Académique Documents
Professionnel Documents
Culture Documents
Version: 1.2
Firmware Version: V1.0.5
Date: 08/09/2011
ii
Copyright Information
Copyright
Declarations
Copyright 2011 All rights reserved. This publication contains information that is
protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a
retrieval system, or translated into any language without written permission from the
copyright holders.
Trademarks
Warranty
z
z
Read the installation guide thoroughly before you set up the router.
The router is a complicated electronic unit that may be repaired only be
authorized and qualified personnel. Do not try to open or repair the router
yourself.
z
Do not place the router in a damp or humid place, e.g. a bathroom.
z
The router should be used in a sheltered area, within a temperature range of +5 to
+40 Celsius.
z
Do not expose the router to direct sunlight or other heat sources. The housing and
electronic components may be damaged by direct sunlight or heat sources.
z
Do not deploy the cable for LAN connection outdoor to prevent electronic shock
hazards.
z
Keep the package out of reach of children.
z
When you want to dispose of the router, please follow local regulations on
conservation of the environment.
We warrant to the original end user (purchaser) that the router will be free from any
defects in workmanship or materials for a period of two (2) years from the date of
purchase from the dealer. Please keep your purchase receipt in a safe place as it serves
as proof of date of purchase. During the warranty period, and upon proof of purchase,
should the product have indications of failure due to faulty workmanship and/or
materials, we will, at our discretion, repair or replace the defective products or
components, without charge for either parts or labor, to whatever extent we deem
necessary tore-store the product to proper operating condition. Any replacement will
consist of a new or re-manufactured functionally equivalent product of equal value, and
will be offered solely at our discretion. This warranty will not apply if the product is
modified, misused, tampered with, damaged by an act of God, or subjected to abnormal
working conditions. The warranty does not cover the bundled or licensed software of
other vendors. Defects which do not significantly affect the usability of the product will
not be covered by the warranty. We reserve the right to revise the manual and online
documentation and to make changes from time to time in the contents hereof without
obligation to notify any person of such revision or changes.
Be a Registered
Owner
Web registration is preferred. You can register your Vigor router via
http://www.draytek.com.
Due to the continuous evolution of DrayTek technology, all routers will be regularly
upgraded. Please consult the DrayTek web site for more information on newest
firmware, tools and documents.
http://www.draytek.com
iii
DrayTek Corp.
No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu County, Taiwan
303
Vigor3900
DrayTek Corp. declares that Vigor3900 of routers are in compliance with the following essential requirements
and other relevant provisions of EC, Directive 2004/108/EC.
The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by
complying with the requirements set forth in EN55022/Class A and EN55024/Class A.
The product conforms to the requirements of Low Voltage (LVD) Directive 2006/95/EC by complying with the
requirements set forth in EN60950-1.
Regulatory Information
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part
15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio communications. However,
there is no guarantee that interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by turning the equipment off and
on, the user is encouraged to try to correct the interference by one of the following measures:
z
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and
(2) This device may accept any interference received, including interference that may cause undesired operation.
iv
Table of Contents
Chapter 1: Preface .............................................................................................................1
1.1 Web Configuration Buttons Explanation ...................................................................................... 1
1.2 LED Indicators and Connectors ................................................................................................... 1
1.3 Hardware Installation.................................................................................................................... 4
1.3.1 Network Connection ................................................................................................................4
1.3.2 Rack-Mounted Installation .......................................................................................................5
vi
vii
Chapter 1: Preface
The Vigor3900 Series integrates a rich suite of functions, including NAT, firewall, VPN,
load balance, and bandwidth management capability. These products are very suitable for
providing multi-integrated solutions to SME markets.
A Virtual Private Network (VPN) is an extension of a private network that encompasses
links across shared or public networks like an Intranet. A VPN enables you to send data
between two computers across a shared public Internet network in a manner that emulates
the properties of a point-to-point private link. The DrayTek Vigor3900 Series VPN router
supports Internet-industry standards technology to provide customers with open,
interoperable VPN solutions such as X.509, DHCP over Internet Protocol Security (IPSec)
up to 500 tunnels, and Point-to-Point Tunneling Protocol (PPTP).
LED
Status
Explanation
PWR
On
Off
Blinking
On/Off
On
Off
On
Off
On
Blinking
Off
On
Off
On
Blinking
Off
On
Off
ACT
SFP 1/2
USB 1/2
LNK
GigaLAN1
/LAN 2)
1000
LNK
Giga
WAN1/2/3/4
1000
Connectors
Interface
Description
GigaLAN1 / 2
3(SFP)
GigaWAN1/2/3/4
5(SFP)
Console
USB1 / USB2
Factory Reset
Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of Vigor3900s.
2.
Connect the other end of the cable (RJ-45) to the Ethernet port on your computer (that
device also can connect to other computers to form a small area network). The LAN
LED for that port on the front panel will light up.
3.
4.
Connect the power cord to Vigor3900s power port on the rear panel, and the other side
into a wall outlet.
5.
Power on the device by pressing down the power switch on the rear panel. The PWR
LED should be ON.
6.
The system starts to initiate. After completing the system test, the ACT LED will light
up and start blinking.
Attach the brackets to the chassis of a 19- or a 23-inch rack. The second bracket attaches the
other side of the chassis as above procedure.
After the bracket installation, the Vigor3900 Series chassis can be installed in a rack by using
four screws for each side of the rack.
2.
Open a web browser on your PC and type http://192.168.1.1. A pop-up window will
open to ask for username and password. Please type default values on the window for
the first time accessing. The default value for user name is admin and the password is
admin. Next, click Login.
3.
4.
5.
Enter the login password (admin) on the field of Original Password. Type a new one in
the field of New Password and retype it on the field of Confirm Password. Then click
Apply to continue.
6.
Now, the password has been changed. Next time, use the new password to access the
Web Configurator for this router.
Item
Description
Profile
---- Please press this box to use the drop down list to
choose one of the LAN profiles for modifying.
Enable This Profile
Description
VLAN ID
IPv4 Protocol
Display the type for the IPv4 protocol for such profile.
Mode
IP Address
Subnet Mask
Type the network mask of the router for the LAN profile.
Gateway IP Address
2nd Subnet
IPv6 Address
10
DHCPv6 SLA ID
Previous
Next
Cancel
Note: After you creating the LAN profile(s) by using Quick Start Wizard, you can
select the existing LAN profiles for next time. Simply use the drop down list to choose
the LAN profile available for modifying.
When you finish the above settings, please click Next to go to next page.
Item
Description
DHCP Profile
Start IP
End IP
11
DNS
Lease Time
It allows you to set the leased time for the specified PC.
Previous
Next
Cancel
12
Item
Description
Profile
---- Please press this box to use the drop down list to
choose one of the WAN profiles for modifying.
Description
VLAN ID
Port
Use the drop down list to specify the physical WAN port for
such profile.
13
Untag
MAC Address
Mode
Display the type for the IPv4 protocol for such profile. There
are four IP modes available for you to choose - Static IP,
DHCP, PPPoE and PPTP. Select one of them based on the
information offered by your ISP.
14
Next
Cancel
When you finish the above settings, please click Next to go to next page.
If Static is selected
If Static is selected, the following screen will appear. You can manually assign a static IP
address to the WAN interface and complete the configuration by applying the settings and
rebooting your router. Please type in values for Static IP address, Static Mask, Static
Gateway and Static DNS specified by your ISP, and then click Next.
15
Item
Description
IP Address
Subnet Mask
Gateway IP Address
DNS Server IP
Address
16
MTU/MRU
17
Connection Detection
Mode
Connection Detection
Interval
Connection Detection
Retry
Connection Detection
Host
Previous
Finish
Cancel
18
If DHCP is selected
DHCP allows a user to obtain an IP address automatically from a DHCP server on the
Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP
address for Vigor3900 automatically. It is not necessary for you to assign any setting. (Host
Name is required for some ISPs).
Item
Description
IP Alias
19
MTU/MRU
Connection Detection
Mode
Connection Detection
Interval
Connection Detection
Retry
Connection Detection
Host
Previous
Finish
Cancel
If PPPoE is selected
PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted
standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a
common broadband medium, such as a single DSL line, wireless device or cable modem. All
the users over the Ethernet can share a common connection.
PPPoE is used for most of DSL modem users. All local users can share one PPPoE
connection for accessing the Internet. Your service provider will provide you information
about user name, password, and authentication mode.
20
If your ISP provides you the PPPoE (Point-to-Point Protocol over Ethernet) connection,
please select PPPoE for this router to get the following page. Enter the username and
password provided by your ISP on the web page.
Item
Description
Username
Password
MTU/MRU
Debug
Always On
Connection Detection
Mode
Connection Detection
21
Interval
Connection Detection
Retry
Connection Detection
Host
IP Alias
Previous
Finish
Cancel
22
If PPTP is selected
This mode lets user get the IP group information by a DSL modem with PPTP service from
ISP. Your service provider will give you user name, password, and authentication mode for a
PPTP setting. Click PPTP as the protocol. Type in all the information that your ISP provides
for this protocol.
If your ISP offers you PPTP (Point-to-Point Tunneling Protocol) mode, please select PPTP
for this router. Next, enter the settings provided by your ISP on the web page.
Item
Description
PPTP Over
User Name
Password
23
MTU/MRU
Debug
Always On
Connection Detection
Mode
Connection Detection
Interval
Connection Detection
Retry
Connection Detection
Host
Previous
Finish
Cancel
When you finished the above settings, please click Finish. Later, you can surf the Internet at
any time.
24
When the following screen appears, it means you have finished the Quick Start Wizard
configuration.
25
Before using such function, please register your router online first. Log into the web
configurator of Vigor3900 and click Product Registration.
A Login page will be shown on the screen. Please type the account and password that
you created previously. And click Login.
26
The following page will be displayed after you logging in MyVigor. From this page,
please click Add.
Note: Below the field of Your Device List, all the Vigor routers that you have
registered to MyVigor website will be displayed in sequence.
4
When the following page appears, please type in Nick Name (for the router) and choose
the right registration date from the popup calendar (it appears when you click on the
box of Registration Date). After adding the basic information for the router, please click
Submit.
27
Now, your router information has been added to the database. Click OK to leave this
web page and return to My Product web page.
Take a look at the page of My Information, the new added Vigor3900 is listed under
Your Device List.
28
Take the above figure as an example, this section will guide you to:
z
Build two PPPoE connections with VLAN ID 10 and VLAN ID 11 through WAN1
interface (step 1 to step 8).
Log in the WUI of Vigor3900. Open WAN >> General Setup and choose the profile
of wan1. Click Edit to modify the settings.
In default, there are five profiles (wan1 to wan5) offered by the system. Please edit each
profile for matching with the physical WAN port.
29
2.
In the following page, check Enable and type the description (e.g., ADSL_01) for such
profile. Give a VLAN ID number (e.g., 10) and choose PPPoE as IPv4 Protocol Type.
Switch into PPPoE setting page by clicking PPPoE tab.
3.
Fill in the user name and password for PPPoE connection and click Apply.
4.
Repeat the steps of 1 to 3. Edit the profile named with wan2 (choose PPPoE as IPv4
Protocol Type). Check and confirm the profile is configured successfully. Note that the
profiles named with wan1 and wan2 must be given with different VLAN ID
number.
30
5.
Proceed to configure detailed settings for VLAN ID. Open WAN >> Switch and
choose VLAN ID 10. Then, click Edit. In default, different VLAN ID numbers are
assigned to different WAN interfaces.
6.
In the pop-up window, please check the boxes of CPU and WAN1 in the field of
Member (means all of the packets tagged with this VLAN ID will be transferred by the
interface selected here). Uncheck the box of WAN1 (selected in default) in the field of
Untag (means to remove the tag of 802.1Q for the packets transferred from Intranet to
Internet) and click Apply to save the configuration and exit this window.
In this example, WAN1 of Vigor3900 connects to 802.1Q L2 Switch. That is, the data
transferred between Vigor3900 and the Switch will be tagged with VLAN ID number
(refer to the figure in the first page). Therefore, it is necessary to uncheck the item of
WAN1 (WAN1 is selected for Untag in default).
31
7.
Repeat step 5. Edit VLAN ID 11. Click Apply to save the configuration and exit the
window.
In the pop-up window, please check the boxes of CPU and WAN1 in the field of
Member (means packet tagged with VLAN ID 11 will be transferred to WAN1).
Uncheck the box of WAN2 (selected in default) in the field of Untag.
8.
Next, open WAN >> Default Route and click the profile named with wan1. Click
Apply. Then, wan1 is specified as default route.
For there are several routes to connect to Internet, it is necessary for you to tell
Vigor3900 which route will be used.
Now, profiles (wan1 and wan2) based on PPPoE connection and traffic via WAN1
interface are configured.
32
Open WAN >> Load Balance and click the tab of Rule. Then click Add.
10. Type the name of the rule profile (e.g., FTP); choose FTP as Protocol; specify the
destination IP address and mask; and select wan2 as Load Balance Pool / WAN
Profile. Next, click Apply.
11. Check and confirm the new rule profile is added successfully.
33
13. Type the name of the profile (e.g. Shared). Choose Load_Balance as the Mode. Then,
switch into the tab of Load_Balance.
14. Check the Activate box(es) of wan1 and wan2. Set the value for Weight with 1. Click
Apply to save the setting and exit the window.
34
15. Check and confirm the new load balance profile is added successfully.
16. Switch into the tab of Rule and click Add to create another connection rule. Type the
name of the profile (e.g., Others). Choose the Load Balance profile (Shared) just
created and click Apply.
35
Vigor3900 allows users to build VPN load balance connection between Vigor3900 and other
router. Take Vigor2950 for an example. There are two WANs on Vigor2950. However, there
is only one WAN for Vigor3900. We will build VPN connection with load balance between
Vigor3900 and two WANs of Vigor2950 respectively.
Configuring Vigor3900
1.
Access into the web configurator of Vigor3900 and open VPN and Remote Access >>
IPSec>> Policy Table to add a new VPN configuration.
36
2.
The first VPN settings will be used to do VPN connection with WAN1 of Vigor2950.
Type the corresponding settings according to the figure listed above.
3.
Type a new name for such VPN profile (e.g., 2950wan1) and check Enable to
enable such profile.
Type the Pre-Shared Key for authentication in the field of Pre-Shared Key.
If Vigor3900 is the end of dialing out, please configure the settings of IKE Phase
1 and IKE Phase 2 Proposal (Dial-Out). If it is the end of dialing in, please
configure the settings of Accepted Proposal (Dial-In). Here, Vigor3900 is
regarded as the end of dialing-in. Please choose Accept all supported proposal
for Vigor3900 to accept all the proposals.
In the field of WAN Profile select the WAN interface to build the VPN
connection.
As for Local IP / Subnet Mask and Remote IP / Subnet Mask, keep the default
value.
In the field of Remote Host, please type the WAN IP address (61.216.230.248) of
Vigor2950. If the IP address is dynamic IP address, please type 0.0.0.0 instead.
After finished the Basic configuration, click Advanced to access into the following
web page. Choose Enable in the field of Enable GRE Function and type the GRE IP
address for local and remote GRE IP.
37
The settings of Local and Remote GRE IP must be identical for Vigor3900 and
Vigor2950. Do not make the IP address the same with other network segment. In
general, we will choose network segment with less use as GRE IP address, e.g., 1.1.1.1
and 1.1.1.2 in this case.
4.
Next, configure the second VPN connection settings. Please add a new profile (e.g.,
2950wan2). In the Basic configuration, all settings can be configured as the first VPN
profile except that IP address of WAN2 for Vigor2950 must be typed in the field of
Remote Host. If the IP address is dynamic IP address, please type 0.0.0.0 instead.
Note: If both remote hosts are set with 0.0.0.0 for the two VPN connections, then
Pre-Shared Key configured in both profiles must be the same.
38
5.
In Advanced, do not set the same GRE IP address as the first VPN connection. Take
the following figure as an example, the GRE IP addresses for remote and local are set
with 2.2.2.1 and 2.2.2.2.
6.
After finished the two VPN profiles settings, choose Load Balance Pool to set the
VPN Load Balance group. Click Add.
39
7.
In the tab of Mode, please type the name of the group (e.g., to2950).
8.
In the tab of Load Balance, choose the two VPN profiles just created to join to the
group of to2950.
9.
After finished the setting of Load Balance Pool. Open Load Balance Rule page to add
a new profile to edit the route for such VPN Load Balance setting.
40
Type a name for such rule. In the field of Source IP Address and Source Mask, please
type with the IP address and subnet mask of Vigor3900. In the field of Destination IP
address and Destination Mask, please type with the IP address and subnet mask of
Vigor2950. For example, the subnet of Vigor3900 is 192.168.39.0/255.255.255.0, and
the subnet of Vigor2950 is 192.168.95.0/255.255.255.0.
11. At last, please choose the profile (to2950) of Load Balance Pool and click Apply to
finish the settings in Vigor3900.
Configuring Vigor2950
1.
In Vigor2950, it is necessary to build two VPN connections (for two WANs) to connect
with Vigor3900. Please open the web configurator of Vigor2950 and open VPN and
Remote Access >> LAN to LAN.
First, please type the name of such VPN connection in the field of Profile Name
(e.g., 3900-1).
Choose WAN1 Only as VPN Dial-Out Through setting to specify which WAN
interface will be used for building VPN connection.
41
Choose Dial-Out as Call Direction and check the box of Always on.
2.
For Dial-Out Settings, please choose IPSec Tunnel and type WAN IP address of
Vigor3900 in the field of Server IP/Host Name for VPN (e.g., 114.37.142.80). Type
the same IKE Pre-Shared Key configured in Vigor3900.
3.
For the role of Vigor2950 is dialing-out, please skip Dial-In setting. Check the box of
Enable IPSec Dial-Out function GRE over IPSec. For the GRE IP address
configured in Vigor3900 is 1.1.1.1 as Local GRE IP and 1.1.1.2 as Remote GRE IP
for the first VPN connection, you have to enter the corresponding settings in the web
page of Vigor2950. That is, please type the 1.1.1.1 (for Vigor3900) in the field of My
GRE IP; and type the GRE IP address (1.1.1.2 for Vigor2950) in the field of Peer
GRE IP.
4.
Please type the network IP address and subnet of Vigor3900 in the field of Remote
Network IP and Remote Network Mask. Type the network IP address and subnet of
Vigor2950 in the field of Local Network IP and Local Network Mask.
42
5.
Continue to set the second VPN connection (profile name is 3900-2). The first VPN
tunnel will be used by WAN1 of Vigor2950. The second VPN tunnel will be
configured for the WAN2 of Vigor2950. Therefore, please choose WAN2 First for
VPN Dial-Out Through.
6.
Choose IPSec Tunnel and type the Server IP and Pre-shared Key as shown below.
7.
In the field of GRE over IPSec, please type the corresponding settings for Vigor3900.
Refer to the following figure.
8.
Next, type the Network IP and Network Mask for both remote and local ends to
complete the second VPN connection.
43
9.
After finished the settings on both VPN connections, please access the web
configurator of Vigor2950 and open VPN and Remote Access > VPN Trunk
Management to make these two VPN connections into one Load Balance group.
10. Type the name (e.g., 3900) of the Load Balance in the field of Profile Name. Specify
the VPN profiles in Member 1 and Member 2 respectively. Then, choose Load
Balance as the Attribute Mode.
11. Click Add. After finished the settings for Vigor3900 and Vigor2950, please check if
the VPN connection is built successfully in both devices respectively. Take Vigor3900
for an example, open VPN and Remote Access>>IPSec>>Status for viewing the
result.
44
Configuring Vigor3900
1.
Access into the web configurator of Vigor3900 and open VPN and Remote Access >>
IPSec>> Policy Table to add a new VPN configuration.
2.
45
The first VPN settings will be used to do VPN connection with WAN1 of Vigor2950.
Type the corresponding settings according to the figure listed above.
3.
Type a new name for such VPN profile (e.g., to2710) and check Enable to enable
such profile.
Type the Pre-Shared Key for authentication in the field of Pre-Shared Key.
If Vigor3900 is the end of dialing out, please configure the settings of IKE Phase
1 and IKE Phase 2 Proposal (Dial-Out). If it is the end of dialing in, please
configure the settings of Accepted Proposal (Dial-In). Here, Vigor3900 is
regarded as the end of dialing-in. Please choose Accept all supported proposal
for Vigor3900 to accept all the proposals.
In the field of WAN Profile, select the WAN interface to build the VPN
connection.
As for Local IP / Subnet Mask, please type the IP address and mask of
Vigor3900; for Remote IP / Subnet Mask, please type the IP address and mask
of Vigor2710.
Configuring Vigor2710
1.
In Vigor2710, it is necessary to build two VPN connections (for two WANs) to connect
with Vigor3900. Please open the web configurator of Vigor2710 and open VPN and
Remote Access >> LAN to LAN.
First, please type the name of such VPN connection in the field of Profile Name
(e.g., 3900-1).
Choose Dial-Out as Call Direction and check the box of Always on.
46
2.
For Dial-Out Settings, please choose IPSec Tunnel and type WAN IP address of
Vigor3900 in the field of Server IP/Host Name for VPN (e.g., 114.37.133.72). Type
the same IKE Pre-Shared Key configured in Vigor3900.
3.
For the role of Vigor2710 is dialing-out, please skip Dial-In setting. Type the Remote
Network IP and Remote Network Mask of Vigor3900 to complete configuration.
4.
Please check if the VPN connection is built successfully in both devices respectively.
For Vigor3900, open VPN and Remote Access>>IPSec>>Status for viewing the
result.
47
48
First, open Online Status from the web configuration page of Vigor3900. Check if the
time setting for Vigor3900 is the same as set in System Maintenance >> Time and
Date of Vigor2820.
---- For Vigor3900
49
2.
3.
50
4.
Open the downloaded RootCA with WordPad or NotePad. You will see a message as
the following figure. Please delete the content outside the red box, i.e., keep the content
from BEGIN CERTIFICATE to END CERTIFICATE. Then, save the file with the
same file name. If such step is missed, such RootCA will be not uploaded to Vigor2820
successfully.
5.
51
6.
Click IMPORT to open the importing page. Import the CA certificate from the
computer to Vgior2820.
7.
After finished the importing, make sure the certificate has been imported successfully.
If yes, it will be shown as follows:
8.
52
9.
Type the relational information for the certificate and click Generate.
10. Copy the content listed in X509 Local Certificate Request as a .txt file. Such file is the
certificate request used by following steps.
53
11. Now, open Certificate Management >>Remote Certificate from Vigor3900. In the
field of Selected File, choose the certificate request generated in Vigor2820 for
uploading to Vigor3900.
14. Next, download such approved certificate to Vigor3900 by clicking Download. Modify
the CA file by using WordPad or NotePad. Keep the content between BEGIN
CERTIFICATE and END CERTIFICATE only and save the file with the same name.
54
16. When it is finished, the message displayed in Status will be changed from Requesting
into OK. You, also, can click View to review the status of issued certificate.
17. Now, Vigor3900 must issue a certificate for itself and use the certificate to build a VPN
tunnel with Vigor2820.
55
19. Now, local certificate of CA for Vigor3900 has been configured. You can find that the
status will display with OK.
56
20. Now, open VPN and Remote Access>>IPSec Peer Identity from Vigor2820 to add a
new VPN profile (named with cc) for IPSec Peer Identity.
21. Set a VPN profile. Please open VPN and Remote Access>>LAN to LAN. Click
Dial-Out as Call Direction and check Always on. Click IPSec Tunnel for Dial-Out
and type the WAN IP address of Vigor3900 in the field of Server IP /Host Name for
VPN. Make the VPN tunnel adopting the authentication mechanism of X.509 and
remember to check Digital Signature (X.509). Choose cc profile.
57
22. Set the remote network IP (i.e., LAN IP of Vigor3900) for VPN tunnel. After that, click
OK.
23. Next, return to Vigor3900 to configure VPN Policy. Open VPN and Remote Access
>> IPSec >>Policy Table to add a new VPN profile. Click Add to open the setting
page and type relational information. In the Status field, click Enable; select the
approved certificate from the Certificate drop down list. Type the LAN IP address of
Vigor3900 in the field of Local IP/Subnet Mask; Type the LAN IP address of
Vigor2820 in the field of Remote IP/Subnet Mask. Last, click Apply.
58
24. Now, check if the VPN connection is built successfully or not. For Vigor2820, please
open VPN and Remote Access>>Connection Management.
59
In general, subnets on LAN must be different if VPN clients try to build VPN connection
with VPN server. However, Virtual System, a function of VPN server, allows same LAN
subnets building connection to the same VPN server.
Refer to the above figure. Both customers A and B connect to the VPN server through
Internet. Customer A owns two sites and has built IPSec VPN connection with the VPN
server. The subnets are 192.168.1.0/24 and 192.168.2.0/24. Usually, the VPN server might
not accept another customer connecting to it by using the same subnets (e.g., 192.168.1.0/24
or 192.168.2.0/24) by other user. However, Virtual System allows to build VPN connection
with these two subnets coming from other users.
The reason for not allowing to build VPN connection with the same subnets is that a conflict
of routing might be caused and the system is unable to know where the packets should be
transmitted. Yet, Virtual System uses GRE IP address(es) to build VPN for VPN clients and
VPN servers. Therefore, even the subnet is the same, Virtual System can identify subnets
and the server with GRE IP address. No conflict of routing will happen. For example, GRE
IP 1.1.1.1 and 1.1.1.2 are used for Customer A and VPN server to build VPN connection.
GRE IP 2.2.2.1 and 2.2.2.2 are used for Customer B and VPN server to build VPN
connection. The subnet used by both Customers is 192.168.1.0/24. With the different GRE
IP addresses, VPN server can identify the packets traffic coming from both sites with ease.
Below is an example to build VPN connection for Customer A (via Vigor2950 and the
virtual system on Vigor3900).
60
Configuration on Vigor3900
First, please refer to the following steps to configure Vigor3900.
1.
Open the web configurator of Vigor3900. Choose LAN >> General Setup. Click the
Profile tab and click Add to add a new LAN profile. The LAN profile will be used by
Customer A to build VPN connection. All the sites on Customer A will be bound to
this LAN profile to build VPN connection.
2.
3.
Check Enable. Type the file name (e.g., lan3) and give a brief description in the field
of Description (e.g., VLAN103) for easy identification. Next, type the VLAN ID for
such profile. It must be the same with the value set in the routing device of Vigor3900.
Then, type the IP address, subnet mask and gateway address for such LAN profile. In
which, the gateway address is the IP address of the routing device.
61
4.
Click Apply to save the configuration. Next, open Application >> Virtual System and
click the Configuration tab and then Add for creating a VPN profile.
5.
In the Configuration dialog, please type a name for Virtual System (e.g., customerA).
Choose the profile created before (e.g., lan3) from LAN Profile. Click Apply.
6.
62
7.
After clicking Add, the following dialog will appear. Please type a new name in the
field of Virtual System Tunnel.
8.
Link to Virtual System means which Virtual System that this tunnel will be bound to.
Please choose the one (e.g., customerA) just created. Type a brief comment for
identification in the field of Description. It is optional. Type LAN subnets (e.g.,
192.168.29.0/24) of Vigor2950 in the field of Subnet and click Add.
9.
After finished the setting on Tunnel, a new profile will be created automatically in the
page of VS IPSecPolicy. Choose this profile and click Edit to modify the settings.
63
10. In the page of VS IPSecPolicy, please click Enable for activate such profile.
11. Type the Pre-Shared Key for such policy. Choose the WAN interface profile for
building the VPN connection from WAN Profile. Choose Accept all supported
proposal for Accepted Proposal [Dial-In]. Thus, no matter which proposal that the
peer side used for dialing, Vigo3900 will accept it.
64
Choose Enable for Enable GRE Function and type the IP addresses in the fields of
Local GRE IP and Remote GRE IP. Thus, the settings on virtual system for
Vigor3900 are finished.
65
Configuration on Vigor2950
Now, please refer to the following steps to configure Vigor2950.
1.
Open the web configurator of Vigor2950. Access into VPN and Remote Access>>
LAN to LAN to add a new VPN profile. In the field of Common Settings, please
check the box of Enable this profile. Type the name of the file (e.g., A1). Choose
Dial-Out as the Call Direction and check the box of Always on.
2.
For Dial-Out Settings, please choose IPSec Tunnel and type WAN IP address of
Vigor3900 in the field of Server IP/Host Name for VPN (e.g., 114.37.169.58). Type
the same IKE Pre-Shared Key configured in Vigor3900.
66
3.
For the role of Vigor2950 is dialing-out, please skip Dial-In setting. Check the box of
Enable IPSec Dial-Out function GRE over IPSec.
For the GRE IP address configured in Vigor3900 is 1.1.1.1 as Local GRE IP and
1.1.1.2 as Remote GRE IP for the VPN connection, you have to enter the
corresponding settings in the web page of Vigor2950. That is, please type the 1.1.1.1
(for Vigor3900) in the field of Peer GRE IP; and type the GRE IP address (1.1.1.2 for
Vigor2950) in the field of My GRE IP. Then, type the LAN IP address and subnet of
Vigor3900 in the field of Remote Network IP and Remote Network Mask.
4.
After finished the settings on both VPN connections, please access the web
configurator of Vigor2950 and open VPN and Remote Access>>Connection
Management to view the connection status. If the VPN connection is built successfully,
relational information will be displayed in this page.
Above are the steps about how you can configure Virtual System connection. If, it is
necessary to build a VPN profile for second site of customer A, please add a new VPN
profile by starting from step 5 on Configuration on Vigor3900. If for customer B, please go
to step 1 on Configuration on Vigor3900.
67
Log into the web configurator of Vigor3900. Open Objects Setting>> IP Object and
click Add.
2.
Type the name of the profile (e.g., IP_111 in this example); choose the Address Type
(choose Single for this example is made just for one computer). As to Start IP
Address, please type the IP address which is not allowed to access into Internet (e.g.,
192.168.1.11 in this example). Next, click Apply.
Note that all of the characters typed shall not contain blank space. For example,
IP 111 must be replaced with IP_111.
68
3.
4.
5.
Check the box of Enable. Type the name and comment for such group. Click Apply to
save it.
6.
After the new IP filter group is added, please choose the new added IP filter group and
click the Add button on the child window to add a new IP filter rule.
69
7.
In the following page, check Enable and type the name for Rule (e.g., BLOCK IP for
this example). Drop down Source IP to choose the IP object profile just created.
8.
Choose Block from the drop down menu of Action and click Apply.
9.
Now, the computer with IP address of 192.168.1.1 is not allowed to access into Internet but
allowed to access into Intranet.
70
II. Avoid computers to access into Internet but allow to access into Intranet by
using IP Group setting
When you want to block continuous IP addresses to access into Internet, you can choose
Range as Address Type for IP Object setting. However, to block multiple IP addresses (not
continuous), please use IP Group.
The following steps will guide you to create two IP Objects and bind these objects with an IP
group.
1.
Refer to the above section I. Avoid specific computer to access into Internet but
allow to access into Intranet by using IP object setting, to create two IP objects
profiles.
2.
3.
Type the name of the group profile (e.g., IP_Block_Group in this example); choose
one of the available object profiles and click >> to move it under the section of
Selected.
71
4.
Repeat the above step to move the second object profile. Then, click Apply.
5.
6.
Next, open Firewall >> Filter Setup. Choose the new added IP filter group profile
(e.g., 1 in this example. If you havent created any IP filter group profile, please
create a new one before proceeding the following steps) and click the Add button on
the child window to add a new IP filter rule.
72
7.
In the following page, check Enable and type the name for Rule (e.g.,
BLOCK_IP_GROUP for this example). Drop down Source IP to choose the IP object
group profile just created.
8.
Choose Block from the drop down menu of Action and click Apply.
9.
73
Log into the web configurator of Vigor3900. Open Objects Setting>> Service Type
Object and click Add.
2.
Type the name of the service type profile (e.g., GAME_01 in this example); type the
port number for Destination Port Start / Destination Port End (e.g., 999 in this example.
Note if both port numbers are set with the same value, it means single port). Next, click
Apply.
74
3.
4.
Next, open Firewall >> Filter Setup. Choose the new added IP filter group profile
(e.g., 1 in this example. If you havent created any IP filter group profile, please
create a new one before proceeding the following steps) and click the Add button on
the child window to add a new IP filter rule.
5.
In the following page, check Enable and type the name for Rule (e.g.,
BLOCK_GAME for this example). Drop down Service Type to choose the service
type object profile just created.
75
6.
Choose Block from the drop down menu of Action and click Apply.
7.
II. Avoid specific user in LAN to access into Internet for getting multiple
specific resources
If you want to block multiple online games (with different and separate port numbers) for
users in LAN, please use Service Type Group to achieve your desire. Here will guide you to
create another service type object, named with 666. Both service type objects will be
grouped under a Service Type Group.
1.
Refer to the above section Avoid specific computer in LAN to access into Internet
for getting special resource, to create two Service Type Objects profiles.
76
2.
Open Objects Setting >> Service Type Group and click Add.
3.
Type the name of the group profile (e.g., GAME_BLOCK_GROUP in this example);
choose one of the available object profiles and click >> to move it under the section of
Selected.
4.
Repeat the above step to move the second object profile. Then, click Apply.
77
5.
Check and confirm the new Service Type group profile is added successfully.
6.
Next, open Firewall >> Filter Setup. Choose the new added IP filter group profile
(e.g., 1 in this example. If you havent created any IP filter group profile, please
create a new one before proceeding the following steps) and click the Add button on
the child window to add a new IP filter rule.
7.
In the following page, check Enable and type the name for Rule (e.g.,
BLOCK_GAME_GROUP for this example). Drop down Service Type to choose the
Service Type Object group profile just created.
78
8.
Choose Block from the drop down menu of Action and click Apply.
9.
79
Log into the web configurator of Vigor3900. Open Objects Setting >> Keyword
Object and click Add.
2.
Type the name of the profile (e.g., NEWS in this example), and type the web site that
you want to block (e.g., www.cnn.com in this example). Then, click Add.
3.
Make sure the new added one is listed in the box, and click Apply.
80
4.
5.
Next, open Firewall >> Filter Setup. Click the tab of URL Filter and click Add.
6.
In the following page, check Enable and type the name for profile (e.g.,
BLOCK_NEWS for this example). Drop down Keyword Block to choose the
keyword object profile just created.
81
7.
Click Apply.
8.
Check and confirm the new URL filter profile is added successfully.
9.
Open any browser and try to access into the web site you want to block. If the web site
is blocked successfully, a message will be shows as the following figure.
82
II. Avoid users in LAN to browse multiple web sites by using Keyword Group
setting
We can block many web sites to be browsed by using Keyword Group profiles.
1.
Refer to the above section I. Avoid specific user in LAN to browse certain web site
by using Keyword object setting, to create two keyword objects profiles. Next, click
Apply.
2.
3.
83
4.
Type the name of the group profile (e.g., WEB_BLOCK in this example); choose one
of the available object profiles and click >> to move it under the section of Selected.
5.
Repeat the above step to move the second object profile. Then, click Apply.
6.
Check and confirm the new Keyword Group profile is added successfully.
84
7.
Next, open Firewall >> Filter Setup. Click the tab of URL Filter and click Add.
8.
In the following page, check Enable and type the name for Rule (e.g., BLOCK_WEB
for this example). Drop down Keyword Block to choose the keyword object group
profile just created and click Apply.
9.
Check and confirm the new URL filter profile is added successfully.
10. Open any browser and try to access into the web site you want to block. If the web site
is blocked successfully, a message will be shows as the following figure.
85
Log into the web configurator of Vigor3900. Open Object Setting >> File Extension
Object and click Add.
Type the name of the profile (e.g., JPG in this example). Check the box of .jpg and
click Apply.
86
Next, open Firewall >> Filter Setup. Click the tab of URL Filter and click Add.
In the following page, check Enable and type the name for profile (e.g., JPG for this
example). Drop down File Extension Block to choose the file extension object profile
just created. Click Apply.
Check and confirm the new URL filter profile is added successfully.
87
Later, if you want to visit or download the file with the file extension blocked by File
Extension Object setting, you will get the following page.
88
Log into the web configurator of Vigor3900. Open Object Setting >> IM Object and
click Add.
Type the name of the profile (e.g., MSN in this example). Check the box of MSN and
click Apply.
89
Next, open Firewall >> Filter Setup. Click the tab of Application Filter and click
Add.
In the following page, check Enable and type the name for profile (e.g., MSN for this
example). Drop down IM Block to choose the IM object profile just created. Click
Apply.
Check and confirm the new application filter profile is added successfully.
90
Log into the web configurator of Vigor3900. Open Object Setting >> P2P Object and
click Add.
Type the name of the profile (e.g., BT in this example). Check the box of BT and click
Apply.
91
Next, open Firewall >> Filter Setup. Click the tab of Application Filter and click
Add.
In the following page, check Enable and type the name for profile (e.g., BT for this
example). Drop down P2P Block to choose the P2P object profile just created. Click
Apply.
Check and confirm the new application filter profile is added successfully.
92
Later, if you want to download or upload files through BT application, it will be blocked by
the router.
93
94
Log into the web configurator of Vigor3900. Open Object Setting >> Protocol Object
and click Add.
Type the name of the profile (e.g., FTP in this example). Check the box of FTP and
click Apply.
95
Next, open Firewall >> Filter Setup. Click the tab of Application Filter and click
Add.
In the following page, check Enable and type the name for profile (e.g., FTP for this
example). Drop down Protocol Block to choose the protocol object profile just created.
Click Apply.
Check and confirm the new application filter profile is added successfully.
96
Later, if you try to connect to any FTP server, you will get the following message indicating
the server could not be connected.
97
Before using such function, please register your router online first. Log into the web
configurator of Vigor3900. Open Object Setting >> Web Category Object. Click the
tab of Content Filter License, and click Activate URL to finish the online registration.
A Login page will be shown on the screen. Please type the account and password that
you created previously. And click Login.
98
The following page will be displayed after you logging in MyVigor. From this page,
please click Add or Product Registration.
10
When the following page appears, please type in Nick Name (for the router) and choose
the right registration date from the popup calendar (it appears when you click on the
box of Registration Date). After adding the basic information for the router, please click
Submit.
11
Now, your router information has been added to the database. Click OK to leave this
web page and return to My Product web page.
99
12
13
14
In the following page, check the box of I have read and accept the above
Agreement. The system will find out the date for you to activate this version of
service. Then, click Next.
100
15
16
Wait for a moment until the following page appears. Next, click the link.
17
101
18
After finishing the registration for WCF, please click the tab of Web Category Object
and click Add.
19
Type the name of the profile (e.g., GAME in this example). Check the box of Games
and click Apply.
20
102
21
Next, open Firewall >> Filter Setup. Click the tab of URL Filter and click Add.
22
In the following page, check Enable and type the name for profile (e.g., GAME for
this example). Drop down Web Category Block to choose the protocol object profile
just created. Click Apply.
23
Check and confirm the new application filter profile is added successfully.
103
Later, if you try to access into the web site categorized with GAME, you will get the
following page:
104
Log into the web configurator of Vigor3900. Open Object Setting >> Time Object
and click Add.
Type the name of the profile (e.g., Holiday in this example); choose Weekdays or
Once as the Frequency. Type the Start Time & End Time. Check the boxes of Sat.
and Sun. Next, click Apply.
105
Next, open Firewall >> Filter Setup. Choose the new added IP filter rule profile (e.g.,
BLOCK_IP in this example. If you havent created any IP filter rule profile, please
create a new one before proceeding the following steps) and click the Edit button on
the child window.
In the following page, check Enable and drop down Time Profile to choose the time
profile just created. Click Apply.
106
In addition, you can manage and control the time object profiles by using Time Group.
1
Refer to the above steps to create second IP object profiles. In which, accessing Internet
is not permitted from P.M 8:00 to A.M. 6:00 and from Monday to Friday.
Check and confirm the second time object profile is added successfully.
107
Next, open Objects Setting >> Time Group and click Add.
In the following page, check Enable and type the name/description for the new group
(e.g., Block_Time for this example). Choose one of the available object profiles and
click >> to move it under the section of Selected.
108
Repeat the above step to move the second object profile. Then, click Apply.
Check and confirm the time group profile (e.g., Block_Time) is added successfully.
Next, open Firewall >> Filter Setup. Choose an IP filter rule profile (e.g.,
BLOCK_IP_GROUP in this example. If you havent created any IP filter rule profile,
please create a new one before proceeding the following steps) and click the Edit
button.
109
In the following page, check Enable and drop down Time Profile to choose the Time
Group profile just created.
Now, the time profile has been merged into the IP filter rule.
110
111
via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server,
and other related information will usually be assigned by your ISP.
Profile
Below shows settings in Basic mode:
112
If you switch into Advance mode, you will get the following page:
Description
Add
Edit
Delete
Refresh
Profile
Description
VLAN ID
Port
Untag
113
2.
A confirmation dialog will appear. Click OK to apply the related settings for Advance
mode.
3.
4.
Open WAN>>General Setup. Click the Add button to open the following dialog.
Different protocol type selected will bring up different configuration web page.
Description
Profile
Description
VLAN ID
114
Port
Untag
Default MAC
Address
MAC Address
Mode
There are four connection modes for you to specify for IPv4
protocol type. Each mode will bring up different web page.
There are four connection modes for you to specify for IPv6
protocol type. Each mode will bring up different web page.
General Settings allows you to enable the profile, give a brief explanation for such profile,
specify the VLAN ID, specify MAC address, choose IPv4 and IPv6 protocol, and specify the
mode of the data transmission (NAT or Route).
115
Different IPv4 and IPv6 protocol types specified will bring up different configuration web
page.
z
If you choose Static as IPv4 protocol type, click the Static Tab to open the following
page:
Description
IP Address
Subnet Mask
Use the drop down list to choose the subnet mask for such
profile.
Gateway IP
Address
DNS Server IP
Address
MTU/MRU
Connection
Detection Mode
Connection
Detection Host
117
Connection
Detection Interval
Connection
Detection Retry
Apply
Cancel
If you choose DHCP as IPv4 protocol type, click the DHCP Tab to open the
following page:
Description
Host Name
(Optional)
IP Alias
118
MTU/MRU
Connection
Detection Mode
Connection
Detection Host
Connection
Detection Interval
Connection
Detection Retry
Apply
Cancel
119
If you choose PPPoE as IPv4 protocol type, click the PPPoE Tab to open the
following page:
Description
Username
Password
MTU/MRU
Debug
Always On
Connection
Detection Mode
Connection
Detection Host
Connection
Detection Interval
120
Connection
Detection Retry
IP Alias
Apply
Cancel
121
If you choose PPTP as IPv4 protocol type, click the PPTP Tab to open the following
page:
Description
PPTP Over
Server Address
Username
Password
MTU/MRU
Debug
Debug
Always On
Connection
Detection Mode
122
Connection
Detection Host
Connection
Detection Interval
Connection
Detection Retry
Apply
Cancel
If you choose Static as IPv6 protocol type, click the StaticV6 Tab to open the
following page:
123
Item
Description
IPv6 Address
IPv6 Gateway
Address
Apply
Cancel
If you choose DHCP-IA_NA as IPv6 protocol type, click the DHCPV6 Tab to open
the following page:
Item
Description
DHCP (IA_NA)
Gateway Address
DHCP (IA_NA)
DNS Address
Apply
Cancel
124
Wizard
There is a quick way to configure WAN settings, create a WAN interface profile by clicking
the Wizard tab. Please follow the on-screen instruction.
1. Click the Wizard tab from the WAN>>General Setup page.
Description
Profile
---- Please press this box to use the drop down list to
choose one of the WAN profiles for modifying.
125
Description
VLAN ID
Port
Use the drop down list to specify the physical WAN port for
such profile.
Untag
Default MAC
Address
MAC Address
Mode
126
Display the type for the IPv4 protocol for such profile. There
are four IP modes available for you to choose - Static IP,
DHCP, PPPoE and PPTP. Select one of them based on the
information offered by your ISP.
Next
Cancel
127
128
Description
IP Address
129
address.
Subnet Mask
Gateway IP
Address
DNS Server IP
Address
130
MTU/MRU
Connection
Detection Mode
Connection
Detection Interval
Connection
Detection Retry
Connection
Detection Host
Previous
Finish
Cancel
Host Name
(Optional)
Username
Password
131
Debug
Always On
PPTP Over
4. When you finished the above settings, please click Finish. Later, you can surf the
Internet at any time.
When the following screen appears, it means you have finished the Quick Start Wizard
configuration.
132
133
Description
WAN
Profile/Loadbalance
Pool Name
(Loadbalance
3900
Load
Balance ?)
Refresh
Apply
134
Rule
This page will make the packets be transmitted with user defined profiles with IP address
and protocol that is different with default route.
Description
Add
Edit
Delete
Refresh
Profile
Protocol
Source IP Address
Source Mask
Destination IP Address
Destination Mask
135
Load Balance
Pool/WAN Profile
2.
3.
Description
Profile
Protocol
Source IP Address
136
Source Mask
Use the drop down list on the right to choose a suitable mask
for the source.
Destination IP
Address
Destination Mask
Use the drop down list on the right to choose a suitable mask
for the destination.
Load Balance
Pool/WAN Profile
4.
Apply
Cancel
Clear
Enter all the settings and click Apply. The new rule profile will be added on the screen.
137
Pool
This page allows the user to integrate several WAN profiles as a pool profile specified with
the function of load balance or failover. The profiles configured here will be selected in the
field of Load Balance Pool/WAN Profile in the WAN>>Load Balance>>Rule page.
Description
Add
Edit
Delete
Refresh
Profile
Mode
Interface
Primary Profile
Backup Profile
138
There are two modes, Load_Balance and Failover, for you to choose as the Pool
configuration. If you choose Load_Balance, the tab of Load_Balance will be shown which
allows you to configure for different WAN interfaces. If you choose Failover, the tab of
Failover will be displayed which allows you to specify the primary profile and backup
profile for such Pool setting.
2.
Simply click the Add button to open the following dialog. Choose Load_Balance as
the Mode selection.
3.
139
4.
box to pop up the following dialog. Then, click Add. A new line for
Click the
adding new entry will appear.
5.
Use the drop down list of Interface to choose one of the WAN profiles. Type the value
for Weight.
6.
140
2.
Simply click the Add button to open the following dialog. Choose Failover as the
Mode selection.
3.
Click the Failover Tab. In default, the system will apply Primary Profile. If Primary
Profile cannot be used any more, the Backup Profile will be used instead.
141
4.
Use the drop down list to choose the one you need. wan1 to wan5 are default
settings.
5.
142
Description
CN_TELECOM
Use the drop down to choose one of the WAN profiles for
the telecom.
CN_CNC
Use the drop down to choose one of the WAN profiles for
the telecom.
Refresh
Apply
4.1.4 Switch
This page allows you to configure Mirroring Port, Mirrored Port, enable/disable WAN
interface, and configure 802.1Q VLAN ID for different WAN interfaces, and so on.
143
Description
Refresh
144
VLAN ID
Member
Untag
145
Mirror Configuration
The administrator can monitor all the packets passing through mirrored port. It is useful for
the administrator to analyze the troubles on Network.
Description
Check the box to enable the Mirror function for the switch.
Mirroring Port
Mirrored Port
Refresh
Apply
146
Interface Configuration
This page allows you to modify the status (enable / disable), speed(Auto,10M,100M,1000M)
and duplex (Half/Full) for the WAN ports respectively.
Description
Edit
Choose the interface listed below and click the Edit button
to modify the settings. A pop up window will appear for you
to change the settings.
147
Interface
Duplex
Speed
Description
Refresh
Auto Refresh
Interface
Status
148
Speed
Duplex
Description
Edit
Refresh
Usb3g
Status
APN
PPP Username
PPP Password
149
PPP Authentication
MTU
2.
Two available profiles will be shown on the screen. Click the one you want to modify
and click Edit.
3.
Description
Usb3g
Status
Modem Initial
150
4.
String 1
Modem Initial
String 2
Such value is used to dial through USB mode. Please use the
default value. If you have any question, please contact to
your ISP.
APN
PPP Username
PPP Password
PPP Authentication
MTU
After finished the modification, click Apply to save the configuration and exit the
dialog.
151
4.2 LAN
Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design
of network structure is related to what type of public IP addresses coming from your ISP.
The most generic function of Vigor router is NAT. It creates a private subnet of your own.
As mentioned previously, the router will talk to other public hosts on the Internet by using
public IP address and talking to local hosts by using its private IP address. What NAT does
is to translate the packets from public IP address to private IP address to forward the right
packets to the right host and vice versa. Besides, Vigor router has a built-in DHCP server
that assigns private IP address to each local host.
152
Profile
This page allows you to enable the profile, give a brief explanation for such profile, specify
the VLAN ID, specify MAC address, and choose protocol type for such profile.
Description
Add
Edit
Delete
Refresh
Profile
Description
VLAN ID
153
2.
Click the Add button to open the following dialog. Different protocol type selected will
bring up different configuration web page.
Description
Profile
Description
VLAN ID
Default MAC
154
Address
such profile.
Disable Click it to type the MAC address manually for
such profile.
MAC Address
IPv4 Protocol
Display the type for the IPv4 protocol for such profile.
Mode
IP Address
Subnet Mask
Type the network mask of the router for the LAN profile.
Gateway IP
Address
2nd Subnet
155
3.
IPv6 Address
DHCPv6 SLA
WAN Interface
DHCPv6 SLA ID
Apply
Cancel
When you finish the above settings, please click Apply to save the configuration and
exit the dialog.
156
DHCP
In the Vigor3900 router, there are some IP address settings for the LAN interface. The IP
address/subnet mask is for private users or NAT users. The IP address of the default gateway
on other local PCs should be set as the Vigor3900 server IP address. When the DSL
connection between the DSL and the ISP has been established, each local PC can directly
route to the Internet. The IP address/subnet mask can also be used to connect to other private
users (PCs). On this page you will see the private IP address defined in RFC-1918. Usually
we use the 192.168.1.0/24 subnet for the route.
Description
Edit
Refresh
Profile
Start IP
End IP
157
DHCP server.
DNS
Routers
Lease Time
2.
Choose one of the LAN profiles by clicking on it and click the Edit button to open the
following dialog.
158
Description
Profile
Start IP
End IP
DNS
159
Set a lease time for the DHCP server. The time unit is
minute.
Specify Remote
Dial-in IP
Remote Dial-in
Start IP
Apply
Cancel
4.
When you finish the above settings, please click Apply to save the configuration and
exit the dialog.
5.
160
DHCP Relay
This page allows users to specify which subnet that DHCP server is located that the relay
agent should redirect the DHCP request to.
Description
Edit
Refresh
Profile
DHCP Server IP
161
2.
Choose one of the LAN profiles by clicking on it and click the Edit button to open the
following dialog.
Description
Profile
DHCP Server
Location
DHCP Server IP
Apply
Cancel
3.
When you finish the above settings, please click Apply to save the configuration and
exit the dialog.
4.
162
RADVD
The router advertisement daemon (radvd) sends Router Advertisement messages, specified
by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a
Router Solicitation message. These messages are required for IPv6 stateless
auto-configuration.
Description
Edit
Refresh
Profile
Advertisement Lifetime
163
2.
Choose one of the LAN profiles by clicking on it and click the Edit button to open the
following dialog.
Description
Profile
Advertisement
Lifetime
Apply
Cancel
3.
When you finish the above settings, please click Apply to save the configuration and
exit the dialog.
4.
164
DHCP6
DHCP6 Server could assign IPv6 address to PC according to the Start/End IPv6 address
configuration.
Description
Edit
Refresh
Profile
165
means enabled.
Start IP
End IP
DNS
2.
Choose one of the LAN profiles by clicking on it and click the Edit button to open the
following dialog.
Description
Profile
Start IP
End IP
DNS
166
string
DNS: 168.95.1.1 ?
Apply
Cancel
3.
When you finish the above settings, please click Apply to save the configuration and
exit the dialog.
4.
Wizard
There is a quick way to configure LAN settings, create a LAN interface profile by clicking
the Wizard tab. Please follow the on-screen instruction.
167
168
Description
Profile
---- Please press this box to use the drop down list to
choose one of the existed LAN profiles for modifying.
Or simply type a new name in this field to create a new
profile.
Enable This Profile
Description
VLAN ID
Default MAC
Address
MAC Address
IPv4 Protocol
Mode
IP Address
Subnet Mask
Use the drop down list to choose the subnet mask for such
profile.
169
Gateway IP
Address
2nd Subnet
IPv6 Address
DHCPv6 SLA
WAN Interface
DHCPv6 SLA ID
Next
Cancel
170
3. Fill in the required information on this page and click Next. The following page with
DHCP settings will appear.
Description
DHCP Profile
Start IP
End IP
DNS
171
Lease Time
It allows you to set the leased time for the specified PC.
Specify Remote
Dial-in IP
Remote Dial-in
Start IP
Previous
Next
Cancel
4. Fill in the required information on this page and click Next. The following page with
802.1Q VLAN settings will appear.
172
173
Description
VLAN ID
Member
Untag
174
6. When the following screen appears, it means you have finished the Wizard
configuration.
175
4.2.2 IP Routing
Description
Add
Edit
To edit the IP routing setting, simply select the one you want
to modify and click the Edit button. The edit window will
appear for you to modify the corresponding settings for the
selected profile.
Delete
Refresh
Rename
Profile
Enable This Profile
WAN Profile
LAN Profile
IP
Mask
176
2.
3.
4.
Item
Description
Profile
WAN Profile
LAN Profile
IP
Mask
Enter all the settings and click Apply. The new profile will be added on the screen.
177
178
Static Route
179
Item
Description
Add
Edit
Delete
Refresh
Rename
Profile Name
Destination IP Address
Subnet Mask
Gateway
WAN/LAN Profile
Metric
2.
3.
180
Description
Profile
)
Enable This Profile
Destination IP
Address
Subnet Mask
Gateway
WAN/LAN Profile
Metric
Apply
Cancel
181
5.
Enter all the settings and click Apply. The new profile will be added on the screen.
182
Description
Add
Edit
Delete
Refresh
Rename
Profile Name
Destination IP Address
Prefix Length
Nexthop
183
Metric
Open LAN>>Static Route and click the IPv6 Static Route tab.
2.
3.
Description
Profile Name
Destination IP
Address
Prefix Length
Nexthop
184
4.
WAN/LAN Profile
Metric
Apply
Cancel
Enter all the settings and click Apply. The new profile will be added on the screen.
Inter-LAN Route
185
4.2.3 Switch
This page allows you to configure Mirroring Port, Mirrored Port, enable/disable LAN
interface, and configure 802.1Q VLAN ID for different LAN interfaces, and so on.
802.1Q VLAN
Virtual LANs (VLANs) are logical, independent workgroups within a network. These
workgroups communicate as if they had a physical connection to the network. However,
VLANs are not limited by the hardware constraints that physically connect traditional LAN
segments to a network. As a result, VLANs allow the network manager to segment the
network with a logical, hierarchical structure. VLANs can define a network by application or
department. For instance, in the enterprise, a company might create one VLAN for
multimedia users and another for e-mail users; or a company might have one VLAN for its
Engineering Department, another for its Marketing Department, and another for its guest
who can only use Internet not Intranet. VLANs can also be set up according to the
organization structure within a company. For example, the company president might have
his own VLAN, his executive staff might have a different VLAN, and the remaining
employees might have yet a different VLAN. VLANs can also set up according to different
company in the same building to save the money and reduce the device establishment.
User can select some ports to add into a VLAN group. In one VLAN group, the port number
can be single one or more.
The purpose of VLAN is to isolate traffic between different users and it can provide better
security application.
186
Description
Add
Edit
Delete
Refresh
VLAN ID
Member
Untag
2.
187
3.
4.
Item
Description
VLAN ID
Type the number as the VLAN ID. Type a number used for
identification on VLAN for your computer. Later, you have
to type the same ID number for each PC which wants to be
grouped within the same VLAN group.
Member
Untag
Apply
Cancel
Enter all the settings and click Apply. The new profile will be added on the screen.
188
Mirror
Vigor3900 supports port mirroring function in LAN interfaces. Generally speaking, this
function copies traffic from one or more specific ports to a target port. This mechanism helps
manager track the network errors or abnormal packets transmission without interrupting the
flow of data access the network. By the way, user can apply this function to monitor all
traffics which user needs to check.
There are some advantages supported in this feature. Firstly, it is more economical without
other detecting equipments to be set up. Secondly, it may be able to view traffic on one or
more ports within a VLAN at the same time. Thirdly, it can transfer all data traffics to be
mirrored to one analyzer connect to the mirroring port. Last, it is more convenient and easy
to configure in users interface.
Description
Check the box to enable the Mirror function for the switch.
Mirroring Port
Mirrored Port
189
Refresh
Apply
Interface
This page allows you to modify the status (enable / disable), speed(Auto,10M,100M,1000M)
and duplex (Half/Full) for the LAN ports respectively.
Description
Edit
Choose the interface listed below and click the Edit button
to modify the settings. A pop up window will appear for you
to change the settings.
Refresh
Interface
190
Duplex
Speed
2.
3.
4.
Item
Description
Interface
Check the box to enable the Mirror function for the switch.
Duplex
Use the drop down list to choose the duplex for such profile.
Speed
Use the drop down list to specify the transmission rate for
such profile.
Apply
Cancel
Enter all the settings and click Apply. The profile has been edited.
191
Status
This page displays the status the status (enable / disable), speed(Auto,10M,100M,1000M)
and duplex (Half/Full) of the LAN ports respectively.
Description
Refresh
Refresh seconds
Interface
Status
Speed
Duplex
192
193
Global Setting
This page is used to enable or disable the function of Bind IP to MAC.
Description
Refresh
Interface
Refresh
Apply
194
Bind IP to MAC
This page allows you to configure related settings for the function of Bind IP to MAC.
Description
ARP Table
Select All
Move
IP Address
MAC Address
Bind Table
Add
Edit
Delete
195
Refresh
Profile
IP Address
MAC
2.
When you finish the settings, click the Bind IP to MAC tab.
196
4.
5.
Item
Description
Interface
Check the box to enable the Mirror function for the switch.
Duplex
Use the drop down list to choose the duplex for such profile.
Speed
Use the drop down list to specify the transmission rate for
such profile.
Apply
Cancel
197
Description
Profile
IP Address
Type the IP address that will be used for the specified MAC
address.
---- Please press this box to type / edit the IP
address.
MAC
Type the MAC address that is used to bind with the assigned
IP address.
---- Please press this box to type / edit the MAC
address.
Apply
Cancel
6.
7.
198
Description
Check the box to enable the Mirror function for the switch.
Profile
Refresh
Apply
199
Description
Check the box to enable the Mirror function for the switch.
Profile
Refresh
Apply
2.
3.
Click the space of Profile. A pop-up dialog will appear. Click Add.
200
4.
Use the drop down list of LAN Profile to choose the one you need. And specify the
Area for that profile.
Click Apply to save the settings and exit the dialog. A new profile is created and
displayed on the screen.
You can create and apply multiple profiles in this page. Refer to the following example.
201
4.3 NAT
NAT (Network Address Translation) is a method of mapping one or more IP addresses
and/or service ports into different specified services. It allows the internal IP addresses of
many computers on a LAN to be translated to one public address to save costs and resources
of multiple public IP addresses. It also plays a security role by obscuring the true IP
addresses of important machines from potential hackers on the Internet. The Vigor 3900
Series is NAT-enabled by default and gets one globally routable IP addresses from the ISP
by Static, PPPoE, or DHCP mechanism. The Vigor3900 Series assigns private network IP
addresses according to RFC-1918 protocol and translates the private network addresses to a
globally routable IP address so that local hosts can communicate with the router and access
the Internet.
There are three functions that NAT provides Port Redirection, DMZ Host and Address
Mapping,.
202
Description
Add
Edit
Delete
Refresh
Rename
Profile
WAN Interface
Source IP
Private IP
Protocol
203
Private Port
Public IP
IP Alias
2.
3.
204
Description
Profile
WAN Interface
public IP ?
---- Please press this box to type / edit the IP
address.
Public IP
Private IP
)
Private IP
Protocol
Public IP in
205
Apply
Cancel
4.
5.
206
Description
Add
Edit
Delete
Refresh
Rename
Profile
WAN Profile
Display the WAN profile that such DMZ host profile will be
applied to.
Display the private IP used for this entry.
Private IP
Use IP Alias
207
IP Alias
2.
3.
Description
Profile
WAN Profile
Private IP
Use IP Alias
IP Alias
Apply
208
Cancel
4.
5.
209
Description
Add
Edit
Delete
Refresh
Rename
Profile
WAN Profile
210
Protocol
Use IP Alias
IP Alias
2.
3.
Description
Profile
211
WAN Profile
Private IP
Private IP subnet
Mask
Protocol
Use IP Alias
IP Alias
Apply
Cancel
4.
5.
212
Description
Check the box to enable the Mirror function for the switch.
LAN Interface
WAN Interface
Refresh
Apply
4.4 Firewall
The firewall controls the allowance and denial of packets through the router. The
Firewall Setup in the Vigor3900 Series mainly consists of packet filtering, Denial of
Service (DoS) and URL (Universal Resource Locator) content filtering facilities. These
firewall filters help to protect your local network against attack from outsiders. A firewall
also provides a way of restricting users on the local network from accessing inappropriate
Internet content and can filter out specific packets, which may trigger unexpected outgoing
connection such as a Trojan.
The following sections will explain how to configure the Firewall. Users can select IP Filter,
DoS Defense, MAC Block and Port Block options from Firewall menu. The DoS Defense
facility can detect and mitigate the DoS attacks.
213
IP Filter
This page allows you to create new IP filter rule(s) and group them for your request. The
upper part displays the information of IP Filter Group(s); the lower part displays the
information of IP Filter Rule(s).
You should create at least one IP filter rule and one group profile. The following will explain
IP Filter functions with details.
214
Description
Edit
Delete
Refresh
Rename
Group
Comment
215
Item
Description
Edit
Delete
Refresh
Rename
Rule
Time Profile
Source IP
Destination IP
Service Type
Display the service type object profile selected for each rule.
Action
Next Group
Syslog
Display ????
2.
3.
216
Description
Group
Comment
4.
5.
A new filter group has been added onto Address Mapping table.
6.
Choose the IP filter group first and then click the Add tab (the lower one in this page).
217
7.
Description
Rule
218
Time Profile
Source IP
Choose one of the IP object profiles from the drop down list.
The selected profile will be treated as source IP.
You can click
Destination IP
Choose one of the IP object profiles from the drop down list.
The selected profile will be treated as destination IP.
You can click
Service Type
Choose one of the service type object profiles from the drop
down list to be applied to such IP filter rule.
You can click
profile.
Input Interface
Output Interface
Fragments
8.
Action
Syslog
Apply
Cancel
219
9.
A new IP filter rule has been added onto IP Filter Rules of Selected Group table.
Note: You can create multiple IP filter groups. Yet, the IP Filter Rules of Selected
Group table displays only the IP filter rules belong to the selected IP Filter Group.
Application Filter
Application Filter can integrate several application objects within one profile for restricting
the usage of application. For example, it can block people defined in IP object profile not
using IM application, not using P2P for file sharing, and not downloading files via certain
protocol.
Description
220
Item
Description
Add
Edit
Delete
Refresh
Rename
Profile
Time Profile
Source IP
Exception IP
IM Block
P2P Block
Protocol Block
2.
3.
221
Description
Profile
Time Profile
Source IP
Choose one of the IP object profiles from the drop down list.
The selected profile will be treated as source IP.
You can click
Exception IP
Apply
Choose one of the P2P object profiles from the drop down
list which will not be allowed to pass through the router.
You can click
Protocol Block
Choose one of the IM object profiles from the drop down list
which will not be allowed to pass through the router.
You can click
P2P Block
Choose one of the IP object profiles from the drop down list.
The selected profile will be treated as exception IP which
will not be filtered by the router for such group.
You can click
IM Block
222
Cancel
4.
5.
URL Filter
URL Filter can integrate URL, Keyword, File extension and WCF object profiles within one
profile for restricting certain people accessing into Internet.
Description
Add
Edit
223
Item
Description
rule.
Delete
Refresh
Rename
Profile
Time Profile
Source IP
Keyword Pass
Keyword Block
2.
3.
224
Description
Profile
Time Profile
Source IP
Choose one of the IP object profiles from the drop down list.
The selected profile will be treated as source IP.
You can click
Keyword Pass
Choose one of the P2P object profiles from the drop down
list which will not be allowed to pass through the router.
You can click
to create another new file extension
object profile.
Choose one of the WCF object profiles from the drop down
list which will not be allowed to pass through the router.
You can click
profile.
File Extension
Block
Keyword Block
225
Item
Description
Apply
Cancel
4.
5.
226
Switch
Description
Broadcast Storm
Defense
Unknown Multicast
Storm Defense
Refresh
Apply
227
System
In the Firewall group, click the DOS Defense and click the tab of System. You will see the
following page. The DoS Defense Engine inspects each incoming packet against the attack
signature database. Any packet that may paralyze the host in the security zone is blocked.
The DoS Defense Engine also monitors traffic behavior. Any anomalous situation violating
the DoS configuration is reported and the attack is mitigated.
Description
228
Item
Description
Block IP Options
Block Land
Block SMURF
Block Fraggle
Block Unknown
Protocol
229
Item
Description
protocol types.
Refresh
Apply
230
Description
Add
Edit
Delete
Refresh
Rename
Profile
MAC Address
2.
231
3.
Description
Profile
Type the name which can briefly describe the reason of the
MAC block of such profile.
MAC Address
Apply
Cancel
4.
5.
Port Block allows you to set lots of proprietary port numbers. Packets will be dropped if
destination ports (both TCP and UCP) of packets with these assigned port numbers are on
WAN and LAN. The advantage of Port Block is that it can filter some unnecessary packets
or attacking packets on Internet environment or LAN network.
Description
Add
Edit
Delete
Refresh
Rename
Profile
Port Number
2.
233
3.
Description
Profile
Type the name which can briefly describe the reason of the
Port block of such profile.
Port Number
Apply
Cancel
4.
5.
234
235
4.5.1 IP Object
For IPs in a limited range usually will be applied in configuring routers settings, we can
define them with objects and bind them with groups for using conveniently. Later, we can
select that object/group that can apply it. For example, all the IPs in the same department can
be defined with an IP object (a range of IP address).
This page allows you to specify certain IP address, range of IP addresses or subnet mask as
an object which will be applied in Firewall.
Description
Add
Edit
Delete
Refresh
Profile
Interface
Display??
Address Type
Start IP Address
End IP Address
Subnet Mask
236
2.
3.
Item
Description
Profile
Interface
Address Type
Start IP Address
End IP Address
237
Item
Description
you choose Range as Address Type.
Subnet Mask
Use the drop down list to choose the subnet mask for such
profile if you choose Subnet as Address Type.
Apply
Cancel
6.
7.
238
4.5.2 IP Group
To manage conveniently, several IP object profiles can be grouped under a group. Different
IP group can contain different IP object profiles.
Description
Add
Edit
Delete
Refresh
Group Name
Interface
Description
Objects
2.
239
3.
Description
Group Name
Interface
Description
Objects
Use the drop down list to check the IP object profiles under
such group.
All the available IP objects that you have added on Objects
Setting>>IP Object will be seen here.
Apply
Cancel
4.
5.
240
Description
Add
Edit
Delete
Refresh
Profile
Protocol
241
Item
Description
2.
3.
Description
Profile
Protocol
Destination Port
Item
Start
Description
ICMP.
Type a port number (0 65535) as the starting destination
port.
Destination Port
End
Apply
Cancel
4.
5.
243
Description
Add
Edit
Delete
Refresh
Group Name
Description
Objects
244
2.
3.
4.
Item
Description
Group Name
Type the name of the service type object group. The number
of the characters allowed to be typed here is 10.
Group Name
Type the name of the service type object group. The number
of the characters allowed to be typed here is 10.
Objects
Use the drop down list to check the service type object
profiles under such group.
All the available service type objects that you have added on
Objects Setting>>Service Type Object will be seen here.
Apply
Cancel
245
5.
Description
Add
Edit
Delete
Refresh
Profile
Member
246
2.
3.
Description
Profile
Type the name of the service type object group. The number
of the characters allowed to be typed here is 10.
Member
Add Type the word in the box of Member and click this
button to add the new word as keyword object.
Edit Modify the selected word and display it in the box
below.
click the icon to remove the selected entry.
247
Item
Description
Apply
Cancel
4.
5.
Description
Add
Edit
Delete
248
Item
Description
Refresh
Group Name
Description
Objects
2.
3.
Description
Group Name
Type the name of the service type object group. The number
of the characters allowed to be typed here is 10.
Description
Objects
Use the drop down list to check the keyword object profiles
under such group.
All the available keyword objects that you have added on
Objects Setting>>Keyword Object will be seen here.
Apply
Cancel
249
4.
5.
Description
Add
Edit
Delete
Refresh
Profile
Image
250
Item
Description
Video
Audio
Java
ActiveX
Compression
Execution
2.
3.
Description
Profile
Image
251
Item
Description
Use the drop down list to check the box (es) to select the file
extension you need.
Video
Audio
Java
ActiveX
Compression
Execution
Apply
Cancel
4.
5.
252
4.5.8 IM Object
People like to use Instant Message to communication with friends on line just for fun or just
because it is easy and convenient. However, it might reduce the productivity of employees to
a company. Therefore, a tool to block or limit the usage of IM application is important to a
company. IM object setting lists all of the popular instant message application for you to
choose to block. Choose the one(s) you want to block and save as an IM Object profile. Later,
it can be applied to Firewall as a filter rule and reach the purpose of block.
Description
Add
Edit
Delete
Refresh
Profile
Member
WebIM
Display ???
2.
253
3.
Description
Profile
Member
WebIM
254
Item
Description
Apply
Cancel
4.
5.
255
Description
Add
Edit
Delete
Refresh
Profile
Member
256
2.
3.
4.
Item
Description
Profile
Member
Apply
Cancel
257
5.
258
Description
Add
Edit
Delete
Refresh
Profile
Member
2.
259
3.
Description
Profile
Member
Apply
Cancel
4.
5.
260
Note: Web Content Filter (WCF) is not a built-in service of Vigor router but a service
powered by Commtouch. If you want to use such service (trial or formal edition), you
have to perform the procedure of activation first. For the service of formal edition,
please contact with your dealer/distributor for detailed information.
261
Description
Add
Edit
Delete
Refresh
Profile
Child Protection
Leisure
Business
Chatting
Computer
Other
Item
Description
block.
Open Objects Setting>> Web Category Object and click the Web Category Object
tab.
2.
3.
Description
Profile
263
Child Protection
The web pages which are not suitable for children will be
classified into different categories. Simply check the one(s)
that you dont want the children to visit.
Leisure
Simply check the one(s) that you dont want the user to visit.
Business
Simply check the one(s) that you dont want the user to visit.
Chatting
Simply check the one(s) that you dont want the user to use
for gossip with remote people.
Computer
Simply check the one(s) that you dont want the user to visit.
Other
Simply check the one(s) that you dont want the user to visit.
Apply
Cancel
4.
5.
264
After finishing the activation for the trial version of WCF, remember to purchase Silver
Card for WCF service from your DrayTek dealer or distributor.
Description
Add
265
Item
Description
Edit
Delete
Refresh
Profile
Frequency
Start Date
Start Time
End Date
End Time
Weekdays
2.
3.
266
4.
Item
Description
Profile
Type the name of the time object profile. The number of the
characters allowed to be typed here is 10.
Frequency
Start Date
Start Time
End Date
End Time
Weekdays
Apply
Cancel
267
5.
Description
Add
Edit
Delete
Refresh
Group Name
Description
Objects
268
2.
3.
269
Description
Profile
Description
Objects
Use the drop down list to check the time object profiles
under such group.
All the available time objects that you have added on
Objects Setting>>Time Object will be seen here.
Apply
Cancel
4.
5.
270
Description
Mode
There are two modes offered here for you to choose. Each
mode will bring different filtering effect to the users
involved.
User-Based - If you choose such mode, the router will apply
the filter rules configured in User Management>>User
Profile to the users.
Rule-Based If you choose such mode, the router will apply
the filter rules configured in Firewall>>General Setup and
Filter Rule to the users.
White IP List
271
Description
Add
Edit
Delete
Refresh
Username
System User
PPTP
L2TP
DHCP from
Static IP Address
Use mOTP
272
2.
3.
Description
273
Username
Password
Idle Timeout
System User
Group
Choose the level for such profile from the drop down list.
DHCP from
Static IP Address
Use mOTP
274
mOTP secret
SSL Proxy
SSL Application
(VNC)
SSL Application
(RDP)
Apply
Cancel
4.
5.
275
Description
Add
Edit
Delete
Refresh
User Group
Member
2.
276
3.
Description
Usergroup
Member
Use the drop down list to check the user profile(s) under
such group.
Apply
Cancel
4.
5.
4.6.4 RADIUS
277
Description
Server IP Address
Destination Port
Shared Secret
Refresh
Apply
278
securely, therefore users can apply LDAP to search or list the directory object, inquire or
manage the active directory.
Description
Server IP Address
Port
The UDP port number that the RADIUS server is using. The
default value is 1812, based on RFC 2138.
Base DN
Refresh
Apply
279
4.7 Application
Below shows the menu items for Applications.
Before you use the Dynamic DNS feature, you have to apply for free DDNS service to the
DDNS service providers. The router provides up to ten accounts from eight different DDNS
service providers. Basically, Vigor routers are compatible with the DDNS services supplied
by most popular DDNS service providers such as www.dyndns.org, www.no-ip.com,
www.dtdns.com, www.changeip.com, www.dynamic- nameserver.com. You should visit
their websites to register your own domain name for the router.
280
Status
This page displays all the available DDNS profiles.
Description
Refresh
Auto Refresh
Profile
Status
Domain Name
281
Setting
This page allows you to configure DDNS server for your request.
Description
Edit
Refresh
Profile
WAN Profile
Service Provider
Service Type
Domain Name
282
1.
2.
Description
Profile
WAN Profile
Service Provider
Service Type
Domain Name
Type in the login name that you set for applying domain.
Password
283
Wildcard and
Backup MX
Mail Extender
Apply
Cancel
3.
4.
4.7.2 GVRP
Description
Interface
Join Time
????
Refresh
Apply
4.7.3 UPnP
The UPnP (Universal Plug and Play) protocol is supported to bring to network connected
devices the ease of installation and configuration which is already available for directly
connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT
routers, the major feature of UPnP on the router is NAT Traversal. This enables
applications inside the firewall to automatically open the ports that they need to pass through
284
a router. It is more reliable than requiring a router to work out by itself which ports need to
be opened. Further, the user does not have to manually set up port mappings or a DMZ.
UPnP is available on Windows XP and the router provide the associated support for MSN
Messenger to allow full use of the voice, video and messaging features.
Description
Download
Upload
External Interface
Internal Interface
Refresh
Apply
285
The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to
discover what are behind a NAT router. The application will also learn the external IP
address and configure port mappings on the router. Subsequently, such a facility forwards
packets from the external ports of the router to the internal ports used by the application.
286
The UPnP function dynamically adds port mappings on behalf of some UPnP-aware
applications. When the applications terminate abnormally, these mappings may not be
removed.
287
Description
LAN Profile
Virtual IP
VHID
Role
Peer IP
Refresh
Apply
288
Description
Wake by
Two types provide for you to wake up the binded IP. If you
choose Wake by MAC Address, you have to type the correct
MAC address of the host in MAC Address boxes. If you
choose Wake by IP Address, you have to choose the correct
IP address.
IP Address
MAC Address
Wake Up
clear
Delete)
289
290
2.
Description
Type
291
3.
Fill in the required information on this page and click Next. If you choose PPTP as the
Type, you will get the following screen:
Description
Profile
Always On
Server IP Address
PPTP Password
Local IP/Subnet
Mask
Remote IP/Subnet
Mask
Type the LAN IP address and LAN subnet mask for the
remote host.
292
If you choose IPSec as the Type, you will get the following screen:
Description
Profile
Auth Type
Certificate
Preshared Key
Security Protocol
WAN Profile
Local IP/Subnet
Mask
Remote Host
Remote IP / Subnet
Mask
Type the LAN IP address and LAN subnet mask for the
remote host.
293
More Remote
Subnet
Local GRE IP
Remote GRE IP
4.
Fill in the required information on this page and click Finish. Later, the system will ask
if you want to display the new created VPN file.
5.
294
2.
Description
Type
295
3.
Fill in the required information on this page and click Next. Note that such page will be
skipped if you choose IPSec as the Type in Step 2.
Description
Authentication
Protocol
The router will authenticate the dial-in user with the protocol
selected here.
User Authentication
Type
LAN Profile
296
5.
Item
Description
Profile
Local IP / Subnet
Mask
Remote IP / Subnet
Mask
Type the LAN IP address and LAN subnet mask for the
remote host.
297
PPTP
This page display current status for VPN tunnel built with PPTP protocol.
298
Description
Authenticate Protocol
The router will authenticate the dial-in user with the protocol
selected here.
User Authentication
Type
LAN Profile
299
Refresh
Apply
L2TP
This page display current status for VPN tunnel built with L2TP protocol.
Description
Authenticate Protocol
The router will authenticate the dial-in user with the protocol
selected here.
LAN Profile
300
Apply
Description
Preshared Key
WAN Profile
IKE Port
Type the UDP port number for Internet Key Exchange (IKE)
traffic to the VPN server.
NAT-Port
IPSec MSS
Refresh
Apply
301
Description
Add
Edit
Delete
Refresh
IPSec
PPTP Dial-out
PPTP Dial-in
Profile
302
Remote IP / Subnet
Mask
4.
5.
303
Item
Description
Profile
Type
There are three types offered here for you to choose. Please
choose IPSec for this case.
Always On Click Enable to make router always keeping
connection.
Basic
304
6.
Description
Aggressive Mode
Aggressive Mode
Local Peer ID
Remote Peer ID
Perfect Forward
Secrecy Status
DPD Delay
305
enabled.
DPD Timeout
7.
Description
Enable GRE
Function
Local GRE IP
Remote GRE IP
Auto Generate
GRE Key
GRE In Key
306
8.
Description
IKE Phase1
Proposal (Dial-Out)
IKE Phase1
Authentication
(Dial-Out)
IKE Phase2
Proposal (Dial-Out)
IKE Phase2
Authentication
(Dial-Out)
Accepted Proposal
(Dial-In)
For the dial-in VPN user, please specify the limitation of the
proposal.
Accept all supported proposal (acceptall) - When the VPN
tunnel is established, all the proposals supported by this
device will be accepted and applied.
Only accept proposal listed above (acceptabove) - When
the VPN tunnel is established, only the selected proposal will
be accepted and applied by this device.
Apply
Cancel
307
9.
2.
308
3.
4.
Item
Description
Profile
Type
There are three types offered here for you to choose. Please
choose PPTP Dial-Out for this case.
PPTP
Apply
Cancel
309
5.
2.
3.
Item
Description
Profile
Type
There are three types offered here for you to choose. Please
choose PPTP Dial-In for this case.
Local IP/Subnet
Mask
Remote IP / Subnet
Mask
Type the LAN IP address and LAN subnet mask for the
remote host.
Apply
Cancel
4.
5.
311
VPN TRUNK-VPN Backup mechanism can judge abnormal situation for the
environment of VPN server and correct it to complete the backup of VPN Tunnel in
real-time.
Dial-out connection types contain IPSec, PPTP, L2TP, L2TP over IPSec and ISDN
(depends on hardware specification)
Mail Alert support, please refer to System Maintenance >> SysLog / Mail Alert for
detailed configuration
Syslog support, please refer to System Maintenance >> SysLog / Mail Alert for
detailed configuration
VPN TRUNK-VPN Backup mechanism profile will be activated when initial connection
of single VPN tunnel is off-line. Before setting VPN TRUNK -VPN Backup mechanism
backup profile, please configure at least two sets of LAN-to-LAN profiles (with fully
configured dial-out settings) first, otherwise you will not have selections for grouping
Member1 and Member2.
Three types of load sharing algorithm offered, Round Robin, Weighted Round Robin
and Fastest
Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or
specified service function in transmission and define specified VPN Tunnel for having
effective bandwidth management
Dial-out connection types contain IPSec, PPTP, L2TP, L2TP over IPSec and GRE over
IPSec
The TCP Session transmitted by using VPN TRUNK-VPN Load Balance mechanism will
not be lost due to one of VPN Tunnels disconnected. Users do not need to reconnect with
setting TCP/UDP Service Port again. The VPN Load Balance function can keep the
transmission for internal data on tunnel stably.
312
Description
Add
Edit
313
Refresh
Profile
Protocol
Source IP Address
Source Mask
Destination IP Address
Destination Mask
Display the start point specified in the Dest Port Range for
this entry.
Display the end point specified in the Dest Port Range for
this entry.
Open VPN and Remote Access >>VPN TRUNK Management and click the Load
Balance Rule tab.
2.
3.
314
4.
Item
Description
Profile
Protocol
Source IP Address
Source Mask
Type the subnet mask address specified for the source IP.
Destination IP
Address
Destination Mask
Destination Port
Start
Destination Port
End
Apply
Cancel
315
5.
Description
Add
Edit
Delete
Refresh
316
Profile
Interface
Open VPN and Remote Access >>VPN TRUNK Management and click the Load
Balance Pool tab.
2.
3.
The following dialog will appear. Type the name of the profile (e.g., LB_Pool_1,
within 10 characters including digit, letter, and underline) under the Mode tab.
317
4.
interface Interface
5.
6.
Refer to Chapter 3, How to Configure VPN Load Balance between Vigor3900 and Other
Router for getting more detailed information about Load Balance application.
318
Configuration
This page can add a new virtual system for a specified LAN profile.
319
Description
Add
Edit
Delete
Refresh
Virtual System
LAN Profile
Display the name of the LAN profile that virtual system will
apply to.
Directly Forward
Open VPN and Remote Access >> Virtual System and click the Configuration tab.
2.
3.
320
Description
Virtual System
LAN Profile
Directly Forward
Apply
Cancel
4.
5.
321
Tunnel
Tunnel profile is important to build VPN connection (tunnel). It can define several subnets
for both ends and tells the VPN server which virtual system will be used by both sides.
Description
Add
Edit
Delete
Refresh
Description
Subnet
322
Open VPN and Remote Access >> Virtual System and click the Tunnel tab.
2.
3.
4.
Item
Description
Virtual System
Tunnel
Link to Virtual
System
Description
Subnet
Apply
Cancel
323
5.
VS IPSec Policy
After finished the setting on Tunnel, a new profile of IPSec Policy will be created
automatically in the page of VS IPSecPolicy. Choose this profile and click Edit to modify
the settings if required.
Description
Edit
Refresh
Profile
324
Edit
profile false
Display the IP address and subnet mask for the remote host.
Display ???
Open VPN and Remote Access >> Virtual System and click the VS IPSec Policy tab.
2.
Choose one of the virtual system tunnel profiles for modifying IPSec policy. Then,
click the Edit button.
3.
The following dialog will appear. Click the Basic tab first.
Description
Profile
Always On
325
4.
Auth Type
Certificate
Preshared Key
Security Protocol
WAN Profile
Local IP/Subnet
Mask
Remote Host
Remote IP / Subnet
Mask
Type the LAN IP address and LAN subnet mask for the
remote host.
More Remote
Subnet
???
Apply
Cancel
326
Description
Aggressive Mode
Local Peer ID
Remote Peer ID
Perfect Forward
Secrecy Status
Dead Peer
Detection Status
????
DPD Delay
DPD Timeout
Apply
Cancel
327
5.
Description
Enable GRE
Function
Local GRE IP
Remote GRE IP
Auto Generate
GRE Key
GRE In Key
Apply
Cancel
328
6.
Description
IKE Phase 1
Proposal (Dial-Out)
IKE Phase 1
Authentication
(Dial-Out)
IKE Phase 2
Proposal
(Dial-Out)
IKE Phase 2
Authentication
(Dial-Out)
Accepted Proposal
329
(Dial-in)
Apply
Cancel
6.
7.
330
Item
Description
Virtual System
Type the name for this profile. Or, press
existing virtual system profile.
to choose
LAN Profile
Directly forward
Description
Press
profile.
Description
Subnet
331
4. Continue to type the required information on this page and click Next.
Description
Profile
Check this box to enable the IPSec policy settings for this
profile.
Always On
Auth Type
Certificate
Preshared Key
Security Protocol
WAN Profile
Local IP/Subnet
Mask
332
Remote Host
Remote IP / Subnet
Mask
Type the LAN IP address and LAN subnet mask for the
remote host.
More Remote
Subnet
???
Aggressive Mode
Local Peer ID
Remote Peer ID
Perfect Forward
Secrecy Status
Dead Peer
Detection Status
????
DPD Delay
DPD Timeout
Enable GRE
Function
Local GRE IP
Remote GRE IP
Auto Generate
GRE Key
GRE In Key
333
IKE Phase 1
Proposal (Dial-Out)
IKE Phase 1
Authentication
(Dial-Out)
IKE Phase 2
Proposal
(Dial-Out)
IKE Phase 2
Authentication
(Dial-Out)
Accepted Proposal
(Dial-in)
334
Description
Profile
Connect
IPSec
PPTP
Refresh
VPN
Type
335
Remote IP
Virtual Network
Up Time
RX (Packets)
TX (Packets)
Disconnect
Local certificate is created by the end user and must be signed by a trusted CA center.
Vigor3900 can serve as a trusted CA and is called with Root CA. Therefore, any user can
ask for certificate signed by Vigor3900.
When Vigor3900 serves as a Root CA, it can sign the certificates coming from the users.
First, building a Root CA for Vigor3900 by clicking Trusted CA Certificate. Later,
certificate coming from other users can be uploaded to Root CA (Vigor3900) and be signed
by Vigor3900.
336
Description
Upload
Delete
Download
Generate
Selected File
Name
Subject
Issuer
Status
Valid From
Valid To
337
2.
3.
Description
Certificate Name
ID Type
338
ID Value
Organization Unit
Organization
Locality (City)
State/Province
Common Name
Email Address
Key Size
Country
Self Sign
Apply
Cancel
4.
5.
339
2.
Click the Upload button to import a saved file as the certification information.
?
Generate download
?
3.
Click Open.
2.
3.
Click Save. The file will be stored under the folder you specified above.
340
Description
Upload
Delete
Download
Build RootCA
Selected File
Use the
Browse.. button to specify a file to be used
as trusted CA certificate.
Name
Subject
Issuer
Status
Valid From
Valid To
341
2.
3.
Description
Certificate Name
Organization Unit
Organization
Locality (City)
State/Province
Common Name
Email Address
342
Key Size
Country
Passphase
Apply
Cancel
4.
5.
343
Description
Upload
Delete
Download
Selected File
Use the
Browse.. button to specify a file to be used
as trusted CA certificate.
Name
Subject
Status
2.
344
It is not necessary for users to preinstall VPN client software for executing SSL VPN
connection.
There are less restrictions for the data encrypted through SSL VPN in comparing with
traditional VPN..
Description
Add
Edit
Delete
345
Profile
URL
Host IP Address
2.
3.
Description
Profile
URL
Host IP Address
4.
5.
346
347
VNC
VNC stands for Virtual Network Computing. It allows you to access and control a remote
PC through VNC protocol.
Description
Add
Edit
Delete
Refresh
Profile
IP Address
Port
Scaling
Open SSL VPN>> SSL Application and click the VNC tab.
348
2.
3.
Description
Profile
IP Address
Port
Specify the port used for this protocol. The default setting is
5900.
Scaling
4.
5.
349
RDP
RDP stands for Remote Desktop Protocol. It allows you to access and control a remote PC
through RDP protocol.
Description
Add
Edit
Delete
Refresh
Profile
IP Address
Port
Screen Size
Open SSL VPN>> SSL Application and click the RDP tab.
350
2.
3.
Description
Profile
IP Address
Port
Screen Size
4.
5.
351
Description
Refresh
Auto Refresh
User Name
Remote IP
Time out
SSLVPN
Status
352
The QoS (Quality of Service) guaranteed technology in the Vigor router allows the network
administrator to monitor, analyze, and allocate bandwidth for various types of network
traffic in real-time and/or for business-critical traffic. Thus, timing-sensitive applications will
not be impacted by web surfing traffic or other non-critical applications, such as file transfer.
Without QoS-guaranteed control, there would be virtually no way to prioritize users/services
or guarantee allocation of finite bandwidth resources to network or servers for supporting
timing-sensitive and mission-critical network applications, such as VoIP (Voice over IP) and
online gaming applications.
Differentiated quality of service is therefore one of the most important issues over the
Internet infrastructure. In Vigor router, DSCP (Differentiated Service Code Point) support is
also taken into consideration in the design of the QoS-guaranteed control module.
The QoS function handles incoming and outgoing classes independently. Users can
configure incoming or outgoing separately without any impact on the other.
353
Description
Mode
Rate
Refresh
Apply
354
Description
Edit
Refresh
QoS Policer
Mode
Rate
355
How to edit the incoming class rate for the QoS policer
1.
Open Bandwidth Management>> Incoming Class and click the Class Rate Control
tab.
2.
Choose one of the incoming class rates and click the Edit button.
3.
4.
Item
Description
QoS Policer
Mode
Rate
Apply
Cancel
356
5.
Description
Edit
Refresh
Filter Rule
Policer
Drop
Reserved
357
2.
Choose one of the filter rules and click the Edit button.
3.
358
Description
Filter Rule
Policer
Drop
Reserved
IP Protocol
Source IP Address
Source IP Address
Mask
Destination IP
Address
Destination IP
Address Mask
Destination port
Enable
Destination Port
Start
Destination Port
End
Apply
359
Cancel
4.
5.
The incoming filter rule for QoS Policer has been modified.
360
Description
Status
Rate
Type the rate for outgoing data. The range can be set from
64000 to 10000000.
Description
Refresh
Apply
361
Description
Edit
Refresh
Profile
Status
Rate
Description
362
How to edit the outgoing class rate for the QoS policer
1.
Open Bandwidth Management>> Outgoing Class and click the Class Rate Control
tab.
2.
3.
4.
Item
Description
Profile
Status
Rate
Description
Apply
Cancel
363
5.
The outgoing class rate for QoS Policer has been modified.
Description
Edit
Refresh
QoS Queue
364
Weight
How to edit the outgoing queue 1- 5 weight for the QoS policer
1.
Open Bandwidth Management>> Outgoing Class and click the Queue 1-5 Weight
tab.
2.
3.
Description
QoS Queue
Weight
Apply
Cancel
4.
5.
The outgoing queue 1-5 weight for QoS Policer has been modified.
365
Description
Add
Edit
Delete
Refresh
Rename
Profile
Source IP
Destination IP
Service Type
Display???
Queue Number
366
2.
3.
Description
Profile
Source IP
Destination IP
Service Type
Choose one of the service types from the drop down list. If
you want to create a new service type, simply click
open the following dialog.
367
to
Apply
Cancel
4.
5.
368
Description
Add
Edit
Delete
Refresh
Rename
Profile
Source IP
Max Sessions
369
2.
3.
4.
Item
Description
Profile
Source IP
Max Sessions
Apply
Cancel
370
5.
Description
Add
Edit
Delete
Refresh
371
Rename
Profile
Start IP
End IP
TX Limit
Display the limitation for the speed of the upstream for the
profile.
RX Limit
2.
3.
Description
Profile
Start IP
End IP
TX Limit
Apply
Cancel
4.
5.
373
4.12.1 TR-069
This device supports TR-069 standard. It is very convenient for an administrator to manage a
TR-069 device through an Auto Configuration Server, e.g., VigorACS.
Description
374
ACS Server
URL/Username
/Password
WAN Profile
Port
CPE URL
Periodic Status
Periodic Time
CPE Username
Type the user name for the CPE which will be used by the
administrator of VigorACS to log into the WUI of
Vigor3900.
CPE Password
Type the password for the CPE which will be used by the
administrator of VigorACS to log into the WUI of
Vigor3900.
Refresh
Apply
Description
User Name
375
Original Password
New Password
Confirm Password
Apply
Click this button to save the configuration and exit the web
page.
Backup
Description
Backup Type
Backup
376
Restore
Description
Restore Type
Selected File
Restore
377
4.12.3 Syslog
SysLog function is provided for users to monitor router. There is no bother to directly get
into the Web Configurator of the router or borrow debug equipments.
378
Description
Status
Server IP
Server Port
Router Name
Firewall Log
VPN Log
WAN Log
Others Log
Refresh
Apply
Click this button to save the configuration and exit the web
page.
379
SysLog File
Description
Reverse
Check this box and choose the date to display the records in
Syslog with reverse order.
Syslog
Refresh
Clear
Clear All
Download
380
Mail Alert
Description
Mail From
Mail To
SMTP Port
SMTP Server
User Login
Click Enable to make any user logging into the mail server.
User Name
Password
Refresh
Apply
Click this button to save the configuration and exit the web
page.
381
Description
Time Type
Server
Port
Interval
Time Zone
Daylight Saving
Refresh
Apply
Click this button to save the configuration and exit the web
page.
382
Description
Web Allow
Web Port
Telnet Allow
Telnet Port
SSH Allow
SSH Port
HTTPS Allow
HTTPS Port
User Define
383
Refresh
Apply
Click this button to save the configuration and exit the web
page.
Description
Get Community
Set Community
Manager Host IP
Refresh
Apply
Click this button to save the configuration and exit the web
page.
384
Description
385
Description
Current Firmware
Version
Selected File
Use the
new firmware.
Upgrade
386
4.13 Diagnostics
In some cases, a user may need to know some information about the router, such as static or
dynamic databases, or other routing information. The Vigor3300V+ supports five functions,
Routing Table, ARP Cache Table, DHCP Assignment Table, NAT Sessions Table and
Traffic Graph for the user to review such information.
387
Routing Table
Display the information for each route.
388
Item
Description
Refresh
Destination
Gateway
Genmask
Flags
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
Metric
Ref
Use
Iface
389
Description
Refresh
Destination
Next Hop
Flags
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
Metric
Ref
Use
Iface
390
LAN/WAN profile).
IP Tables
Display the information for each filter.
Description
Refresh
Target
prot
source
destination
391
392
Description
Refresh
IP Address
HW type
Flags
MAC Address
Mask
Profile
Description
Refresh
IP Address
Profile
MAC Address
393
Item
Description
Status
394
Description
Refresh
IP Address
Start Date
Start Time
End Date
End Time
Mac Address
395
Description
396
Item
Description
Refresh
Source
Destination
Protocol
State
TTL
397
Description
Setup
CPU
Memory
LAN
398
Item
Description
operation about recent 24 hours.
Recent 7 Days Display the information of LAN operation
about recent 7 days.
Recent 4 Weeks Display the information of LAN
operation about recent 4 weeks.
Network Interface Display the information of LAN or
WAN operation.
Type Choose the type of the chart to be generated by the
router.
WAN
Refresh
Apply
Generate Chart
399
400
Description
Ping / TraceRoute
Host
Interface
Start
Stop
401
Global Setting
This page allows you to enable or disable Data Flow Monitor feature.
402
Description
Refresh
Chart
Block
UnBlock
Recent 24 Hours/Recent
5 Minutes
Auto Refresh
403
Item
Description
The information will update immediately when the Refresh
button is clicked.
PC Name
IP
TX rate (KBps)
RX rate (KBps)
Sessions
Block Time
404
If all above stages are done and the router still cannot run normally, it is the time for you to
contact your dealer for advanced help.
2.
Turn on the router. Make sure the ACT LED blink once per second and the
correspondent LAN LED is bright.
3.
If not, it means that there is something wrong with the hardware status. Simply back to
1.3 Hardware Installation to execute the hardware installation again. And then, try
again.
405
For Windows
The example is based on Windows XP. As to the examples for other operation
systems, please refer to the similar steps or find support notes in
www.draytek.com.
1.
2.
3.
406
4.
For Mac OS
1.
2.
3.
On the Network screen, select Using DHCP from the drop down list of Configure
IPv4.
407
For Windows
1.
2.
Type command (for Windows 95/98/ME) or cmd (for Windows NT/ 2000/XP/Vista).
The DOS command dialog will appear.
3.
Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of Reply from
192.168.1.1:bytes=32 time<1ms TTL=255 will appear.
4.
If the line does not appear, please check the IP address setting of your computer.
2.
3.
4.
Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of 64 bytes from
192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms will appear.
408
If there is something wrong with the configuration, please go to WAN page and choose
General Setup again to modify the WAN connection.
409
Software Reset
You can reset router to factory default via Web page.
410
Go to System Maintenance>> Reboot System on the web page. The following screen will
appear. Choose the selection you need and click Reboot After few seconds, the router will
return all the settings to the factory settings.
411
Hardware Reset
While the router is running (ACT LED blinking), press the Factory Reset button and hold
for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the
button. Then, the router will restart with the default configuration.
After restore the factory default setting, you can configure the settings for the router again to
fit your personal request.
412
413
Appendix: Hardware
Specifications
Temperature
Operating : 0C ~ 45C
Storage : -25C ~ 65C
Humidity
60 Watt
Dimension
Power
100 ~ 240 V AC
414