password This field is applicable when you select PPTP or L2TP with or without IPsec policy above The length of the name password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication e g 1234 Secret Use th...

Страница 212: ...he authentication and security methods specified in the general settings will be used instead Netbios Naming Packet Pass Select this to allow Netbios name inquiries between the hosts located on both sides of VPN Tunnel Block Select this to block Netbios name inquiries between remote and local hosts Multicast via VPN Some programs might send multicast packets via VPN connection Pass Select this to ...

Страница 213: ...thentication Header Data will be authenticated but not be encrypted By default this option is enabled You can uncheck it to disable it High ESP Encapsulating Security Payload Payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profi...

Страница 214: ...he certificate is real Here Vigor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the l...

Страница 215: ... to import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request Delete Click this button to delete selected name with certification information G GE EN NE ER RA AT TE E Click this button to open Generate Certificate Signing Request window Type in all the informati...

Страница 216: ... T Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key Click this button to import a saved file as the certification information There are three types of local certi...

Страница 217: ...n as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note PKCS12 is a standard for storing private keys and certificates securely It is used in among other things Netscape and Microsoft Internet Explorer with their import and export options Upload Certificate and Private Key It is useful wh...

Страница 218: ...ttings for certificate request Info You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into it and submit a request A new certificate will be issued to you by the CA server You can save it D De el le et te e Click this button to remove the selected certificate ...

Страница 219: ...ot certificate authority Root CA will be used to authenticate the digital certificates offered by both ends However the procedure of applying digital certificate from a trusted root certificate authority is complicated and time consuming Therefore Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user Later such root CA generated ...

Страница 220: ...n click GENERATE again I Im mp po or rt ti in ng g a a T Tr ru us st te ed d C CA A To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window For viewing each trusted CA certificate click View to open the certificate detail inform...

Страница 221: ...ertificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Confirm password Also you can use Restore to retrieve these two settings to the router whenever you want ...

Страница 222: ...ate is a unique identification for the device e g Vigor router which generates the certificate by itself to ensure the router security Such self signed certificate is signed with its own private key The self signed certificate will be applied in SSL VPN HTTPS and so on In addition it can be created for free by using a wide variety of tools ...

Страница 223: ...rity has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from accessing the Internet CSM is an abbreviation of Central Security Management which is used to control IM P2P usage filter the web content and URL content to reach a goal of security management ...

Страница 224: ...ies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filter ...

Страница 225: ...exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly block...

Страница 226: ...ur filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click General Setup to open the general setup page G Ge en ne er ra al l S Se et tu up p P Pa ag ge e Such page allows you to enable disable Call Filter ...

Страница 227: ...security the router will execute strict security checking for data transmission Such feature is enabled in default All the packets while transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter server does not make any response pass or block for these packets then the router s firewall will block the packets directly Block routing packet from WAN Usu...

Страница 228: ...fer to the related section later User Management Such item is available only when Rule Based is selected in User Management General Setup The general firewall rule will be applied to the user user group all users specified here Note When there is no user profile or group profile existed Create New User or Create New Group item will appear for you to click to create a new one APP Enforcement Select...

Страница 229: ...ile For troubleshooting needs you can specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information DNS Filter Select one of the DNS Filter profile settings created in CSM DNS Filter for applying with this router Please set at least one profile in CSM Web Content Filter web page ...

Страница 230: ...he more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources After finishing all the settings here please click OK to save the configuration ...

Страница 231: ...ck Active to enable the rule Available settings are explained as follows Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Direction Dis...

Страница 232: ...e following steps 1 Click the Wizard Mode radio button 2 Click Index 1 The setting page will appear as follows Available settings are explained as follows Item Description Comments Enter filter set comments description Maximum length is 14 character long Direction Set the direction of packet flow It is for Data Filter only For the Call Filter this setting is not available since Call Filter is only...

Страница 233: ...e All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here For detailed information refer to the section of APP Enforcement profile setup For troubleshooting needs you can specify to record information for IM P2P by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information URL Content F...

Страница 234: ...ter Select one of the DNS Filter profile settings created in CSM DNS Filter for applying with this router Please set at least one profile in CSM Web Content Filter web page first Or click the DNS Filter link from the drop down list in this page to create a new profile Block Immediately Packets matching the rule will be dropped immediately 4 After choosing the mechanism click Next to get the summar...

Страница 235: ...p to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work Clear sessions when schedule is ON Check this box to clear the sessions when the above schedule profiles are applied Direction Set the direction of packet flow It is for Data Filter only For the Call Filter this setting is not available si...

Страница 236: ...ose Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to access into the following dialog to choose a suitable service type To set the service type manually please choose User defined as the Service Type and type them in this dialog In addition i...

Страница 237: ...ken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Further Match A packet matching the rule and that does not match further rules will be dropped Pass If No Further Match A packet matching the rule and that does not match further rules will be passed through Branch...

Страница 238: ...the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of the Web Content Filter profile settings created in CSM Web Content Filter for applying with thi...

Страница 239: ...the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources However Queue timeout is configured for TCP protocol only session timeout is configured for the data flow which matched with the firewall rule DrayTek Banner Please uncheck this box and the following screen will not be shown for the unreachable web pa...

Страница 240: ... select all the items listed below White Black List Option Set white black list of IPv4 IPv6 address Enable SYN flood defense Check the box to activate the SYN flood defense function Once detecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The g...

Страница 241: ...the port scanning Threshold rate the Vigor router will send out a warning By default the Vigor router sets the threshold as 2000 packets per second That means when 2000 packets per second received they will be regarded as attack event Block IP options Check the box to activate the Block IP options function The Vigor router will ignore any IP packets with IP option field in the datagram header The ...

Страница 242: ...volves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets The Vigor routers will block any packets realizing this attacking activity Block ICMP Fragment Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Block Unassigned Numbers Check the box to activ...

Страница 243: ...ction is to test when the router receiving incoming packet which firewall rule will be applied to that packet The test result including firewall rule profile IP address translation in packet transmission state of the firewall fuctions and etc also will be shown on this page Info The result obtained by using Diagnose is offered for RD debug It will be different according to actual state such as net...

Страница 244: ...wn on this page Src IP Type the IPv4 IPv6 address of the packet s source Src Port Type the port number of the packet s source Src MAC Type the MAC address of the packet s source Dst IP Type the IPv4 IPv6 address of the packet s destination Dst Port Type the port number of the packet s destination Packet Payload In firewall diagnose two packets belong to one connection In general two packets are en...

Страница 245: ... available when Customzie is selected Simply type 16 HEX characters which represent certain packet e g DNS packet if you want to set the data transfered with protocol ICMP UDP TCP which is different to Type setting Analyze Execute the test and analyze the result The following figure shows the test result after clicking Analyze Processing state for the fuctions MAC Filter QoS User management etc re...

Страница 246: ...8 1 10 192 168 1 20 accessing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under Firewall For Rule 1 of Set 2 under Firewall Filter Setup is used as the default setting we have to create a new rule starting from Filter Rule 2 of Set 2 1 Access into the web user interface of Vigor ...

Страница 247: ...ting from Rule 3 to Rule 7 The packets not matching with the rules will be processed according to Rule 2 4 Next set another rule Just open Firewall Filter Setup Click the Set 2 link and choose the Filter Rule 3 button 5 Check Enable to enable the filter rule Type the comments e g open_ip Click the Edit button for Source IP 6 A dialog box will be popped up Choose Range Address as Address Type by us...

Страница 248: ...or not The action for Filter shall be set with Pass Immediately Then click OK to save the settings 8 Both filter rules have been created Click OK Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to Internet ...

Страница 249: ...hecks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other ex...

Страница 250: ...s page allows you to set 32 profiles for different requirements The APP Enforcement Profile will be applied in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcem...

Страница 251: ...h of the name you can set is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Enable Check the box to select the APP to be blocked by Vigor router The profiles configured here can be applied in the Firewall General Setup and Firewall Filter Setup pages as the standard for the host s to follow ...

Страница 252: ...kets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may risk bringing threat to your system For...

Страница 253: ...hoose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Both Block The router will block all the packages that match with the conditions specified in URL Access Control and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First W...

Страница 254: ...able only when Either URL Access Control First or Either Web Feature First is selected Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the keyword set here it will be processed with reverse action Exception List Specify t...

Страница 255: ...here it will be processed with reverse action Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will be of great value to provide the blocking mechanism that filters out the multimedia files downloading from web pages U...

Страница 256: ...ou have to click Activate to satisfy your request Be aware that service provider matching with Vigor router currently offers a period of time for trial version for users to experiment If you want to purchase a formal edition simply contact with the channel partner or your dealer Click CSM and click Web Content Filter Profile to open the profile setting page The default setting for Setup Query Serv...

Страница 257: ... the URL that the user wants to access via WCF precisely however the processing rate is normal Such item can provide the most accurate URL matching L1 the router will check the URL that the user wants to access via WCF If the URL has been accessed previously it will be stored in the router to be accessed quickly if required Such item can provide accurate URL matching with faster rate L2 the router...

Страница 258: ...items will be changed simultaneously All of the configuration made for web content filter will be deleted automatically Therefore please backup your data before you change the web content filter license Available settings are explained as follows Item Description Profile Name Type a name for the CSM profile The maximum length of the name you can set is 15 characters Log Pass Only the log about Pas...

Страница 259: ...e set here they will be processed with the categories listed on the box below Action Pass allow accessing into the corresponding webpage with the categories listed on the box below Block restrict accessing into the corresponding webpage with the categories listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action After finish...

Страница 260: ...g 8 8 8 8 If the router server is used DNS Filter General Setting will be applied to DNS query from clients on LAN However if the external DNS server is used DNS Filter Profile will be applied to DNS query coming from clients on LAN Info For DNS filter must use the WCF service profile to filter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect ...

Страница 261: ...y the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog Black White List Specify IP address subnet mask IP object or IP group as a black list or white list for DNS packets passing through or blocked by Vigor router Administration Message When DNS packets are blocked by DNS filter a web p...

Страница 262: ...several useful services such as Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor C Cr re ea at te e a an n A Ac cc co ou un nt t v vi ia a V Vi ig go or r R Ro ou ut te er r 1 Click CSM Web Content Filter Profile The following page will appea...

Страница 263: ... s Guide 253 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 The system will ask if you are 16 years old or over If yes click I am 16 or over ...

Страница 264: ... I am under 16 years old to get the following page Then click I and my legal guardian agree 5 After reading the terms of service privacy policy click Agree 6 In the following page enter your personal information in this page and then click Continue ...

Страница 265: ...eated an account successfully 9 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 10 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Страница 266: ...the following page please type in the account and password that you just created in the fields of UserName and Password 12 Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want ...

Страница 267: ...e facebook service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to block Note License is required URL Content Filter Benefits Free flexible for customize webpage Note Manual setting e g one keyword for one website I I V Vi ia a W We eb b C Co on nt te en nt t F Fi il lt te er r 1 Make sure the Web Content Filt...

Страница 268: ...router the web page would be blocked and the following message would be displayed instead II Via URL Content Filter A Block the web page containing the word of Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type facebook Configure the settings as the following figure ...

Страница 269: ...s Guide 259 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure 5 When you finished the above steps click OK Then open Firewall General Setup ...

Страница 270: ... the field of URL Content Filter Now users cannot open any web page with the word facebook inside B Disallow users to play games on Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Contents please type apps facebook Configure the settings as the following figure ...

Страница 271: ...g page 4 Configure the settings as the following figure 5 When you finished the above steps please open Firewall General Setup 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside ...

Страница 272: ...e ea am mV Vi ie ew we er r APP Enforcement helps network administrator to block applications on LAN network Draytek routers provide a few categories to set up the profiles e g IM P2P Protocol Stream Remote control This section is going to demonstrate how to use APP Enforcement to block Facebook Skype YouTube and TeamViewer 1 Create an APP Enforcement Profile Click on an Index number to create a n...

Страница 273: ... Profile Name b Choose the Facebook in Instant Message c Choose Skype in VoIP d Choose YouTube in Stream e Choose TeamViewer in Remote control f Click OK to save 3 Apply the APP Enforcement Profile to a Firewall Filter Rule Go to Firewall Filter Setup and click an available set ...

Страница 274: ...the profile a Enable the Filter Rule b Put the comments of this rule c Select the Direction as LAN DMZ RT VPN WAN d Edit the Source IP which should be blocked from the APP e Select Filter as Pass Immediately f Select APP Enforcement as the profile we created in Step 2 g You may also check the Syslog if needed ...

Страница 275: ...Vigor3910 Series User s Guide 265 h Click OK to save 6 With the above configuration LAN clients cannot be able to use the APP and website ...

Страница 276: ...Vigor3910 Series User s Guide 266 This page is left blank ...

Страница 277: ...log Mail Alert Time and Date SNMP Management Self Signed Certificate Reboot System Firmware Upgrade Activation Internal Service User List and Dashboard Control It is used to control the bandwith of data transmission through configuration of Sessions Limit Bandwidth Limit and Quality of Servie QoS It is a security feature which disallows any IP traffic except DHCP related packets from a particular ...

Страница 278: ...hat you have to know the way of configuration System Status TR 069 Administrator Password User Password Login Page Greeting Configuration Backup Syslog Mail Alert Time and Date Management Panel Control Reboot System Firmware Upgrade Activation Internal Service User List and Dashboard Control Below shows the menu items for System Maintenance ...

Страница 279: ...ription Model Name Displays the model name of the router Firmware Version Displays the firmware version of the router Build Date Time Displays the date and time of the current firmware build LAN MAC Address Displays the MAC address of the LAN Interface IP Address Displays the IP address of the LAN interface Subnet Mask Displays the subnet mask address of the LAN interface DHCP Server Displays the ...

Страница 280: ...s Displays the IP address of the WAN interface Default Gateway Displays the assigned IP address of the default gateway IPv6 Address Displays the IPv6 address for LAN Scope Displays the scope of IPv6 address For example IPv6 Link Local is non routable and can only be used for local connections Internet Access Mode Displays the connection mode of the WAN interface ...

Страница 281: ...s VigorACS V V 1 1 2 2 1 1 A AC CS S a an nd d C CP PE E S Se et tt ti in ng gs s Available settings are explained as follows Item Description TR 069 Enables or disables TR 069 functionality ACS Server On Choose the interface for connecting the router to the Auto Configuration Server ACS Server This section specifies the settings of the ACS Server URL Enter the URL for connecting to the ACS Please...

Страница 282: ...arameters at intervals specified in the Interval Time field Time Interval Please set interval time or schedule time for the router to send notification to CPE Disable Select Disable to turn off periodic notifications STUN Settings STUN allows the ACS Server to connect to the CPE Client even when the client is behind a network address translator NAT Disable The default setting is Disable Enable Ple...

Страница 283: ...llows the ACS Server to be notified when bandwidth usage has been exceeded on the router Enable Disable Select to enable or disable the featur Time Period Select the frequency of the notifications 15 mins 30 mins 1hour 3 hours or 6 hours WAN Select the WAN interfaces to be monitored and reported Threshold Level Sets the utilization percentages of the preset Tx and Rx Line Speeds when Medium or Hig...

Страница 284: ...the quality of VoIP is lower than warning limit value or critical limit value the router will send the result to VigorACS CPE Notification Settings Enable Check the box to select the notification item s Vigor router will send the utilization status to VigorACS Click OK to save changes on the page V V 1 1 2 2 3 3 E Ex xp po or rt t P Pa ar ra am me et te er rs s Click Export to save the TR 069 para...

Страница 285: ...Vigor3910 Series User s Guide 275 V V 1 1 3 3 A Ad dm mi in ni is st tr ra at to or r P Pa as ss sw wo or rd d This page allows you to set or change the administrator password ...

Страница 286: ...nd or email address for transmitting the password Administrator Local User Usually the system administrator has the highest privilege to modify the settings on the web user interface of the Vigor router However in some cases it might be necessary to have other users in LAN to access into the web user interface of Vigor router This feature allows you to add more administrators who can then log in t...

Страница 287: ...click this button to create a new local user The new user will be shown on the Local User List immediately Edit If you wish to change a user in the Local User List select it perform the necessary modifications and click this button to update the user Delete If you wish to delete a user in the Local User List select it and click this button to remove it Administrator LDAP Setting Enable LDAP AD log...

Страница 288: ...r the password The maximum length of the password is 31 characters Confirm Password Enter the password again for verification Password Strength Shows the security strength of the password specified above Set to Factory Default Click to return to the factory default setting Click OK to save changes on the page and you will be directed to the login screen Please window will appear Please log in with...

Страница 289: ...79 3 The following screen will appear Simply click OK 4 Log out the Vigor router web user interface by clicking the Logout button 5 The following window will be shown Enter the new user password in the Password field and click Login ...

Страница 290: ...r s Guide 280 6 The main screen with User Mode will be shown Only basic settings are available in User Mode These are a subset of the Admin Mode settings Info Setting in User Mode can be configured as same as in Admin Mode ...

Страница 291: ...e settings are explained as follows Item Description Enable Check this box to enable the login customization function Login Page Title Enter a brief description e g Welcome to DrayTek which will be shown on the heading of the login dialog Welcome Message and Bulletin Enter words or sentences here It will be displayed for bulletin message In addition it can be displayed on the login dialog at the b...

Страница 292: ...Vigor3910 Series User s Guide 282 ...

Страница 293: ...File button to specify a configuration file to be restored Restore Click to initiate restoration of configuration If the backup file is encrypted you will be asked to enter the password Backup Normal backup Click it to perform the configuration backup of this router Protect full file with password Select to encrypt the backup with a password You will be prompted to enter the password as shown belo...

Страница 294: ...iguration will download automatically to your computer as a file named config cfg Info Configuration Backup does not include certificates stored on the router Please back up certificates separately by going to Certificate Management Certificate Backup R Re es st to or ri in ng g t th he e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows ...

Страница 295: ...ncrypted Click the Select File button to specify an exp file Import Click to import a configuration file If the file is encrypted you will need to enter the password set on the above password field Export Do not encrypt The configuration file exp will be output as an fully user readable text based file Encrypt password fields The configuration file exp will be output as a user readable text based ...

Страница 296: ... Management to set the router name Server IP Hostname The IP address hostname of the Syslog server Destination Port Assign a port for the Syslog protocol Mail Syslog Check the box to recode the mail event on Syslog Enable syslog message Check the box listed on this web page to send the corresponding message of firewall VPN User Access Call WAN Router DSL information to Syslog Mail Alert Setup Chec...

Страница 297: ...sing e mail application Username Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following 1 Just set your monitor PC s IP address in the field of Server IP Address 2...

Страница 298: ...88 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router ...

Страница 299: ...nternet Time Select this option to let the router set its system time by retrieving time information from the specified network time server using the Network Time Protocol NTP Time Server Enter the IP address Host name of the time server Priority Select Auto or IPv6 First as the priority Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable Dayli...

Страница 300: ...em time Send NTP Request Through Specify a WAN interface to send NTP request for time synchronization Select OK to save changes on the page or Cancel to discard changes without saving V V 1 1 1 10 0 S SN NM MP P This section allows you to configure settings for SNMP and SNMPV3 services The SNMPv3 is more secure than SNMP through the use of encryption supports AES and DES and authentication support...

Страница 301: ...s If this field is left blank any IPv6 LAN host is allowed to issue SNMP commands Trap Community Enter the Trap Community string The default setting is public Devices that send unsolicited messages to the SNMP console must pass the correct Trap Community string The maximum length of the text is 23 characters Notification Host IP IPv4 Enter the IPv4 address of hosts that are allowed to send SNMP tr...

Страница 302: ...sword Type a password for privacy The maximum length of the text is limited to 23 characters Enter a password for privacy The maximum allowed length is 23 characters Select OK to save changes on the page or Cancel to discard changes without saving ...

Страница 303: ...anagement The management pages for IPv4 and IPv6 protocols are different V V 1 1 1 11 1 1 1 I IP Pv v4 4 M Ma an na ag ge em me en nt t S Se et tu up p Available settings are explained as follows Item Description Router Name Enter the router name provided by ISP Default Disable Auto Logout If enabled the auto logout function for the web user interface will be disabled The web user interface sessio...

Страница 304: ...rnet are accepted Index in IP Object Enter the index of a configured IP object IP Mask Show the IP address and or subnet mask of the selected IP object Management Port Setup User Define Ports Check to specify custom port numbers for the Telnet HTTP HTTPS FTP TR 069 and SSH servers Default Ports Check to use standard port numbers for the Telnet and HTTP servers Brute Force Protection Any client try...

Страница 305: ...ion Management Access Control Allow management from the Internet Select to allow system administrators to login from the Internet and then select the specific services that are allowed to be remotely administered Disable PING from the Internet Select to reject all PING packets from the Internet For increased security this setting is enabled by default Access List from the Internet The ability of s...

Страница 306: ...able settings are explained as follows Item Description Allow management from LAN Enable the checkbox to allow system administrators to login from LAN interface There are several servers provided by the system which allow you to manage the router from LAN interface Check the box es to specify Apply To Subnet Check the LAN interface for the administrator to use for accessing into web user interface...

Страница 307: ...evice e g Vigor router which generates the certificate by itself to ensure the router security Such self signed certificate is signed with its own private key The self signed certificate can be used for services such as SSL VPN and HTTPS In addition it can be created for free by using a wide variety of tools Click Regeneration to open Regenerate Self Signed Certificate window ...

Страница 308: ...ies User s Guide 298 Enter all requested information including certificate name used to differentiate different certificates subject alternative name type and relational settings for subject name Then click GENERATE ...

Страница 309: ...s option to reboot the router using the current configuration Using factory default configuration Select this option to reset the router s configuration to the factory defaults before rebooting Auto Reboot Time Schedule Schedule Profile Select up to 4 user configured schedules to reboot the router on a scheduled basis Select OK to save changes on the page or Cancel to discard changes without savin...

Страница 310: ... s web site and FTP site is ftp DrayTek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Choose the right firmware by clicking Select Then click Upgrade The system will upgrade the firmware of the router automatically Click OK The following screen will appear Please execute the firmware upgrade utility first For the detailed information about firmware update ple...

Страница 311: ... mechanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web Content Filter Activate The Activate link brings you accessing into www vigorpro com to finish the activation of the account ...

Страница 312: ...on User Name Display the name of the existed user profile To modify the detailed settings simply click the user name link to access into the web page for modification Radius Check the box to turn on the security authentication service offered by internal RADIUS server for the user profile Uncheck the box to turn off ecurity authentication service offered by internal RADIUS server for the user prof...

Страница 313: ... Co on nt tr ro ol l There are nine groups of setting information which can be displayed on Dashboard as a reference for administrator user Except for Front Panel and System Information the settings information regarding to the groups listed on this page can be hidden if required ...

Страница 314: ...traffic can be throttled back to a lower speed If there s no defined priority to specify which packets should be discarded or in another term dropped from an overflowing queue packets of sensitive applications mentioned above might be the ones to drop off How this will affect application performance There are two components within Primary configuration of QoS deployment Classification Identifying ...

Страница 315: ...n the backbone will do the same checking before executing treatments in order to ensure service level consistency throughout the whole QoS enabled network However each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners It s not easy to achieve deterministic and consistent high priority QoS traf...

Страница 316: ...gement menu click Sessions Limit to open the web page To activate the function of limit session simply click Enable and set the default session limit Available settings are explained as follows Item Description Enable Disable Enable Click this button to activate the function of limit session Disable Click this button to close the function of limit session Default Max Sessions Defines the default s...

Страница 317: ...for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administration Message Type the words which will be displayed when reaches the maximum number of Internet sessions permitted Default Message Click this button to apply the default message off...

Страница 318: ... are explained as follows Item Description Enable Disable Enable Click this button to activate the function of limit bandwidth IP Routed Subnet Check this box to apply the bandwidth limit to the second subnet specified in LAN General Setup It is available for IPv4 settings only Disable Click this button to close the function of limit bandwidth Default Limit Per User TX Limit Define the default spe...

Страница 319: ...pecific limitation you set for each index RX limit Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existi...

Страница 320: ...igure general QoS setting for each WAN interface Direction Define which traffic the QoS Control settings will apply to IN apply to incoming traffic only OUT apply to outgoing traffic only BOTH apply to both incoming and outgoing traffic Inbound Outbound Bandwidth Set the connecting rate of data input output for other WAN For example if your ADSL supports 1M of downstream and 256K upstream please s...

Страница 321: ...ick it to create a class rule for QoS VoIP Prioritization Enable the First Priority for VoIP SIP RTP When this feature is enabled the VoIP SIP UDP packets will be sent with highest priority SIP UDP Port Set a port number used for SIP Tag Outbound Traffic Add DSCP or Precedence Value for Class 1 to Class 3 Check the box to add DSCP or Precedence value to Class 1 to Class 3 You can configure general...

Страница 322: ...will exhaust lots of bandwidth Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application Outbound TCP ACK Prioritize The difference in bandwidth between download and upload are great in ADSL2 environment For the download speed might be impacted by the uploading TCP ACK you can check this box to push ACK of upload faster to speed the network traffic Info The ...

Страница 323: ...be adjusted for your necessity To add edit or delete the class rule please click the Add Edit link of that one 2 For adding a new rule click Add to open the following page Available settings are explained as follows Item Description Enable Check this box to invoke these settings IP Version Please specify which protocol IPv4 or IPv6 will be used for this rule ...

Страница 324: ...ress you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the data for processing with QoS control Service Type It determines the service type of the data for processing with QoS control It can also be edited You can cho...

Страница 325: ...all the settings here please click OK to save the configuration By the way you can set up to 20 rules for one Class If you want to edit an existed rule please select the radio button of that one and click Edit to open the rule edit page for modification ...

Страница 326: ... packets sent out through WAN interface all of them will be tagged with certain header and that will be easily to be identified by server on ISP For example in the following illustration the VoIP packets in LAN go into Vigor router without any header However when they go forward to the Server on ISP through Vigor router all of the packets are tagged with AF configured in Bandwidth QoS Class automa...

Страница 327: ...r account Network administrator can give different firewall policies or rules for different hosts with different User Management accounts This is more flexible and convenient for network management Not only offering the basic checking for Internet access User Management also provides additional firewall rules e g CSM checking for protecting hosts Info Filter rules configured under Firewall usually...

Страница 328: ...by User Management The mode standard selected here will influence the contents of the filter rule s applied to every user Available settings are explained as follows Item Description Mode Selection There are two modes offered here for you to choose Each mode will bring different filtering effect to the users involved User Based If you choose such mode the router will apply the filter rules configu...

Страница 329: ...blank page or upload other image files the size no mare than 524 352 pixel to have an image of enterprise or have the effect of advertisement Login Page Greeting Such link allows you to access into the setting page for login greeting For detailed information refer to System Maintenance Login Page Greeting Display IP Address on tracking window Check the box to display the IP address of the client o...

Страница 330: ...les up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile To set the user profile please click any index number link to open the following page Notice that profile 1 admin and profile 2 Dial In User are factory default settings Profile 2 is reserved for future use ...

Страница 331: ...r has to type the User Name specified here to pass the authentication When the user passes the authentication he she can access Internet via this router However the accessing operation will be restricted with the conditions configured in this user profile The maximum length of the name you can set is 24 characters Password Type a password for such profile e g lug123 wug123 wug456 etc When a user t...

Страница 332: ...ype the user name and password for authentication A window with remaining time of connection for such user will be displayed Next the user can access Internet through any browser on Windows Note that Alert Tool can be downloaded from DrayTek web site Telnet If it is selected the user can use Telnet command to perform the authentication job Show Landing Page After Login When a user tries to access ...

Страница 333: ...when a user accesses into Internet through Vigor router successfully When the time is up all the connection jobs including network IM social media facebook and etc will be terminated Enable Data Quota Data Quota means the total amount for data transmission allowed for the user The unit is MB GB Click this box to set and increase the data quota for such profile Click this box to decrease the data q...

Страница 334: ...und with the IP address set below if PPPoE MAC Bind is enabled DHCP From Use the drop down list to specify LAN DMZ interface The IP address for binding with the MAC address above set in the selected interface will be assigned from the IP address set in the selected interface Static IP Address optional Type an IP address After finishing all the settings here please click OK to save the configuratio...

Страница 335: ...ser group All the available user objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User defined profiles will be numbered with 3 4 5 and so on Selected Keyword Objects Click button to add the selected user objects in this box After finishing all the settings here please click OK to save the configuration Default object 1 and...

Страница 336: ...r of the data flow User Display the users which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Address Display the IP address of the device Profile Display the authority of the account Last Login Time Display the login time that such user connects to the router last time Expired Time Display the expired time of the...

Страница 337: ...down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Click this link to refresh this page manually IP Address Displays the IP address of the client in LAN MAC Address Displays the MAC address of the client in LAN User Name Displays the name of user connecting to Vigor router currently You can click the link under the username to open t...

Страница 338: ...d a particular client will not be allowed to access Internet through the router There are three ways for authentication Web Alert Tool and Telnet A Au ut th he en nt ti ic ca at ti io on n v vi ia a W We eb b If a LAN client who hasn t passed the authentication opens an external web site in his browser he will be redirected to the router s Web authentication interface first Then the client is tryi...

Страница 339: ...Vigor3910 Series User s Guide 329 With Mozilla Firefox you may get the following warning message Select I Understand the Risks ...

Страница 340: ...e 330 With Chrome browser you may get the following warning Click Proceed anyway After that the web authentication window will appear Input the user name and the password for your account defined in User Management and click Login ...

Страница 341: ...s failed you will get the error message The username or password you entered is incorrect Please login again In above description you access an external web site to trigger the authentication You may also directly access the router s Web UI for authentication Both HTTP and HTTPS are supported for example http 192 168 1 1 or https 192 168 1 1 Replace 192 168 1 1 with your router s real IP address a...

Страница 342: ...in Successful in the Welcome Message table Also you will get a Tracking Window if you don t block the pop up window Don t setup a user profile in User Management and a VPN Remote Dial in user profile with the same Username Otherwise you may get unexpected result It is because the VPN Remote Dial in User profiles can be extended to the User profiles in User Management for authentication There are t...

Страница 343: ...ser profile with the same username chaochen but a different password 1234 you will always get error message The username or password you entered is incorrect when you use chaochen test via Web to do authentication If SSL Tunnel or SSL Web Proxy is disabled in the VPN profile a User Management account and a remote dial in VPN profile can use the same Username even with different passwords However w...

Страница 344: ...ccount name for the authentication 2 Type the password for authentication and press Enter The message User login successful will be displayed with the expired time if configured Info Here expired time is Unlimited means the Time Quota function is not enabled for this account After login this account will not be expired until it is logout 3 In the Web interface of router the configuration page of T...

Страница 345: ...e which means this account has no time quota If the Time Quota is enabled and time is not 0 minute You will get the following message The expired time is shown after you login After you run out the available time you can t use this account any more until the administrator manually adds additional time for you ...

Страница 346: ... again Authentication via VigorPro Alert Notice Tool allows user to setup the re authentication interval so that the utility will send authentication requests periodically This will keep the client hosts from having to manually authenticate again and again The configuration of the VigorPro Alert Notice Tool is as follows 1 Click Authenticate Now to start the authentication immediately 2 You may ge...

Страница 347: ...l le e 1 1 U Us se er rs s c ca an n s se ee e t th he e m me es ss sa ag ge e f fo or r l la an nd di in ng g p pa ag ge e a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 Open the web user interface of Vigor3910 2 Open User Management General Setup to get the following page In the field of Landing Page please type the words of Log...

Страница 348: ...ck OK to save the settings 5 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please enter the correct username and password 6 Click Login If the logging is successful you will see the message of Login Success from the browser you use ...

Страница 349: ...c ca al ll ly y a af ft te er r l lo og gg gi in ng g i in nt to o I In nt te er rn ne et t s su uc cc ce es ss sf fu ul ll ly y 1 In the field of Landing Page please type the words as below body stats 1 script language javascript window location http www draytek com script body 2 Next enable the Landing Page function Open User Management User Profile and click one of the index number e g index nu...

Страница 350: ...d click OK to save the settings 4 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please enter the correct username and password 5 Click Login If the logging is successful you will be directed into the website of www draytek com ...

Страница 351: ... be redirected to specific URLs or be shown messages when they first attempt to connect to the Internet through the router Users could be required to read and agree to terms and conditions or authenticate themselves prior to gaining access to the Internet Other potential uses include the serving of advertisements and promotional materials and broadcast of public service announcements ...

Страница 352: ...ble the profile Comments Shows the description of the profile Login Mode Shows the login mode used by the profile See the section Login Mode for details Applied Interface Shows the interfaces to which this profile applies Preview Click this button to preview the Hotspot Web Portal page that will be displayed to users V V 4 4 1 1 1 1 L Lo og gi in n M Me et th ho od d There are five login methods t...

Страница 353: ...e defined in Captive Portal URL and be granted access to the Internet C C V Va ar ri io ou us s H Ho ot ts sp po ot t L Lo og gi in n An authentication page will appear when users attempt to access the Internet for the first time via the router After authenticating themselves using a Facebook account Google account PIN code password for RADIUS sever they will be directed to the landing page and be...

Страница 354: ...e selected profile to display the following page Available settings are explained as follows Item Description Enable this profile Check to enable this profile Comments Enter a brief description to identify this profile Portal Server Portal Method There are four methods to be selected as for portal server When Skip Loging landing page only or Click through is selected as Portal Method Captive Porta...

Страница 355: ...instructions on obtaining an APP ID Google App Secret Enter the secret configured for the APP ID entered above Refer to section A 2 How to create a Google APP ID for Web Portal Authentication for details SMS Provider Receive PIN via SMS This setting is available when Receive PIN via SMS is selected as the login method Receiving PIN via SMS Provider Select the SMS Provider used to send PIN notifica...

Страница 356: ...e RADIUS server used by a client as an identification on a RADIUS server Enter a string with less than 32 characters Save and Next Click to save the configuration on this page and proceed to the next page Cancel Click to save the configuration on this page and proceed to the next page If you have chosen Skip Login landing page only or External Portal Server as the portal method skip to step 4 Whit...

Страница 357: ...res authentication select a background for the login page Available settings are explained as follows Item Description Choose Login Background Select either Color Background or Image Background as the login page background scheme Browser Tab Title Enter the text to be shown as the webpage title in the browser ...

Страница 358: ...able when Image Background is selected Set the opacity of the background image Background Image Available when Image Background is selected Click Browse to select an image file JPG or PNG format then click Upload to upload it to the router Save and Next Click to save the configuration on this page and proceed to the next page Cancel Click to abort the configuration process and return to the profil...

Страница 359: ...e C Cl li ic ck k T Th hr ro ou ug gh h This section describes the Login Page setup if you have selected Click Through as the Login Method Available settings are explained as follows Item Description Welcome Message Enter the text to be displayed as the welcome message Terms and Enter the text to be displayed as the Terms and Conditions ...

Страница 360: ...r the text to be displayed on the accept button Accept Button Color Select the color of the accept button from the predefined color list or select Customize Color and enter the RGB value Click Preview to preview the selected color Save and Next Click to save the configuration on this page and proceed to the next page Cancel Click to abort the configuration process and return to the profile summary...

Страница 361: ...ings that are relevant to the selected login method s Settings that are common to Facebook Google PIN and RADIUS authentication are Item Description Welcome Message Enter the text to be displayed as the welcome message Terms and Conditions Description Enter the text to be displayed as the Terms and Conditions hyperlink text Terms and Conditions Content Enter the text to be displayed in the Terms a...

Страница 362: ...ting will appear Item Description Facebook Login Description Enter the text to be displayed on the Facebook login button If you have selected Google login the setting will appear Item Description Google Login Description Enter the text to be displayed on the Google login button ...

Страница 363: ...ceiving PIN via SMS Content Enter the message to be sent by SMS to inform the user of the PIN The PIN variable is specified by PIN within the message Enter PIN Description Enter message to be displayed in the PIN textbox to prompt the user to enter the PIN Submit Button Description Enter the text to be displayed on the submit PIN button Submit Button Color Select the color of the submit button fro...

Страница 364: ...ser to enter the password Login Button Description Enter the text to be displayed on the login button Login Button Color Select the color of the login button from the predefined color list or select Customize Color and enter the RGB value Click Preview to preview the selected color And finally the save and cancel buttons are always displayed Item Description Save and Next Click to save the configu...

Страница 365: ...configure the page that is displayed to users when they request a PIN Available settings are explained as follows Item Description Back Button Description Enter text for the label of the hyperlink to return to the previous page PIN Code Message Enter text to be displayed as the body text on the page Default Country Select the default country code to be displayed using the dropdown ...

Страница 366: ...nd Button Color Select the color of the send button from the predefined color list or select Customize Color and enter the RGB value Click Preview to preview the selected color Send Succeeded Message Enter text to be displayed to notify the user after the PIN has been sent Save and Next Click to save the configuration on this page and proceed to the next page Cancel Click to abort the configuratio...

Страница 367: ... the web portal Hosts listed in selected NAT rules can always access the Internet without being intercepted by the web portal Dest Domain Enter up to 30 destination domains that are allowed to be accessed Dest IP Enter up to 30 destination IP addresses that are allowed to be accessed Dest Port Enter up to 30 destination protocols and ports that are allowed through the router Source IP Enter up to ...

Страница 368: ...In this step you can configure advanced options for the Hotspot Web Portal Available settings are explained as follows Item Description Quota Management Expired Time After Activation Enter the time duration that users are allowed to have Internet access after logging in ...

Страница 369: ...ess Internet access in a hotel User Requested URL The user will be redirected to the URL they initially requested Bulletin Message The message configured here will be briefly shown for a few seconds to the user Default Message This button is enabled when Bulletin Message is selected Click to load the default text into the bulletin message textbox Force Landing Page Stay This option is useful for m...

Страница 370: ...agement will override the policies set in Bandwidth Management Bandwidth Limit and Bandwidth Management Limit Available settings are explained as follows Item Description Bandwidth Limit Check the box to override the policy configured in Bandwidth Management Bandwidth Limit Session Limit Check the box to override the policy configured in Bandwidth Management Session Limit Quota Policy Profile Add ...

Страница 371: ...specified idle time has passed Device Control Set the maximum number of devices that can be connected for each account and the time restriction for the client accessing Internet via the web portal Devices Allowed per account Use the drop down list to select the maximum number of devices that can be connected to the network using the same account Reconnection Time Restriction Blocks the account fro...

Страница 372: ...eb portal client Download Upload Limits Set the maximum upload and download speeds Session Limit Check the box to configure a maximum session limit for web portal clients After finishing all the settings here please click OK to save the configuration ...

Страница 373: ...ok k G Go oo og gl le e Vigor Router supports Hotspot Web Portal function The network administrator can set Vigor Router as a Hotspot provider with web authentication and allow users to log in with their social media accounts such as Facebook and Google We demonstrate how to set up the hotspot web portal with Facebook login in the following paragraphs V Vi ig go or r R Ro ou ut te er r S Se et tu ...

Страница 374: ...ct Various Hotspot Login for Portal Method d Choose Login with Facebook or Login with Google as Login Method If Login with Facebook is selected the protocol of the Captive Portal URL need to be changed to HTTPS instead of HTTP because Facebook force to use HTTPS URL in their policy e Enter the APP ID and secret f Click Save and Next ...

Страница 375: ...uide 365 4 Choose the Color Background customize the information a logo color and click Save and Next You can click the Step Icon on the top of the page to go to the step you want The router will save your setting automatically ...

Страница 376: ...Vigor3910 Series User s Guide 366 Or choose the Image Background customize the information and background image and click Save and Next ...

Страница 377: ...uide 367 5 Customize the descriptions on the login page then click Save and Next 6 You can set the Whitelist for the profile here to allow specific clients to access the internet or certain websites can be visited without login ...

Страница 378: ...g Page After Activation that Hotspot clients will see after they login successfully Finally select the interfaces to which you would like this hotspot profile apply to then click Finish to save the setting 8 Then the Hotspot setup is finished You may click Preview to check the login page ...

Страница 379: ...r might warns that it cannot verify server identity the clients would need to tap Continue before they can proceed to portal draytek com The client might not be able to access portal draytek com if this domain name is resolved by a DNS server on LAN If so set up LAN DNS to make sure the domain name will be resolved to the router s LAN IP 10 Tap on a login method and it will open the social media l...

Страница 380: ...o access the Internet afterward U Us se er r I In nf fo or rm ma at ti io on n Network administrator can plug the USB disk to router to record the basic information of the users who connect to the Wi Fi and login with their social media accounts The users basic information will be listed on Hotspot Web Portal Users Information page ...

Страница 381: ... the authenticated clients Network Administrator may set up the router to allow hotspot client to get the login PIN code from an SMS message This note is going to demonstrate how to set up Vigor Router as a hotspot gateway and be able to send the PIN code to clients by SMS messages V Vi ig go or r R Ro ou ut te er r S Se et tu up p 1 Make sure the router is connected to the Internet 2 Create an SM...

Страница 382: ...r s Guide 372 3 Enter the Service Provider details and click OK to apply 4 Go to Hotspot Web Portal Profile Setup click on an available profile 5 Enable the profile give a comment and choose PIN Code Login Then click Next ...

Страница 383: ...igor3910 Series User s Guide 373 6 Choose a login page design customize the details and click Next 7 Edit the message on the login page and click Next 8 Edit the details for SMS settings then click Next ...

Страница 384: ... 374 9 Edit the landing page choose the interfaces to which the SMS login should apply and then click Finish 10 Now the hotspot settings are applied to the selected interfaces You may click Preview to check how the login page looks ...

Страница 385: ... C Cl li ie en nt t L Lo og gi in n 11 If the client connected to the selected interface of the router and try to open a webpage they will be redirected to hotspot login page If they do not have a password yet they can click on the button to get a password ...

Страница 386: ...s would need to tap continue before they can proceed to portal draytek com The client might not be able to access portal draytek com if this domain name is resolved by a DNS server on LAN If so set up LAN DNS to make sure the domain name will be resolved to the router s LAN IP 12 Enter the mobile phone number to receive the SMS message ...

Страница 387: ...Vigor3910 Series User s Guide 377 13 The number will get a message about the password 14 Enter the password on the login page and click Login ...

Страница 388: ...Vigor3910 Series User s Guide 378 15 If the password is correct the client will be redirected to the landing page and after that they will be able to surf the Internet ...

Страница 389: ...Vigor3910 Series User s Guide 379 P Pa ar rt t V VI I O Ot th he er rs s Define objects such as IP address service type keyword file extension and others These pre defined objects can be applied in CSM ...

Страница 390: ... Series User s Guide 380 V VI I 1 1 O Ob bj je ec ct ts s S Se et tt ti in ng gs s Define objects such as IP address service type keyword file extension and others These pre defined objects can be applied in CSM ...

Страница 391: ...range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address You can set up to 192 sets of IP Objects with different conditions ...

Страница 392: ...ct profile Address Display the IP address configured for the object profile Export IP Object Usually the IP objects can be created one by one through the web page of Objects IP Object However to a user who wants to save more time in bulk creating IP objects a quick method is offered by Vigor router to modify the IP objects with a single file a CSV file All of the IP objects or the template can be ...

Страница 393: ...terface Choose a proper interface For example the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN RT VPN or any IP address If you choose LAN RT VPN as the Interface here and choose LAN RT VPN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN RT VPN interface will be opened for you to choose in Edit Filter Rule page Ad...

Страница 394: ...et Mask Type the subnet mask if the Subnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen 4 After finishing all the settings here please click OK to save the configuration Below is an example of IP objects settings ...

Страница 395: ...ws Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Available settings are explained as follows ...

Страница 396: ... above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration V VI I 1 1 3 3 I IP Pv v6 6 O Ob bj je ec ct t You can set up to 64 sets of IPv6 Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all ...

Страница 397: ...everal IPv6s within a range Select Subnet Address if this object contains one subnet for IPv6 address Select Any Address if this object contains any IPv6 address Select Mac Address if this object contains Mac address Mac Address Type the MAC address of the network card which will be controlled Start IP Address Type the start IP address for Single Address type End IP Address Type the end IP address...

Страница 398: ...ings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows ...

Страница 399: ...IPv6 Objects Click button to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save the configuration V VI I 1 1 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Inde...

Страница 400: ...tocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are...

Страница 401: ...able settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Group column for configuration in details 2 The configuration page will be shown as follows ...

Страница 402: ...15 characters are allowed Available Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box 3 After finishing all the settings please click OK to save the configuration ...

Страница 403: ... 200 keyword object profiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile ...

Страница 404: ... are explained as follows Item Description Name Type a name for this profile e g game Maximum 15 characters are allowed Contents Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings 3 After finishing all the settings please clic...

Страница 405: ...t in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will b...

Страница 406: ... selected Keyword objects in this box 3 After finishing all the settings please click OK to save the configuration V VI I 1 1 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action Ava...

Страница 407: ...ls 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is 7 characters 3 Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile ...

Страница 408: ...e Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Index Display the profile number that you can configure Profile Display the name for such SMS profile SMS Provider Display the service provider which offers SMS service To set a new profile please do the steps listed below 1 Click the SMS Provider tab and cli...

Страница 409: ...n use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the number of the credit that you purchase from the service provider chosen above Note that one credit equals to one SMS text message on...

Страница 410: ...x 10 are fixed You can click the number e g 9 under Index column for configuration in details Available settings are explained as follows Item Description Profile Name Display the name of this profile It cannot be modified Service Provider Type the website of the service provider Type the URL string in the box under the filed of Service Provider You have to contact your SMS provider to obtain the ...

Страница 411: ...rval for the system to send SMS After finishing all the settings here please click OK to save the configuration M Ma ai il l S Se er rv vi ic ce e O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default set...

Страница 412: ...r SMTP Port Type the port number for SMTP server Sender Address Type the e mail address of the sender Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication The mail server must be authenticated with the correct username and password to have the right of sending message out Check the box to enable the function Username Typ...

Страница 413: ... ti io on n O Ob bj je ec ct t This page allows you to set ten profiles which will be applied in Application SMS Mail Alert Service You can set an object with different monitoring situation To set a new profile please do the steps listed below 1 Open Object Setting Notification Object and click the number e g 1 under Index column for configuration in details ...

Страница 414: ...15 characters Category Display the types that will be monitored Status Display the status for the category You can check the box you want to be monitored For example the check box of CPE firmware Upgrade Fail under the category of Central VPN Management is checked Once such profile is enabled Vigor router system will send out notification to the recipient via SMS 3 After finishing all the settings...

Страница 415: ... settings are explained as follows Item Description Add Click it to open the following page for adding a new string object Set to Factory Default Click it to clear all of the settings in this page Index Display the number link of the string profile String Display the string defined Clear Choose the string that you want to remove Then click this check box to delete the selected string Below shows a...

Страница 416: ...d by the Vigor router s Firewall The country object by grouping IP addresses for multiple countries can be applied by other functions such as router policy destination refer to the following figure for example To set a new profile please do the steps listed below 1 Open Object Setting Country Object and click the number e g 1 under Index column for configuration in details ...

Страница 417: ...h of the name you can set is 15 characters Available Country Selected Country Select any country from Available Country Click to move the selected country and place on Selected Country Check the box es for the country countries to be blocked by Firewall Note that one country profile can contain 1 up to 16 countries 3 After finishing all the settings here please click OK to save the configuration ...

Страница 418: ... Log into the web user interface of Vigor router 2 Configure relational objects first Open Object Settings SMS Mail Server Object to get the following page Index 1 to Index 8 allows you to choose the built in SMS service provider If the SMS service provider is not on the list you can configure Index 9 and Index 10 to add the new service provider to Vigor router 3 Choose any index number e g Index ...

Страница 419: ...rofile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending the SMS In the following page type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper ...

Страница 420: ...o choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS 9 Click OK to save the settings Later if one of the WAN connections fails in your router the system will send out SMS to the phone number specified If the router has only one WAN interface the system will send out SMS to the phone number...

Страница 421: ...S P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password After clicking OK the new added SMS provider will be added and will be available for you to specify for sending SMS out ...

Страница 422: ...Vigor3910 Series User s Guide 412 This page is left blank ...

Страница 423: ... 413 P Pa ar rt t V VI II I T Tr ro ou ub bl le es sh ho oo ot ti in ng g This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration ...

Страница 424: ...ow to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you ...

Страница 425: ... 1 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the source IP address Available settings are explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the p...

Страница 426: ...Guide 416 V VI II I 1 1 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Страница 427: ...ostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Страница 428: ...ping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click IPv6 Neighbour Table to open the web page Available settings are explained as follows Item Description Refresh Click it to reload the page ...

Страница 429: ...CP Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the hos...

Страница 430: ...ble settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP address and port of remote host Interface It displays the representing number for different interface Refresh Click it to reload the page ...

Страница 431: ...d displayed on Diagnostics DNS Cache Table Available settings are explained as follows Item Description Clear Click this link to remove the result on the window Refresh Click it to reload the page When an entry s TTL is larger than Check the box the type the value of TTL time to live for each entry Click OK to enable such function It means when the TTL value of each DNS query reaches the threshold...

Страница 432: ...the web page or Available settings are explained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Auto to be determined by the router automatically Ping to Use the drop down list to choose the destination that you ...

Страница 433: ...pe the IP address of the Host IP that you want to ping Ping IPv6 Address Type the IPv6 address that you want to ping Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to remove the result on the window ...

Страница 434: ...t and IP session limit before invoking Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor to open the web page You can click IP Address TX rate RX rate or Session link for arranging the data display Available settings are explained as follows Item Description Enable Data Flow Monitor Check this box to enable this f...

Страница 435: ...fied in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock The device with the IP address will be blocked for five minutes The remaining time will be shown on the session column Click it to cancel the IP address blocking Current Peak Speed Current means current transmission rate and receiving rate for WAN interface Peak means the highest p...

Страница 436: ...et to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN3 WAN5 WAN6 WAN7 WAN8 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed ...

Страница 437: ...the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or Available settings are explained as follows Item Description IPv4 IPv6 Click one of them to display corresponding information for it Trace through Use the drop down list to choose the interface that you want to ping through ...

Страница 438: ... Syslog specify the type of Syslog and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference Available settings are explained as follows Item Description Enable Web Syslog Check this box to enable the function of Web Syslog Syslog Type Use the drop down list to specify a type of Syslog to be displayed Export Click this link to save the data...

Страница 439: ...atus web page could help you to diagnose the connection status of TSPC If TSPC has configured properly the router will display the following page when the user connects to tunnel broker successfully Available settings are explained as follows Item Description Refresh Click this link to refresh this page manually ...

Страница 440: ... configuration for the selected router Back Return to previous page HA Setup Click it to open Applications High Availability for modifying the configuration Renew Click it to get the newest status of other router except the primary router Refresh Click it to get the newest status of the primary router Status means an error has occurred Refer to Detailed information and modify HA settings if requir...

Страница 441: ...configuration synchronization is ready to execute Progressing means configuration synchronization is operating Fail means configuration synchronization executed and failed or wrong model name Equal means the corresponding settings are equal to the primary router Cached Time Display the time period since the last time to get the newest status of other router except the primary router Cick the link ...

Страница 442: ...o on n L Lo og g This page will display the complete authentication log information Available settings are explained as follows Item Description Enable Check the box to enable such function Refresh Click it to update current page Clear Click it to remove all of the records Syslog Type Specify RADIUS 802 1X or All to display related authentication information log Display Mode Choose the mode you wa...

Страница 443: ...ironment to find out if there is any abnormal connection Information of IP traced and destination port used for SYN Flood UDP Flood and ICMP Flood attacks will be detected and shown respectively on different pages Moreover IP address detected and suspected to attack the network system can be blocked shortly by clicking the Block button shown on pages of SYN Flood UDP Flood and ICMP Flood Info The ...

Страница 444: ...uter analyze how a single packet will be sent by a route policy Analyze multiple packets Choose such mode to make Vigor router analyze how multiple packets in a specified file will be sent by a route policy Packet Information Specify the nature of the packets to be analyzed by Vigor router ICMP UDP TCP ANY Specify a protocol for diagnosis Src IP Type an IP address as the source IP Dst IP Type an I...

Страница 445: ...k such button to select that blank csv file for saving the result of analysis Analyze Click it to perform the job of analyzing The analyzed result will be shown on the page If required click export analysis to export the result as a file Note that the analysis was based on the current load balance route policy settings we do not guarantee it will be 100 the same as the real case ...

Страница 446: ...he hardware status 1 Check the power line and WLAN LAN cable connections Refer to I 2 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong with the hardware status Simply back to I 2 Hardware Installation to execute the hardware installation again And then try again...

Страница 447: ...he link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s Info The example is based on Windows 7 As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Open All Programs Getting Started Control Panel Click Network and Sharing Center 2 In the follo...

Страница 448: ...or3910 Series User s Guide 438 4 Select Internet Protocol Version 4 TCP IP and then click Properties 5 Select Obtain an IP address automatically and Obtain DNS server address automatically Finally click OK ...

Страница 449: ...uide 439 F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Страница 450: ... router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 8 The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP addre...

Страница 451: ...Vigor3910 Series User s Guide 441 ...

Страница 452: ...gured in Vigor router Check if the LEDs on Vigor router are on or not If not please install an additional switch for connecting both Vigor router and the modem offered by ISP Then check if the LEDs on Vigor router are on or not If the problem of LEDs cannot be solved by the above measures please contact with the nearest reseller or send an e mail to DrayTek FAE for technical support Check if the s...

Страница 453: ...ssing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of factory default is null S So of ft tw wa ar re e R Re es se et t You can reset the router to factory default via Web page Such function is available in Admin Mode only Go to System Maintenance and choose Reboot System on the web page The follo...

Страница 454: ...on Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request V VI II I 7 7 C Co on nt ta ac ct ti in ng g D Dr ra ay yT Te ek k If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please...

Страница 455: ...Vigor3910 Series User s Guide 445 P Pa ar rt t V VI II II I D Dr ra ay yT Te ek k T To oo ol ls s ...

Страница 456: ...ple protocol VPN connections such as IPSec PPTP L2TP protocols for secure data exchange and communication With SSL VPN embedded on Vigor routers teleworkers can have convenient and simple access to central site VPN The teleworkers do not need to install any VPN software manually From regular web browser you can establish VPN connection back to your main office even in a guest network or web cafe D...

Страница 457: ... SS SL L V VP PN N T Tu un nn ne el l SmartVPN APP for Android is now available on Google play This document demonstrates how to use the APP to establish a SSL VPN tunnel 1 On VPN server create a SSL user account Please refer to How to Set up SSL VPN on www draytek com for detailed instructions 2 Download the APP from Google play and run the APP 3 Click to add a new profile ...

Страница 458: ...or Routers it is 443 by default d Tap SAVE to save the profile or to cancel Info Installation of relevant Root CA is required to enable server certificate authentication If you check Use default gateway on remote network all the traffic of this smart device will be forwarded to the remote gateway 5 Tap the profile bar to establish SSL VPN tunnel 6 Enter Username and Password then tap Dial ...

Страница 459: ...Vigor3910 Series User s Guide 449 7 When the tunnel is up the profile will turn green Tap the bar again will disconnect the tunnel 8 Tap the pencil icon to edit or remove the profile ...

Страница 460: ...Vigor3910 Series User s Guide 450 This page is left blank ...

Страница 461: ...Vigor3910 Series User s Guide 451 P Pa ar rt t I IX X T Te el ln ne et t C Co om mm ma an nd ds s ...

Страница 462: ...e Windows Features of Telnet Client has been turned on under Control Panel Programs Type cmd and press Enter The Telnet terminal will be open later In the following window type Telnet 192 168 1 1 as below and press Enter Note that the IP address in the example is the default address of the router If you have changed the default enter the current IP address of the router Next type admin admin for A...

Страница 463: ...uide 453 For users using previous Windows system e g 2000 XP simply click Start Run and type Telnet 192 168 1 1 in the Open box as below Next type admin admin for Account Password And type to get a list of valid common commands ...

Страница 464: ... pp pe e s se et t It is used to configure group settings for IM P2P Protocol and Others in APP Enforcement Profile S Sy yn nt ta ax x csm appe set i INDEX v GROUP e AP_IDX d AP_IDX a AP_IDX ACTION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number of CSM profile from 1 to 32 v View the IM P2P Protocol and Others configuration of the CSM profi...

Страница 465: ...he configuration status of Others group E Ex xa am mp pl le e csm appe show t Type Index Name Version Advance Advanced Option M essage F ile Transfer G ame C onference and O ther Activities PROTOCOL 52 DB2 PROTOCOL 53 DNS PROTOCOL 54 FTP PROTOCOL 55 HTTP 1 1 PROTOCOL 56 IMAP 4 1 PROTOCOL 57 IMAP STARTTLS 4 1 PROTOCOL 58 IRC 2 4 0 T Te el ln ne et t C Co om mm ma an nd d c cs sm m a ap pp pe e c co...

Страница 466: ... nd d c cs sm m a ap pp pe e i in nt te er rf fa ac ce e It is used to configure APPE signature download interface S Sy yn nt ta ax x csm appe interface AUTO WAN S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n P Pa ar ra am me et te er r D De es sc cr ri ip pt ti io on n AUTO Vigor router specifies WAN interface automatically WAN Specify the WAN interface for signature downloading E Ex xa am ...

Страница 467: ...f S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n P Pa ar ra am me et te er r D De es sc cr ri ip pt ti io on n show Display all of the profiles setdefault Return to default settings for all of the profile msg MSG Set the administration message MSG means the content less than 255 characters of the message itself obj Specify the object for the profile INDEX Specify the index number of CSM prof...

Страница 468: ...m ucf obj INDEX uac v csm ucf obj INDEX uac e csm ucf obj INDEX uac d csm ucf obj INDEX uac a P B csm ucf obj INDEX uac i E D csm ucf obj INDEX uac o KEY_WORD_Object_Index csm ucf obj INDEX uac g KEY_WORD_Group_Index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX Specify the index number of CSM profile from 1 to 8 v View the protocol configuration of the CSM profi...

Страница 469: ...file E Ex xa am mp pl le e csm ucf obj 1 uac i E Profile Index 1 Profile Name game Log none Priority Select Bundle Pass Enable URL Access Control Action pass v Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name csm ucf obj 1 uac a B Profile Index 1 Profile Name game Log none Priority Select Bundle Pass Enable URL Access Control Action block v Prevent web access from IP a...

Страница 470: ...figuration of the CSM profile e Enable the restriction of web feature d Disable the restriction of web feature a Set the action of web feature P or B B Block The web access meets the web feature will be blocked P Pass The web access meets the web feature will be passed s Enable the the Web Feature configuration Features available for configuration are c Cookie p Proxy u Upload u Cancel the web fea...

Страница 471: ... S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show Display the web content filter profiles Look Display the license information of WCF Cache Set the cache level for the profile Server WCF_SERVER Set web content filter server Msg MSG Set the administration message MSG means the content less than 255 characters of the message itself setdefault Return to default settings...

Страница 472: ...gal Drug Nudity Pornography Sexually Explicit Weapons Violence School Cheating Sex Education Tasteless Child Abuse Imges Entertainment Games Sports Travel Leisure Recreation Fashin Beauty Business Job Search Web based Emai Chat Instant Messaging Anonymizers Forums Newsgroups Computers Technology Download Sites Streaming Media Downloads Phishing Fraud Search Engines Portals Social Networking Spam S...

Страница 473: ... School Cheating v Sex Education v Tasteless v Child Abuse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d c cs sm m d dn ns sf f It means to configure the settings regarding to DNS filter S Sy yn nt ta ax x csm dnsf enable ON OFF csm dnsf syslog N P B A csm dnsf service WCF_PROFILE csm dnsf service_ucf UCF_PROFILE c...

Страница 474: ...s one hour 2 is two hours and so on for DNS filter blockpage DNS sends block page for redirect port When a web page is blocked by DNS filter the router system will send a message page to describe that the page is not allowed to be visisted ON Enable the function of displaying message page OFF Disable the function of displaying message page SHOW Display the function of displaying message page is ON...

Страница 475: ...yn nt ta ax x ddns set option ddns set i account index S service provider T service type D hostname L username P password S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description i value It means index number of Dynamic DNS Account value 1 6 E value It means to enable disable Dynamic DNS Account value 0 Disable 1 Enable W value It means to specify WAN Interface value Must be betw...

Страница 476: ...g 17 Viettel DDNS vddns vn 18 vigorddns com www vigorddns com 19 ZoneEdit DDNS dynamic zoneedit com T value It means to type Servive Type value value must be between 1 3 1 Dynamic 2 Custom 3 Static D Host Name sub Domain Name It means to type Domain Name i e Account index 1 setting Domain Name for Dynamic Service Type ddns set i 1 T 1 D host ddns com cn i e Account index 2 setting Domain Name for ...

Страница 477: ... The range is from 1 to 14400 E Ex xa am mp pl le e ddns time ddns time update in minutes Valid 1 14400 Now 14400 ddns time 1000 ddns time update in minutes Valid 1 14400 Now 1000 T Te el ln ne et t C Co om mm ma an nd d d dd dn ns s f fo or rc ce eu up pd da at te e This command will update DDNS automatically E Ex xa am mp pl le e ddns forceupdate Now updating DDNS Please check result by using co...

Страница 478: ... Co om mm ma an nd d d do os s This command allows users to configure the settings for DoS defense system S Sy yn nt ta ax x dos V D A dos s ATTACK_F THRESHOLD TIMEOUT dos a e ATTACK_F ATTACK_0 d ATTACK_F ATTACK_0 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V View the configuration of DoS defense system D Deactivate the DoS defense system A Activate the DoS defense s...

Страница 479: ...fic attack s ATTACK_0 Specify a name of the following attacks ip_option tcp_flag land teardrop smurf pingofdeath traceroute icmp_frag syn_frag unknow_proto fraggle d Disable the defense function for a specific attack s E Ex xa am mp pl le e dos A The Dos Defense system is Activated dos s synflood 50 10 Synflood is enabled Threshold 50 pke sec timeout 10 pke sec ...

Страница 480: ...pe in several commands in one line S isp name Set ISP Name max 23 characters P on off Enable PPPoE Service u username Set username max 49 characters for Internet accessing p password Set password max 49 characters for Internet accessing a n It means to set PPP Authentication Type and n means different types represented by 0 1 n 0 PAP CHAP this is default setting n 1 PAP Only t n Set connection dur...

Страница 481: ... 15 in Schedule Setup Four Q mode Set PPP mode or DHCP mode WAN Connection Detection Mode mode 0 ARP Detect 1 Ping Detect I ping ip Set PPP mode or DHCP mode WAN Connection Detection Ping IP ping ip ppp qqq rrr sss WAN Connection Detection Ping IP L n Set PPP mode WAN Connection Detection TTL 1 255 value E sim pin code Set DHCP mode SIM PIN code max 19 characters G mode Set DHCP mode Network Mode ...

Страница 482: ...he function Disable Disable the function E Ex xa am mp pl le e ip 2ndsubnet enable public subnet enabled T Te el ln ne et t C Co om mm ma an nd d i ip p p pu ub ba ad dd dr r This command allows to set the IP routed subnet for the router S Sy yn nt ta ax x ip pubaddr ip pubaddr public subnet IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Display an IP address...

Страница 483: ...public subnet mask done T Te el ln ne et t C Co om mm ma an nd d i ip p l la an na al li ia as s This command is used for configuring LAN IP Alias S Sy yn nt ta ax x ip lanalias idx e a w r S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description idx Enter the index number from 1 to 5 of the table displayed on your screen e 0 1 Enable disable the IP alias a address Set an IP alia...

Страница 484: ...sk S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IP netmask The netmask of LAN IP E Ex xa am mp pl le e ip nmask 255 255 0 0 Set IP netmask OK T Te el ln ne et t C Co om mm ma an nd d i ip p a ar rp p ARP displays the matching condition for IP and MAC address S Sy yn nt ta ax x ip arp add IP address MAC address LAN or WAN ip arp del IP address LAN or WAN ip arp flush i...

Страница 485: ...s display the setting status Time Available settings will be 10 20 30 2550 seconds E Ex xa am mp pl le e ip arp status ARP Table Index IP Address MAC Address Netbios Name Interface VLAN Port 1 192 168 1 5 00 05 5D E4 D8 EE LAN1 VLAN0 P1 T Te el ln ne et t C Co om mm ma an nd d i ip p d dh hc cp pc c This command is available for WAN DHCP S Sy yn nt ta ax x ip dhcpc option ip dhcpc option h l ip dh...

Страница 486: ...55 0 WAN Gateway 172 16 3 1 Primary DNS 168 95 192 1 Secondary DNS 0 0 0 0 Leased Time 259200 Leased Time T1 129600 Leased Time T2 226800 Leased Elapsed 259194 Leased Elapsed T1 129594 Leased Elapsed T2 226794 T Te el ln ne et t C Co om mm ma an nd d i ip p p pi in ng g This command allows users to ping IP address of WAN1 WAN2 for verifying if the WAN connection is OK or not S Sy yn nt ta ax x ip ...

Страница 487: ...p tracert 22 128 2 62 WAN1 Traceroute to 22 128 2 62 30 hops max 1 172 16 3 7 10ms 2 172 16 1 2 10ms 3 Request Time out 4 168 95 90 66 50ms 5 211 22 38 134 50ms 6 220 128 2 62 50ms Trace complete T Te el ln ne et t C Co om mm ma an nd d i ip p t te el ln ne et t This command allows users to access specified device by telnet S Sy yn nt ta ax x ip telnet IP address Port S Sy yn nt ta ax x D De es sc...

Страница 488: ...ion ifno It means the connection interface 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 Note PVC3 PVC5 are virtual WANs e It means to disable or enable RIP setting for specified WAN interface 1 Enable the function of setting RIP of WAN IP 0 Disable the function E Ex xa am mp pl le e ip wanrip Valid ex ip wanrip ifno e 0 1 ifno 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 e 0 1 0 disable 1 enable Now status WAN 1 Rip ...

Страница 489: ...rrent status of static route dst It means the IP address of the destination netmask It means the netmask of the specified IP address gateway It means the gateway of the connected router ifno It means the connection interface 3 WAN1 4 WAN2 5 WAN3 6 WAN4 rtype It means the type of the route default default route static static route cnc It means current IP range for CNC Network default Set WAN1 WAN2 ...

Страница 490: ...eans to disable proxy server wan It means to specify WAN interface for IGMP service query It means to set IGMP general query interval The default value is 125000 ms ppp 0 No need to set IGMP with PPP header 1 Set IGMP with PPP header status It means to display current status for proxy server E Ex xa am mp pl le e This command is for setting IGMP General Query Interval The default value is 125000 m...

Страница 491: ...ble Display the whole table of IGMP Snoop configuration txquery on off v2 v3 IGMP query will be sent out to LAN periodically mode hw sw Make IGMP snooping work on software or hardware chkleave on off Off Vigor router will drop LEAVE if clients still on the same group separate on off On IGMP packets will be separated by NAT Bridge mode E Ex xa am mp pl le e ip igmp_snoop mode sw igmp snooping works...

Страница 492: ... through the router add Add the session limits in an IP range del Delete the session limits in an IP range IP1 IP2 It means the range of IP address specified for this command num It means the number of the session limits e g 100 p2pnum It means the number of the session limits e g 50 for P2P E Ex xa am mp pl le e ip session default 100 ip session add 192 168 1 5 192 168 1 100 100 50 ip session on ...

Страница 493: ...ate for bandwidth limit shared It means that the bandwidth will be shared for the IP range E Ex xa am mp pl le e ip bandwidth default 200 800 ip bandwidth add 192 168 1 50 192 168 1 100 10 60 ip bandwidth status IP range 192 168 1 50 192 168 1 100 Tx 10K Rx 60K Current ip Bandwidth limit is turn off Auto adjustment is off T Te el ln ne et t C Co om mm ma an nd d i ip p b bi in nd dm ma ac c This c...

Страница 494: ...ac function is turned ON IP 192 168 1 46 bind MAC 00 50 7f 22 33 55 Comment just T Te el ln ne et t C Co om mm ma an nd d i ip p b bg gp p This command allows users to configure settings for BGP S Sy yn nt ta ax x ip bgp mode 0 1 ip bgp as value ip bgp hold value ip bgp retry value ip bgp id value ip bgp show ip bgp neighbor idx mode 0 1 ip bgp neighbor idx name max len 20 ip bgp neighbor idx ip x...

Страница 495: ...he neighboring router idx Available profile number is between 1 and 8 x x x x Enter the IP address e g 100 100 100 100 neighbor idx as 1 4294967295 It means to set the AS number for the neightboring router idx Available profile number is between 1 and 8 value Available number is between 1 and 4294967295 neighbor idx md5 0 1 It means to enable or disable 1 0 for MD5 function for the neightboring ro...

Страница 496: ...Vigor3910 Series User s Guide 486 IP addr 192 168 2 56 Net mask 255 255 255 0 ip bgp static show BGP static networks Index 1 IP addr 192 168 2 56 mask 255 255 255 0 ...

Страница 497: ... in several commands in one line General Setup for Policy Route i value Specify an index number for setting policy route profile Value 1 to 60 1 means to get a free policy index automatically e 0 1 0 Disable the selected policy route profile 1 Enable the selected policy route profile o value Determine the operation of the policy route Value add Create a new policy rotue profile del Remove an exist...

Страница 498: ...policy route profile Value Type a number 0 250 The default value is 150 I value Indicate the interface specified for the policy route profile Value Available interfaces include LAN1 LAN8 IP_Routed_Subnet DMZ_Subnet WAN1 WAN5 VPN_PROFILE_1 VPN_PROFILE_100 WAN_1_IP_ALIAS_1 WAN_4_IP_ALIAS_8 g value Indicate the gateway IP address Value The type format shall be xxx xxx xxx xxx e g 192 168 3 1 l value ...

Страница 499: ...can be used as destination IP address xxx xxx xxx xxx Specify an IP address p value It means destination port Value Specify a number or type Any indicating any number t value It means protocol Value Available settings include ICMP TCP UDP and Any E Ex xa am mp pl le e ip policy_rt diagnose s 192 168 1 100 d any p any t ICMP Matched Route Priority No_Match Matched Policy Priority Policy_1 200 Concl...

Страница 500: ...ted LAN DNS profile i profile setting index number Type the index number of the profile l List the content of LAN DNS profile including domain name IP address and message n domain name Set domain name p profile name Set profile name for LAN DNS r Reset the settings for selected profile s 0 1 0 reply all 1 reply only same subnet packet z Update LAN DNS config to DNS Cache E Ex xa am mp pl le e ip l...

Страница 501: ...tp drayTek com ip dnsforward i 1 a 172 16 1 1 Configure Set1 s IP 172 16 1 1 ip dnsforward i 1 l Idx 1 State Disable Profile test Domain Name ftp drayTek com DNS Server IP 172 16 1 1 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 a ad dd dr r This command allows users to set the IPv6 address for your router S Sy yn nt ta ax x ip6 addr s prefix prefix length LAN WAN1 WAN2 iface ip6 addr d prefi...

Страница 502: ...mand parameter The available commands with parameters are listed below means that you can type in several commands in one line a It means to show current DHCPv6 status s It means to ask the SIP S It means to ask the SIP name d It means to ask the DNS setting D It means to ask the DNS name n It means to ask NTP i It means to ask NIS I It means to ask NIS name p It means to ask NISP P It means to as...

Страница 503: ...o server i parameter It means to send information request to server e parameter It means to enable or disable the DHCPv6 client 1 Enable 0 Disable E Ex xa am mp pl le e ip6 dhcp client WAN2 p 2008 1 ip6 dhcp client WAN2 a Interface WAN2 has following DHCPv6 client settings DHCPv6 client enabled request IA_PD whose IAID equals to 2008 ip6 dhcp client WAN2 n 1023456 ip6 dhcp client WAN2 a Interface ...

Страница 504: ... dhcp server x ff02 3 ip6 dhcp server a Interface LAN has following DHCPv6 server settings DHCPv6 server disabled maximum address of the pool FF02 3 minimum address of the pool FF02 1 1st DNS IPv6 Addr FF02 1 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 i in nt te er rn ne et t This command allows you to configure settings for accessing Internet S Sy yn nt ta ax x ip6 internet W n M n comman...

Страница 505: ...cond DNS server t dhcp ra none It means to set IPv6 PPP WAN test mode for DHCP or RADVD dhcp ra none type IPv6 address V It means to view IPv6 Internet Access Profile o It means to set AICCU always on 1 On 0 Off E Ex xa am mp pl le e ip6 internet W 2 M 2 u 88886666 p draytek123456 s amsterdam freenet6 net This setting will take effect after rebooting Please use sys reboot command to reboot the rou...

Страница 506: ...0 50 7F 11 ac 22 WAN2 Neighbour 2001 2222 3333 1111 successfully added ip6 neigh a I F ADDR MAC STATE LAN FF02 1 33 33 00 00 00 01 CONNECTED WAN2 2001 5C0 1400 B 10B8 00 00 00 00 00 00 CONNECTED WAN2 2001 2222 3333 1111 00 00 00 00 00 00 CONNECTED WAN2 2001 2222 6666 1111 00 00 00 00 00 00 CONNECTED WAN2 00 00 00 00 00 00 CONNECTED LAN NONE ...

Страница 507: ...ded T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ro ou ut te e This command allows you to S Sy yn nt ta ax x ip6 route s prefix prefix length gateway LAN WAN1 WAN2 iface D ip6 route d prefix prefix length ip6 route a LAN WAN1 WAN2 iface S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a route d It means to delete a route a It means to show the ro...

Страница 508: ...nt ta ax x ip6 ping IPV6 address Host LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IPV6 address Host It means to specify the IPv6 address or host for ping LAN WAN1 WAN2 It means to specify LAN or WAN interface for such address E Ex xa am mp pl le e ip6 ping 2001 4860 4860 8888 WAN2 Pinging 2001 4860 4860 8888 with 64 bytes of Data Receive reply from 2001...

Страница 509: ...01 7F8 1 A501 5169 1 330 ms 6 2001 4860 1 0 4B3 350 ms 7 2001 4860 8 0 2DAF 330 ms 8 2001 4860 2 0 66E 340 ms 9 Request timed out 10 2001 4860 4860 8888 350 ms Trace complete T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 t ts sp pc c This command allows you to display TSPC status S Sy yn nt ta ax x ip6 tspc ifno S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ifno I...

Страница 510: ...r is not a default router and should not appear on the default router list Type the number unit second you want V It means to show the RADVD configuration r It means RA default test r num It means RA test for item num E Ex xa am mp pl le e ip6 radvd s 1 1800 ip6 radvd V IPv6 Radvd Config Radvd Enable Default Lifetime 1800 seconds T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 m mn ng gt t This...

Страница 511: ... e ip6 mngt list add 1 FE80 250 7FFF FE12 1010 128 ip6 mngt list add 2 FE80 250 7FFF FE12 1020 128 ip6 mngt list add 3 FE80 250 7FFF FE12 2080 128 ip6 mngt list IPv6 Access List Index IPv6 Prefix Prefix Length 1 FE80 250 7FFF FE12 1010 128 2 FE80 250 7FFF FE12 1020 128 3 FE80 250 7FFF FE12 2080 128 ip6 mngt status IPv6 Remote Management telnet off http off ping off T Te el ln ne et t C Co om mm ma...

Страница 512: ... ri ip pt ti io on n Parameter Description ifno It means the connection interface 1 WAN1 2 WAN2 add It means to add an IPv6 address which can be used to execute management through Internet prefix It means to type the IPv6 address which will be used for accessing Internet prefix length It means to type a fixed value as the length of the prefix remove It means to remove delete the specified index nu...

Страница 513: ... interface S Sy yn nt ta ax x ip6 lan l n l w d D m o s parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description h It is used to display the usage of such command l n It means to selete LAN interface to be set n 1 LAN1 n 2 LAN2 x LANx Default is LAN1 w n It means to selete WAN interface to be primary interface n 0 None n 1 WAN1 n 2 WAN2 x WANx d server It means to set 1...

Страница 514: ...s to show IPv6 LAN setting n 0 show all Default is show all n 1 LAN1 n 2 LAN2 50 LAN50 n 51 DMZ E Ex xa am mp pl le e ip6 lan l 1 w 1 d 2001 4860 4860 8888 o 1 f 0 s 2 Set LAN1 Set primary WAN1 Set 1st DNS server 2001 4860 4860 8888 Set Other Option Enable LAN1 support ipv6 This setting will take effect after rebooting Please use sys reboot command to reboot the router LAN2 setting Primary WAN WAN...

Страница 515: ...session limit settings add It means to add the session limit for an IPv6 range IP1 IP2 Specify a range for IPv6 addresses del It means to delete the session limit for an IPv6 range by first IP IP1 or del all E Ex xa am mp pl le e ip6 session on ip6 session add 2100 ABCD 2 2100 ABCD 10 100 ip6 session status IPv6 range 2100 ABCD 2 2100 ABCD 10 100 Current ip6 session limit is turn on Current defaul...

Страница 516: ...width limit is turn on Current default ip6 Bandwidth rate is Tx 2000K Rx 8000K bps T Te el ln ne et t C Co om mm ma an nd d i ip pf f v vi ie ew w IPF users to view the version of the IP filter to view set the log flag to view the running IP filter rules S Sy yn nt ta ax x ipf view VcdhrtzZ S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description V It means to show the version of...

Страница 517: ...er you can type is 0 to 12 0 means disable l VALUE It means to setup Log Flag e g l 2 Type 0 to disable the log flag Type 1 to display the log of passed packet Type 2 to display the log of blocked packet Type 3 to display the log of non matching packet p VALUE It means to setup actions for packet not matching any rule e g p 1 Type 0 to let all the packets pass Type 1 to block all the packets M P2P...

Страница 518: ...40 DrayTek Banner Enable Apply IP filter to VPN incoming packets Enable Accept large incoming fragmented UDP or ICMP packets Enable Strict Security Checking APP Enforcement T Te el ln ne et t C Co om mm ma an nd d i ip pf f r ru ul le e This command is used to set filter rule for firewall S Sy yn nt ta ax x ipf rule s r command parameter ipf rule s r v S Sy yn nt ta ax x D De es sc cr ri ip pt ti ...

Страница 519: ...s mask u It means user defined Address Type Type the number representing different address type 0 Subnet Address 1 Single Address 2 Any Address 3 Range Address Example Set Subnet Address d u 0 192 168 1 10 255 255 255 0 Set Single Address d u 1 192 168 1 10 Set Any Address d u 2 Set Range Address d u 3 192 168 1 10 192 168 1 15 d o g obj It means to specify destination IP object and IP group o ind...

Страница 520: ...0 means no profile will be applied u index It means to specify which URL Content Filter profile will be applied index Available settings range from 0 8 0 means no profile will be applied c It means to set code page Different number represents different code page 0 None 1 ANSI 1250 Central Europe 2 ANSI 1251 Cyrillic 3 ANSI 1252 Latin I 4 ANSI 1253 Greek 5 ANSI 1254 Turkish 6 ANSI 1255 Hebrew 7 ANS...

Страница 521: ...pe TCP UDPGroup1 Fragments Don t Care Pass or Block Block Immediately Branch to Other Filter Set None Max Sessions Limit 32000 Current Sessions 0 Mac Bind IP Non Strict Qos Class None APP Enforcement None URL Content Filter None Load Balance policy Auto select Log Disable CodePage ANSI 1252 Latin I Window size 65535 Session timeout 1440 DrayTek Banner Enable Strict Security Checking APP Enforcemen...

Страница 522: ...e ipf flowtrack set r Refresh the flowstate ok ipf flowtrack view f Start to show the flowtrack sessions state ORIGIN 192 168 1 11 59939 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 59939 ifno 3 proto 17 age 93023180 3920 flag 203 ORIGIN 192 168 1 11 15073 8 8 8 8 53 ifno 0 REPLY 8 8 8 8 53 192 168 1 11 15073 ifno 3 proto 17 age 93025100 2000 flag 203 ORIGIN 192 168 1 11 7247 8 8 8 8 53 ifno 0 ...

Страница 523: ...rver IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 33 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 41 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 49 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay ...

Страница 524: ...etup Group Distinguished Name c VALUE Setup Common Name Identifier v View detail information of the LDAP profile E Ex xa am mp pl le e ldap user 1 n LD_user_test1 Profile Name has been updated ldap user 1 v Profile Index 1 Profile Name LD_user_test1 Common Name Identifier Base Distinguished Name Additional Filter Group distinguished Name ldap user 1 b ou People dc example dc com T Te el ln ne et t...

Страница 525: ...d to check current status of LDAP settings configuration S Sy yn nt ta ax x ldap view E Ex xa am mp pl le e ldap view LDAP Enable Disabled LDAP Bind Type Simple LDAP with SSL Disabled LDAP Regular DN LDAP Regular Password LDAP Server IP LDAP Server Port 389 T Te el ln ne et t C Co om mm ma an nd d t ta ac ca ac cs sp pl lu us s s se et t This command allows users to configure general settings for ...

Страница 526: ...ral settings for TACACS server S Sy yn nt ta ax x tacacspluse view E Ex xa am mp pl le e tacacsplus view TACACS Enable Enable TACACS Server IP 192 168 1 59 TACACS Server Port 49 TACACS Type ASCII TACACS Shared Secret T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t f ft tp pp po or rt t This command allows users to set FTP port for management S Sy yn nt ta ax x mngt ftpport FTP port S Sy yn n...

Страница 527: ... HTTPS port The default setting is 443 E Ex xa am mp pl le e mngt httpsport 443 Set web server port to 443 done T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t t te el ln ne et tp po or rt t This command allows users to set telnet port for management S Sy yn nt ta ax x mngt telnetport Telnet port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Telnet port It means ...

Страница 528: ...erver function E Ex xa am mp pl le e mngt ftpserver enable FTP server has been enabled mngt ftpserver disable FTP server has been disabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t n no op pi in ng g This command is used to pass or block Ping from LAN PC to the internet S Sy yn nt ta ax x mngt noping on mngt noping off mngt noping viewlog mngt noping clearlog S Sy yn nt ta ax x D De es...

Страница 529: ...Vigor3910 Series User s Guide 519 No Ping Packet Out is OFF ...

Страница 530: ...of defense worm packet including source MAC and source IP clearlog It means to remove the log of defense worm packet E Ex xa am mp pl le e mngt defenseworm add 21 Add TCP port 21 Block TCP port list 135 137 138 139 445 21 mngt defenseworm del 21 Delete TCP port 21 Block TCP port list 135 137 138 139 445 T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t r rm mt tc cf fg g This command can allow...

Страница 531: ... port S Sy yn nt ta ax x mngt lanaccess e 0 1 s value i value mngt lanaccess f mngt lanaccess d mngt lanaccess v mngt lanaccess h S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description e 0 1 It means to enable disable the function 0 disable the function 1 enable the function s value It means to specify service offered Available values include FTP HTTP HTTPS TELNET SSH None All ...

Страница 532: ... PING packets from the Internet S Sy yn nt ta ax x mngt echoicmp enable mngt echoicmp disable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description enable It means to accept the echo ICMP packet disable It means to drop the echo ICMP packet E Ex xa am mp pl le e mngt echoicmp enable Echo ICMP packet enabled T Te el ln ne et t C Co om mm ma an nd d m mn ng gt t a ac cc ce es ss...

Страница 533: ...t snmp command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several commands in one line e 1 2 1 Enable the SNMP function 2 Disable the SNMP function g Community name It means to set the name for getting community by typing a proper character max 23 character...

Страница 534: ...low means that you can type in several commands in one line e 0 1 Enable disable the BFP function 0 Disable 1 Enable s service It means to enable different service service Available types are FTP HTTP HTTPS TELNET TR069 SSH None and All l failure It means to set login failure retry times failure Available number is from 1 to 255 p penalty It means to set penalty time for BFP The unit is sec v It m...

Страница 535: ...a an nd d m ms su ub bn ne et t a ad dd dr r This command is used to configure IP address for the specified LAN interface S Sy yn nt ta ax x msubnet addr 2 50 IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 50 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 IP address Type the private IP address for the specified LAN interface E Ex xa am mp pl le e...

Страница 536: ...t C Co om mm ma an nd d m ms su ub bn ne et t s st ta at tu us s This command is used to display current status of subnet S Sy yn nt ta ax x msubnet status 2 50 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 50 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 E Ex xa am mp pl le e msubnet status 2 LAN2 Off 0 0 0 0 0 0 0 0 PPP Start IP 0 0 0 60 DHCP server Off...

Страница 537: ...ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 50 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 On Off On It means the subnet will be configured for NAT usage Off It means the subnet will be configured for Routing usage E Ex xa am mp pl le e msubnet nat 2 off LAN2 Subnet is for Routing usage Note If you have multiple WAN connections please be reminded to setup a Load Ba...

Страница 538: ...owed for each LAN interface S Sy yn nt ta ax x msubnet ipcnt 2 50 IP counts S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 50 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 IP counts Specify a total number of IP address allowed for each LAN interface The available range is from 0 to 220 E Ex xa am mp pl le e msubnet ipcnt 2 15 This setting will take effect ...

Страница 539: ...LAN3 4 LAN4 5 LAN5 6 LAN6 Now LAN1 LAN2 LAN3 LAN4 LAN5 LAN6 LAN1 V LAN2 V V LAN3 V LAN4 V LAN5 V LAN6 V T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s st ta ar rt ti ip p This command is used to configure a starting IP address for DCHP S Sy yn nt ta ax x msubnet startip 2 50 Gateway IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 50 It means LAN in...

Страница 540: ...2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 Start IP Type an IP address as the starting IP address for PPP connection E Ex xa am mp pl le e msubnet pppip 2 192 168 2 250 Set LAN2 PPP IPCP Start IP done This setting will take effect after rebooting Please use sys reboot command to reboot the router msubnet pppip msubnet pppip 2 3 4 5 6 Start IP Now LAN2 192 168 2 250 LAN3 192 168 3 200 LAN4 192 168 4 200 LA...

Страница 541: ...nt 1 B node 2 P node 4 M node 8 H node T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t p pr ri im mW WI IN NS S This command is used to configure primary WINS server S Sy yn nt ta ax x msubnet primWINS 2 50 WINS IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 50 It means LAN interface 2 LAN2 3 LAN3 4 LAN4 5 LAN5 6 LAN6 WINS IP Type the IP address as t...

Страница 542: ...1 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 WINS IP Now 3 44 45 46 47 48 49 50 192 168 3 5 7 48 49 50 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s se ec cW WI IN NS S This command is used to configure secondary WINS ser...

Страница 543: ...10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 WINS IP Now 3 44 45 46 47 48 49 50 192 168 3 89 7 48 49 50 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ...

Страница 544: ... 43 44 45 46 47 4 8 49 50 TFTP server name Now 3 44 45 46 47 48 49 50 7 48 49 50 DrayTek msubnet tftp 2 publish Set 3 44 45 46 47 48 49 50 TFTP Server Name done msubnet tftp DrayTek msubnet tftp msubnet tftp 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 4 8 49 50 TFTP server name Now 3 44 45 46 47 48 49 50 publish ...

Страница 545: ... el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t l le ea as se et ti im me e This command allows you to set leasetime for DHCP server It is helpful to manage the IP address es assigned by DHCP server S Sy yn nt ta ax x msubnet leasetime 1 50 Lease Time sec S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 1 50 1 50 represent LAN1 to LAN50 Lease Time sec Range fro...

Страница 546: ... n NAME object ip obj INDEX i INTERFACE object ip obj INDEX s INVERT object ip obj INDEX a TYPE START_IP END MASK_IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified object profile v It means to view the information of the specified object profile Example ob...

Страница 547: ... S Sy yn nt ta ax x object ip grp setdefault object ip grp INDEX v object ip grp INDEX n NAME object ip grp INDEX i INTERFACE object ip grp INDEX a IP_OBJ_INDEX S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified group profile v It means to view the information...

Страница 548: ...le e object ip grp 2 n First IP Group Profile 2 Name First Interface Any Included ip object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object ip grp 2 i 1 object ip grp 2 a 1 2 IP Group Profile 2 Name First Interface Lan Included ip object index 0 1 1 2 2 0 3 0 4 0 5 0 6 0 7 0 ...

Страница 549: ...Type a name with less than 15 characters Example object ip obj 9 n bruce i INTERFACE It means to define an interface for the IP object INTERFACE 0 means any INTERFACE 1 means LAN INTERFACE 3 means WAN Example object ip obj 8 i 0 s INVERT It means to set invert seletion for the object profile INVERT 0 means disableing the function INVERT 1 means enabling the function Example object ip obj 3 s 1 a T...

Страница 550: ...r all profiles INDEX It means the index number of the specified group profile v It means to view the information of the specified group profile Example object ip grp 1 v n NAME It means to define a name for the IP group NAME Type a name with less than 15 characters Example object ip grp 8 n bruce i INTERFACE It means to define an interface for the IP group INTERFACE 0 means any INTERFACE 1 means L...

Страница 551: ...pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified service object profile v It means to view the information of the specified service object profile Example object service obj 1 v n NAME It means to define a name for the IP object NAME Type a name with less than 15 characters Example object service...

Страница 552: ...ND_P type a port number to indicate destination port Example object service obj 3 d 1 100 200 E Ex xa am mp pl le e object service obj 1 n limit object service obj 1 p 255 object service obj 1 s 1 120 240 object service obj 1 d 1 200 220 object service obj 1 v Service Object Profile 1 Name limit Protocol 255 Source port check action Source port range 120 240 Destination port check action Destinati...

Страница 553: ... object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object service grp 1 a 1 2 Service Group Profile 1 Name Grope_1 Included service object index 0 1 1 2 2 0 3 0 4 0 5 0 6 0 7 0 T Te el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t k kw w This command is used to create keyword profile S Sy yn nt ta ax x object kw obj setdefault object kw obj show PAGE object kw obj INDEX v object kw obj INDEX n NA...

Страница 554: ... ln ne et t C Co om mm ma an nd d o ob bj je ec ct t f fe e This command is used to create File Extension Object profile S Sy yn nt ta ax x object fe show object fe setdefault object fe obj INDEX v object fe obj INDEX n NAME object fe obj INDEX e CATEGORY FILE_EXTENSION object fe obj INDEX d CATEGORY FILE_EXTENSION S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description show It ...

Страница 555: ...olb ole tlb viv vrm ace arj bzip2 bz2 cab gz gzip rar sit zip bas bat com exe inf pif reg scr Example object fe obj 1 e bmp E Ex xa am mp pl le e object fe obj 1 n music object fe obj 1 e Audio object fe obj 1 v Profile Index 1 Profile Name music Image category bmp dib gif jpeg jpg jpg2 jp2 pct pcx pic pict png tif tiff Video category asf avi mov mpe mpeg mpg v mp4 qt rm v wmv 3gp 3gpp 3gpp2 3g2 A...

Страница 556: ...e v It means to view the information of the specified SMS object profile n NAME It means to define a name for the SMS object profile NAME Type a name with less than 15 characters s Service Provider It means to specify the number of the service provider which offers the service of SMS Different numbers represent different service provider 0 kotsms com tw TW 2 textmarketer co uk UK 4 messagemedia co...

Страница 557: ...l This command is used to create mail object profile S Sy yn nt ta ax x object mail show object mail setdefault object mail obj INDEX v object mail obj INDEX n Profile Name object mail obj INDEX s SMTP Server object mail obj INDEX l Use SSL object mail obj INDEX m SMTP Port object mail obj INDEX a Sender Address object mail obj INDEX t Authentication object mail obj INDEX u Username object mail ob...

Страница 558: ... interval for the system to send the SMS out The unit is second E Ex xa am mp pl le e object mail obj 1 n buyer object mail obj 1 n buyer object mail obj 1 s 192 168 1 98 object mail obj 1 m 25 object mail obj 1 t 1 object mail obj 1 u john object mail obj 1 p happy123456 object mail obj 1 i 25 object mail obj 1 v Profile Index 1 Profile Name buyer SMTP Server 192 168 1 98 SMTP Port 25 Sender Addr...

Страница 559: ...unnel 1 Disconnected 2 Reconnected For Temperature Alert 1 Out of Range For WAN Budget 1 Limit Reached For CVM 1 CPE Offline 2 Backup Fail 3 Restore Fail 4 FW Update Fail 5 VPN Profile Setup Fail For High Availability 1 Failover Occurred Config Sync Fail and Router Unstable E Ex xa am mp pl le e object noti obj 1 n markbei object noti obj 1 e 1 1 object noti obj 1 e 2 1 object noti obj 1 e 5 3 obj...

Страница 560: ...2049 month Must be between 1 12 day Must be between 1 31 For example To set Start Date 2015 10 6 type object schedule set 1 D 2015 10 6 T hour minute It means to set the starting time of the profile hour Must be between 0 23 minute Must be between 0 59 For example To set Start Time 10 20 type object schedule set 1 T 10 20 d hour minute It means to set the duration time of the profile hour Must be ...

Страница 561: ... mm 8 1 Duration Time hh mm 2 30 Action Force On Idle Timeout 0 minute s max 255 0 for default How Often Once v Weekdays Sun v Mon Tue v Wed Thu Fri Sat T Te el ln ne et t C Co om mm ma an nd d p po or rt t This command allows users to set the speed for specific port of the router S Sy yn nt ta ax x port 1 2 3 4 5 6 7 8 9 10 11 12 all AN 100F 100H 10F 10H status port status port jumbo port wanfc S...

Страница 562: ...t means TCP protocol sec Type a number to set the TCP session timeout u sec It means UDP protocol sec Type a number to set the UDP session timeout i sec It means IGMP protocol sec Type a number to set the IGMP session timeout w sec It means TCP WWW protocol sec Type a number to set the TCP WWW session timeout s sec It means TCP SYN protocol sec Type a number to set the TCP SYN session timeout f It...

Страница 563: ...e QoS control 0 disable 1 in apply to incoming traffic only 2 out apply to outgoing traffic only 3 both apply to both incoming and outgoing traffic Default is enable for outgoing traffic i bandwidth It means to set inbound bandwidth in kbps Ethernet WAN only The available setting is from 1 to 100000 o bandwidth It means to set outbound bandwidth in kbps Ethernet WAN only The available setting is f...

Страница 564: ...r the class a It means to add rule for specified class e no It means to edit specified rule no type the index number for the rule d no It means to delete specified rule no type the index number for the rule m mode It means to enable or disable the specified rule 0 disable 1 enable l addr Set the local address Addr1 It means Single address Please specify the IP address directly for example l 172 16...

Страница 565: ...lowing setting will set in the class2 class 2 name set to draytek Add a rule in class2 Class2 the 1 rule enabled Set local address type to Range 192 168 1 50 192 168 1 80 T Te el ln ne et t C Co om mm ma an nd d q qo os s t ty yp pe e This command allows user to configure protocol type and port number for QoS S Sy yn nt ta ax x qos type a service name e no d no S Sy yn nt ta ax x D De es sc cr ri ...

Страница 566: ... displays current status of LAN IP address settings E Ex xa am mp pl le e show lan The LAN settings ip mask dhcp star_ip pool gateway V LAN1 192 168 1 1 255 255 255 0 V 192 168 1 10 200 192 168 1 1 X LAN2 192 168 2 1 255 255 255 0 V 192 168 2 10 100 192 168 2 1 X LAN3 192 168 3 1 255 255 255 0 V 192 168 3 10 100 192 168 3 1 X LAN4 192 168 4 1 255 255 255 0 V 192 168 4 10 100 192 168 4 1 X LAN5 192...

Страница 567: ...mary DNS Not set Secondary DNS Not set T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w o op pe en np po or rt t This command displays current status of open port setting E Ex xa am mp pl le e show openport Openport settings Index Status Comment Local IP Address No data entry T Te el ln ne et t C Co om mm ma an nd d s sh ho ow w n na at t This command displays current status of NAT E Ex xa am...

Страница 568: ...s the default setting Level1 It will be applied when the NAT sessions are smaller than 25 of the default setting Level2 It will be applied when the NAT sessions are smaller than the eighth of the default setting E Ex xa am mp pl le e show pmtime Level0 TCP 86400001 UDP 300001 ICMP 10001 Level1 TCP 600000 UDP 90000 ICMP 7000 Level2 TCP 60000 UDP 30000 ICMP 5000 T Te el ln ne et t C Co om mm ma an n...

Страница 569: ...terface S Sy yn nt ta ax x show statistic show statistic reset interface S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description reset It means to reset the transmitted received bytes to Zero interface It means to specify WAN1 WAN5 including multi PVC interface for displaying related statistics E Ex xa am mp pl le e show statistic WAN1 total TX 0 Bytes RX 0 Bytes WAN2 total TX 0...

Страница 570: ...all ALL It means all of the MAC addresses E Ex xa am mp pl le e Vigor ip route add 192 168 1 56 255 255 255 0 192 168 1 12 3 default Vigor srv dhcp public status Index MAC Address T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d dn ns s1 1 This command allows users to set Primary IP Address for DNS Server in LAN S Sy yn nt ta ax x srv dhcp dns1 srv dhcp dns1 DNS IP address S Sy yn...

Страница 571: ...p dns2 DNS IP address S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description It means to display current IP address of DNS 2 for the DHCP server DNS IP address It means the IP address that you want to use as DNS2 Note The IP Routed Subnet DNS must be the same as NAT Subnet DNS E Ex xa am mp pl le e srv dhcp dns2 10 1 1 1 srv dhcp dns2 DNS IP address Now 10 1 1 1 IP Routed Subne...

Страница 572: ...v dhcp frcdnsmanl on Domain name server now is using manual settings srv dhcp frcdnsmanl off Domain name server now is using auto settings T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p g ga at te ew wa ay y This command allows users to specify gateway address for DHCP server S Sy yn nt ta ax x srv dhcp gateway srv dhcp gateway Gateway IP S Sy yn nt ta ax x D De es sc cr ri ip pt ...

Страница 573: ...sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p o on n This function allows users to turn on DHCP server It needs rebooting router please type sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p r re el la ay y This command allows users to set DHCP relay setting S Sy yn nt ta ax x srv dhcp relay ser...

Страница 574: ... server as the starting point E Ex xa am mp pl le e srv dhcp startip 192 168 1 53 This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s st ta at tu us s This command can display general information for the DHCP server such as IP address MAC address leased time host ID and so on E Ex xa am m...

Страница 575: ...ans the lease time that DHCP server can use The unit is second E Ex xa am mp pl le e srv dhcp leasetime srv dhcp leasetime Lease Time sec Now 86400 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p n no od de et ty yp pe e This command can set the node type for the DHCP server S Sy yn nt ta ax x srv dhcp nodetype count S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter De...

Страница 576: ...dhcp primWINS 192 168 1 88 srv dhcp primWINS srv dhcp primWINS WINS IP address srv dhcp primWINS clear Now 192 168 1 88 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s se ec cW WI IN NS S This command can set the secondary IP address for the DHCP server S Sy yn nt ta ax x srv dhcp secWINS WINS IP address srv dhcp secWINS clear S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n ...

Страница 577: ... p t tf ft tp p This command can set the TFTP server as the DHCP server S Sy yn nt ta ax x srv dhcp tftp TFTP server name S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description TFTP server name It means to type the name of TFTP server E Ex xa am mp pl le e srv dhcp tftp TF123 srv dhcp tftp srv dhcp tftp TFTP server name Now TF123 T Te el ln ne et t C Co om mm ma an nd d s sr rv...

Страница 578: ...It means to set option number Available number ranges from 0 to 255 v It means to set option number by typing string a It means to set the option value by specifying the IP address x It means to set option number with the format of Hexadecimal characters u It means to update the option value of the sepecified index idx number It means the index number of the option value E Ex xa am mp pl le e srv ...

Страница 579: ...veral commands in one line e It means to enable disable such feature 1 enable 0 disable i It means to specify the private IP address of the DMZ host r It means to remove DMZ host setting v It means to display current status E Ex xa am mp pl le e srv nat dmz 1 1 i 192 168 1 96 srv nat dmz v WAN1 DMZ mapping status Index Status WAN1 aux IP Private IP 1 Disable 0 0 0 0 192 168 1 96 T Te el ln ne et t...

Страница 580: ...r disable the open port rule profile 0 disable 1 enable c comment It means to type the description less than 23 characters for the defined network service i local ip It means to set the IP address for local computer Local ip Type an IP address in this field w idx It means to specify the public IP 1 WAN1 Default 2 WAN1 Alias 1 and so on p protocol Specify the transport layer protocol Available valu...

Страница 581: ...D De es sc cr ri ip pt ti io on n Parameter Description Add idx It means to add a new port redirection table with an index number Available index number is from 1 to 10 serv name It means to type one name as service name proto It means to specify TCP or UDP as the protocol pub port It means to specify which port can be redirected to the specified Private IP and Port of the internal host pri ip It ...

Страница 582: ...0 2 5 0 0 0 2 6 0 0 0 2 7 0 0 0 2 8 0 0 0 2 9 0 0 0 2 10 0 0 0 2 11 0 0 0 2 12 0 0 0 2 13 0 0 0 2 14 0 0 0 2 15 0 0 0 2 16 0 0 0 2 17 0 0 0 2 18 0 0 0 2 19 0 0 0 2 20 0 0 0 2 Protocol 0 Disable 6 TCP 17 UDP T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t s st ta at tu us s This command allows users to view NAT Port Redirection Running Table E Ex xa am mp pl le e srv nat status NAT Por...

Страница 583: ...port and DMZ settings E Ex xa am mp pl le e srv nat showall Index Proto WAN IP Port Private IP Port Act R01 TCP 0 0 0 0 80 192 168 1 11 100 Y O01 TCP 0 0 0 0 23 83 192 168 1 100 23 83 Y D01 All 0 0 0 0 192 168 1 96 Y R Port Redirection O Open Ports D DMZ T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h i i This command is used to obtain the TX transmitted or RX received data for each co...

Страница 584: ...f This command is used to turn off the auto discovery for external devices E Ex xa am mp pl le e switch off Disable External Device auto discovery T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h l li is st t This command is used to display the connection status of the switch E Ex xa am mp pl le e switch list No Mac IP status Dur Time Model_Name 1 00 50 7f cd 07 48 192 168 1 3 On Line 0...

Страница 585: ... LDAP server The server will authenticate the local user who wants to access into the web user interface of Vigor router S Sy yn nt ta ax x sys adminuser option sys adminuser edit index username password S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description option Available options includes Local 0 1 LDAP 0 1 edit INDEX delete INDEX view INDEX Local 0 1 0 Disable the local use...

Страница 586: ...mmand parameter The available commands with parameters are listed below means that you can type in several commands in one line e enable It is used to disable enable bonjour service 0 disable 1 enable h enable It is used to disable enable http web service 0 disable 1 enable t enable It is used to disable enable telnet service 0 disable 1 enable f enable It is used to disable enable FTP service 0 d...

Страница 587: ...us Profile version 3 0 0 Status 1 0x491e5e6c sys cfg default T Te el ln ne et t C Co om mm ma an nd d s sy ys s c cm md dl lo og g This command displays the history of the commands that you have typed E Ex xa am mp pl le e sys cmdlog Commands Log The lowest index is the newest 1 sys cmdlog 2 sys cmdlog 3 sys 4 sys cfg status 5 sys cfg T Te el ln ne et t C Co om mm ma an nd d s sy ys s f ft tp pd d...

Страница 588: ...e e sys domainname wan1 clever sys domainname wan2 intellegent sys domainname sys domainname wan1 wan2 Domain Name Suffix max 40 characters sys domainname wan1 wan2 clear Now wan1 clever wan2 intelligent T Te el ln ne et t C Co om mm ma an nd d s sy ys s i if fa ac ce e This command displays the current interface connection status UP or Down with IP address MAC address and Netmask for the router E...

Страница 589: ... 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 05 Interface 8 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 06 Interface 9 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 07 MORE q Quit Enter New Lines Space Bar Next Page ...

Страница 590: ...me sys name wan1 wan2 ASCII string max 20 characters sys name wan1 wan2 clear Now wan1 drayrouter wan2 Note Such name can be used to recognize router s identification in SysLog dialog T Te el ln ne et t C Co om mm ma an nd d s sy ys s p pa as ss sw wd d This command allows users to set password for the administrator S Sy yn nt ta ax x sys passwd ASCII string S Sy yn nt ta ax x D De es sc cr ri ip ...

Страница 591: ...t on autoreboot is ON sys autoreboot 2 autoreboot is ON autoreboot time is 2 hour s T Te el ln ne et t C Co om mm ma an nd d s sy ys s c co om mm mi it t This command allows users to save current settings to FLASH Usually current settings will be saved in SRAM Yet this command will save the file to FLASH E Ex xa am mp pl le e sys commit T Te el ln ne et t C Co om mm ma an nd d s sy ys s t tf ft tp...

Страница 592: ...e List Buf sk_buff 200B used 1647 cached 30 Buf KMC4088 4088B used 0 cached 8 Buf KMC2552 2552B used 1641 cached 42 Buf KMC1016 1016B used 7 cached 1 Buf KMC504 504B used 8 cached 8 Buf KMC248 248B used 26 cached 22 Buf KMC120 120B used 67 cached 61 Buf KMC56 56B used 20 cached 44 Buf KMC24 24B used 58 cached 70 Dynamic memory 13107200B 4573168B used 190480B 0B in level 1 2 cache FLOWTRACK Memory ...

Страница 593: ...arameter Description get parm option It means to get parameters for tr 069 option nextlevel only gets nextlevel for GetParameterNames set parm value It means to set parameters for tr 069 getnoti parm It means to get parameter notification value setnoti parm value It means to set parameter notification value log It means to display the TR 069 log debug on off on turn on the function of sending debu...

Страница 594: ...wayDevice X_00507F_InternetAcc InternetGatewayDevice X_00507F_LAN InternetGatewayDevice X_00507F_NAT InternetGatewayDevice X_00507F_Firewall InternetGatewayDevice X_00507F_Bandwidth InternetGatewayDevice X_00507F_Applications InternetGatewayDevice X_00507F_VPN InternetGatewayDevice X_00507F_VoIP InternetGatewayDevice X_00507F_WirelessLAN InternetGatewayDevice X_00507F_System InternetGatewayDevice ...

Страница 595: ...eans the license authentication time setting regser It means the license register server setting licera It means to erase license setting licifno It means license and signature download interface setting lic_wiz set reg qry It means the license wizard setting qry query service support status set idx trial service type sp_id start_date License Key reg register service in portal dev_chg It means to ...

Страница 596: ... ln ne et t C Co om mm ma an nd d u up pn np p n na at t This command can display IGD NAT status E Ex xa am mp pl le e upnp nat IGD NAT Status 0 InternalClient 192 168 1 10 RemoteHost 0 0 0 0 InternalPort 21 ExternalPort 21 PortMapProtocol TCP The tmpvirtual server index 0 PortMapLeaseDuration 0 PortMapEnabled 0 Ftp Example MICROSOFT 1 InternalClient 0 0 0 0 RemoteHost 0 0 0 0 InternalPort 0 Exter...

Страница 597: ...LE2 serviceType urn schemas upnp org service WANCommonInterfaceConfig 1 serviceId urn upnp org serviceId WANCommonIFC1 SCPDURL upnp WComIFCX xml controlURL upnp control WANCommonIFC1 eventURL upnp event WANCommonIFC1 UDN uuid 2608d902 03e2 46a5 9968 4a54ca499148 T Te el ln ne et t C Co om mm ma an nd d u up pn np p s su ub bs sc cr ri ib be e This command can show all UPnP services subscribed E Ex...

Страница 598: ...68 1 10 pseudo_addr 172 16 3 229 real_port 0 pseudo_port 0 hit_portmap_index 0 The protocol TCP time 0 1 real_addr 0 0 0 0 pseudo_addr 0 0 0 0 real_port 0 pseudo_port 0 hit_portmap_index 0 The protocol 0 time 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d u up pn np p w wa an n This command is used to specify WAN interface to apply UPnP S Sy yn nt ta ax ...

Страница 599: ... 3 5G Y Huawei Huawei E303D 3 5G Y Huawei Huawei E392 3 5G Y Huawei Huawei E398 3 5G Y Sony Erics Sony Ericsson MD30 3 5G Y TP LINK TP LINK MA180 3 5G Y TP LINK TP LINK MA260 3 5G Y Vodafone Vodafone K3765 Z 3 5G Y Vodafone Vodafone K4605 3 5G Y ZTE ZTE MF626 3 5G Y ZTE ZTE MF627 plus 3 5G Y ZTE ZTE MF633 3 5G Y ZTE ZTE MF636 3 5G Y SpinCom SpinCom GPRS Modem 3 5G Y MORE q Quit Enter New Lines Spa...

Страница 600: ...ge Function T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g s st ta at tu us s This command can show whether the Vigor Bridge Function is enabled or disabled E Ex xa am mp pl le e vigbrg status Vigor Bridge Function is enable Wan1 management is disable ...

Страница 601: ...ction S Sy yn nt ta ax x vpn l2lset list index peerid peerid vpn l2lset list index localid localid vpn l2lset list index main auto proposal index vpn l2lset list index aggressive g1 g2 vpn l2lset list index pfs on off vpn l2lset list index phase1 lifetime vpn l2lset list index phase2 lifetime S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description list index It means the index n...

Страница 602: ...x motp on off vpn dinset list index pin_secret pin secret S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description list index It means the index number of the profile on off It means to enable or disable the profile on Enable off Disable motp on off It means to enable or disable the authentication with mOTP function on Enable off Disable pin_secret pin secret It means to set PIN ...

Страница 603: ...ify a subnet selection for the specified remote dial in VPN profile S Sy yn nt ta ax x vpn subnet index 1 2 3 4 5 6 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description index It means the index number of the VPN profile 1 2 3 4 5 6 1 it means LAN1 2 it means LAN2 3 it means LAN3 4 it means LAN4 5 it means LAN51 6 it means LAN6 E Ex xa am mp pl le e vpn subnet 1 2 T Te el ln n...

Страница 604: ...t means the index number of the profile name It means the name of the profile ip It means the IP address to dial to key It means the value of IPsec Pre Shared Key nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 ipsec_out 1 2 3 4 1234 192 168 1 0 255 255 255 0 For L2TP Dial Out index It means the index number of the profile name It means the name of the profile ip It mea...

Страница 605: ... op pt ti io on n This command allows users to configure settings for LAN to LAN profile S Sy yn nt ta ax x vpn option index cmd1 param1 cmd2 para2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description index It means the index number of the profile Available index numbers 1 32 For Common Settings index It means the index number of the profile pname It means the name of the pro...

Страница 606: ...s draytek com or 123 45 67 89 ltype It means Link Type ltype 0 means Disable ltype 1 means 64kbps ltype 2 means 128kbps ltype 3 means BOD oname It means Dial Out Username oname admin means to set Username admin opwd It means Dial Out Password opwd 1234 means to set Password 1234 pauth It means PPP Authentication pauth pc means to set PPP Authentication PAP CHAP pauth p means to set PPP Authenticat...

Страница 607: ...le VJ Compression ikey It means IKE Pre Shared Key ikey abcd means to set IKE Pre Shared Key abcd imeth It means IPSec Security Method imeth h means Allow AH imeth d means Allow DES imeth 3 means Allow 3DES imeth a means Allow AES For TCP IP Settings mywip It means My WAN IP mywip 1 2 3 4 means to set My WAN IP as 1 2 3 4 rgip It means Remote Gateway IP rgip 1 2 3 4 means to set Remote Gateway IP ...

Страница 608: ...n n Parameter Description list It means to display all of the route settings add It means to add a new route del It means to delete specified route index It means the index number of the profile Available index numbers 1 32 network ip mask Type the IP address with the network mask address E Ex xa am mp pl le e vpn mroute 1 add 192 168 5 0 24 192 168 5 0 24 Add new route 192 168 5 0 24 to profile 1...

Страница 609: ...s Profile Name Profile Status Disable Netbios Naming Packet Pass Call Direction Both Idle Timeout 300 PING to keep alive off Dial out Settings Type of Server PPTP Link Type 64k bps Username Password PPP Authentication PAP CHAP VJ Compression on Pre Shared Key IPSec Security Method AH Schedule 0 0 0 0 Remote Callback off Provide ISDN Number off IKE phase 1 mode Main mode IKE Local ID Dial In Settin...

Страница 610: ...x vpn NetBios set H2l L2l index Block Pass S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description H2l L2l H2l means Remote Access User Accounts L2l means LAN to LAN Profile Specify which one will be applied by NetBios index The index number of the profile Block Pass Pass Have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting...

Страница 611: ...r IPSec TCP maximum segment size range Each type has different segment size range PPTP 1 1412 L2TP 1 1408 IPSec 1 1381 L2TP over IPSec 1 1361 E Ex xa am mp pl le e vpn mss set 1 1400 VPN TCP maximum segment size MSS PPTP 1400 L2TP 1360 IPSec 1360 L2TP over IPSec 1360 vpn mss show VPN TCP maximum segment size MSS PPTP 1400 L2TP 1360 IPSec 1360 L2TP over IPSec 1360 T Te el ln ne et t C Co om mm ma a...

Страница 612: ...pl le e vpn Multicast set L2l 1 Pass Lan to Lan Profile Index 1 Status Block Pass PASS T Te el ln ne et t C Co om mm ma an nd d v vp pn n p pa as ss s2 2n nd d This command allows users to determine if the packets coming from the second subnet passing through current used VPN tunnel S Sy yn nt ta ax x vpn pass2nd on vpn pass2nd off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Des...

Страница 613: ...x D De es sc cr ri ip pt ti io on n Parameter Description WAN interface number Type a number to represent the physical interface For Vigor130 the number is 1 which means WAN1 MRU size It means the number of PPP LCP MRU The available range is from 1400 to 1600 E Ex xa am mp pl le e wan ppp_mru 1 Now 1492 wan ppp_mru 1 1490 wan ppp_mru 1 Now 1490 wan ppp_mru 1 1492 wan ppp_mru 1 Now 1492 T Te el ln ...

Страница 614: ... nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on off It means to enable or disable DF E Ex xa am mp pl le e wan DF_check on DF bit check enable T Te el ln ne et t C Co om mm ma an nd d w wa an n d di is sa ab bl le e This command allows you to disable WAN connection E Ex xa am mp pl le e wan disable WAN WAN disabled T Te el ln ne et t C Co om mm ma an nd d w wa an n e en na a...

Страница 615: ... N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packets 0 RX Rate Bps 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 PVC_WAN3 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packets 0 RX Rate Bps 0 PVC_WAN4 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packets 0 RX Rate Bps 0 PVC_WAN5 Offline stall N Mode Up Time 00 00 00 IP ...

Страница 616: ...ug only Please don t use it without our advice wakeup on off It is for RD debug only Please don t use it without our advice vid Set VID of VID PID match to bind the USB modem to specify WAN interface By default this match is not set 0x0 0x0 and the router specifies WAN interface by USB port pid Set PID of VID PID match to bind the USB modem to specify WAN interface By default this match is not set...

Страница 617: ...he ttl value status It means to show the current status E Ex xa am mp pl le e wan detect status WAN1 always on WAN2 off WAN3 off WAN4 off WAN5 off wan detect wan1 target 192 168 1 78 Set OK wan detect wan1 on Set OK wan detect status WAN1 on Target 192 168 1 78 TTL 255 WAN2 off WAN3 off WAN4 off WAN5 off T Te el ln ne et t C Co om mm ma an nd d w wa an n l lb b This command allows you to Enable Di...

Страница 618: ...us save It means to save the configuration into flash of Vigor router enable disable It means to enable disable the Multi VLAN function on off It means to turn on off bridge mode for the specific channel clear It means to turn off clear the port tag tag_no It means to tag a number for the VLAN 1 No need to add tag number 1 4095 Available setting numbers used as tagged number service type It means ...

Страница 619: ... a number to indicate the WAN interface 1 WAN1 status It means to display current bridge status E Ex xa am mp pl le e wan multifno 5 1 Configured channel 5 uplink to WAN1 wan multifno status Channel 3 uplink ifno 3 Channel 4 uplink ifno 3 Channel 5 uplink ifno 3 Channel 6 uplink ifno 3 Channel 7 uplink ifno 3 T Te el ln ne et t C Co om mm ma an nd d w wa an n v vl la an n This command allows you t...

Страница 620: ...y the IPv4 target to detect If can be an IPv4 address or domain name Host IP address Type the IP address domain name of the target s base_size Set the MTU size base for Discovery base_size Available setting is 1000 1500 d decrease size Set the MTU size to decrease between detections decrease size Available setting is 1 100 c count Set the maximum times of ping failure during a Discovery count Avai...

Страница 621: ...ss of the host IP address It means the LAN IP address of the host If you want to wake up LAN host by using IP address be sure that that IP address has been bound with the MAC address IP BindMAC on off any It means to enable or disable the function of WOL from WAN on enable off disable any It means any source IP address can pass through NAT and wake up the LAN client This command will allow the use...

Страница 622: ...en o It means to show user account information e g o c user name c all Clear the user record user name type the user name that you want to get clear corresponding record all all of the records will be removed buser user name b ip ip address Block specifies user or IP address user name type the user name that you want to block ip address type the IP address that you want to block u user user name u...

Страница 623: ...m It means to set the maximum login user number e g m 200 x It means to set external server authentication 0 None 1 LDAP 2 Radius 3 TACAS e g x 2 v It means to view user profile s User account USER_NAME It means to type a name of the user account t It means to enable disable time quota limitation for user account 0 Disable 1 Enable d It means to enable disable data quota limitation for user accoun...

Страница 624: ... yn nt ta ax x ha set command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several parameters in one line e 1 0 1 Enable the function of High Availability HA 0 Disable the function of High Availability HA l 1 0 1 Enable the function of recording the operation...

Страница 625: ...rtual IP to the subnet Subnet LAN1 to LAN8 DMZ Virtual IP The type format shall be xxx xxx xxx xxx e g 192 168 1 0 For example to enable a virtual IP to the sunet simply type ha set h LAN1 192 168 1 5 d Subnet Disable a virtual IP to the subnet Subnet LAN1 to LAN8 DMZ For example to disable a virtual IP to the subnet just type ha set h LAN1 E Ex xa am mp pl le e ha set h LAN1 192 168 1 5 Enable Vi...

Страница 626: ... D De es sc cr ri ip pt ti io on n Parameter Description a Show the status for all of the routers in HA group m Show the status of local router only Detail Level 0 Basic information 1 Basic information with more data e g firmware version model HTTPs port MAC address and etc 2 Basic information with some HA settings E Ex xa am mp pl le e ha status m 2 Local Router DrayTek IPv4 192 168 1 1 Status Hi...

Страница 627: ...Vigor3910 Series User s Guide 617 Local Router DrayTek IPv4 192 168 1 1 Status State Down Stable No WAN All WANs Down Eth Config Sync Status Not Ready Cached Time 0 s ...

Отзывы:

Нет отзывов

Похожие инструкции для Vigor3910 Series

Бренд: H3C Страницы: 33

S5500-SI Series

Бренд: H3C Страницы: 1217

Бренд: 3Com Страницы: 2443

Бренд: H3C Страницы: 3

Бренд: H3C Страницы: 4

Бренд: Paradyne Страницы: 2

Бренд: Net to Net Technologies Страницы: 4

Бренд: Eaton Страницы: 14

FieldPoint FP-3000

Бренд: National Instruments Страницы: 118

Бренд: JAKA Страницы: 37

Бренд: Socket Страницы: 28

Бренд: ZyXEL Communications Страницы: 66

Бренд: ADTRAN Страницы: 20

Home Base F5L049ea

Бренд: Belkin Страницы: 59

Бренд: MicroNet Страницы: 49

Бренд: Planet Страницы: 16

Бренд: Vivotek Страницы: 46

Бренд: TP-Link Страницы: 25

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды