Vigor2960 Dual-WAN Security Firewall User’s Guide Version: 2.6 Firmware Version: V1.4.
Intellectual Property Rights (IPR) Information Copyrights © All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: Microsoft is a registered trademark of Microsoft Corp.
iv Vigor2960 Series User’s Guide
Table of Contents Chapter 1: Introduction .....................................................................................................1 1.1 Web Configuration Buttons Explanation ...................................................................................... 1 1.2 LED Indicators and Connectors ................................................................................................... 2 1.3 Hardware Installation...........................................................................
4.3.6 RIP Configuration ................................................................................................................153 4.3.7 OSPF Configuration.............................................................................................................155 4.3.8 BGP Configuration...............................................................................................................157 4.4 NAT..........................................................................................
4.9.4 PPP General Setup .............................................................................................................327 4.9.5 OpenVPN General Setup ....................................................................................................333 4.9.6 IPsec General Setup............................................................................................................335 4.9.7 VPN Profiles .......................................................................................
4.16.2 CPE Management .............................................................................................................453 4.16.3 Log/Alert ............................................................................................................................462 4.17 Central Management (AP) ..................................................................................................... 463 4.17.1 General Setup.............................................................................
6.5.4 Telnet Command: route .......................................................................................................551 6.5.5 Telnet Command: route6 .....................................................................................................554 6.5.6 Telnet Command: switch .....................................................................................................556 6.6 NAT Configuration .......................................................................................
Chapter 1: Introduction The Vigor2960 Series integrates a rich suite of functions, including NAT, firewall, VPN, load balance, and bandwidth management capability. These products are very suitable for providing multi-integrated solutions to SME markets. A Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks like an Intranet.
Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed explanation. 1.2 LED Indicators and Connectors Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. The displays of LED indicators and connectors for the routers are different slightly. Description for LED LED ACT (Activity) Status Blinking CSM Off On VPN On Off Blinking On Off On Off Blinking On Off The port is connected. The port is disconnected.
Connectors Interface Factory Reset GigaWAN 1/2 GigaLAN 1/2/3/4 USB1/2 Description Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connecters for remote networked devices. Connecters for local networked devices. Connecter for Mobile HDD, 3G Modem or printer.
1.3 Hardware Installation 1.3.1 Network Connection Before starting to configure the router, you have to connect your devices correctly. 1. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of Vigor2960s. 2. Connect the other end of the cable (RJ-45) to the Ethernet port on your computer (that device also can connect to other computers to form a small area network). The LAN LED for that port on the front panel will light up. 3.
1.3.2 Wall-Mounted Installation The Vigor2960 Series can be mounted on the wall by using standard brackets shown below. Choose a flat surface (on the wall) which is suitable for placing the router. Make the screw holes on the short side of the bracket aim at the screw holes on the router. Next, fasten both the bracket and the router with two screws; and fasten both the wall and the bracket with another two screws. Refer to the following figure.
This page is left blank.
Chapter 2: Initial Configuration For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully. Be aware that only the administrator can change the router configuration. 2.
3. Now, the Main Screen will pop up. 4. Go to System Maintenance page and choose Administrator Password. 5. Enter the login password (admin, in default) on the field of Original Password. Type a new one in the field of New Password and retype it on the field of Confirm Password. Then click Apply to continue. 6. Now, the password has been changed. Next time, use the new password to access the Web User Interface for this router.
2.2 Quick Start Wizard Quick Start Wizard is a wizard which is designed for configuring your router accessing Internet with simply steps. In the Quick Start Wizard group, you can configure the router to access the Internet with different modes such as Static, DHCP, PPPoE, or PPTP modes. For most users, Internet access is the primary application. The router supports the Ethernet WAN interface for Internet access. Click Quick Start Wizard from the home page.
When you finish the above settings, please click Next to go to next page. 2.2.2 Step 2 – Configuring the Selected Protocol This page will be changed according to the IPv4 Protocol Type selected on last page. If Static is selected If Static is selected, the following screen will appear. You can manually assign a static IP address to the WAN interface and complete the configuration by applying the settings and rebooting your router.
Save – After finished the IP address configuration, click Save to save the setting onto the router. Previous Click it to return to previous setting page. Finish Click it to finish the configuration. Cancel Click it to discard the settings configured in this page. When you finished the above settings, please click Finish.
If DHCP is selected DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP address for Vigor2960 automatically. It is not necessary for you to assign any setting. (Host Name is required for some ISPs). Available parameters are listed as follows: Item Description Host Name (Optional) Type a name as the host name for identification. Previous Click it to return to previous setting page.
Available parameters are listed as follows: Item Description Username Type in the username provided by ISP in this field. Password Type in the password provided by ISP in this field. Previous Click it to return to previous setting page. Finish Click it to finish the configuration. Cancel Click it to discard the settings configured in this page. When you finished the above settings, please click Finish.
If PPTP is selected This mode lets user get the IP group information by a DSL modem with PPTP service from ISP. Your service provider will give you user name, password, and authentication mode for a PPTP setting. Click PPTP as the protocol. Type in all the information that your ISP provides for this protocol. If your ISP offers you PPTP (Point-to-Point Tunneling Protocol) mode, please select PPTP for this router. Next, enter the settings provided by your ISP on the web page.
Server Address Type a remote IP address of PPTP server. Username Type in the username provided by ISP in this field. Password Type in the password provided by ISP in this field. IP Address Type a public IP address for such WAN profile. Subnet Mask Choose the static mask from the drop down list. Gateway IP Address Type a public gateway address for such WAN profile. DNS Server IP Address To add a new IP address, simply place the mouse cursor on this filed. The following dialog will appear.
16 Vigor2960 Series User’s Guide
2.3 Register Vigor Router Please follow the steps below to register the router. 1 Before using such function, please register your router online first. Log into the Web User Interface of Vigor2960 and click Product Registration. 2 A Login page will be shown on the screen. Please type the account and password that you created previously. And click Login. Notice: If you haven’t an accessing account, please create a new one first.
3 The following page will be displayed after you logging in MyVigor. When the following page appears, please type in Nickname (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date). Click Add. 4 When the following page appears, your router information has been added to the database. 5 After clicking OK, you will see the following page. Your router has been registered to myvigor website successfully.
Chapter 3: Application and Tutorial 3.1 How to Build SSL VPN with RDP Service in the Browser via Logging in Router's HTTPS Server? Remote Desktop Protocol (RDP) is a protocol designed for secure communications in networks using Microsoft Terminal Services. An easy way is provided to establish connection between the router and the RDP Server via any browser. 1. Open the Web User Interfaceof Vigor2960. 2.
3. Open SSL VPN >> SSL Application and click the RDP tab to create a profile named “Win7”. Type IP address, Port number, and Screen Size based on the actual RDP server information, then click Apply to save the settings. 4. Open User Management >> User Profile to create a new profile named “7788”. Set the Password as 7788 and choose the profile of Win7 as SSL Application (RDP). Click Apply. 5. Logout Vigor2960. 6. Login Vigor2960 HTTPS Server with 7788 for both Username and Password.
7. A screen like the following figure will appear. Simply click the SSL Application link. 8. In the following screen, click Connect for connecting to Win7, the RDP server.
9. After that, you can access into Windows 7 via a browser. Note the message below the window. In which, TLS means Transport Layer Security.
Troubleshooting If you have installed Java Runtime Environment edition 6 but still cannot establish the connection, please make sure you have disabled “Use TLS 1.0” in the Java Control Panel as figure shown below. Then, try to connect again.
3.2 How to Configure OSPF? OSPF (Open Shortest Path First) uses the algorithm of SPF (Shortest Path First) to calculate the route metric. It is suitable for large network and complicated data exchange. Both Vigor3900 and Vigor2960 support up to OSPF version 2(only for IPv4). The autonomous system (AS) used in OSPF indicates the largest entity and can be divided into several areas. Usually, Area 0 will be used as OSPF backbone which distributing the routing information among areas.
Configuration for Vigor3900 A, 1. Open Routing >> General Setup to create a LAN (192.168.1.1/24) profile named lan1 with the settings shown below. 2. Next, continue to create a LAN (192.168.3.1/24) profile named lan2 with the settings shown below. 3. Open LAN >> Static Route Setup and click the Inter-LAN Route tab to enable this profile.
4. Open LAN >> OSPF Configuration to enable this profile. Click Add to make the LAN Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) Configuration for Vigor3900 B, 1. Open LAN >> General Setup to create a LAN (192.168.2.1/24) profile named lan1 with the settings shown below. 2. Next, continue to create a LAN (192.168.3.2/24) profile named lan2 with the settings shown below.
3. Open LAN >> Static Route Setup and click the Inter-LAN Route tab to enable this profile. 4. Open LAN >> OSPF Configuration to enable this profile. Click Add to make the LAN Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) Configuration for Vigor2960, 1. Open LAN >> General Setup to create a LAN (192.168.4.1/24) profile named lan1 with the settings shown below.
2. Next, continue to create a LAN (192.168.3.3/24) profile named lan2 with the settings shown below. 3. Open LAN >> General Setup and click the Inter-LAN Route tab to enable this profile.
4. Open Routing >> OSPF Configuration to enable this profile. Click Add to make the LAN Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) 5. After setting, check the routing information (marked with red line) which is created by OSPF.
30 Vigor2960 Series User’s Guide
3.3 How to Configure LAN to LAN IPsec Tunnel between Vigor2960 and Other Router Here provides an example about LAN to LAN IPsec tunnel established between Vigor2960 and Vigor2710. Configuring Vigor2960 1. Access into the Web User Interfaceof Vigor2960 and open VPN and Remote Access >> VPN Profiles to add a new VPN configuration. Type the Pre-shared key and choose a WAN Profile. Specify Local IP/Subnet Mask with 192.168.29.0/24.
Configuring Vigor2710 1. 2. In Vigor2710, it is necessary to build two VPN connections (for two WANs) to connect with Vigor2960. Please open the Web User Interface of Vigor2710 and open VPN and Remote Access >> LAN to LAN. First, please type the name of such VPN connection in the field of Profile Name (e.g., 2960). Check the box of Enable this profile. Choose Dial-Out as Call Direction and check the box of Always on.
3. For the role of Vigor2710 is dialing-out, please skip Dial-In setting. Type the Remote Network IP and Remote Network Mask of Vigor2960 to complete configuration. 4. Please check if the VPN connection is built successfully in both devices respectively. For Vigor2960, open VPN and Remote Access>>IPsec>>Status for viewing the result. As to Vigor2710, please open VPN and Remote Access>>Connection Management to confirm the result.
3.4 CVM Application - How to manage the CPE (router) through Vigor2960? To manage CPEs through Vigor2960, you have to set URL on CPE first and set username and password for Vigor2960. For this section, we use Vigor2830 series as the example. The firmware upgrade for the CPE can be done through Vigor2830 series. 3.4.1 Configure Settings on Vigor2960 1. Access into the web user interface of Vigor2960. 2. Open System Maintenance>>Access Control. Check Enable for Web Allow and type the value for Web Port.
5. Click the General Setup tab. Check the Enable box. Specify the WAN interface from the WAN Profile drop down list. Type the values for Port, Username, and Password respectively. Remember the values configured in this page. 6. Click Apply to save the settings. 3.4.2 Configure Settings on CPE To manage CPEs through Vigor2960, you have to set ACS URL on CPE first and set username and password for Vigor2960. 1. Connect one CPE (e.g.
3.4.3 Invoke Remote Management for CPE 1. Login the web user interface of the CPE. 2. Open System Maintenance>>Management Setup. 3. Check Allow management from the Internet to set management access control.
3.4.4 Enable WAN Connection on CPE 1. Login the web user interface of the CPE. 2. Open WAN>>Internet Access. Use the drop down list of Access Mode on WAN1 to select MPoA (RFC1483/2684). Then, click Details Page. 3. Click Specify an IP address. Type correct WAN IP address, subnet mask and gateway IP address for your CPE. Then click OK. Note: Reboot the CPE device and re-log into Vigor2960.
3.4.5 Check CPE Maintenance Page 1. Return to the web user interface of Vigor2960. 2. Open Central VPN Management>>CPE Management. 3. Now there is one CPE managed (Vigor2830) by Vigor2960 on the page of CPE Maintenance.
3.5 CVM Application - How to build the VPN between remote devices and Vigor2960? When a remote device is managed by Vigor2960 series, it is easy to build VPN between these two devices. 1. Access into the web user interface of Vigor2960 series. 2. Open Central VPN Management>>CPE Management. The icons displayed on the screen means the remote devices are ready for building VPN with Vigor2960. 3. Click the device icon (marked with Vigor2960 Series User’s Guide 39 ) and click the PPTP or IPsec button.
Or click Advanced to open the following page for specified the CPE you want. Click Connect after finished the settings. 4. A confirmation dialog will appear. Click OK and wait for a moment. 5. If VPN is built successfully, related information will be displayed on Connected Devices.
6. A LAN to LAN profile for such VPN will be generated automatically. You can access into VPN and Remote Access>>LAN to LAN of the remote device for viewing the detailed information. Note: The profile name is created automatically by the system. Do not modify any value in such page to avoid VPN error.
3.6 CVM Application - How to upgrade CPE firmware through Vigor2960? 3.6.1 Import firmware file from your PC to Vigor2960 1. Suppose the newest firmware file is located on your PC. You can upload it from your PC to Vigor2960. 2. Log into the web user interface of Vigor2960. 3. Open System Maintenance>>Access Control. Check Enable for Web Allow and type the value for Web Port. Then click Apply to save the settings. 4. Open Central VPN Management>>CPE Management. Click CPE Maintenance.
6. In the Upload dialog, click the Browse.. button to find out the firmware (e.g., 2830_0508 in this case) you want to upload from PC to Vigor2960. Then, click Upload.
7. When the file is uploaded successfully, later you will find the one in the File Explorer dialog.
3.6.2 Set a new firmware upgrade profile To create a new firmware upgrade profile, one CPE (e.g., 2830 in this case) must be managed by Vigor2960 at least. Otherwise, the profile cannot be created successfully. 1. Open Central VPN Management>>CPE Management. Click CPE Maintenance. In the Maintenance area, click Add. 2.
3. When you finished the above settings, click Apply to save them. The new maintenance profile has been created and displayed on the Maintenance area. 4. Now, the new firmware will be loaded into the CPE immediately (based on the schedule setting – now). Note that a red icon, will appear during the period of firmware upgrading. And, in the web user interface of client’s CPE, the system will show you that firmware upgrade is on going.
5. Please wait for a moment. Later, open Central VPN Management>>Log/Alert>>Log page to check the result. If [Finished] is displayed, it means the firmware upgrade of specified CPE has completed. 3.6.3 Check the Device Information 1. Open Central VPN Management>>CPE Management. In the Managed Devices Status area, choose the router (representing Vigor2830) and click Detail. 2. Check the software version field.
3.7 How to use High Availability for Vigor routers? This document introduces how to set up HA in Hot-Standby mode and here is the scenario: LAN1 and LAN2 have Internet Access through the Master device. When Master detects LAN or WAN fails, both LAN1 and LAN2 will have Internet Access through the Backup device.
Note: Make sure the WAN interfaces for both Router A and Router B are well connected. Both routers can be used to access into Internet. Note: For advanced applications, please refer to FAQ/Application Notes on www.draytek.com. Vigor2960-Master Setup 1. Go to Applications >> High Availability >> Hot-Standby Profile Setup page. Select lan1 for HA LAN Profile. Input Priority ID as 1 which is the highest priority. Input 192.168.166.99 as Virtual IP for Gateway.
Input Authentication Key (The other Vigor2960 should have same Authentication Key, otherwise the configuration synchronization will fail.) Select Immediate as the Advance Preemption Mode. Select Enable for WAN Connection Status Detection. Select At Least One Up for LAN Port Status Detection. Vigor2960-Slave Setup 3. Go to LAN >>General Setup >>lan1 profile (the HA LAN profile) to change the IP Address first, the LAN IP should be different from Vigor2960-Master. 4.
Input Group ID 100 (should be the same as the Group ID on the other Vigor2960) then click Apply. 5. Go to Applications >> High Availability >> Hot-Standby Global Setup page. Check to Enable High Availability. Select Hot-Standby as the Redundant Method. Input Authentication Key (The Authentication Key should be the same as the other Vigor2960, otherwise the configuration synchronization will fail.) Select Immediate as the Advance Preemption Mode.
8. By clicking Detail button, we can see more device information. 9. When Master meets WAN or LAN Fail Event, or be powered off, the Vigor2960 with Priority ID 2 will become Master. 10. When upgrading the firmware version of the Master Vigor2960, Backup router will upgrade to same firmware version automatically. The process is: Master reboots for applying new firmware. Master is up and exchanges HA information with the backup router. Backup router finds firmware version is not equal.
3.8 How to Configure DNS Inbound Load Balance on Vigor 2960? Vigor2960 can offer the mapped IP address to respond the DNS query coming from the remote end through the designate domain to reduce the loading of the network traffic. WAN1 IP Address: 1.1.1.1 WAN2 IP Address: 2.2.2.2 Inbound Load Balance allows Vigor2960 acting as a DNS Server to separate the traffic for each WAN interface according to the DNS query time. Follow the steps listed below to Configure DNS Inbound Load Balance.
2. Open WAN >> Load Balance and click the tab of Inbound Load Balance to enable the service. Click Add. 3. Add a profile named “yourdomain.com”. Define WAN1 weights 1 and WAN2 weights 2. It means the total DNS query time will be three, one will pass through WAN1; two will pass through WAN2. 4. Click the Detail tab and locate Additional A Record. Type “www” as the name of the Host, and type “192.168.1.10” as the IP Address.
5. Then click Apply to save the settings. Now, make a test for inbound load balance. Click Start>> Run and type cmd. Execute the command, nslookup, for DNS query test. First DNS query >www.yourdomain.com Server: [google-public-dns-a.google.com] Address: 8.8.8.8 Name: www. yourdomain.com Address: 1.1.1.1 Second DNS query > www.yourdomain.com Server: [google-public-dns-a.google.com] Address: 8.8.8.8 Name: www.yourdomain.com Address: 2.2.2.2 Third DNS query > www.yourdomain.
This page is left blank.
Chapter 4: Advanced Configuration After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more setting for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to chapter 3. 4.1 WAN Quick Start Wizard offers user an easy method to quick setup the connection mode for the router.
via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. 4.1.1 General Setup This section will introduce some general settings of Internet and explain the connection modes for WAN profiles in details. This router supports multi-WAN function. It allows users to access Internet and combine the bandwidth of the WAN profiles to speed up the transmission through the network.
Each item will be explained as follows: Item Description Add Add a new WAN profile. Such function is available in Advance mode only. Edit Modify the selected WAN profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected WAN profile. Such function is available in Advance mode only.
Profile (max length:7) Display the profile name. Enable Display the status of the profile. False means disabled; True means enabled. Description Display a brief explanation for such profile. Port Display the physical WAN interface for such profile. IPv4 Protocol Type Display the IPv4 protocol selected by the profile. IPv6 Protocol Type Display the IPv6 protocol selected by the profile. VLAN Tag If the data transmitted with tag, Enable will be displayed in this field.
Available parameters for global configuration are listed as follows: Item Description Profile (max length:7) Type a name (less than 7 characters) for such profile. Enable Check this box to enable such profile. Description Give the brief description for such profile. Port Display the physical WAN interface for such profile. Default MAC Address Enable – Click it to enable the default MAC address for such profile. Disable – Click it to type the MAC address manually for such profile.
IPv6 Protocol There are five connection modes for you to specify for IPv6 protocol type. Each mode will bring up different web page. Enable Schedule Reconnect Enable – Click it to enable the function of reconnecting the network automatically within the time schedule. Schedule Time Object - Choose the time object profile to be applied by such WAN. Disable – Click it to disable the schedule reconnect function. VLAN Tag Enable – Click it to enable the function of VLAN Tag.
Different IPv4 and IPv6 protocol types specified will bring up different configuration web page. If you choose Static as IPv4 protocol type, click the Static tab to open the following page: Available parameters are listed as follows: Item Description IP Address Type the IP address (e.g., 192.168.1.x) specified for such profile. Subnet Mask Use the drop down list to choose the subnet mask for such profile. Gateway IP Address Type a public gateway address for such WAN profile.
setting is optional. If you have typed addresses here, you can see and choose it in later web page settings (e.g., NAT>>Port Redirection/DMZ Host). Add – Click this button to display the IP address field for adding a new IP address. Type the IP address on the tiny boxes one by one. Save – After finished the IP address configuration, click Save to save the setting onto the router. MTU/MRU Type the value of MTU/MRU. The default value is 1500.
Connection Detection Retry Assign detecting times to ensure the connection of the WAN interface. After passing the times you set in this field and no reply received by the router, the connection of WAN interface will be regarded as breaking down. Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration.
is 1500. Connection Detection Mode Select a detecting mode for this WAN interface. There are three ways ARP, PING and HTTP supported in Vigor router for you to choose to send the request out. Connection Detection Host Add – click this button to have a field for adding a new IP address. Assign an IP address or Domain name as a destination to be detected whether the host is active (sending reply to the router) or not. If not, the connection of WAN interface will be regarded as breaking down.
Cancel Click it to exit the dialog without saving the configuration. If you choose PPPoE as IPv4 protocol type, click the PPPoE Tab to open the following page: Available parameters are listed as follows: Item Description Username Type the user name offered by your ISP. Password Type the password offered by your ISP. MTU/MRU Type the value of MTU/MRU. The default value is 1492. Service Name This is an optional setting.
Connection Detection Host If you choose PING/HTTP as Connection Detection Mode, you have to specify the detection host address in this field. Use the default setting. Add – Click this button to have a field for adding a new IP address. Assign an IP address or Domain name as a destination to be detected whether the host is active (sending reply to the router) or not. If not, the connection of WAN interface will be regarded as breaking down.
Specify DNS Enable – Click it to enable the function of DNS specified. It is used for local service (e.g., NTP, ping diagnostic) or used for forwarding packets to PC on LAN/VPN. Disable – Click it to disable the function of DNS specified. DNS Add – click this button to have a field for adding a new IP address. Save – click this button to save the setting. Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration.
Server Address Type the IP address of PPTP server offered by your ISP. Username Type the user name offered by your ISP. Password Type the password offered by your ISP. MTU/MRU Type the value of MTU/MRU. The default value is 1452. Debug Click Enable to display the PPTP debug message in syslog. The default setting is Disable. Always On Enable – Click it to enable the function of Always On. The router will keep network connection all the time. Disable – Click it to disable the function of Always On.
If you choose Link-Local as IPv6 protocol type Link-Local address is used for communicating with neighbouring nodes on the same link. It is defined by the address prefix fe80::/64. You don't need to setup Link-Local address manually for it is generated automatically according to your MAC Address. If you choose PPP as IPv6 protocol type Simply refer to the section of “If you choose PPPoE as IPv4 protocol type, click the PPPoE Tab to open the following page” for detailed information.
Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. If you choose DHCP IA NA as IPv6 protocol type, click the DHCPV6 Tab to open the following page: Available parameters are listed as follows: Item Description DHCP (IA_NA) Gateway Address Type the gateway IP address for IPv6 DHCP IA_NA mode. DHCP (IA_NA) DNS Address Add – Click this button to type primary DNS server address for IPv6.
4.1.1.2 USB WAN Profiles Open WAN>>General Setup and click the USB WAN tab. Each item will be explained as follows: Item Description Edit Modify the selected USB WAN profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Refresh Renew current web page. Profile Display the profile name. Enable Display the status of the profile.
How to edit a USB WAN profile 1. Choose one of the USB WAN profiles and click Edit. 2. The settings under Global tab are listed as below: Available parameters are listed as follows: Item Description Profile Display the name of the USB WAN profile. Enable Check it to enable the USB WAN profile. Description Give the brief description for such profile. Port Display the physical WAN interface for such profile. Protocol Choose the connection mode for USB WAN.
Save – Click this button to save the setting. 3. Connection Detection Interval Assign an interval period of time for each detecting. Connection Detection Retry Assign detecting times to ensure the connection of the WAN interface. After passing the times you set in this field and no reply received by the router, the connection of WAN interface will be regarded as breaking down. Default Click it to restore the default settings. Apply Click it to save and exit the dialog.
Available parameters are listed as follows: Item Description 3G/4G PPP SIM PIN code -Type PIN code of the SIM card that will be used to access Internet. Modem Initial String 1-Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. Modem Initial String 2-The initial string 1 is shared with APN. In some cases, user may need another initial AT command to restrict 3G band or do any special settings.
and required by some ISPs. 4. Default Click it to restore the default settings. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all of the settings and click Apply.
4.1.1.3 Bridge VLAN Profiles Open WAN>>General Setup and click the Bridge VLAN tab. It can specify a VLAN ID for WAN port and offers more advanced environmental application for the users through the bridge technique in WAN port and LAN port. Each item will be explained as follows: Item Description Add Click to create a new profile. Edit Modify the selected USB WAN profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to add a new bridge VLAN profile 1. Click Add. 2. The settings are listed as below: Available parameters are listed as follows: 3. Item Description Profile Type the name of the profile. WAN Profile Use the drop down list to choose the WAN interface. LAN VLAN/Member Choose a VLAN profile from the drop down list. You have to open LAN>>Switch page and click 802.1Q VLAN for creating VLAN ID number bound with LAN port (802.1Q VLAN profile) first.
4.1.2 Inbound Load Balance Vigor2960 can offer the mapped IP address to respond the DNS query coming from the remote end through the designate domain to reduce the loading of the network traffic. 4.1.2.1 Inbound Load Balance Open WAN>>Load Balance and click the Inbound Load Balance tab. Each item will be explained as follows: Item Description Enable Check the box the enable inbound load balance function. Add Add a new WAN profile for inbound load balance. Edit Modify the selected WAN profile.
Delete Remove the selected WAN profile. To delete a profile, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the profiles to be created. Enable Display the status of the profile. False means disabled; True means enabled. Domain Name Display the domain name used by the profile. Mode Display the mode (failover or load balance) applied by the profile.
balance. Mode Specify the type (Load Balance or Failover) of the WAN profile for inbound load balance Priority Setting It is available only when Failover is selected as the Mode. There are five levels (Top, 2, 3, 4 and 5) which can be specified for WAN profiles (including default WAN profiles and user-defined WAN profiles). Interface Mapping/Weight The domain name will inform the remote end with the IP address for DNS query asked by the remote end.
3. After finished the settings on the Basic page, click the Detail Tab to open the following dialog. Available parameters are listed as follows: Item Description DNS Parameter To configure Vigor router as a DNS server, type the related information for applying the function of DNS. TTL – It means Time to live of a DNS response. Available setting range is from 0 to 2147483647. Refresh – Set the time for the PC in LAN to refresh the data.
address. Save – Click it to save the settings. Host –Type the name (URL) of the mail server. Mail Server – Type the name (URL) of the mail server. IP Address – Type the IP address of the mail server. Preference – Set a number for the priority of such mail server. 4. Additional A Record It is used to record the DNS query by IPv4 address. Add –Click it to add a new host with specified IP address. Save – Click it to save the settings. Host –Set a domain name.
4.1.2.2 Inbound Load Balance Options This page is used for configuring detailed Domain Name Server settings. Open WAN>>Load Balance and click the Inbound Load Balance Options tab. Each item will be explained as follows: Item Description Only accept query in access list If it is enabled, Vigor router only accepts DNS queries coming from the IP addresses or subnets in the Access List. Access List – Display a table of IP address(es) with subnet(s). Add – Create an IP address with subnet mask.
4.1.3 Switch This page allows you to configure Mirroring Port, Mirrored Port, enable/disable WAN interface, and configure 802.1Q VLAN ID for different WAN interfaces, and so on.
4.1.3.1 802.1Q VLAN Packets passing through the WAN interface might be tagged or untagged with VLAN ID number. It depends on the setting configured in this page for VLAN ID configured in WAN >>General Setup>>Profile relates to the VLAN ID setting configured here. This page simply displays current status of 802.1Q VALN setting profiles. Each item will be explained as follows: Item Description Refresh Click it to reload this page. VLAN ID Display the VLAN ID number.
4.1.3.2 Mirror Configuration The administrator can monitor all the packets passing through mirrored port with the mirroring port. It is useful for the administrator to analyze the troubles on Network. Available parameters are listed as follows: Item Description Enable This Profile Check the box to enable the Mirror function for the switch. Mirroring Port Select a port for the administrator to use for viewing traffic sent from mirrored ports.
4.1.3.3 Interface Configuration This page allows you to modify the status (enable / disable), duplex (Half/Full), speed and 802.3az for the WAN ports respectively. Each item will be explained as follows: Item Description Edit Choose the interface listed below and click the Edit button to modify the settings. A pop up window will appear for you to change the settings. Interface – Display the name of WAN interface. Enable – Check it to enable such interface.
period of low traffic. Click Enable to activate the power/energy saving function if required.. Apply – Click it to save and exit the dialog. Cancel – Click it to exit the dialog without saving anything. Refresh Renew current web page. Interface Display the name of the WAN port on the router. Enable Display the status of the profile. False means disabled; True means enabled. Duplex Display the duplex used (full or half) by such profile. Speed Display the transmission rate (e.g.
4.2.1 General Setup This page allows you to set LAN profiles for PCs in LAN. Settings of DHCP, DHCP Relay, RADVD and DHCPv6 settings are generated automatically by the system when the LAN profile is created. You can edit these settings by switching into each tab individually. Note: One LAN profile shall be enabled at least to keep the normal operation. The default LAN profile named “lan1” shall not be deleted. Otherwise, the system might be damaged.
VLAN ID Display the VLAN ID configured for the LAN profile. IPv4 Protocol Display the IPv4 protocol type for the LAN profile. IP Address Display the IP address for such LAN profile. Subnet Mask Display the subnet mask for such LAN profile. DHCP Server Display the status (Enable/Disable) of the DHCP server. IPv6 Protocol Display the IPv6 protocol type for the LAN profile. How to add a new LAN profile 1. Open LAN>>General Setup and click the General Setup tab. 2.
Address profile. Disable – Click it to type the MAC address manually for such profile. MAC Address If Default MAC address is disabled, please specify a MAC address manually with the format like “00:1d:aa:b2:69:80”. IPv4 Protocol Display the fixed type (static) for the IPv4 protocol for such profile. Mode Choose NAT or ROUTING as the operation mode for such profile. IP Address Type the IP address (with the format like 192.168.1.25) of the router for the LAN profile.
Add – Click it to add a new IP address for DNS server. Save – Click it to save the setting. DHCP IP Lease Time Set a lease time for the DHCP server. The time unit is minute. DHCP Routers In general, this box will be blank. It means Vigor2960 will be regarded as the gateway for the user. However, if you want to use other gateway, please assign the IP address in this field. DHCP Next Server Type the IP address of the secondary DHCP server.
Add – Click it to add a new subnet mask with IP address and specified mode. Save – Click it to save the settings. IP – Type the IP address if you click Add for adding a new entry. Subnet Mask – Use the drop down list to choose the one you want. Mode – Specify NAT or Routing as the mode. DHCP – Click Enable to activate the DHCP function on such subnet. When it is enabled, you have to specify the IP range to be assigned by the DHCP server for such subnet. Start IP – Type an IP address as a starting point.
4.2.1.2 DHCP Relay DHCP stands for Dynamic Host Configuration Protocol. The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network.
How to edit a LAN profile for DHCP Relay 1. Open LAN>>General Setup and click the DHCP Relay tab. 2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog. Available parameters are listed as follows: Item Description Profile Display the name of the LAN profile. Enable Check this box to enable this profile. DHCP Server Location Choose the interface for the DHCP server. DHCP Server IP Type the IP address of DHCP Server.
4.2.1.3 Inter-LAN Route Inter-LAN route profile is created for making the users in different LAN be able to communicate with each other. Each item will be explained as follows: Item Description Enable Inter-LAN Route In default, such function is disabled. Check the box of Enable Inter-LAN Route to create route profile. However, if there is no route profile created, all of LAN users can communicate with each other.
Profile Number Limit Display the total number of the profiles to be created. Group Profile Display the name of the group profile. Enable Display the status of the profile. False means disabled; True means enabled. Action Display the action specified for such group profile. Selected LANs Display LAN profiles grouped under such group profile. How to add an Inter-LAN profile 1. Open LAN>>General Setup and click the Inter-LAN Route tab. 2. Click the Add button to open the following dialog.
4.2.1.4 RADVD The router advertisement daemon (radvd) sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 stateless auto-configuration. Each item will be explained as follows: Item Description Edit Modify the selected LAN profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to edit a LAN profile for RADVD 1. Open LAN>>General Setup and click the RADVD tab. 2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog. Available parameters are listed as follows: Item Description Profile Display the name of the LAN profile. Enable Check this box to enable this profile. Advertisement Lifetime Type a value for advertisement lifetime.
4.2.1.5 DHCP6 DHCP6 Server could assign IPv6 address to PC according to the Start/End IPv6 address configuration. Each item will be explained as follows: Item Description Edit Modify the selected LAN profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Refresh Renew current web page. Profile Display the name of the LAN profile.
Available parameters are listed as follows: Item Description Profile Display the name of the LAN profile. Enable Check this box to enable this profile. Mode Choose Automatic Setting or Manual Setting. Automatic Setting – It is not necessary to configure Start IP, End IP and DNS setting. The system will assign suitable address automatically. Manual Setting – You should type the Start IP address and End IP address manually. Start IP Set the starting IP address of the IP address pool for DHCP server.
Add – Click it to add a new IP address for DNS server. Save – Click it to save the setting. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 3. When you finish the above settings, please click Apply to save the configuration and exit the dialog. 4. The LAN profile has been edited. 4.2.2 PPPoE Server This feature makes the router working like an ISP, providing PPPoE connections to LAN PCs.
4.2.2.1 Online Client Status This page displays general information for PPPoE server; allows you to disconnect the network connection to PPPoE server. Each item will be explained as follows: Item Description Disconnect Click it to disconnect the profile connection. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page.
4.2.2.2 General Setting Available parameters are listed as follows: Item Description PPPoE Server Disable – Click it to disable this function. Enable – Click it to enable the function of PPPoE server. PPPoE User Isolation Disable – Click it to disable this function. Enable – Click it to isolate the PPPoE users who access into Internet via Vigor router. Deny Internet Access Except PPPoE User Disable –Click it to disable this function.
server and access into Internet. User Authentication Type Users in LAN can access into Internet through Vigor router with RADIUS, LDAP or local authentication. Specify the type for the users. LDAP profiles It is available when LDAP is selected as User Authentication Type. If you choose LDAP as the authentication type, use the drop down list to specify the LDAP profile. DHCP From It is available when RADIUS is selected as User Authentication Type.
4.2.2.3 History This page displays records of connection status (up or down) and the connection time and the name of the user who accesses into PPPoE server of such router. Each item will be explained as follows: Item Description User Name Display the user name used to access into the PPPoE server. Action Display the connection status (up or down) of the user account. Time Display the connection time. If the action is “Down”, such field will display the total connection time.
4.2.3 Switch This page allows you to configure Mirroring Port, Mirrored Port, enable/disable LAN interface, and configure 802.1Q VLAN ID for different LAN interfaces, and so on. 4.2.3.1 802.1Q VLAN Virtual LANs (VLANs) are logical, independent workgroups within a network. These workgroups communicate as if they had a physical connection to the network. However, VLANs are not limited by the hardware constraints that physically connect traditional LAN segments to a network.
To delete a VLAN ID setting, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the profiles to be created. VLAN ID Display the VLAN ID number. Member Display the LAN interface that is used to access into Internet for such LAN profile with the VLAN ID number. Untag Display the LAN interface that packets transmitted to Internet through such LAN profile with the VLAN ID number is tagged or untagged.
one of the selections has been chosen by other profile. You cannot choose it. If you want to specify that one for such profile, please exit this dialog to release that selection from its original VLAN profile, than return this page and make the selection again. 4. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all of the settings and click Apply. The new profile will be added on the screen. 4.2.3.
Refresh Renew current web page. Apply Click it to save the settings. 4.2.3.3 Interface This page allows you to modify the status (enable / disable), duplex (Half/Full), speed, 802.3az (enable / disable) for the LAN ports respectively. Each item will be explained as follows: Item Description Edit Choose the interface listed below and click the Edit button to modify the settings. A pop up window will appear for you to change the settings. Refresh Renew current web page.
1. Open LAN>>Switch and click the Interface tab. 2. Please select a profile and click the Edit button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Interface Display the name of LAN interface profile. Enable Check the box to enable the Mirror function for the switch. Duplex Choose Half or Full for the speed specified below. Speed Use the drop down list to specify the transmission rate for such profile.
4.2.3.4 Jumbo Frame The purpose of Jumbo Frame is to increase the transmission rate for the packets coming from LAN via enlarging data size. MTU (Max Transmit Unit) determines the largest size of a packet. When a packet with large size is transmitted through Vigor router, the router will cut it into several segments to facilitate the transmission. It always takes a lot of time.
4.2.4 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthen control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet. This page allows you to configure related settings for the function of Bind IP to MAC.
Syslog - When Strict Bind is selected, you can check the box to save records of Bind IP to MAC in Syslog. Apply – Click it to save the setting. IP Address - Display the IP address of one device. MAC Address - Display the MAC address of the device. Bind Table It displays a list for the IP bind to MAC information. Add -It allows you to add one pair of IP/MAC address and display on the table of IP Bind List. Edit -It allows you to edit and modify the selected IP address and MAC address that you create before.
Disable – The function of Bind IP to MAC is disabled. Enable – Specified IP addresses on the Bind Table will be reserved for the device with bind MAC address. Other devices which are not listed on the Bind Table shall still get the IP address from DHCP server. Strict_Bind – Only specified IP addresses will be assigned to the device with bind MAC address. Other devices which are not listed on the Bind Table shall still NOT get the IP address from DHCP server. 3. Click Add on Bind Table. 4.
6. A new profile has been added onto Bind Table.
4.2.5 LAN DNS LAN DNS is a simple version of DNS server. It is not necessary for the user to build another DNS server in LAN. With such feature, the user can configure some services (such as ftp, www or database) with domain name which is easy to be accessed. Each item will be explained as follows: Item Description Add Add a new VLAN ID setting. Edit Modify the selected VLAN ID setting. To edit VALN ID setting, simply select the one you want to modify and click the Edit button.
selected rule. Delete Remove the selected VLAN ID setting. To delete a VLAN ID setting, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the profiles to be created. Profile Display the name of the profile. Enable Display if such profile is enabled (true) or disabled (false). Domain Name Display the domain name configured for such profile.
How to add a new LAN DNS profile 1. Open LAN>>LAN DNS. 2. Click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type a name for such profile. Status Check the box to enable such profile. Domain Name Type the domain name for such profile. Alias Domain Name Type several domain names in this field. LAN DNS will redirect both Domain name and Alias Domain Name to an assigned IP. For example, Domain Name is set with “www.
address or CNAME will be mapped by the above domain name/alias domain name. When you choose FORWARD, you need to type the IP address of DNS server as the mapping target. 4. IP Address Type the IP address in this field. Then, the above domain and/or alias domain name will be mapped to such IP address. IPv6 Address Type the IPv6 address in this field. Then, the above domain and/or alias domain name will be mapped to such IPv6 address. CNAME Type another domain name in this field.
4.3 Routing This menu contains Load Balance Pool, Static Route, Policy Route, Default Route, RIP Configuration, OSPF Configuration and BGP Configurations. 4.3.1 Load Balance Pool Vigor2960 supports a load balancing function. It can assign traffic with protocol type, IP address for specific host, a subnet of hosts, and port range to be allocated in WAN interface. User can assign traffic category and force it to go to dedicate network interface based on the following web page setup.
pool. Delete Remove the selected pool profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Display the name of the rule. Mode Display the protocol of such rule. Interface Display the name of the WAN profiles for Load Balance rule. Primary Profile Display the primary profile configured in Failover page for such profile. Backup Profile Display the backup profile configured in Failover page for such profile.
How to add a pool profile for Load Balance 1. Open Routing>>Load Balance Pool. 2. Simply click the Add button to open the following dialog. Type a name for such profile (e.g., LB_1). Choose Load Balance as the Mode selection. Available parameters are listed as follows: 3. Item Description Profile Type the name of the profile. Mode Choose Load Balance as the Mode selection. Interface Click Add. A new line for adding new entry will appear.
How to add a Pool profile for Backup Such page allows you to set a backup profile which will be activated when the primary profile is invalid by any reason. 1. Open Routing >>Load Balance Pool. 2. Simply click the Add button to open the following dialog. Type a name for such profile (e.g., FL_1). Choose Backup as the Mode selection. Available parameters are listed as follows: 3. Item Description Profile Type the name of the profile. Mode Choose Backup as the Mode selection.
4.3.2 Static Route When there are several subnets in LAN, a more effective and quicker way for connection is static route rather than other methods. Simply set rules to forward data from one specified subnet to another specified subnet. 4.3.2.1 Static Route The router offers IPv4 and IPv6 for you to configure the static route. Both protocols bring different web pages. Each item will be explained as follows: Item Description Add Add a new static route setting.
WAN/LAN Profile Display the subnet / LAN or WAN profile of the gateway. Metric Display the distance to the target. How to add a new Static Route profile 1. Open Routing>>Static Routing and click the Static Route tab. 2. Click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 5. Item Description Profile Type the name of the static route profile. Enable Check this box to enable such profile.
4.3.2.2 IPv6 Static Route For IPv6 protocol, click the IPv6 Static Route tab to configure detailed settings. Each item will be explained as follows: Item Description Add Add a new static route setting. Edit Modify the selected static route setting. To edit static route setting, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected static route setting.
WAN / LAN Profile Display the subnet LAN or WAN profile of the gateway. Metric Display the distance to the target. How to add a new IPv6 Static Route profile 1. Open Routing>>Static Route and click the IPv6 Static Route tab. 2. Click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Profile Name Type the name of the static route profile. Enable Check this box to enable such profile.
Vigor2960 will send it out through that certain WAN interface without passing through NAT. Meanwhile, remote device also can access the local device directly without any difficulty. Each item will be explained as follows: Item Description Add Add a new static route setting. Edit Modify the selected static route setting. To edit static route setting, simply select the one you want to modify and click the Edit button.
How to add a new Proxy ARP profile 1. Open Routing>>Static Route and click the LAN/WAN Proxy ARP tab. 2. Click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Profile Type the name of the static route profile. Enable Check this box to enable such profile. WAN Profile Choose one of the WAN/USB profiles of the gateway for such profile. LAN Profile Choose one of the LAN profiles for such profile.
4.3.3 Policy Route Policy Route (also well known as PBR, policy-based routing) is a feature where you may need to get a strategy for routing. Then packets will be directed to the specified interface if they match one of the rules. You can setup your routing in various reasons such as load balance, security, routing decision, and etc. Through protocol, mode, IP address, port number and interface configuration, Policy Route can be used to configure any routing rules to fit actual request.
rule. Delete Remove the selected rule profile. To delete a rule, simply select the one you want to delete and click the Delete button. Move Up / Move Down Move the selected profile up or down. Rename Allow to modify the selected profile name. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page. Profile Display the name of the rule.
How to add a new policy rule 1. Open Routing>>Policy Route. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the rule. Enable Check this box to enable such profile. Priority Choose the priority for such profile (top, high and normal). Protocol Choose a protocol (ALL, TCP, UDP, TCP/UDP and ICMP) for such rule applied to load balance. All is the default setting.
Each type will bring different settings for configuration. When Subnet is selected as Source Type IP Address - Type an IP address here as the source IP address for such rule. Subnet Mask - Use the drop down list on the right to choose a suitable mask for the source. When Object is selected as Source Type IP Object – Use the drop down list to choose the source IP object(s) for such rule profile. IP Group –Use the drop down list to choose the source IP group(s) for such rule profile.
Load Balance Pool –The incoming traffic will be forwarded to specified WAN interface or load balance pool. User Defined –The incoming traffic will be forwarded to the specified WAN or LAN interface with a user defined gateway. VPN Trunk LB Pool –The incoming traffic will be forwarded to specified VPN trunk profile. PPTP – The incoming traffic will be forwarded to specified PPTP VPN profile. SSL VPN – The incoming traffic will be forwarded to specified SSLVPN profile.
Out-going interface : wan1 Failover : Enable when target [8.8.8.8] ping [Fail] for [5] seconds Then, it means even if wan1 connects to network always, once the target cannot be detected by Vigor router for 5 seconds, Vigor router will use next matched rule to perform data transmission. Failback (Quick Recover) - When the specified interface re-connects, the traffic via other interface will be interrupted immediately. The router will use the specified interface for data transmission again.
Failover : Enable when target [8.8.8.8] ping [Fail] for [5] seconds Then, it means even if wan1 connects to network always, once the target cannot be detected by Vigor router for 5 seconds, Vigor router will use next matched rule to perform data transmission. Failback (Quick Recover) - When the specified interface re-connects, the traffic via other interface will be interrupted immediately. The router will use the specified interface for data transmission again. Click Enable to enable such function.
Failback (Quick Recover) - When the specified interface re-connects, the traffic via other interface will be interrupted immediately. The router will use the specified interface for data transmission again. Click Enable to enable such function. Or, click Disable to disable such function. When PPTP selected as Out-going Rule PPTP Profile – VPN PPTP dial-out and VPN PPTP dial-in profiles can be selected by such policy route. Mode – Specify which mode (NAT or Routing) will be used for such route rule.
will be used for such route rule. Failover to the Next Rule - When the specified interface disconnects due to some reason, the router can use next route rule to perform data transmission automatically. Click Enable to enable such function. Or, click Disable to disable such function. When interface down - When the specified interface (selected by out-going rule) disconnects, the router will use next rule match with policy route to perform data transmission. When target …..
Example 1: How to Setup Address Mapping by Using Policy Route Address mapping is used to map a specified private IP or a range of private IPs of NAT subnet into a specified WAN IP (or WAN IP alias IP). Refer to the following figure. Suppose the WAN settings for a router are configured as follows: WAN1: 202.211.100.10, WAN1 alias: 202.211.100.11 WAN2: 203.98.200.10 Without address mapping feature, when a NAT host with an IP say "192.168.1.
2. Open WAN>>General Setup. For WAN1, choose wan1 item and click Edit. Choose Static as the IPv4 Protocol. 3. From the following page, set main WAN IP address as 202.211.100.10. Click Add on IP Alias to configure the other IP address which is 202.211.100.11. 4. After finished configuration for WAN1, continue to configure WAN2. At this time, the IP switch shall be set as “203.98.200.10”.
5. Open Objects Setting>>Object and click Add to create a new IP object profile. Type the required information as shown below. Click Apply to save the settings. 6. Open Routing>> Policy Route and click Add to create a new profile.
7. In the following page, check the box of Enable. Choose Object as the Source Type and choose IP range object profile from the drop down list of IP Object. Click Apply to save the settings. And, 8. Upon completing the above configuration, you have specified the outgoing IP address(es) for some specific computers. Now, you bind some specific computers to some WAN IP alias for outgoing traffic.
Example 2: How to Setup Load Balance by Using Policy Route The following figure shows a simple application of load balance. WAN1 and WAN2 can be used to access into Internet. The PC in LAN1 can send the data to the remote PC through the specified WAN1. 1. Access into web user interface of Vigor2960. 2. Open Routing>> Policy Route and click Add to create a new profile.
3. In the following page, type a name for such profile; check Enable; choose Subnet as Destination Type; type 203.65.1.35 as IP address; choose Load Balance Pool as Out-going Rule; choose WAN1 as the Load Balance Rule; click Disable for Failover to Next Rule. 4. After finished the above settings, click Apply to save the configuration. Now, any packets from LAN1 sent to the remote PC (IP address: 203.65.1.35) will be forcefully to pass through WAN1.
Example 3: How to Customize a Secure Route between Headquarter and Branch by Using Policy Route A LAN to LAN VPN tunnel is built between DrayTek VPN router (e.g., Vigor2960) and the remote router. Enterprise firewall router (in Headquarter) can control the all of the traffic coming from the remote PC (in Branch) which wants to access into Internet. 1. Access into web user interface of Vigor2960. 2. Open Routing>> Policy Route and click Add to create a new profile.
3. In the following page, type a name for such profile (e.g., Secure_route); choose Subnet as Source Type and type the source IP address with 172.16.3.25; choose User Defined as Out-going Rule; choose lan1 as the Out-going Interface; type 192.168.1.2 as the Out-going (Gateway); and click Disable for Failover to Next Rule. 4. After finished the above settings, click Apply to save the configuration.
4.3.4 Fast Route This page allows you to configure fast paths between “2” routing subnets by using hardware acceleration. The connection with fast route will ignore all firewall and portal examinations; however it will have the highest priority and the best performance, instead. Each item will be explained as follows: Item Description Add Add a new route profile. Edit Modify the selected route profile. To edit a profile, simply select the one you want to modify and click the Edit button.
Route Display the direction of the specified 2 routes -- output interface from Subnet 2 to Subnet 1. Hit Count Display how many connections matched this rule (enabled). How to add a new policy rule 1. Open Routing>>Fast Route. 2. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: 3. Item Description Profile Type the name of the route profile. Enable Check this box to enable such profile.
4.3.5 Default Route This page allows you to assign a WAN profile as the default route. Available parameters are listed as follows: Item Description WAN Profile /Load Balance Pool Name Display the WAN profiles for user to choose as a default route. In which, wan1 to wan2 are factory default settings. Auto Failover to Active WANs Enable – Check it to let the network connection being established through any active WAN interface. Disable – Check it to disable the function.
4.3.6 RIP Configuration The Routing Information Protocol (RIP) is a dynamic routing protocol used in local and wide area networks. The routing information packet will be sent out by web server or router periodically, and can be used to communicate with other routers. It will calculate the number of network nodes on the route to ensure there is no obstruction on the network routine.
Available parameters are listed as follows: Item Description Enable Check the box to enable the RIP function. Profile Choose the LAN/WAN profile(s). Apply Click it to save the settings. Cancel Click it to exit the dialog without saving anything. After finished the settings, click Apply to save them.
4.3.7 OSPF Configuration OSPF (Open Shortest Path First) uses the algorithm of SPF (Shortest Path First) to calculate the route metric. It is suitable for large network and complicated data exchange. Vigor 2960 supports up to OSPF version 2(only for IPv4). The Autonomous System (AS) used in OSPF indicates the largest entity and can be divided into several areas. Usually, Area 0 will be used as OSPF backbone which distributing the routing information among areas.
Password – Type characters as the password for MD5 authentication. Note: For the detailed information of OSPF application, refer to section “3.2 How to Configure OSPF?”. Apply Click it to save the settings. Cancel Click it to discard the settings configured in this page. How to add a new profile 1. Open Routing>>OSPF Configuration. 2. Check Enable. 3. Enter the IP address as Router ID. Then, click Add. 4. Use the drop down list of LAN Profile to choose the one you need.
4.3.8 BGP Configuration BGP means Border Gateway Protocol. It is a standardized exterior gateway protocol which can exchange routing and reachability information between autonomous systems (AS) on Internet. The protocol TCP is used by two routers supporting BGP for data transmission. They can exchange the BGP routing information for each other. A BGP router is the “neighbor” of other BGP routers.
Available parameters are listed as follows: Item Description Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page. BGP Neighbor Display the neighbor profile name configured successfully in the Neighbor tab in Routing >>BGP configuration. Neighbor IP Display the neighbor IP address configured successfully in the Neighbor tab in Routing >>BGP configuration.
4.3.8.2 BGP Configuration This page is used to configure the general settings for the host which is ready for using BGP. Available parameters are listed as follows: Item Description Enable Check the box to enable BGP function. Autonomous System number Type the autonomous system number for the host in BGP application. Router ID (e.g.1.2.3.4) Specify the IP address of such Vigor router. Such ID will help Vigor router to be identified in an autonomous system.
4.3.8.3 Neighbor This page is used to configure the IP address and AS number for the neighbor which will exchange BGP routing information with your Vigor router. Available parameters are listed as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
Neighbor IP Address Display the IP address of the neighbor. Autonomous System Number Display the autonomous system number of the neighbor in BGP application. How to add a new BGP profile 1. Open Routing>> BGP Configuration and click the Neighbor tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check the box to enable this profile.
4.4 NAT NAT (Network Address Translation) is a method of mapping one or more IP addresses and/or service ports into different specified services. It allows the internal IP addresses of many computers on a LAN to be translated to one public address to save costs and resources of multiple public IP addresses. It also plays a security role by obscuring the true IP addresses of important machines from potential hackers on the Internet.
Each item will be explained as follows: Item Description Add Add a new port redirect profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a profile, simply select the one you want to delete and click the Delete button. Move Up Change the order of selected profile by moving it up.
How to add a new Port Redirection profile 1. Open NAT>> Port Redirection. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check the box to enable this profile. Port Redirection Mode Specify the direction for the port to be redirected. WAN Profile Specify the WAN interface for such profile.
Single Alias – You have to type one IP address used for IP Alias. All – All the IP address can be treated as IP Alias. Alias WAN IP alias that can be selected and used for port redirection. Before using it, please go to WAN>>General Setup and enable the wan1 profile. Add several IP addresses under Static mode for wan1. Protocol Choose the protocol used for the entry. Source IP Choose an IP object for port redirection.
4.4.2 Fast NAT This page allows you to configure fast paths from chosen subnets to access Internet with hardware acceleration. The network connection with fast NAT will ignore all firewall and portal examinations; however it will have the higher priority and the better performance, instead. Note: Fast Route has the highest priority and the best performance, for network connection.
Before using such function, there is one profile existed at least. Refresh Renew current web page. Reset Reset the hit count. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Profile Display the name of the “Fast NAT / Exceptions” profile. Enable Display the status of the profile. False means disabled; True means enabled. Source Display the source IP address and subnet mask.
Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check the box to enable this profile. Source Enter the IP address as source IP. Use the drop down list to choose subnet mask. Out-going interface Specify an interface for outgoing traffic. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 4. Enter all of the settings and click Apply. 5.
Available parameters are listed as follows: Item Description Profile Type the name of the profile. Destination Enter the IP address as destination IP. Use the drop down list to choose subnet mask. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 4. Enter all of the settings and click Apply. 5. A new profile has been added onto Exceptions table.
4.4.3 Server Load Balance When data traffic is large, Server Load Balance can distribute heavy traffic load among different servers equally to reach load balance. Thus, each server may keep average workload and the network will not become slowly or interrupted due to large traffic. Each item will be explained as follows: Item Description Add Add a new server load balance profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
To delete a profile, simply select the one you want to delete and click the Delete button. Rename Allow to modify the selected profile name. Before using such function, there is one profile existed at least. Refresh Renew current web page. Profile Display the name of the profile. Enable Display the status of the profile. False means disabled; True means enabled. Protocol Display the protocol used for the entry. WAN Profile Display the WAN interface of this profile.
WAN Profile Specify the WAN interface for such profile. Use IP Alias Click Enable to specify IP alias for such profile. Alias - WAN IP alias that can be selected and used for port redirection. Before using it, please go to WAN>>General Setup and enable the wan1 profile. Add several IP addresses under Static mode for wan1. Port Type a public port number for WAN interface. Scheduler Any inquiry will be processed by the server according to the algorithm selected.
4.4.4 DMZ Host In computer networks, a DMZ (De-Militarized Zone) is a computer host or small network inserted as a neutral zone between a company’s private network and the outside public network. It prevents outside users from getting direct access to company network. A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well.
Before using such function, there is one profile existed at least. Refresh Renew current web page. Profile Display the name of the profile. Enable Display the status of the profile. False means disabled; True means enabled. WAN Profile Display the WAN profile that such DMZ host profile will be applied to. IP Alias Display the selected WAN IP address if Use IP Alias is enabled. DMZ Host IP Display the IP address of the DMZ host.
Enable Check the box to enable the DMZ Host profile. WAN Profile Choose a WAN profile for such entry. Use IP Alias Click Enable to invoke IP Alias function. IP Alias - IP alias that can be selected and used for port redirection. Before using it, please go to WAN>>General Setup and enable the wan1 profile. Add several IP addresses under Static mode for wan1. DMZ Host IP Type the IP address of the DMZ host. Allow DMZ Host to Access Network Click Enable to make DMS host accessing network.
4.4.5 ALG 4.4.5.1 SIP ALG SIP ALG means Session Initiation Protocol, Application Layer Gateway. This page allows make SIP message and RTP packets of voice being transmitting and receiving correctly via NAT by Vigor router. Available parameters are listed as follows: Item Description Enable SIP ALG Check the box to enable the function for the switch. Apply Click it to save the settings. Cancel Click it to discard the settings configured in this page.
4.4.5.2 H.323 ALG The H.323 ALG allows incoming and outgoing VoIP calls passing through NAT. If required, check the box and click Apply to save the settings. 4.4.6 Connection Timeout This feature is used to configure timeout setting for sessions established by TCP/UDP. When a session is idle for a period of time, the connection will be terminated after reaching the time limit configured in such page.
Apply Click it to save the settings. Cancel Click it to discard the settings configured in this page. 4.5 Firewall The firewall controls the allowance and denial of packets through the router. The Firewall Setup in the Vigor2960 Series mainly consists of packet filtering, Denial of Service (DoS) and URL (Universal Resource Locator) content filtering facilities. These firewall filters help to protect your local network against attack from outsiders.
Item Description Add Add a new group profile for IP filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Move Up Change the order of selected profile by moving it up.
Cancel Click it to exit the dialog without saving anything. 4. Enter all of the settings and click Apply. 5. A new filter group has been added. 6. You can create filter rule by clicking on the left side of the selected IP filter group profile. A setting page will appear for you to add new IP filter rule profile. 7. Move your mouse to click Add. 8. The following page for configuration will appear.
Available parameters are listed as follows: Item Description Profile Type the name of the IP filter rule. Enable Check the box to enable this profile. Action The action to be taken when packets match the rule. Block - Packets matching the rule will be dropped immediately Accept- Packets matching the rule will be passed immediately. Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped.
Limit Packets When you choose Connection Limit as Action, you have to configure limit packets number to determine how many packets per second will be passed through. Limit Penalty Enable – Click it to enable the function of limit penalty. When the total packet number from source IP exceeds the value defined in Limit Packets, all packets of source IP will be blocked temporarily till the time is passed. Block Time – Enter the values (unit is second). Disable – In default, such function is disabled.
new time group profile. Advanced Setting – Check the box of Clear sessions when schedule ON to clear the sessions when the above schedule profiles are applied. Service Protocol Service Type Object –Click the triangle icon to display the profile selection box. Choose one or more service type object profiles from the drop down list. The selected profile will be treated as service type. You can click to create another new service type object profile.
9. Out-going MAC Filter Destination MAC Object - Click the triangle icon to display the profile selection box. Choose one or more MAC object profiles from the drop down list. The selected profile to will be treated as destination target. You can click create another new MAC object profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all of the settings and click Apply. 10.
4.5.1.2 IPv6 Filter This page allows you to create new IPv6 filter group for your request. Each item will be explained as follows: Item Description Add Add a new group profile for IPv6 filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
How to create an IPv6 Filter group To build an IP group containing IP filter rules, please follow the steps: 1. Open Firewall>>Filter Setup and click the IPv6 Filter tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Group Type the name of the IP filter group. Enable Check the box to enable this profile. Comment Give a brief description for the profile. Apply Click it to save and exit the dialog.
6. You can create filter rule by clicking on the left side of the selected IP filter group profile. A setting page will appear for you to add new IP filter rule profile. 7. Move your mouse to click Add. 8. The following page for configuration will appear.
Item Description Profile Type the name of the IP filter rule. Enable Check the box to enable this profile. Action The action to be taken when packets match the rule. Block - Packets matching the rule will be dropped immediately Accept- Packets matching the rule will be passed immediately. Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped.
Service Type Group –Click the triangle icon to display the profile selection box. Choose one or more service type group profiles from the drop down list. The selected profile to create will be treated as service type. You can click another new service type group profile. 9. Source IP Source IPv6 Object - Click the triangle icon to display the profile selection box. Choose one or more IP object profiles from the drop down list. The selected profile will be to create another treated as source target.
4.5.1.3 Application Filter Application Filter can integrate several application objects within one profile for restricting the usage of application. For example, it can block people defined in IP object profile not using IM application, not using P2P for file sharing, and not downloading files via certain protocol. Each item will be explained as follows: Item Description Add Add a new group profile for Application filter. Edit Modify the selected profile.
Item Description APP Block Display the APP object profile selected for such application profile. Counter Display the number of packets matched. Clear Counter Click the icon to reset the counter. How to create an Application Filter profile 1. Open Firewall>>Filter Setup and click the Application Filter tab. 2. Simply click the Add button. 3. The following dialog will appear. Click the triangle icon selection box (red rectangle).
Time Schedule Time Object - Click the triangle icon to display the profile selection box. Choose a schedule profile to be applied on such application filter profile. The router will perform the filtering job based on the time object selected. You can click to create another new time object profile, or you can click the edit icon to modify the existed object profile. to display the Time Group - Click the triangle icon profile selection box. Choose a schedule group profile to be applied on such rule.
Each item will be explained as follows: Item Description Add Add a new group profile for URL filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Move Up Change the order of selected profile by moving it up.
Item Description for system to block. Web Category Block Display the web category object profile selected for each rule which is not allowed to pass through the router. Counter Display the number of packets matched. Clear Counter Click the icon to reset the counter. Use Default Message Enable – Use the default message to display on the page that the user tries to access into the blocked web page.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the URL filter profile. Enable Check the box to enable this profile. Filter https Enable – Click it to enable the HTTPS filtering job. Disable – When only keyword and web category are selected for such rule, choose Disable. Syslog Click Enable to make the history of firewall actions appearing on the System Maintenance >> Syslog/Mail Alert >> Syslog File.
Item Description click the edit icon to modify the existed object profile. to display the Time Group - Click the triangle icon profile selection box. Choose a schedule group profile to be applied on such rule. You can click to create another new time group profile, or you can click the edit icon to modify the existed group profile.
4.5.1.5 QQ Filter This page is designed for the user in China only. For people outside China, skip this section. Each item will be explained as follows: Item Description Add Add a new group profile for QQ filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Item Description selected QQ profile is enabled. How to create a QQ Filter profile 1. Open Firewall>>Filter Setup and click the QQ Filter tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the QQ filter profile. Enable Check the box to enable this profile. Time Profile Use the drop down list to specify a time profile for such profile.
Item Description You can click to create another new QQ account. Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page. 4. Enter all of the settings and click Apply. 5. A new QQ filter profile has been added. 4.5.1.6 Default Policy Default policy will be applied to all of the incoming packets, if IP Filter, Application Filter, URL/Web Category Filter and QQ Filter are not suitable for the incoming packets.
Item Description Packet Inspection Disable – No inspection will be performed. Enable – Packet inspection will be performed. Packets Number If Packet Inspection is enabled, choose a packet number for filtering. Available settings are from 4 to 32. For example, “8” is selected as packet number setting. It means only the former 8 packets will be filtered and inspected by Firewall rule. Others are allowed to pass through without any inspection. Apply Click it to save the configuration.
4.5.2 DoS Defense The DoS function helps to detect and mitigates DoS attacks. These include flooding-type attacks and vulnerability attacks. Flooding-type attacks attempt to use up all your system's resources while vulnerability attacks try to paralyze the system by offending the vulnerabilities of the protocol or operation system. 4.5.2.1 Switch Rate Limit Default interface profiles will be shown on the page. Choose one of the profiles and click Edit.
Interface Display the interface selected. Port Rate Limit Enable Ingress Rate Limit (All Packets) – Check the box to make all packets will be limited by the rate limit. Rate Limit – The default setting is “-1”. It means no limit. Storm Filter Broadcast - Click Enable to block the packets attacks coming from broadcast storm. Multicast - Click Enable to block the packets attacks coming from multicast storm. Unicast - Click Enable to block the packets attacks coming from unicast storm.
Item Description Block SYN Flood Click Enable to activate the SYN flood defense function. If the amount of TCP SYN packets from the Internet exceeds the user-defined threshold value, the router will be forced to randomly discard the subsequent TCP SYN packets within the user-defined timeout period. SYN Flood Threshold The default setting for threshold is 2000 packets per second. SYN Flood Timeout The default setting for timeout is 10 seconds.
Item Description blocked. Block Tear Drop Click Enable to activate the Block Tear Drop function. This attack involves the perpetrator sending overlapping packets to the target hosts so that target host will hang once they re-construct the packets. The routers will block any packets resembling this attacking activity. Block Ping of Death Click Enable to activate the Block Ping of Death function. Many machines may crash when receiving an ICMP datagram that exceeds the maximum length.
4.5.3 MAC Block MAC Block allows you to set lots of proprietary MAC Address. Packets will be dropped if the source or destination MAC Address of packets is matched with these assigned MAC Addresses. The advantage of MAC Block is that it can filter some unnecessary packets or attacking packets on LAN network. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile.
How to create a new MAC Block profile 1. Open Firewall>>MAC Block. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name which can briefly describe the reason of the MAC block of such profile. Enable Check the box to enable this profile. MAC Address Type the MAC address which will be blocked by the system for such profile. Apply Click it to save and exit the dialog.
4.5.4 Filter Counter Such page will display log or status for firewall group, rule information for IP Filter, IPv6 Filter, Application Filter and URL/Web Category Filter. Simply click the tab of IP Filter, IPv6 Filter, Application Filter or URL/Web Category Filter to get the status for each filter. If there is no data (counter number is “0”) for certain rule displayed on such page, that means such rule might be configured wrong or blocked by other rules.
4.6 Objects Setting Vigor2960 allows users to set different filter profiles based on IP, MAC/Vendor, Country, service type, keyword, file extension, instant message application, P2P application, protocol application, web category, QQ application, time setting, SMS service, mail service, notification and so on. These objects setting profiles can be applied in Firewall.
4.6.1 IP Object For IPs in a limited range usually will be applied in configuring router’s settings, we can define them with objects and bind them with groups for using conveniently. Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). This page allows you to specify certain IP address, range of IP addresses or subnet mask as an object which will be applied in Firewall.
Item Description Range as the Address Type. Subnet Mask Display the subnet mask for such profile. How to create a new IP Object profile 1. Open Objects Setting>>IP Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of such profile. Address Type Choose the address type (Single / Range /Subnet) for such profile.
4.6.2 IP Group To manage conveniently, several IP object profiles can be grouped under a group. Different IP group can contain different IP object profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
How to create a new IP Group profile 1. Open Objects Setting>>IP Group. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Group Name Type the name of the object group. The number of the characters allowed to be typed here is 20. Description Make a brief explanation for such profile if the group name is set not clearly. Objects Use the drop down list to check the IP object profiles under such group.
4.6.3 IPv6 Object You can set up to 200 sets of IPv6 Objects with different conditions. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Available parameters are listed as follows: Item Description Profile Type the name of the object. Address Type There are three types: List – Allow to specify IP address. Range – Allow to specify a range of IP addresses. Prefix – Allow to specify prefix for IPv6 IP address. Suffix – Allow to specify suffix for IPv6 IP address. Address Pool This field allows you to type IP address, specify Tag number and type subnet mask based on IPv6 protocol.
4.6.4 MAC / Vendor Object MAC / Vendor object profile can determine which MAC address of vendor shall be blocked by the Vigor router’s Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Available parameters are listed as follows: Item Description Profile Type a name for such profile. MAC Address Click Add to have the fields of MAC Address and Mask. Type the address with the correct format (will be shown automatically when the mouse cursor is on it). Choose a suitable mask selection. Apply Click it to save the configuration. Vendor Edit – Click it to open a table of vendor list. Check the one(s) you want. The names for selected vendors will be shown later.
4.6.5 Country Object The country object profile can determine which country/countries shall be blocked by the Vigor router’s Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Available parameters are listed as follows: Item Description Profile Type a name for such profile. Countries Check the box(es) for the country/countries to be blocked by Firewall. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving anything. 4. Enter all of the settings and click Apply. 5. A new Country Object profile has been created.
4.6.6 Service Type Object TCP and UDP service with specified port range can be saved with different service type object profiles. Later, it can be applied to Firewall as a filter rule. In default, common used service type object profiles have been created in this page. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new Service Type Object profile 1. Open Objects Setting>> Service Type Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type a name for such profile. The number of the characters allowed to be typed here is 10. Protocol Specify one of the protocols for such profile. Source Port Start It is available for TCP/UDP protocol. It can be ignored for ICMP.
4.6.7 Service Type Group This page allows you to bind several service types into one group. To manage conveniently, several service type profiles can be grouped under a service type group. Different service type group can contain different service type profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
Available parameters are listed as follows: Item Description Group Name Type the name of the service type object group. The number of the characters allowed to be typed here is 20. Group Name Type the name of the service type object group. The number of the characters allowed to be typed here is 20. Objects Use the drop down list to check the service type object profiles under such group.
4.6.8 Keyword /DNS Object 4.6.8.1 Keyword Object Keyword can be set as a filter rule to be applied in Firewall. Vigor2960 allows users to set keyword profile with several keywords. Even, it allows users to group several keyword profiles within a keyword group. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new Keyword Object profile 1. Open Objects Setting>> Keyword Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the Keyword Object. The number of the characters allowed to be typed here is 10. Member Type the content for such profile. For example, type gambling as Contents.
4.6.8.2 DNS Object DNS can be set as a filter rule to be applied in Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button.
Available parameters are listed as follows: Item Description Profile Type the name of the DNS object group. Member Table Type the domain name of the DNS that you want to filter. Add – Type the word in the box of Member and click this button to add the new word as DNS object. Save – Click it to save the setting. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4. Enter all of the settings and click Apply. 5.
Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (8) of the object profiles to be created.
Available parameters are listed as follows: Item Description Profile Type the name of the File Extension Object group. The number of the characters allowed to be typed here is 10. Image Several file extensions for Image offered for you to choose. Use the drop down list to check the box (es) to select the file extension you need. Video Several file extensions for Video offered for you to choose. Use the drop down list to check the box (es) to select the file extension you need.
4.6.10 APP Object The IM, P2P, Protocol and Others types can be integrated as an APP object which can be used in Firewall to block certain applications. Each item will be explained as follows: Item Description APP Signature Upgrade Click it to open System Maintenance>>APP Signature Upgrade configuration page. APP Support List APP Support List will display all of the applications with versions supported by Vigor router. They are separated with types of IM, P2P, Protocol and Others.
P2P Display the P2P specified in such profile. Protocol Display the protocol specified in such profile. Others Display other types specified in such profile. How to create a new APP Object Profile 1. Open Objects Setting>>APP Object. 2. Simply click the Add button. 3. The following dialog will appear. Click IM to get the following page. People like to use Instant Message to communication with friends on line just for fun or just because it is easy and convenient.
Item Description Cancel Click it to exit the dialog without saving the configuration. Click P2P to get the following page. Vigor2960 can block P2P application for users, especially for the ones who always upload or download improper files to Internet. P2P object setting lists all of the point to point application for you to choose to block. Choose the one(s) you want to block and save as a P2P Object profile. Later, it can be applied to Firewall as a filter rule and reach the purpose of block.
Click Others to get the following page. Item Description Tunneling/Streamin g/Remote Control/Web HD Several protocols offered for you to choose. Check the one (s) you want to add for such profile. 4. Enter all of the settings and click Apply. 5. A new APP Object profile has been created.
4.6.11 Web Category Object We all know that the content on the Internet just like other types of media may be inappropriate sometimes. As a responsible parent or employer, you should protect those in your trust against the hazards. With web category filtering service of the Vigor router, you can protect your business from common primary threats, such as productivity, legal liability, network and security threats. For parents, you can protect your children from viewing adult websites or chat rooms.
Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (16) of the object profiles to be created. Profile Display the name of the object profile. Child Protection Display the items under certain category that you choose to block for protecting the children. Leisure Display the items under certain category that you choose to block.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the web category object profile. The number of the characters allowed to be typed here is 10. Child Protection The web pages which are not suitable for children will be classified into different categories. Simply check the one(s) that you don’t want the children to visit. Leisure Simply check the one(s) that you don’t want the user to visit.
4. Enter all of the settings and click Apply. 5. A new Web Category Object profile has been created. 4.6.11.2 Content Filter License Move your mouse to the link of Activate URL and click it. The system will guide you to access into MyVigor website. After finishing the activation for the trial version of WCF, remember to purchase “Silver Card” for WCF service from your DrayTek dealer or distributor. 4.6.11.3 Query Server It is recommended for you to use the default setting, auto-selected.
4.6.12 QQ Object Note: This page is designed for Chinese IM "Tencent QQ" users (especially for China) only. For people who do not use QQ, skip this section. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the QQ object profile. The number of the characters allowed to be typed here is 10. id Create the account name for such QQ object profile. Add – Click this button to add a new account. Save – Click this button o save the new account. Description Type a brief explanation for the QQ object profile. Apply Click it to save the configuration.
4.6.13 QQ Group This page allows you to group several QQ object profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button.
Available parameters are listed as follows: Item Description Profile Type the name of the time group. The number of the characters allowed to be typed here is 10. Description Make a brief explanation for such profile if the group name is set not clearly. Objects Use the drop down list to select the object profiles under such group. All the available objects that you have added on Objects Setting>>QQ Object will be seen here. To clear the selected one, click selections.
4.6.14 Time Object You restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours. The schedule is also applicable to other functions, e.g., Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new Time Object Profile 1. Open Objects Setting>> Time Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the time object profile. The number of the characters allowed to be typed here is 10. Frequency Specify how often (Weekdays or Once) the schedule will be applied. Start Date Specify the starting date of the time object profile.
Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4. Enter all of the settings and click Apply. 5. A new Time Object profile has been created. 4.6.15 Time Group This page allows you to group several time object profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new Time Group Profile 1. Open Objects Setting>> Time Group. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the time group. The number of the characters allowed to be typed here is 10. Description Make a brief explanation for such profile if the group name is set not clearly. Objects Use the drop down list to check the time object profiles under such group.
4.6.16 SMS Service Object This page allows you to set ten profiles which will be applied in Application>>SMS/Mail Alert Service. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
How to create a new SMS service profile 1. Open Objects Setting>> SMS Service Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type a name for such SMS profile. The maximum length of the name you can set is 20 characters. Enable Check this box to enable such profile. SMS Service Provider Use the drop down list to specify the service provider which offers SMS service.
Cancel Click it to exit the dialog without saving the configuration. 4. Enter all of the settings and click Apply. 5. A new SMS object profile has been created. 4.6.17 Mail Service Object This page allows you to set ten profiles which will be applied in Application>>SMS/Mail Alert Service. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
Item Description SSL/TLS Display the status of SSL/TLS service. Authentication Enable means such profile must be authenticated by the server. Disable means such profile will not be authenticated by the server. User Name Display the name used for authentication. How to create a new mail service profile 1. Open Objects Setting>> Mail Service Object. 2. Simply click the Add button. 3. The following dialog will appear.
Authentication The mail server must be authenticated with the correct username and password to have the right of sending message out. Click the Enable button to enable the function. User Name – Type a name for authentication. The maximum length of the name you can set is 31 characters. User Password – Type a password for authentication. The maximum length of the password you can set is 31 characters. Apply Click it to save the configuration.
4.6.18 Notification Object This page allows you to set ten profiles which will be applied in Application>>SMS/Mail Alert Service. 4.6.18.1 Notification Object Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
Item Description Router Reboot Display if such function is enabled or disabled. Syslog Display if such function is enabled or disabled. How to create a new notification profile 1. Open Objects Setting>>Notification Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type a name for such SMS profile. The maximum length of the name you can set is 20 characters.
Router Reboot Enable - When the router reboots, the router system will send the alert message to the recipient. CPU Usage Enable – When the CPU usage reaches a certain value, the router system will send the alert message to the recipient. Memory Usage Enable – When the memory usage reaches a certain value, the router system will send the alert message to the recipient. TX Usage/RX Usage Enable – When TX/RX usage reaches a certain value, the router system will send the alert message to the recipient.
4.7 User Management User Management can manage all the accounts (user profiles) to connect to Internet via different protocols. Below shows the menu items for User Management: 4.7.1 Web Portal Web Portal is a gateway which organizes the network access of LAN hosts. The identity of LAN host can be recognized by web portal mechanism and then be managed for functions like firewall or load balance. This page can determine the general rule for the users controlled by User Management.
Available parameters will be explained as follows: Item Description Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page. User Name Display the name information for the user who logs into the WUI of Vigor2960. IP Display the IP address of the user who logs into the WUI of Vigor2960. Allow Time Display the total network connection time allowed for the log-in user.
4.7.1.2 General Setup This page configures the main settings of web portal function. Available parameters will be explained as follows: Item Description Web Portal Click Enable to enable such function. Use LAN DNS Choose one of the LAN DNS profile Login Mode There are several login modes offered here for you to choose. Non Auth – Authentication is not required. HTTP/HTTPS- If you choose such mode, the user can access into Vigor router by HTTP or HTTPS.
from the drop down list for LDAP authentication. Bulletin Board Disable – The function of Bulletin Board is disabled. Enable – The function of Bulleting Board is enabled. The message on the Bulleting Board will be displayed on the screen when the user logs into the web user interface of Vigor router. Show Bulletin in Captive Portal Page – It is available when Bulletin Board is enabled and HTTP/HTTPS is selected as Login Mode. It is used to determine showing bulletin in web portal login page or not.
portal. Custom URL - Any user who wants to access into Internet through this router will be forcefully redirected to the URL specified here first no matter what URL he types. It is a useful method for the purpose of advertisement. For example, force the wireless user(s) in hotel to access into the web page that the hotel wants the user(s) to visit. Custom URL – Type the URL of specified web page for redirection if Custom URL is selected as URL Redirection After Login.
Log File Limit Information collected from mobile users (through the request of validation code) will be stored in a log file. It is used to restrict the maximum size of the log file. Export Log File The log of SMS can be exported as a file with the file format of “.csv”. Timeout Setting Daily Logout Enable - Force the online user logging out the web user interface of Vigor router everyday. Daily Time to Logout - It is available when Daily Logout is enabled.
Available parameters will be explained as follows: Item Description Welcome Message Type words or sentences here. The message will be displayed on the top of the login page. Upload Bulletin Message Upload Selected File - It is available when Enable is selected in Upload Bulletin Message. Choose a file to upload to Vigor2960. Bulletin Message It is available when Disable is selected in Upload Bulletin Message. The bulletin message is shown on login page or authorization page.
After finished the above settings, click Apply to save the configuration. 4.7.1.4 Login History This page shows the history that wireless clients access into Vigor2960. 4.7.2 User Profile This function allows to configure all accounts (user profiles) in Vigor2960, including PPTP/L2TP, System user, and so on. 4.7.2.1 User Profile User profile is used to configure different authorities, including web portal, VPN dial-in, PPPoE server, System Administration, etc., for different users.
Item Description and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the user profiles to be created. Username Display the name of the user. Enable Display the status of the profile. False means disabled; True means enabled.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Username Type a name for such user profile (e.g., LAN_User_Group_1, WLAN_User_Group_A, WLAN_User_Group_B, etc). When a user tries to access Internet through this router, an authentication step must be performed first. The user has to type the Username specified here to pass the authentication. When the user passes the authentication, he/she can access Internet via this router.
System User Only the user profile with privilege level has the right to operate the function of the router as the administrator of the router. False – Choose it to disable the function of System User. Such user profile does not have the right to operate the router’s function. True – Choose it to enable the function of System User. Privilege Level – If true is selected for System User, you have to specify the privilege level (Guest operator/User/Operator/Admin) for such profile.
Logout Earliest User Force the earliest user to logout when exceeded the maximum number of online user setting. Enable – Click it to enable such function. Disable – Click it to disable such function. PPTP/L2TP/SSL Server PPTP Dial-in / L2TP Dial-in / SSL Tunnel Click Enable to make network connection through PPTP/L2TP/SSL Tunnel protocol for users who access into Internet via such profile.
Remote IP/Host Name Specify an IP address for remote dial-in VPN client. Client with such user profile can only use such IP or host name to access into such Vigor router. If not, the VPN connection is not allowed. PPPoE Server PPPoE Server Login Click Enable to activate related PPPoE configuration. Quota Reset Frequency It is used to configure the cycle time for PPPoE quota.
5. A new User Profile has been created. Below shows an example of user profile. 4.7.2.2 Apply All This page allows you to modify many options for ALL user profiles in one apply operation. It is useful for administrator to edit the options of all users without opening profile one by one. You can click Apply to save the settings and apply all of the modifications to all user profiles.
Modify mOTP Status Check the box to configure detailed setting. Enable – Click it to enable the mOTP function all user profiles. Modify PPPoE / FTP / Radius/ SAMBA Server Login Status, and Modify XAuth Status Check the box to configure detailed setting. Enable – Click it to enable the PPPoE / FTP / Radius / SAMBA/XAuth authentication function all user profiles. Apply to All – Apply all of the modifications to all user profiles. Partial – Apply all of the modifications to specified user profile.
Example: How to Generate Mass LAN Clients with User Management on Vigor2960/Vigor3900 The following table shows the function differences between User Profile and Guest Profile (created by using Mass Guest Generator): User Profile Mass User Generator Number of Account Create at most 500 user accounts Create at most 255 user accounts at a time at a time Account Manually Auto-generated with regularity Password Distinct password created by Administrator Randomly generated, and the length is defined by
3. Open Objects Setting >> IP Object, and click Add. 4. Set up IP Object for Executive. Type the name of the Profile (e.g., boss in this case); choose Single as the Address Type; and type 192.168.1.11 as Start IP Address. Click Apply to save the settings. 5. Open User Management >> Guest Profile and click the Mass Guest Generator tab to open the following page.
6. Open User Management >> Guest Profile and click Guest Group to check the Mass User account Group. By clicking each account (e.g., choose 1001 and click Edit), we can check the information for this account, and we may also modify the account name and password manually.
Note that Administrator is able to Export the information for the whole group to a .csv file, which is useful to redistribute the account and password combinations to guests.
7. Open User Management >> Web Portal and click the General Setup tab to open the following page. Check Local and Guest as Authentication Type. Check IP object named of Boss to put it into the white list, and this will allow this IP address to access to the Internet without authentication. 8. After finishing configuration, Vigor2960 will redirect users to the authentication page when they try accessing to the Internet.
For Employees to access into Internet: For Room guest to access into Internet: 4.7.3 User Group The User Group can consist of several user profiles, which help the administrator to manage a large number of users conveniently. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile.
Item Description To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (500) of the profiles to be created. Usergroup Display the name of the user group.
5. A new User Profile has been created. 4.7.4 Guest Profile Guest Profile allows the users to access Internet within validity period and limit the user accessing into the specified URL configured by web portal. 4.7.4.1 Guest Group Available parameters are listed as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
Item Description Validity Period Display the valid period for the guest accessing into Internet. Start Time/ End Time Display the detailed time setting (starting and ending). How to create a new Guest Group Profile 1. Open User Management>>Guest Group. Click the Guest Group tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Group Type the name of such profile. Enable Check this box to enable such profile.
access. Logout Earliest User Force the earliest user to logout when exceeded the maximum number of online user setting. (The number is defined in Max Simultaneous Login). Enable – Click it to enable such function. Disable – Click it to disable such function. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4. Enter all of the settings and click Apply. 5. A new guest group profile has been created. 6.
8. The following page for configuration will appear. Available parameters are listed as follows: 9. Item Description Guest Name Type the name of the guest under the guest group. Comment Give a brief description for the guest. Apply to Web Portal Enable – Click it to make such profile being applied to web portal. Disable – Click it to disable the option. Clean Deadline The guest profile can be unlocked to be used by other users. Enter all of the settings and click Apply. 10.
4.7.4.2 Mass Guest Generator This option is useful to create a lot of guest profiles with the most expeditious manner. Available parameters are listed as follows: Item Description Name Settings Group Name – Type the name of the guest group. Guest Name Prefix – The guest names created with such manner requires a prefix as the basis of name input. Note: Guest Name Prefix disallows these 6 characters "^?$%.&".
Item Description Usage Settings Usage Period –It determines the usage time for the guest accessing into Internet each time. Click Enable to enable such option. Usage Time(min)-The default setting is 180 minutes. Validity Period –It determines the valid period for the guest accessing into Internet. That is, the guest cannot access into the Internet anytime outside the valid period. Click Enable to enable such option.
4.7.5 RADIUS Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers. It is the most common method of authenticating and authorizing dial-up and tunneled network users. The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication.
4.7.5.2 Radius Server In addition to specifying an external RADIUS server for security authentication, Vigor router also can be treated as a RADIUS server for performing security authentication and offer the RADIUS service for wireless clients. Available parameters are listed as follows: Item Description Enable RADIUS Server Check this box to make Vigor router as a RADIUS server. Interface Only the clients from the selected interface can be authenticated by Vigor RADIUS server.
4.7.6 LDAP/Active Directory Lightweight Directory Access Protocol (LDAP) is a communication protocol for using in TCP/IP network. It defines the methods to access distributing directory server by clients, work on directory and share the information in the directory by clients. The LDAP standard is established by the work team of Internet Engineering Task Force (IETF).
Item Description Common Name Identifier Display the name for identification. Base DN Display the configured Base DN if Bind Type is set with Simple Mode. Group DN Display the configured Group DN if Bind Type is set with Simple Mode. Regular DN Display the configured regular DN if Bind Type is set with Regular Mode. Regular Password Display the configured regular password if Bind Type is set with Regular Mode. How to create a new LDAP/Active Directory Profile 1.
Use SSL Check this box to enable SSL tunnel for such profile. Bind Type There are three types of bind type supported. Simple Mode – Just simply do the bind authentication without any search action. Anonymous – Perform a search action first with Anonymous account then do the bind authentication. Regular Mode– Mostly it is the same with anonymous mode. The different is that, the server will firstly check if you have the search authority.
4.8 Application Below shows the menu items for Applications. 4.8.1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address. It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server.
4.8.1.1 Status This page displays all the available DDNS profiles. Each item will be explained as follows: Item Description Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page. Profile Display the name of the DDNS. Status Display the connection status of the DDNS server. Domain Name Display the domain name for the DDNS server.
4.8.1.2 Setting This page allows you to configure DDNS server for your request. Each item will be explained as follows: Item Description Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Force Update Force the router updates its information to DDNS server immediately. Refresh Renew current web page.
1. Open Applications>>Dynamic DNS and click the Setting tab. 2. Choose one of the DDNS profiles and click the Edit button Available parameters are listed as follows: Item Description Profile Display the name of the profile. Enable Check this box to enable such profile. WAN Profile Choose a WAN profile that such profile will apply to. Routing Policy Choose a routing policy applied to the DDNS profile.
Service Type Select a service type (Dynamic, Custom or Static). If you choose Custom, you can modify the domain that is chosen in the Domain Name field. Domain Name Type in one domain name that you applied previously. Use the drop down list to choose the desired domain. User Login Name Type in the login name that you set for applying domain. Password Type in the password that you set for applying domain. IP Source Choose My WAN IP or My Internet IP as the source for the DDNS profile.
4.8.1.3 DDNS Log This page displays the information related to all DDNS. 4.8.1.4 DrayDDNS License Such page displays license information for DrayDDNS service.
4.8.2 DNS Security DNS security is able to ensure that the incoming data is not falsified and the source of the data is secure and correct to prevent from DNS attack by someone. Available parameters are listed as follows: Item Description Enable DNS Security Check the box to enable the DNS security management. Check DNS Reply Strictly In default, Vigor router does not check that unsigned DNS replies are legal or not: they are assumed to be valid and passed on.
4.8.3 GVRP This function can define the method for the changing the VLAN information among devices. With supporting GVRP, the device can receive the VLAN information coming from other devices. Available parameters are listed as follows: Item Description Enable This Profile Check this box to enable GVRP function. Interface Choose LAN and/or WAN profiles. To clear the selected one, click selections. to remove current object Join Time Define the time for the system to send GVRP packet to other device.
4.8.4 IGMP Proxy IGMP is the abbreviation of Internet Group Management Protocol. It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups. Available parameters are listed as follows: Item Description Enable Check this box to enable IGMP proxy function. IGMP Proxy Channel The application of multicast will be executed through WAN port. In addition, such function is available in NAT mode.
4.8.5 UPnP The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”. This enables applications inside the firewall to automatically open the ports that they need to pass through a router.
Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats. You should consider carefully these risks before activating the UPnP function.
4.8.6.1 High Availability Global Setup Available parameters are listed as follows: Item Description Enable High Availability Check this box to enable HA function. Redundant Method Choose Hot-Standby or Active-Standby as the method for HA. Hot-Standby – Hot-Standby is a redundant method of having several secondary service nodes running standby with another identical primary service node.
restored. Delayed Interval: Specify the time for waiting. Manual – Restoring must be done according to the setting of Manual Preemption Status. Manual Preemption Status – Click Active or Inactive. Manual Mode Threshold – Set a period of time for the system to determine the master router when there is no master router detected. If the router is set as Master router, and you change the Manual Preemption Status from Active to Inactive.
4.8.6.2 Hot-Standby Profile Setup The Hot-Standby mechanism is that the router with highest priority to be Master device. And other lower priority router will be a backup device for the highest router. When the Master device fails, one of the backup devices will be chosen by priority as the Master device to offer the network service for the connected PCs. Available parameters are listed as follows: Item Description HA LAN Profile Choose one of the LAN profiles for communication in HA application.
4.8.6.3 Active-Standby Mechanism The active-standby Mechanism is that each access point in LAN will participate in different high availability sessions. All the WAN interfaces can be active which provide more flexible utilization of network service. When LAN1 in Router A fails, one of the available line connections (e.g., LAN1 in Router C) will be selected to offer the network service for all the connected PCs.
The following page is used to create Active-Standby profiles. Available parameters are listed as follows: Item Description Add Add a new HA profile. Edit Modify the selected HA profile. To edit the profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected HA profile. To delete a profile, simply select the one you want to delete and click the Delete button.
2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Profile Type a name for such profile. HA LAN Profile Choose one of the LAN profiles that such function will be applied to. Virtual IP for Gateway Assign an IP address as a virtual IP. VHID It means Virtual Host ID. Type a number as VHID for such function. VHID is used for Backup router to identify which Master will be backed up.
4.8.6.4 HA Status This page displays status information of High Availability. Each item is explained as follows: Item Description Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page. Group ID Display the group ID number of such router. Priority ID Display the number which represents the priority of Vigor router in HA application.
Detail An icon displayed here allows to open a detailed settings page for HA configuration.
4.8.7 Wake on LAN A PC client on LAN can be woken up by the router it connects. When a user wants to wake up a specified PC through the router, he/she must type correct MAC address of the specified PC on this web page of Wake on LAN of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting. 4.8.7.
4.8.7.2 Schedule Wake on LAN This page is used to set profiles which will perform WOL based on the conditions specified by Bind Table profile, MAC address, LAN profile and time profile. Available parameters are listed as follows: Item Description Add Add a new schedule profile. Edit Modify the selected schedule profile. To edit the profile, simply select the one you want to modify and click the Edit button.
Available parameters are listed as follows: 4. Item Description Profile Type a name for such profile. Enable Check the box to enable such profile. Mode Choose the type for data input, Bind Table or MAC Address. Bind Table Choose one of the profiles listed in Bind Table. MAC Address If MAC Address is selected as Mode, you have to type MAC address in this field. Then only the PC with such address will be waken up remotely.
4.8.8 SMS / Mail Alert Service The function of SMS (Short Message Service)/Mail Alert is that Vigor router sends a message to user’s mobile or e-mail box through specified service provider to assist the user knowing the real-time abnormal situations. Vigor router allows you to set up to 10 SMS profiles which will be sent out according to different conditions. 4.8.8.1 SMS Alert Service This page allows you to specify SMS provider, who will get the SMS, what the content is and when the SMS will be sent.
How to edit the SMS alert service profile 1. Open Applications>> SMS/Mail Alert Service and click the SMS Alert Service tab. 2. Choose one of the index numbers and click the Edit button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Enable Check this box to enable such profile. SMS Provider Choose the SMS provider object profile from the drop down list. Such profiles can be created from Object Setting>>SMS Service Object.
4.8.8.2 Mail Alert Service This page allows you to specify Mail Server profile, who will get the notification e-mail, what the content is and when the message will be sent. Each item will be explained as follows: Item Description Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Refresh Renew current web page.
Available parameters are listed as follows: Item Description Enable This Profile Check this box to enable such profile. Mail Profile Choose the mail service object profile from the drop down list. Such profiles can be created from Object Setting>>Mail Service Object. Recipient Type the e-mail address for receiving the mail. Notify Profile Choose a profile (specify the timing for sending SMS) from the drop down list. Such profiles can be created from Object Setting>>Notification Object.
4.9 VPN and Remote Access A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link. Below shows the menu items for VPN and Remote Access. 4.9.1 VPN Client Wizard Such wizard is used to configure VPN settings for VPN client.
How to create LAN-to-LAN profile for VPN client (dial-out) 1. Open VPN and Remote Access >> VPN Client Wizard. 2. The following dialog will appear. Available parameters are listed as follows: Item Description Type Specify which protocol (PPTP/IPsec/SSL) will be used for such VPN profile. VPN Settings Via Select From Current Settings - Current VPN LAN to LAN profiles will be listed below such setting. Choose the one you need.
3. Specify the type. Click Create New VPN Profile and type the name of the profile. Then, click Next. 4. If you choose PPTP as the Type, you will get the following screen: Available parameters are listed as follows: Item Description Profile Display the name of the VPN profile. Enable Check this box to enable such profile. Always On Click Enable to make the profile being always on.
Dial-Out Through Choose a wan profile to be used by such profile. Then, use the default WAN IP or specify a WAN Alias IP for VPN tunnel. Failover to Choose a wan profile which will lead the data passing through other WAN automatically when the selected WAN interface (in Dial-Out Through) is failover. Idle Timeout When Always On is disabled, you have to type the value for terminating the network connection. Server IP/Host Name Type the IP address or host name of PPTP server.
If you choose IPsec as the Type, you will get the following screen: Available parameters are listed as follows: Item Description Profile Display the name of the VPN profile. Enable Check this box to enable such profile. WAN Profile Choose a wan profile to be used by such profile. Local IP/Subnet Mask Type the IP address and subnet mask of local host. Local Next Hop Specify the gateway for WAN interface. Usually, use the default setting (leave it in blank).
Mode is enabled. Auth Type The authentication to be used by Pre-Shared Key or RSA Signature. Choose PSK or RSA for such profile. Preshared Key Type a pre-shared key for authentication if PSK is selected as Auth Type. Security Protocol Choose ESP to specify the IPsec protocol for the Encapsulating Security Payload protocol. The data will be encrypted and authenticated. Choose AH to specify the IPsec protocol for the Authentication Header protocol. The data will be authenticated but not be encrypted.
tunnel. Failover to Choose a wan profile which will lead the data passing through other WAN automatically when the selected WAN interface (in Dial-Out Through) is failover. Idle Timeout When Always On is disabled, you have to type the value for terminating the network connection. Server IP/Host Name Type the IP address or host name of SSL VPN server. SSL User Name Type a user name for authentication in SSL VPN connection. SSL Password Type a password for authentication in SSL VPN connection.
Vigor2960 Series User’s Guide 319
4.9.2 VPN Server Wizard Such wizard is used to configure VPN settings for VPN server. Such wizard will guide to set the LAN-to-LAN profile for VPN dial in connection (from client to server) step by step. How to create LAN-to-LAN profile for VPN server 1. Open VPN and Remote Access >> VPN Server Wizard. 2. The following dialog will appear. Available parameters are listed as follows: Item Description Type Specify which protocol (PPTP/IPsec/SSL) will be used for such VPN profile.
3. VPN Settings Via Select From Current Settings - Current VPN LAN to LAN profiles will be listed below such setting. Choose the one you need. Create New VPN Profile – It allows you to create a new VPN LAN to LAN profile. Simply type the name in the field of Profile Name. The field of Profile Name is available only when you click this setting. Profile Name Type a new name for such profile. Next Go to next page. Cancel Cancel the configuration and return to the home page of such function.
Netbios Naming Packet Enable – Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting. Disable –When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting, such function can block data transmission of Netbios Naming Packet inside the tunnel. Multicast via VPN Some programs might send multicast packets via VPN connection. Enable – Click this button to let multicast packets pass through the router.
Remote IP / Subnet Mask Type the LAN IP address and LAN subnet mask for the remote host. More Remote Subnet Add more remote subnet in this field if required. IKE Phase 1 The ultimate outcome is to exchange security proposals to create a protected secure channel. Main mode is more secure than Aggressive mode since more exchanges are done in a secure channel to set up the IPSec session. However, the Aggressive mode is faster. The default value in Vigor router is Main mode.
If you choose SSL as the Type in Step 1, you will get the following page: Item Description Profile Display the name of the profile. Enable Check this box to enable such profile. SSL User Name Choose a user for authentication in SSL connection. Such profile shall be created in User Management>>User Profile previously. Otherwise, there are no selections displayed here. Local IP / Subnet Mask Type the IP address and subnet mask of local host.
packets via VPN connection. Disable – Disable such function. It is default setting. 4. Fill in the required information on this page and click Finish. A pop-up window will appear. 5. Click OK. Then, return to VPN and Remote Access>>VPN Server Wizard. The new added VPN server profile will be displayed on the screen.
4.9.3 Remote Access Control Enable the necessary VPN service as you need. If you intend to run a VPN server inside your LAN, you should disable the VPN service (e.g., PPTP VPN, L2TP VPN, SSL VPN, OpenVPN, IPsec etc.) of Vigor Router to allow VPN tunnel pass through. Available parameters are listed as follows: Item Description Enable PPTP/L2TP VPN Service / SSL Tunnel / OpenVPN / IPsec Service Check the box(es) to enable the service.
4.9.4 PPP General Setup Remote users can connect to the site, host, server and etc. via VPN connection built between the router and the users by authentication procedure. 4.9.4.1 PPTP This page display current status for VPN tunnel built with PPTP protocol. Available parameters are listed as follows: Item Description Authenticate Protocol The router will authenticate the dial-in user with the protocol selected here.
as user authentication type. To clear the selected one, click selections. to remove current object DHCP from Choose a LAN profile for L2TP Server if RADIUS is selected as user authentication type. WAN Profile Choose an interface (e.g., wan1, usb1) profile. DHCP Relay Enable - Let the router assign IP address to every host in the LAN. Disable - Let you manually assign IP address to every host in the LAN. PPTP MSS Type the maximum segment size (MSS) for PPTP VPN tunnel.
Available parameters are listed as follows: Item Description Authenticate Protocol The router will authenticate the dial-in user with the protocol selected here. PAP - It means the router will attempt to authenticate dial-in users with the PAP protocol. CHAP - It means the router will attempt to authenticate dial-in users with the CHAP protocol. User Authentication Type Set user authentication to Local server or RADIUS server.
DHCP Server IP Address It is available when DHCP Relay is enabled. Set the IP address of the DHCP server you are going to use so the relay agent can help to forward the DHCP request to the DHCP server. Force L2TP with IPsec policy If it is checked, the router will use L2TP with IPsec policy for VPN connection. Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply.
4.9.4.3 SSL VPN This page display current status for VPN tunnel built with SSL protocol. Available parameters are listed as follows: Item Description Authenticate Protocol The router will authenticate the dial-in user with the protocol selected here. PAP - It means the router will attempt to authenticate dial-in users with the PAP protocol. CHAP - It means the router will attempt to authenticate dial-in users with the CHAP protocol.
DHCP Server IP Address It is available when DHCP Relay is enabled. Set the IP address of the DHCP server you are going to use so the relay agent can help to forward the DHCP request to the DHCP server. SSL VPN MSS Type the maximum segment size (MSS) for SSL VPN tunnel. NetBIOS Naming Packet Pass – Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting.
4.9.5 OpenVPN General Setup In general, both server and client must use routers with the same model to make a successful VPN. If not, a problem would be caused due to wrong brands of models. Main advantage for OpenPVN is that it is a mechanism which is easy for users to build safe and reliable virtual network, even if the brand or model of router used by both ends are totally different. OpenVPN allows Vigor router to establish an instant VPN connection across the Internet with any router (e.g.
Available parameters are listed as follows: Item Description Remote Host Specify the type used for remote host. Default WAN IP – Click it to use default WAN IP of remote host. You need to choose an interface for such VPN. Customized – Click it to specify URL for the remote host. You need to enter the URL content in the field of Host. Interface It is available when Default WAN IP is selected as Remote Host. Specify a WAN interface (e.g., WAN1/2) for setting up VPN connection.
the VPN client for building OpenVPN connection. 4.9.6 IPsec General Setup The IPsec services can provide access control, connectionless integrity, data origin authentication, rejection of replayed packets that is a form of partial sequence integrity, and confidentiality by encryption.
Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.9.7 VPN Profiles The router allows you to create VPN profiles via the protocol of IPsec or PPTP (dial-in or dial-out). The router supports up to 200 VPN tunnels simultaneously. The following figure shows the summary table. 4.9.7.1 IPsec Tunnel Display the name of LAN to LAN profile with IPsec policy.
Dial-Out Through Display the WAN interface selected for the profile. Local IP / Subnet Mask Display the LAN IP address with subnet mask of this profile. Remote Host Display the name of the remote host of this profile. Remote IP / Subnet Mask Display the WAN IP address with subnet mask of this profile. More Remote Subnet Display other LAN IP addresses with subnet mask which can be used of this profile.
Dial-Out Through- Choose a wan profile to be used by such profile. Failover to – Choose a wan profile which will lead the data passing through other WAN automatically when the selected WAN interface (in Dial-Out Through) is failover. Local IP/Subnet Mask - Type the IP address and subnet mask of local host. Local Next Hop - Specify the gateway for WAN interface. Usually, use the default setting (leave it in blank). Remote Host - Type the WAN IP address for the remote host.
Available parameters are listed as follows: Item Description Phase 1 Key Life Time The rekey-renegotiated period of the IKE Phase1 keying channel of a connection. The acceptable range is from 5 to 480 minutes (8 hours). Phase 2 Key Life Time The rekey-renegotiated period of the IKE Phase 2 keying channel of a connection. The acceptable range is from 5 to 480 minutes (8 hours). Perfect Forward Secrecy Status Enable the PFS function.
Apply NAT Policy Enable – This option allows for performing one-to-one NAT for all traffic flowing across the VPN. Translated Local Network – Specify the IP address with subnet mask of the network that all traffic will be translated into. Netbios Naming Packet Enable – Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting.
Available parameters are listed as follows: Item Description Enable GRE Function Click Enable to enable such function. Local GRE IP The virtual IP address of the router, specified for this tunnel. Remote GRE IP The virtual IP address of the remote client, specified for this tunnel. Auto Generate GRE Key Click Enable to enable such function. If you click Disable, you have to type GRE In Key and GRE Out Key respectively. GRE In Key Type the hexadecimal number as GRE In Key.
Available parameters are listed as follows: Item Description IKE Phase1 Proposal (Dial-Out) Propose the local available authentication schemes and encryption algorithms to the VPN peers, and get its feedback to find a match. IKE Phase1 Authentication (Dial-Out) Propose the local available algorithms to the VPN peers, and get its feedback to find a match.
Available parameters are listed as follows: 4. Item Description Enable An IPsec VPN profile can support 1 up to 16 multiple SAs (security association). Check the one you want to enable it. Local IP /Subnet Mask Type the IP address and subnet mask of local host. Remote IP /Subnet Mask Type the LAN IP address and LAN subnet mask for the remote host. After filling the required information, click Apply and a new IPsec LAN-to-LAN profile will be created.
4.9.7.2 PPTP Dial-out/SSL Dial-out Tunnel Display the name of LAN to LAN profile with PPTP dial-out/SSL dial-out tunnel. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
How to create a PPTP Dial-Out/SSL Dial-out VPN profile Below will guide you to create a PPTP/SSL dial-out profile for VPN connection: 1. Open VPN and Remote Access >> VPN Profiles. 2. witch to the tab of PPTP Dial-Out/SSL Dial-Out Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check this box to enable this profile.
SSL User Name connection. PPTP Password/ SSL Password Type a password for authentication in PPTP/SSL connection. Local IP/Subnet Mask Type the IP address and subnet mask of local host. Remote IP / Subnet Mask Type the LAN IP address and LAN subnet mask for the remote host. Route / NAT Mode Specify the purpose for such profile. Netbios Naming Packet Enable – Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting.
4.9.7.3 PPTP Dial-in/SSL Dial-in Tunnel Display the name of LAN to LAN profile with PPTP dial-in/SSL dial-in tunnel. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
2. Switch to the tab of PPTP Dial-in/SSL Dial-In. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Display the name of the profile. Enable Check this box to enable this profile. PPTP User Name / SSL User Name Choose a PPTP/SSL user profile for authentication in PPTP/SSL connection. Such profile shall be created in User Management>>User Profile previously.
Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. 4. Enter all of the settings and click Apply. 5. A new PPTP/SSL Dial-In LAN-to-LAN profile has been created. 4.9.7.4 GRE Tunnel Display the name of LAN to LAN profile with GRE tunnel. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
Remote IP / Subnet Mask Display the IP address and subnet mask of remote client. How to create a GRE VPN profile Below will guide you to create a GRE profile for VPN connection: 1. Open VPN and Remote Access >> VPN Profiles. 2. Switch to the tab of GRE. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Display the name of the profile. Enable Check this box to enable this profile.
4.9.8 VPN Trunk Management VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balance tunnel. It can assist users to do effective load sharing for multiple VPN tunnels according to real line bandwidth. Moreover, it offers three types of algorithms for load balancing and binding tunnel policy mechanism to let the administrator manage the network more flexibly.
4.9.8.1 Load Balance Pool This page allows the user to integrate several WAN profiles as a pool profile specified with the function of load balance or failover. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
How to add a Load Balance Pool Profile 1. Open VPN and Remote Access >>VPN TRUNK Management and click the Load Balance Pool tab. 2. Simply click the Add button. 3. The following dialog will appear. Type the name of the profile (e.g., LB_Pool_1, within 10 characters including digit, letter, and underline) under the Mode tab. Available settings are listed below: Item Description Profile Type the name of the profile (e.g., LB_Pool_1, within 10 characters including digit, letter, and underline).
Important!!! If there is no selection for Interface option, please go to VPN and Remote Access>>VPN Profiles to create a new IPsec LAN to LAN profile with enabled GRE setting. Then, return to this page to specify the Interface option. 4. Enter all of the settings and click Apply. 5. A new profile has been created. Refer to Chapter 3, How to Configure VPN Load Balance between Vigor2960 and Other Router for getting more detailed information about Load Balance application. 4.9.8.
Source Mask Display the subnet mask address specified for the source IP of this entry. Destination IP Address Display the destination IP address specified for this entry. Destination Mask Display the subnet mask address specified for the destination IP of this entry. Destination Port Start Display the start point specified in the Dest Port Range for this entry. Destination Port End Display the end point specified in the Dest Port Range for this entry.
Destination Mask Type the subnet mask address specified for the destination IP. Destination Port Start Type the start point. Destination Port End Type the end point. Load Balance Pool Use the drop down list to choose one profile configured in load balance pool. Then, such rule will be applied by the pool. Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. 4. Enter all of the settings and click Apply. 5. A new profile has been created.
Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. VPN Display the name of VPN profile. Type Display the connection type (PPTP or IPsec) for such VPN profile. Interface Display the WAN interface for such VPN profile. Remote IP Display the remote IP configure by VPN profile. Virtual Network Display the virtual network established by such VPN profile.
4.10 Certificate Management A digital certificate works as an electronic ID, which is issued by a certification authority (CA). It contains information such as your name, a serial number, expiration dates etc., and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Here Vigor router support digital certificates conforming to standard X.509.
4.10.1 Local Certificate This page allows users to generate certificate based on different work requests. Local certificate can be signed by itself or signed by a root CA. Each item will be explained as follows: Item Description Upload Click this button to open the following dialog to upload selected certificate onto the router. After choosing the certificate file type, type the required information and choose the required file (e.g., Key Passphrase, Key File, PKCS12 Password and PKCS12 File).
Delete Remove the selected item of local certificate listed below. Download Allow you to download an existing local certificate to the router. Generate Open another web page for generating the local certificate. Name Display the name of local certificate. Issuer Display the issuer of local certificate. Subject Display the subject of local certificate. Status Display the status of local certificate. Valid From Display the starting point of the valid time of local certificate.
Available parameters are listed as follows: Item Description Certificate Name Type the name of the local certificate. ID Type The ID type for such certificate. There are four types: Domain Name: Certificated by domain name. IP: Certificated by IP address. Email: Certificated by email address. None: Do not enter an ID value. ID Value The ID value is determined by the ID Type selected for such certificate. For example, if you choose Domain Name as the ID Type, please type the domain name in this field.
How to download a local certificate into specified location Vigor router allows you to generate a certificate request and submit it the CA server. After generating a local certificate, you can download it as a file into any place you want. If you have already gotten a certificate from a third party, you may import it directly. The supported types are PKCS12 Certificate and Certificate with a private key. 1. Open Certificate Management>> Local Certificate. 2.
3. Choose Local Certificate and click the Select button to open the follwoing dialog. 4. From the above dialog, choose the certificate you want and click Open. The dialog box with the selected certificate file name will be shown as follows. 5. Click Upload. The system will start to upload the selected file.
4.10.2 Trusted CA Certificate The CA (certification authority) certificate specified in this page is the issuer of the certificates for both clients requesting for network connection. It allows you to import the third-party certificate authenticated by other certification authority (CA) to be used as a CA for signing the local certicate. Just create a new Trust CA Certificate first.
Passphrase, Key File, PKCS12 Password and PKCS12 File). Later, click Upload on the dialog to upload the file onto Vigor router. Delete Remove the selected item of trusted CA listed below. Download Allow you to download an existing trusted CA certificate to the router. Build RootCA Open another web page for generating the trusted CA certificate. Name Display the name of trusted certificate built. Subject Display the subject of trusted certificate built.
4.10.3 Remote Certificate This page allows users to upload acceptable certificate of remote client. Each item will be explained as follows: Item Description Upload Click this button to open the following dialog to upload selected certificate onto the router. After choosing the PKCS12 Certificate mode, type the required information and choose the required file (e.g., PKCS12 Password and PKCS12 File). Later, click Upload on the dialog to upload the file onto Vigor router.
Download Allow you to download an existing trusted CA certificate to the router. Sign Click it to make the selected certificate to be used as a certificate. Name Display the name of certificate built. Subject Display the subject of certificate built. Status Display the status of certificate built.
4.11 SSL Proxy An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. There are two benefits that SSL VPN provides: It is not necessary for users to preinstall VPN client software for executing SSL VPN connection. There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN. 4.11.1 SSL Web Proxy SSL Web Proxy will allow the remote users to access the internal web sites over SSL.
Profile Number Limit Display the total number (30) of the profiles to be created. Profile Display the name of the profile that you create. URL Display the URL. Host IP Address Display the IP address for the Host. How to create a new SSL Web Proxy 1. Open SSL VPN>> SSL Web Proxy. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type name of the profile.
4.11.2 SSL Application It provides a secure and flexible solution for network resources, including VNC (Virtual Network Computer) /RDP (Remote Desktop Protocol), to any remote user with access to Internet and a web browser. 4.11.2.1 VNC VNC stands for Virtual Network Computing. It allows you to access and control a remote PC through VNC protocol. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile that you create. IP Address Type the IP address for this protocol. Port Specify the port used for this protocol. The default setting is 5900. Scaling Chose the percentage (100%, 80%, 60%) for such application. Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. 4.
4.11.2.2 RDP RDP stands for Remote Desktop Protocol. It allows you to access and control a remote PC through RDP protocol. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
Available parameters are listed as follows: Item Description Profile Type the name of the profile that you create. IP Address Type the IP address for this protocol. Port Specify the port used for this protocol. Screen Size Chose the screen size for such application. Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. 4. Enter all of the settings and click Apply. 5. A new SSL Application profile has been created.
4.11.3 Online User Status If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access into DrayTek SSL VPN portal interface. Each item will be explained as follows: Item Description Refresh Renew current web page. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. User Name Display current user who visit SSL VPN server.
4.12 Bandwidth Management Below shows the menu items for Bandwidth Management. The QoS (Quality of Service) guaranteed technology in the Vigor router allows the network administrator to monitor, analyze, and allocate bandwidth for various types of network traffic in real-time and/or for business-critical traffic. Thus, timing-sensitive applications will not be impacted by web surfing traffic or other non-critical applications, such as file transfer.
4.12.1.2 Software QoS This page displays current software QoS status and allows you to edit related settings, including bandwidth, queue (high, medium, normal and low) for each QoS WAN. Available parameters are listed as follows: Item Description Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Refresh Renew current web page.
3. The QoS settings page appears. Available parameters are listed as follows: Item Description WAN Use the drop down list to set WAN interface for QoS by choosing one of the WAN interfaces. Status Enable – Click it to enable such profile. Disable – Click it to disable the QoS profile. Bandwidth Type the number as the total transmission rate for the outgoing /incoming data. The range can be set from 64000 to 10000000. Click the unit (Kbps or Mbps) for such rate.
Cancel 4. Click it to exit the dialog without saving anything. Enter all of the settings and click Apply. 4.12.1.3 Hardware QoS This page allows you to configure bandwidth of data and voice signals transmission for outgoing data and incoming data through hardware interface. Note: The difference between Hardware QoS and Software QoS is that only one WAN interface is supported by Hardware QoS. However, there are six WAN interfaces supported by Software QoS.
4.12.2 QoS Rule There are 32 filter rules that can be configured in such page for incoming and outgoing data. 4.12.2.1 QoS Rule Available parameters are listed as follows: Item Description Add Add a new rule profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
TOS Display the setting of TOS. Traffic Class Display the queue number that such filter is categorized. How to add a QoS rule profile 1. Open Bandwidth Management>> QoS Rule. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the filter profile. Enable Check this box to enable such profile. Match Type Use the drop down list to specify a suitable match type.
TOS It is available when TOS is selected as the Match type. Traffic Class Choose a level to category the packets matching with the condition configured as above. High is the highest; Normal is the lowest. Local Address Click on the left side of the Source IP Object/Source IP Group profile. Check the object profile(s) as the source target. Local IP Object – Use the drop down list to choose one of the IP objects for such rule profile.
Remote Address Profile – type a new name for such IP object. Address Type –Choose the address type (Single or Range) for such rule. Each type will bring different settings for configuration. Start IP Address - Type the IP address of the starting point for such profile. End IP Address - Type the IP address of the ending point for such profile if you choose Range as Address Type. Subnet Mask – Choose the subnet mask from the drop down list if you choose Subnet as Address Type.
Service Type End IP Address - Type the IP address of the ending point for such profile if you choose Range as Address Type. Subnet Mask – Choose the subnet mask from the drop down list if you choose Subnet as Address Type. Service Type - Choose one of the service types from the drop down list. If you want to create a new service type, simply click open the following dialog. Profile – type a new name for such service type. Protocol –There are two options: TCP, UDP and TCP/UDP.
4.12.2.2 VoIP QoS When this feature is enabled, the VoIP SIP/UDP packets will be sent with highest priority during the process of data transmission. Each item will be explained as follows: Item Description Enable Enable - Click it to enable VoIP QoS function. SIP UDP Port Set a port number used for SIP. Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page.
4.12.2.3 DSCP Re-Tag Packets coming from LAN IP can be retagged through QoS setting. When the packets sent out through WAN interface, all of them will be tagged with certain header and that will be easily to be identified by server on ISP. Each item will be explained as follows: Item Description Enable Enable – Click it to enable DSCP Re-Tag function. High / Medium / Normal / Low There are four queues allowed for QoS control.
4.12.3 Sessions Limit A PC with private IP address can access to the Internet via NAT router. The router will generate the records of NAT sessions for such connection. The P2P (Peer to Peer) applications (e.g., BitTorrent) always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted. To solve the problem, you can use limit session to limit the session procession for specified Hosts.
Source IP Group Display the source IP group profile name. Time Object If no time schedule is set, None will be shown in this field. Time Group Display the Time group profile selected for such application profile. Default Session Limit Display the default session number used for each computer in LAN. Default Max Sessions Display the default maximum session number used for each computer in LAN.
Item Description Profile Type the name of the profile. Enable Check this box to enable such profile. Max Sessions Defines the available session number for each host in the specific range of IP addresses. If you do not set the session number in this field, the system will use the default session limit for the specific limitation you set for each index. This field cannot be typed with “0”, otherwise the profile cannot be saved.
4.12.4 Bandwidth Limit The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs. Please use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Bandwidth Limit to open the web page. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile.
Source IP Group Display the source IP group profile name. Time Object If no time schedule is set, None will be shown in this field. Time Group Display the Time group profile selected for such application profile. Allow auto adjustment… Check this box to make the best utilization of available bandwidth. Default TX/RX Limit The default limit will apply to LAN IP(s) not in the above configuration profiles Default TX Limit – Define the limitation for the speed of the upstream.
Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check this box to enable such profile. TX Limit(Kbps) Define the limitation for the speed of the upstream. If you do not set the limit in this field, the system will use the default speed for the specific limitation you set for each index. Do not type the value with “0”, otherwise the profile cannot be saved. RX Limit(Kbps) Define the limitation for the speed of the downstream.
to display the Time Group - Click the triangle icon profile selection box. Choose a schedule group profile to be applied on such rule. You can click to create another new time group profile. source target Click the triangle icon to display the profile selection box. Choose one or more IP object/IP group/User Profile/User Group/LDAP Group/Guest Group profiles from the drop down list. The selected profile will be treated as source target. You can click to create another new object profile.
4.13 USB Application USB storage disk connected on Vigor router can be regarded as a server or WAN interface. By way of Vigor router, clients on LAN can access, write and read data stored in USB storage disk with different applications. After setting the configuration in USB Application, you can type the IP address of the Vigor router and username/password created in User Management>>User Profile on the client software. Then, the client can use the FTP site (USB storage disk) through Vigor router.
Model Display the type of the USB device. Size Display the total disk capacity of the USB device. Free Capacity Display the remaining disk space of the USB device. Status Display the status of the USB device. (Remove Icon) At present, FAT, EXT2, EXT3 USB format can be supported by Vigor router. If such USB is inserted into the USB slot, the Status field will display “In Use” and the remove icon will appear on the screen. If you want to remove the USB disk, simply click this icon. 4.13.
Path It displays the directory name for the connected USB disk. Access Rights It displays the access right for the connected USB disk. Enable FTP Check the box to enable FTP server. Port Type required port number for FTP server. Or, use the default value. Maximum Number of Connections It means the maximum session limit for the FTP server. The default setting is “4” for downloading, uploading and keeping network connection.
to be located by Windows system. Default name will be offered for Windows XP user. Enable SMBv1 For the system security, use the default setting (Disable). SMBv1 is used for the computer with old operation system which does not support SMBv2 or SMBv3. 4.13.3.2 SAMBA Folder Due to the file sharing feature of SAMBA server, this page allows you to create any profile which can be shared by clients on the network. How to add/edit a SMABA folder profile 1.
Item Description Profile Type the name of the profile to be shared. Enable Check this box to enable such profile. Visible Check this box to make such profile be seen by users. If not, the user must know and type the path of the folder name to access into that folder. Comment Type any text to describe such profile if required. Volume Use the drop down list to specify the proper volume for the connected USB disk. Path It indicates the directory name for the connected USB disk.
4.13.4 Printer This page is used to enable the printer server state when a printer device is connected via USB port. Available settings are explained as follows: Item Description Printer Server State Auto- It’s the default setting. Vigor router will detect if the connected device is printer or not. If yes, the printer server will be enabled automatically to activate the printer. Enable – The printer server will be enabled. Disable – The printer server will be disabled.
4.13.5 Temperature Sensor A USB Thermometer is now available that complements your installed DrayTek router installations that will help you monitor the server or data communications room environment and notify you if the server room or data communications room is overheating. During summer in particular, it is important to ensure that your server or data communications equipment are not overheating due to cooling system failures.
4.13.5.2 General Setup Available settings are explained as follows: Item Description Enable Temperature Sensor Check this box to enable such function. Display Unit Choose Celsius or Fahrenheit as the display unit. Temperature Alert Lower limit / Temperature Alert Upper limit Type the upper limit and lower limit for the system to send out temperature alert. Calibration Type a value used for correcting the temperature error. Temperature Alert Time Interval The default setting is one minute.
4.13.6 Modem Support List Such page provides the information about the brand name and model name of the USB modems which are supported by Vigor router.
4.14 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog/Mail Alert, Time and Date, Access Control, SNMP Setup, Reboot System, Firmware Upgrade and APP Signature Upgrade. Below shows the menu items for System Maintenance. 4.14.1 TR-069 4.14.1.1 TR-069 This device supports TR-069 standard.
ACS server on Choose one of the WAN/LAN profiles which will be recognized by VigorACS. Auto Failover to Active WANs Specify the WAN interface to take over the job of network connection when the original WAN interface fails. ACS Server URL/ ACS Server Username / ACS Server Password Such data must be typed according to the ACS (Auto Configuration Server) you want to link. Please refer to Auto Configuration Server user’s manual for detailed information.
4.14.1.2 Apply Settings to VigorAP This feature is able to apply TR-069 settings (including STUN and ACS server settings) to all of APs managed by Vigor2960 at the same time. Item Description Apply Settings to APs Check this box to make the settings in this page apply to VigorAP. AP Password Type the password of the VigorAP that you want to apply Vigor2960’s TR-069 settings.
4.14.2 Administrator Password This page allows you to set new password for accessing into the WUI of the router. Each item will be explained as follows: Item Description Original Password Type the old password. New Password Type the new password. Confirm Password Re-type the new password for confirmation. Apply Click this button to save the configuration and exit the web page. Enter all of the settings and click Apply.
4.14.3 Configuration Backup Most of the settings can be saved locally as a configuration file, and can be applied to another router. The router supports functions of restore and backup for the configuration file. 4.14.3.1 Backup This page allows you to set general settings (e.g., encryption mode, backup type, config file name) for configuration backup. Each item will be explained as follows: Item Description Encrypt None – No encryption will be used.
Backup Selected Config – The configuration file will be stored with an existing file in local host. You must select which file you want to store. Select Config File – Choose and check which type(s) of configuration will be saved. Select Lang File – Choose and check which language(s) to be saved. Config File Name The default configuration file name (file format shall be .tgz) will be shown here. You can change the name if required. Backup Execute the file downloading job to the computer. 4.14.3.
backup interval. Set the time interval by entering “hh:mm” (hours:minutes). Only backup when config changed Enable – Click it to enable such function. Then, backup will be executed whenever the configuration is changed. Disable – The backup will be executed periodically based on the conditions set above. Backup config file The records of configuration backup files will be shown in this table. Apply Click this button to save the settings configured in this page.
Restore Settings via Local Config File – Click it to restore the configuration settings through a configuration file stored locally. Restore Settings via TFTP Server – Click it to restore the configuration settings through TFTP server. Remote Server IP – Type the IP address of the TFTP server. Config File Name – Type the configuration file name to be restored. Select File Use the Browse... button to locate the file for uploading to the router.
4.14.4 Syslog / Mail Alert SysLog function is provided for users to monitor router. There is no bother to directly get into the Web User Interface of the router or borrow debug equipments. 4.14.4.1 SysLog File This page displays all the operation logs for the router. Available parameters are listed as follows: Item Description Refresh Renew the web page. Download Log Save or open the Syslog file. Clear Syslog Remove all of the records.
Available parameters are listed as follows: Item Description Status Choose one of the selections to determine current status for Syslog access. If you choose Local as Status, you don’t need to type any server IP and port. Just give a name for the router. Save to USB Such option is available when Remote/Local/Both is selected in Status. Enable – Click it to save the log onto USB disk. Disable – Click it to disable the function of log to USB.
Syslog. WAN Log Click Enable to make the WAN log recorded in the Syslog. Others Log Click Enable to make other logs recorded in the Syslog. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.14.4.3 Mail Alert Available parameters are listed as follows: Item Description Enable Check the box to enable such profile. Mail From Type a mail address for the mail sender.
any user access event. Disable – Vigor router does not send any mail to inform the user login event. VPN Mail Alert Enable – Vigor router sends a mail as an alert to inform VPN connection. Disable – Vigor router does not send any mail to inform VPN connection. Send A Test Mail Click it to send a test mail to the specified address. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page.
Interval Select a time interval for updating from the NTP server. Time Zone Select the time zone where the router is located. Daylight Saving Click Enable to enable the daylight saving. Such feature is available for certain area. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.14.6 Access Control 4.14.6.
Image login dialog. Upload Login Image – Specify an image file by pressing the Select button. Disable – Click it to disable the function of customized login image. The default background image will be used automatically. Enforce HTTPS Management Click Enable to force the user accessing into web user interface of Vigor router by HTTPS. Internet Access Control Apply to WAN Interface Check the interface(s) for Internet Access.
profile are allowed to access into the web user interface of Vigor2960. Web Allow Click Enable to allow system administrator to login from the Internet and management the web page of the router. Telnet Allow Click Enable to allow system administrator access Telnet server. SSH Allow Click Enable to allow system administrator access SSH server. HTTPS Allow Click Enable to allow system administrator to login from the HTTPS server and management the web page of the router.
Interface, SSH, FTP, Telnet, PPTP/SSL) are available for configuration to avoid malicious attacks. Available parameters are listed as follows: Item Description Enable Fail to Ban Enable the function to protect Vigor system while being attacked by malicious accounts and passwords. Web UI/SSH/FTP/ TELNET/PPTP/SSL Enable – Enable the function of Fail to Ban via different protocols (Web UI/SSH/FTP/TELNET/PPTP/SSL).
Available parameters are listed as follows: Item Description Syslog Check the box to make information related to access control recorded on Syslog. PPTP/IPsec/Web/HTTPS The port number used by these protocols always became the target attacked by hacker. Therefore, the settings for packet SSH/Telnet/FTP Access reception rate for certain protocol can be configured to avoid Barrier attack from unknown people. Apply Click this button to save the configuration.
4.14.7 SNMP Setup This page allows you to manage the settings for SNMP setup. The SNMPv3 is more secure than SNMP through the encryption method (support AES and DES) and authentication method (support MD5 and SHA) for the management needs. Available parameters are listed as follows: Item Description Enable Check the box to enable such profile. Get Community Set the name for getting community by typing a proper character. The default setting is public.
Privacy Password(Min. Length:8) Type a password for privacy. The maximum length of the text is limited to 23 characters. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.14.8 Reboot System The Vigor router system can be restarted from a Web browser. You have to reboot the router to invoke the configured settings that you made before. 4.14.8.
Configurations option, Select Config File will be available for you to select. After choosing the configuration files, click Reboot. Reboot Click this button to execute the rebooting job. 4.14.8.2 Schedule Reboot Vigor router can be rebooted based on schedule setting. Check the box of Enable Schedule Reboot and choose a time object from the drop down list of Schedule Time Object. After clicking Apply, Vigor router will reboot at the specified time.
Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Display the name of the schedule profile. Frequency Display the type (Once or Weekdays) of frequency selected for the profile. Start Date Display the starting date of the profile. Start Time Display the starting time of the profile. End Date Display the ending date of the profile. End Time Display the ending time of the profile.
Frequency Specify how often the schedule will be applied. Once -The schedule will be applied just once Weekdays -Specify which days in one week should perform the schedule. Start Date Specify the starting date of the schedule. Start Time Specify the starting time of the schedule. End Date Specify the ending date of the schedule. End Time Specify the ending time of the schedule. 4. Enter all the settings and click Apply. 5. A schedule profile has been created.
4.14.9 Firmware Upgrade The following web page will guide you to upgrade firmware by using such page. Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com. Click System Maintenance>> Firmware Upgrade. 4.14.9.1 Upgrade Firmware This page display current firmware version used in Vigor router.
4.14.9.2 Auto Firmware Upgrade By clicking Check Update/Install Update, Vigor router can download/upgrade firmware directly from website (http://www.draytek.com.tw/ftp) automatically. Available parameters are listed as follows: Item Description Current Firmware Version Display the firmware version used currently by such model. Server Firmware Version Display the firmware version shown on website (http://www.draytek.com.tw/ftp).
4.14.9.3 Firmware Patch Vigor router administrator/user can manually select file (.pat) to fix/modify the mistakes, bugs or error occurred on current firmware. Usually, such firmware with instant modifications can be obtained from DrayTek MyVigor Patch Server. 4.14.9.4 Auto Firmware Patch Vigor router system will automatically download newest firmware with the modifications from DrayTek MyVigor Patch Server automatically to modify/fix the mistakes or error occurred on current firmware.
and get server patch version. Install Update – Click it to install the server patch version onto Vigor router. Mode There are three modes available for you to choose. Manual upgrade – If it is selected, check and installation for patch will be executed only when Check Update/Install Update is pressed. Notify me when new patch is available - If it is specified, after detecting the newest patch from MyVigor server, Vigor router’s system will automatically download the patch information and store on the host.
4.14.10 APP Signature Upgrade The APP object profile adopted by Vigor router will be treated as the APP signature. DrayTek will periodically upgrade versions for all of the APPs supported by Vigor router. However, it might be inconvenient for users to upgrade the APP version one by one. This feature is specially designed to offer a quick method to execute APP version upgrade.
Server Signature Date Display the newest signature version recorded on server (myvigor.draytek.com or myvigoreu.draytek.com). Upgrade from Server Get the newest signature from MyVigor server (myvigor.draytek.com or myvigoreu.draytek.com). Check Update –Vigor router will inquire to MyVigor server (myvigor.draytek.com or myvigoreu.draytek.com) if there is any newest signature available for use.
4.14.11 APP Support List APP Support List displays all of the applications with versions supported by Vigor router. They are separated with types of IM, P2P, Protocol and Others. Each tab will bring out different items with supported versions.
4.15 Diagnostics In some cases, a user may need to know some information about the router, such as static or dynamic databases, or other routing information. 4.15.1 Routing Table Click Diagnostics and click Routing Table to open the web page. 4.15.1.1 Routing Table Display the information for each route. Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search.
mouse button and type the keyword inside the box. The system will display the records relating to the keyword. Destination Display the destination IP address for various routings. Gateway Display the default gateway. Genmask Display the subnet mask for various routings. Flags Display the flag of the routing entry.
4.15.1.2 IPv6 Routing Table Display the information for each route with IPv6 protocol. Each item will be explained as follows: Item Description Refresh Renew the web page. Destination Display the destination IP address for various routings. Next Hop Display the next hop address for such route. Flags Display the flag of the routing entry.
4.15.2 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. 4.15.2.1 ARP Cache Table Each item will be explained as follows: Item Description Refresh Renew the web page. Clear All Remove all of the information from this page. Search Move the mouse cursor onto the box of Search.
4.15.2.2 IPv6 Neighbor Table Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box. The system will display the records relating to the keyword. IP Address Display the IPv6 address of the neighbor. Profile Display the interface to which this neighbor is attached. MAC Address Display the MAC address of the neighbor.
Item Description Rather than probe the neighbor immediately, however, delay sending probes for a short while in order to give upper layer protocols a chance to provide reachability confirmation. PROBE - The neighbor is no longer to be reachable, and unicast Neighbor Solicitation probes are being sent to verify reachability.
4.15.3 DNS Cache Table The record of domain name and the mapping IP address for answering the DNS query from LAN will be stored on Vigor router’s Cache temporarily.
4.15.4 DHCP Table The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. 4.15.4.1 DHCP Table Click Diagnostics and click DHCP Table to open the web page. Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box.
4.15.4.2 DHCPv6 Table Click DHCPv6 Table to open the web page. Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box. The system will display the records relating to the keyword. Interface Display the interface used by the DHCP server. IPv6 Address Display the IPv6 address of the static DHCP server.
4.15.5 Session Table Session table can display about 30000 sessions with 20 pages. Click NAT, Local Service, Open Port or VPN to check the detailed information if required. Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box. The system will display the records relating to the keyword. Source Display the source IP address and port of local PC.
4.15.6 MAC Address Table The MAC Address Table contains up to 8192 entries, and is sorted first by VLAN ID, then by MAC address. Each page shows up to 999 entries from the MAC table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the MAC Table. The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table.
Refresh Click it to reload the page. Clear Click it to clear the counters for all ports. Port Display the interface that data transmission passing through. Receive/Transmit (Packets) Display the packet sizes for data transmission in receiving and sending. Receive/Transmit (Bytes) Display the number of received and transmitted bytes per port. Receive/Transmit (Error) Display the number of the error occurred in data receiving and data sending.
4.15.8 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page. Choose the Setup tab to specify LAN and WAN profiles to display corresponding graphs for CPU, Memory, LAN, WAN and sessions configurations. Click Refresh to renew the graph at any time. Each item will be explained as follows: Item Description Setup In this page, simply specify which LAN profile and WAN profile will be applied. The traffic graph will be drawn based on the profiles selected.
Item Description LAN Click the LAN tab. There are three selections provided for you to specify. Network Interface – Display the information of LAN or WAN operation. Recent 24 Hours – Display the information of LAN operation about recent 24 hours. Recent 7 Days – Display the information of LAN operation about recent 7 days. Recent 4 Weeks – Display the information of LAN operation about recent 4 weeks. WAN Click the WAN tab. There are three selections provided for you to specify.
4.15.9 Web Console Click Diagnostics and click Web Console to pen the web page for typing commands used in console connection. A remote user can operate Vigor2960 from this web page without installing and opening other connection utility. 4.15.10 Ping/Trace Route This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Start. The result of route trace will be shown on the screen.
4.15.11 Data Flow Monitor This page displays the running procedure (such as IP address, session number, transmission rate, receiving rate, and duration of the time block) by list or by chart for the IP address monitored and refreshes the data in an interval of several seconds. 4.15.11.1 Data Flow Monitor Each item will be explained as follows: Item Description Enable Dataflow Monitor Check this box to enable such function. Block Prevent the specified PC accessing into Internet within 5 minutes.
Item Description Refresh Click it to renew the web page. IP Address Display the IP address of the monitored device. TX rate (Kbps) Display the transmission speed of the monitored device. RX rate (Kbps) Display the receiving speed of the monitored device. Sessions Display the session number that you specified in Limit Session web page. Block Time Display the time for the duration of the block. Profile Display the WAN interface. IP Display the IP address of the WAN interface.
4.15.11.3 Packet Monitor This function can be used to capture the packets for analysis in the future. Moreover, the traffic data (obtaining from data flow monitor) also can be downloaded from Vigor router and stored in the host for future use. Each item will be explained as follows: Item Description Packet count Specify the threshold value of the packets to be captured by Vigor router. If the packet captured reaches the threshold value, Vigor router will cease the packet capturing.
4.15.11.4 Group Bandwidth This page display 怎樣資訊? 這裡提到的 group 是指什麼 group 呢?? 4.15.12 User Status This page displays connection information of user account /VPN profile, PPPoE Server, User Management, VPN Connection Management and SSL Proxy for reference.
4.16 Central Management (VPN) Vigor2960 can build virtual private network (VPN) between itself and any other TR-069 CPE by the function of central VPN management. In addition, it can be treated as a server which can manage TR-069 CPE for periodical firmware upgrade, configuration backup and restoring configuration. Below shows the menu items: Note: 1. Such menu can manage the CPE connected through WAN only. 2. Up to 16 devices can be managed. 4.16.
Available parameters are listed as follows: Item Description Enable Check the box to enable such function. WAN Profile Choose one interface (WAN or USB) for VPN establishment. HTTP Allow Click Enable to active the HTTP setting. HTTP Port Type a port number for HTTP. The default value is 8080. HTTPS Allow Click Enable to activate the HTTPS setting. HTTPS Port Type a port number for HTTPS. The default value is 8443.
4.16.1.2 VPN General Setup This page allows you to configure the basic settings for the VPN tunnel of Vigor router. Item Description WAN Profile Choose a WAN interface profile to be used. Local IP/Subnet Type the IP address and subnet mask of local host. IPsec Security Method Choose one of the following methods for the security of data transmission. For example, choose AH to specify the IPSec protocol for the Authentication Header protocol. The data will be authenticated but not be encrypted.
4.16.2 CPE Management All the CPEs managed by Vigor2960 can be seen with icons from this page. 4.16.2.1 CPE Maintenance This page allows you to manage the CPEs connected to Vigor2960. Page without CPE connected Page with CPE connected Available parameters are listed as follows: Item Description Managed Devices Status This area displays icons for the CPE managed by Vigor2960. Edit – To modify the name and location of specific CPE, click the one you want and click the Edit button.
Detail – It displays the same content as the Edit button. However, it cannot be used to modify name or location. Delete – To disconnect the management of any CPE, click the CPE icon you want and click the Delete button. Refresh – Click it to refresh current page. Recycle Bin – All the deleted CPEs will be stored in a temporary place for the administrator to retrieve. It is useful especially for the CPEs deleted carelessly. If you want to retrieve some CPE, click it to open another window.
Edit – To modify existed profile, choose the one you want to change and click this button to open the pop up window. Delete – To discard any existed profile, simply choose one you want and click this button to delete the profile. Refresh – Click it to refresh current page. File Explorer – Click it to open a file explorer. The available firmware will be displayed in such page. Profile – Display the name of the profile. Device – Display the name (named by Vigor2960) of the devices selected by such profile.
finished or not. Refer to sections “3.4 How to manage the CPE (router) through Vigor2960?” and “3.6 How to upgrade CPE firmware through Vigor2960?” for more detailed information. How to add a new Maintenance Profile Follow the steps below to create a new maintenance profile. 1. Click Add on the Maintenance area. 2. The Maintenance dialog appears. Available parameters are listed as follows: Item Description Profile Type the name of the maintenance profile.
the device. Action There are three actions for you to choose for such profile. Firmware Upgrade – It means such profile will be used for firmware upgrade. Configuration Backup – It means such profile will be used for configuration backup of the selected CPE. Configuration Restore – It means such profile will be used for restoring the configuration of the selected CPE. Schedule The new created profile can be applied to the selected CPE based on the schedule configured here.
Cancel Click it to exit the dialog without saving anything. 3. Enter all of the settings and click Apply. 4. A new maintenance profile has been created. 4.16.2.2 VPN Management An easy method is offered to configure VPN settings for building VPN connection between Vigor2960 (treated as VPN server) and other Vigor router (treated as CPE device, i.e., VPN client).
the remote CPE (waiting for the icon to be bigger) first and then click it. If the connection is built successfully, a blue line will appear. SSL To build a quick VPN connection with SSL, simply click the remote CPE (waiting for the icon to be bigger) first and then click it. If the connection is built successfully, a blue line will appear. Advanced To build a VPN connection with detailed configuration (such as PPP authentication and VJ compression), click Advanced tool.
Device – Display the name of the CPE connected to Vigor router via VPN. Name – Display the name (can be modified by the administrator) of the device. Refer to 4.11.2.1 CPE Maintenance for detailed information. Connected Devices Once the VPN is established successfully, the basic information such as the connection type, IP address, RX/RX will be displayed on this field. Refresh – Click it to refresh current page. VPN – Display the name of the VPN. Type – Display the type of the connection mode.
4.16.2.3 Map To display the location of the selected CPE with a bird’s eye view, open Central Management>>VPN>>CPE Management and click the tab of Map.
4.16.3 Log/Alert The Log page offers brief information to identify the CPE connected to Vigor2960. The Alert page offers brief information to identify the CPE connected to Vigor2960.
4.17 Central Management (AP) Vigor2960 can manage the access points supporting AP management via Central AP Management. AP Map AP Map is helpful to determine the best location for VigorAP in a room. A floor plan of a room is required to be uploaded first.
Configuration pages with new designed web pages will be shown as follows. They are suitable and easy to browse on network for PC users and mobile users. Menu items related to AP are General Setup, Dashboard, Status, WLAN Profile, Rogue AP, Total Traffic, Event Log, Station Number, AP Maintenance, Traffic Graph, Load Balance, AP Map, and Function Support List.
4.17.1 General Setup To enable the Central Management AP feature, the first thing you have to do is enabling port settings. Click AP Management>>General Setup to get the following page. Available parameters are listed as follows: Item Description AP Management Check Enable to enable the settings configured in this page. HTTP Allow Click Enable to active the HTTP setting. HTTP Port Type a port number for HTTP. The default value is 9080. HTTPS Allow Click Enable to activate the HTTPS setting.
4.17.2 Dashboard This page shows VigorAP’s information about Event Log, Total Traffic or Station Number by displaying text and histogram. 4.17.3 Status This page displays general information for the VigorAP managed by Vigor2960. Available parameters are listed as follows: Item Description Status Display current status (connected or disconnected) of the managed AP. Device Name The name of the AP managed by Vigor router will be displayed here.
connected to Vigor2960. Ch. Display the channel used by the access point. WL Client Display current number/maximum number (ex: 0/64) of clients connecting to the selected wireless access point. Version Display the firmware version used by the access point. Config Click it to open the configuration page of the selected VigorAP. The device name, Login username and Login password can be modified if required. Clear Such button allows you to remove the selected VigorAP.
4.17.4 WLAN Profile WLAN profile is used to apply to a selected access point. It is very convenient for the administrator to configure the setting for access point without opening the web user interface of the access point. Check the box on the left side of the selected profile to modify the content of the profile. The Clone, Edit and Apply To Device buttons will be available then. Available settings are explained as follows: Item Description Profile Name Display the name of the profile.
Third, choose the profile index to accept the settings from the original profile. Forth, type a new name in the field of Renamed as. Last, click Apply to save the settings on this dialog. The new profile has been created with the settings coming from the original profile. Edit / Add It allows you to modify an existing wireless profile or create a new wireless profile. Apply to Device Click it to apply the selected wireless profile to the specified Access Point.
How to edit the wireless LAN profile? 1. Check the box on the left side of the selected profile. 2. Click the Edit button to display the following page. Note: The function of Auto Provision is available for the default WLAN profile. 3. After finished the general settings configuration, click Next to open the following page for 2.4G wireless security settings.
4. After finished the above web page configuration, click Next to open the following page for 5G wireless security settings. 5. When you finished the above web page configuration, click Finish to exit and return to the first page. The modified WLAN profile will be shown on the web page.
4.17.5 AP Maintenance Vigor router can execute configuration backup, configuration restoration, firmware upgrade and remote reboot for the APs managed by the router. It is very convenient for the administrator to process maintenance without accessing into the web user interface of the access point. Config Backup can be performed to one AP at one time. Others functions (e.g., Config Restore, Firmware Upgrade, Remote Reboot) can be performed to more than one AP at one time by using Vigor2960.
4.17.6 AP Map This function is helpful to determine the best location for VigorAP in a room. A floor plan of a room is required to be uploaded first. By dragging and dropping available VigorAP icon from the list to the floor plan, the placement with the best wireless coverage will be clearly indicated through simulated signal strength. Each item will be explained as follows: Item Description Location Display a brief description (e.g., ground, roof) of the AP Map.
Available settings are explained as follows: 2. Item Description Location (Profile Name) Type a name (e.g., MKT_car) for the AP map profile. Upload Map Click the Select button to choose an image file (only JPG and PNG are supported) for floor plan. Next Click it to go to the next configuration page. Cancel Click it to cancel the configuration. Click Next. The configuration page with floor plan will be shown on the web page.
3. Click the Planning tab. Drag and drop an AP icon from Compatible AP List to the map on the left side. 4. Check the box of Show AP Coverage on 5GHz/2.4 to display the signal coverage area. 5. Adjust the AP on the map to find out which place can have the best wireless coverage. At last, click Save.
4.17.7 Traffic Graph Click Traffic Graph to open the web page. Choose one of the managed Access Points, LAN-A or LAN-B, daily or weekly for viewing data transmission chart. Click Refresh to renew the graph at any time.
4.17.8 Rogue AP Access Points can be classified with friendly (green) APs, rogue APs (red) and unknown (black) APs in different colors. This page displays the access point scanned by Vigor router. Each item will be explained as follows: Item Description Rescan Click to scan the access points again. Reload Click it to refresh the web page immediately. Filter by type AP status page will be displayed based on the type (Friendly, Rogue, Unknown) of access points.
Item Description will be displayed automatically. AP’s SSID When an AP is selected, the SSID of the selected AP will be displayed automatically. Add to Friendly APs Add - Click it to make the selected AP be classified as friendly AP. Rogue APS Add - Click it to make the selected AP be classified as rogue AP. Delete from Friendly / Rogue APs Click it to make the selected AP be classified as unknown AP. Ch Display the channel used by the detected access point.
4.17.9 Event Log Time and event log for all of the APs managed by Vigor router will be shown on this page. It is useful for troubleshooting if required. Each item will be explained as follows: Item Description Refresh Click it to refresh the web page immediately. Auto Refresh The system will refresh the web after specified time automatically. Display Specify how many records will be displayed in this page. Type Display the type (processing or finished) of the event.
4.17.10 Total Traffic Such page will display the total traffic of data receiving and data transmitting for VigorAPs managed by Vigor router. 4.17.11 Station Number The total number of the wireless clients will be shown on this page, no matter what mode of wireless connection (2.4G WLAN or 5G WLAN) used by wireless clients to access into Internet through VigorAP.
4.17.12 Load Balance The parameters configured for Load Balance can help to distribute the traffic for all of the access points registered to Vigor router. Thus, the bandwidth will not be occupied by certain access points. Available settings are explained as follows: Item Description AP Load Balance It is used to determine the operation mode when the system detects overload between access points.
Item Description Dissociate existing station by longest idle time - When the access point is overload (e.g., reaching the limit of station number or limit of network traffic), it will terminate the network connection of the client’s station which is idle for a longest time. Dissociate existing station by worst signal strength When the access point is overload (e.g.
4.17.13 Function Support List Click the Client tab to list the AP management functions that the Access Points support under different firmware versions. Click the Server tab to list the AP management functions that Vigor router supports under different firmware versions.
4.18 Central Management (Switch) Vigor router can manage lots of VigorSwitch devices connected to it. Through profile and group settings, the administrator can execute firmware/configuration backup, restore for VigorSwitch device, reboot the device or return to factory default settings of VigorSwitch at one time. Before using such menu, please enable External Devices Auto Discovery on External Devices first. Click Central Management>>Switch to open configuration pages in new designed web pages.
Each item will be explained as follows: Item Description Enable Switch Management Check the box to enable switch management. Refresh Renew current web page. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Status Status – Green icon means the VigorSwitch does connect to Vigor2960 and is managed by Vigor2960. Grey icon means Vigor2960 is detecting such VigorSwitch still.
New Switch Status –Green icon means the VigorSwitch does connect to Vigor2960 and is managed by Vigor2960. Grey icon means Vigor2960 is detecting such VigorSwitch still. Red icon means Vigor2960 cannot access it to get status information for accessing password configuration of VigorSwitch is wrong or Telnet service is disabled. Switch Name – Display the name of VigorSwitch. IP Address – Display the IP address link of VigorSwitch. You can click the link to access into the web user interface of VigorSwitch.
4.18.2 Profile This page will show general information, such as name, group, IP address, MAC address, model and password of VigorSwitch only when it connects to Vigor2960 series. By clicking the edit button, a profile setting page for that switch will be shown. Note that each profile represents one VigorSwitch. Each item will be explained as follows: Item Description Enable Switch Management Check the box to enable switch management. Refresh Renew current web page.
VigorSwitch. New Switch Status –Green icon means the VigorSwitch does connect to Vigor2960 and is managed by Vigor2960. Grey icon means Vigor2960 is detecting such VigorSwitch still. Red icon means Vigor2960 cannot access it to get status information for accessing password configuration of VigorSwitch is wrong or Telnet service is disabled. Switch Name – Display the name of VigorSwitch. IP Address – Display the IP address link of VigorSwitch.
Switch Name Name of VigorSwitch will be displayed here automatically. Comment Type any description for such switch if required. Enable Copy Configuration Check Enable to activate such function. Send to Device Current setting will be saved. Meanwhile, the configuration in VigorSwitch also will be rewritten immediately. Type new values and click Send to Device for saving the configurations. Then, click the Port tab to change the port setting if required.
490 Vigor2960 Series User’s Guide
4.18.3 Group Different switches can be classified into different group(s). Through the common password setting, it is not necessary for the system administrator to remember various login passwords to access into different VigorSwitch devices. Click the icon under Operation to create/edit a switch group. Available settings are explained as follows: Item Description Group Name Type a name as the group name. Different switches can be classified within a group.
Apply Click it to save the configuration. Cancel Click it to exit the setting page without saving any change. 4.18.4 Maintenance Such feature can execute configuration backup, restore of selected VigorSwitch device(s) or reboot the VigorSwitch devices remotely or reset the VigorSwitch devices with factory default settings, without accessing into the web user interface of VigorSwitch respectively. It is convenient for system administrator to manage VigorSwitch devices.
4.18.5 Support List This page lists all models of VigorSwitch which can be managed by Vigor2960 via Switch Management. 4.19 External Devices Vigor router can be used to connect with many types of external devices. In order to control or manage the external devices conveniently, open External Devices to make detailed configuration. Each item will be explained as follows: Item Description External Devices Auto Discovery Check the box to detect the external device connected to Vigor2960.
Item Description Status Display current status (online or offline) of the device. Model Name Display the model name of the external product. MAC Address Display the MAC address of the external product. IP Address Display the IP address of the external product. Connection Time Display the connection time that the external product connecting to Vigor2960. Clear Click the icon when it is offline. to remove the record of the device From this web page, check the box of Enable External Devices.
Chapter 5: Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. Checking if the hardware status is OK or not. Checking if the network connection settings on your computer are OK or not. Pinging the router from your computer. Checking if the ISP settings are OK or not.
5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. For Windows The example is based on Windows 7. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. 1.
4. Select Internet Protocol Version 4 (TCP/IP) and then click Properties. 5. Select Obtain an IP address automatically and Obtain DNS server address automatically. Finally, click OK. For Mac OS 1. Double click on the current used Mac OS on the desktop. 2. Open the Application folder and get into Network.
3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
5.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 5.2) Please follow the steps below to ping the router correctly.
5.4 Checking If the ISP Settings are OK or Not Open Online Status to check current network status. Be careful to check if the settings coming from your ISP have been typed correctly or not.
If there is something wrong with the configuration, please go to WAN page and choose General Setup again to modify the WAN connection. 5.5 Backing to Factory Default Setting If Necessary Sometimes, a wrong connection can be improved by returning to the default settings. Try to reset the router by software or hardware. Warning: After pressing factory default setting, you will lose all settings you did before. Make sure you have recorded all useful settings before you pressing.
Hardware Reset While the router is running (ACT LED blinking), press the Factory Reset button and hold for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the button. Then, the router will restart with the default configuration. After restore the factory default setting, you can configure the settings for the router again to fit your personal request. 5.
Chapter 6: Telnet Commands 6.1 Accessing Telnet of Vigor Router This chapter also gives you a general description for accessing telnet and describes the firmware versions for the routers explained in this manual. Info For Windows 7 user, please make sure the Windows Features of Telnet Client has been turned on under Control Panel>>Programs. Type cmd and press Enter. The Telnet terminal will be open later. In the following window, type Telnet 192.168.1.1 as below and press Enter.
For users using previous Windows system (e.g., 2000/XP), simply click Start >> Run and type Telnet 192.168.1.1 in the Open box as below. Next, type admin/admin for Account/Password.
6.2 Global Commands Type ? to get a list of global commands. Global Commands contains - apply, enable, fpp, help, history, logout, ping, ping6, restart, status, traceroute, uci, wd_off and exit. Each command will be explained as follows. Telnet Command: apply This command is used for applying settings/modifications onto Vigor router. To configure, create, delete, or edit any command, type this command to activate the configuration.
Vigor2960>enable Example Vigor2960> enable Entering enable mode... Vigor2960# exit Leaving enable mode... Vigor2960> Telnet Command: fpp This command can change inspection policy and packet count for default policy. Syntax Vigor2960>fpp [inspection] [packets] Command Description [inspection] Set 1 to enable inspection based on user-defined packet number. Set 0 to make inspection based on default packet number. [packets] Set the number of packets needed to be inspected.
[enter] - Auto-completes, syntax-checks then executes a command. If there is a syntax error then offending part of the command line will be highlighted and explained. . . . . Telnet Command: history This command can display current session command line history.
Syntax Vigor2960>ping [host] [src_if] Command Description [host] Type the IP address of the host for pinging. [src_if] Specify the interface (wan1 or wan2) to execute pinging. This is optional setting. Example Vigor2960> ping 6 PING 6 (0.0.0.6): 56 data bytes ping: sendto: Network is unreachable Send ICMP ECHO_REQUEST packets done. Vigor2960> ping 8.8.8.8 wan2 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=11.3 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=10.
Send ICMP ECHO_REQUEST packets done. Vigor2960> Vigor2960> Vigor2960> ping6 2001:b000:168::1 wan2 3 50 true PING 2001:b000:168::1(2001:b000:168::1) from 2001:b011:700a:1a62:940:1a4d:7eb:1e3a : 50 data bytes --- 2001:b000:168::1 ping statistics --3 packets transmitted, 3 received, 0% packet loss, time 2010ms rtt min/avg/max/mdev = 5.467/5.534/5.588/0.050 ms Send ICMP ECHO_REQUEST packets done.
interface Display information about interface (e.g., eth0, eth2, lan-lan1 and local loopback). lan Display status information for LAN. neighbor6 Display information about current IPv6 neighbor table. process Display process information that Vigor router is performing. route Display route information (IPv4). route6 Display route information (IPv6). switch Switch lan – Display current status for switch in LAN port. Switch wan – Display current status for switch in WAN port.
Up Time : 0 days 6 hours 0 minutes 42 seconds Transmitted : 2540480 packets Received : 1568532 packets Telnet Command: traceroute This command can print the route packets trace to network host. Syntax Vigor2960> traceroute [host][src_if] Command Description [host] Type the IPv6 address of the host for pinging. [src_if] Specify the interface (wan1 or wan2) to execute pinging. This is optional setting. Example Vigor2960> traceroute 8.8.8.8 wan2 traceroute to 8.8.8.8 (8.8.8.8) from 172.17.5.
Telnet Command: uci This command is used for RD debug. Telnet Command: wd_off This command can close watch dog (which is running in default after reboot). Syntax Vigor2960>wd_off Example Vigor2960> wd_off Watch Dog Closed Vigor2960> Telnet Command: exit This command can exit telnet command dialog or return to previous command layer. Syntax Vigor2960>exit Example Vigor2960> enable Entering enable mode... Vigor2960# exit Leaving enable mode... Vigor2960> 6.
Vigor2960@config-nat# object_setting Settings for File Extension Object, IP Group, IP Object, Keyword Object, Service Group, Service Object, Time Group, Time Object and Web Category Object can be configured with such command.
6.4 WAN Configuration To make WAN configuration, you have to type “configure terminal” to access into next phase. Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t# .. Go back to upper layer menu exit Go back to main menu lan Configure lan profile wan Configure wan profile Vigor2960@config-t# wan Vigor2960@config-t-wan# ? . . .
Create a new WAN profile (without detailed settings) pf add - Enter a name (e.g., wan_carrie) for creating a new WAN profile. Delete a WAN profile. pf delete - Enter a name (e.g., wan_carrie) to be removed. pf show Display configuration on WAN profile. Modify a selected WAN profile. pf - Enter the name of WAN profile to be modified.
connection. [default_mac default_mac] Enable / disable the function of specifying the MAC address as default setting. [default_mac] - Enter Enable or Disable. [mac macaddr] Enter the MAC address. [macaddr] - Enter the MAC address with the format of “xx-xx-xx-xx-xx-xx” [proto proto] Specify the protocol type for IPv4 connection. [proto] - Available types contain None / Static / DHCP / PPoE / PPTP. [mode mode] Specify NAT or ROUTE mode on this interface [mode] - Enter NAT or ROUTING.
6.4.1.2 Telnet Command: cdhost Users could use [cdhost] command to configure connection detection hosts of a WAN profile. Choose the [dhcp] or [static] item and then use [add] or [remove] to set the profile.
Users could use this command to configure the DNS server to add or remove DNS server (based on IPv4). Syntax Vigor2960@config-t-wan-pf-# dns add Vigor2960@config-t-wan-pf-# dns remove Command Description Display the name of WAN profile. dns add Add an IPv4 address for the DNS server. - Enter an IPv4 address for DNS server. dns remove Delete the IP address setting for the DNS server. - Enter an IPv4 address for DNS server.
- Enter an IPv6 address for DNS server. 6.4.1.6 Telnet Command: exit Users could use this command to go back to upper level. Syntax Vigor2960@config-t-wan-pf-# exit Command Description Display the name of WAN profile. exit Go back to upper level (e.g., config-t-wan menu). 6.4.1.
status : Disable wan4_dmz_status : Disable desc : port : default_mac : Enable mac : 00:50:7f:7b:83:01 proto : None mode : NAT proto6 : Link_Local schedule_reconnect : Disable timeobj : tag : Disable vid : 1 pvid : 0 Vigor2960@config-t-wan-pf-w_carrie# 6.4.1.8 Telnet Command: ipalias Use this command to configure the IP alias address. Choose the [dhcp] or [static] item and use [add] or [remove] to set this profile.
Vigor2960@config-t-wan# pf w_carrie Vigor2960@config-t-wan-pf-w_carrie# Vigor2960@config-t-wan-pf-w_carrie# ipalias dhcp add 192.168.1.56/32 Vigor2960@config-t-wan-pf-w_carrie# 6.4.1.9 Telnet Command: set It is used for reviewing the detailed settings (including DHCP, IPv6 DHCP IA_NA, DMZ, global, PPPoE, Static, IPv6 Static and so on) or modifying settings for the selected profile. Syntax for set DHCP profile Use [set dhcp] command to configure the DHCP WAN profile in details.
[dhcp_client_id dhcp_client_id] Set the user name for DHCP client. [dhcp_client_id] - Enter username for DHCP client. [dhcp_client_id_pas s dhcp_client_id_pass ] Set a password for DHCP client. [dhcp_client_id_pass] - Enter a password for DHCP client. [user_dns_status user_dns_status] Enable / disable the function of DNS settings configuration. [user_dns_status] - Enter Enable or Disable. [user_dns user_dns] Specify DNS Settings. [user_dns] - Enter the IP address of DNS server.
dhcp_client_id_pass : user_dns_status : Enable user_dns : Vigor2960@config-t-wan-pf-wan1# set dhcp ipalias 192.168.1.250/32 set done Vigor2960@config-t-wan-pf-wan1# get dhcp hostname : ipalias : mtu : cdmode : cdhost : cdint : cdretry : dhcp_vendor_class_id : dhcp_client_id_label : dhcp_client_id : dhcp_client_id_pass : user_dns_status : user_dns : 192.168.1.
[proto6 proto6] Specify an IPv6 protocol type for WAN profile. [proto6] - Available types include Link Local, Static, PPP, DHCP-IA NA, DHCP-IA PD. [schedule_reconnect schedule_reconnect] Enable / disable the function of WAN reconnection based on schedule. [schedule_reconnect]- Enter Enable or Disable. [timeobj timeobj] If [schedule_reconnect] is enabled, specify a time object profile. [timeobj] – Enter the name of the time object. [tag tag] Enable /disable the function to bring VLAN tag when egress.
[cdretry pppoe_cd_retry] [ipalias pppoe_ipalias] [user_dns_status user_dns_status] [user_dns user_dns] Command Description Display the name of the WAN profile. [username pppoe_username] Specify a username for PPPoE connection. [pppoe_username] - Define a name in this field. [password pppoe_password] Specify a password for the PPPoE connection. [pppoe_password] - Define the password in this field. [mtu pppoe_mtu] Set MTU/MRU value for PPPoE connection.
Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#wan Vigor2960@config-t-wan# pf wan1 Vigor2960@config-t-wan-pf-wan1# Vigor2960@config-t-wan-pf-wan1# set pppoe username marketing_test set done Vigor2960@config-t-wan-pf-wan1# set pppoe password marketing_123 set done Syntax for set Static profile Use [set static] command to configure the static IP profile in details.
Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#wan Vigor2960@config-t-wan# pf wan1 Vigor2960@config-t-wan-pf-wan1# Vigor2960@config-t-wan-pf-wan1# set static ipaddr 192.168.1.126 set done Vigor2960@config-t-wan-pf-wan_carrie# set static cdint 65535 set done Vigor2960@config-t-wan-pf-wan_carrie# Syntax for set Static6 profile Use [set static6] command to configure the static IPv6 profile in details.
Vigor2960@config-t-wan# defaultroute get Vigor2960@config-t-wan# defaultroute set [pool lb_pool] [auto_lb auto_lb] [ct_rt ct_rt] [session_rt_excp session_rt_excp] Command Description get Get the configuration of default route. set Modify the settings of default route. [pool lb_pool] Set the load balance pool for a wan profile. [lb_pool] - Enter the name of the WAN profile (e.g., w_carrie) / WAN interface (e.g., WAN1/USB1). [auto_lb auto_lb] Enable or disable the Auto Failover to Active WANs.
lbpool show Display the setting status of the load balance pool profile. lbpool Modify settings for the selected profile. - Enter the name of the load balance pool profile. Example In this example, we create a load balance profile named with “lb_carrie”. Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#wan Vigor2960@config-t-wan# lbpool add lb_carrie Vigor2960@config-t-wan# lbpool show 6.4.3.
primary : backup : Vigor2960@config-t-wan-lb-pool-lb_carrie# 6.4.3.2 Telnet Command: set, get, add, remove It is used for reviewing the detailed settings or modifying settings for the selected load balance pool profile (e.g., lb_carrie).
In this example, we create a load balance profile named with “lb_carrie”.
Specify a WAN profile / load balance pool as default setting for China. [default default_pool] Example Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#wan Vigor2960@config-t-wan# Vigor2960@config-t-wan# autolb get status telecom cnc default : : : : Disable wan1 wan1 wan1 Vigor2960@config-t-wan# 6.4.5 Telnet Command: switch Use this command to set switch profile, then type [vlan] command to configure the details.
Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#wan Vigor2960@config-t-wan# switch Vigor2960@config-t-wan-switch# Vigor2960@config-t-wan-switch# vlan show vlanid member untag 10 1 1 11 2 2 1 1 1 Vigor2960@config-t-wan-switch# 6.4.6 Telnet Command: 3g Use this command to display the status of 3G USB connection and configure detailed settings for 3G connection.
[cdhost cd_host] Specify the IP address as connection detection host. [cd_host] – Enter the IP address. [cdint cd_interval] Assign an interval period of time for each detecting. [cd_interval] – Enter a number (unit is second). [cdretry cd_retry] Assign detecting times to ensure the connection of the WAN interface. [cd_retry] - Enter a number. [pincode pincode] Specify the SIM card PIN code for accessing Internet. [pincode]- Enter the PIN code of the SIM card.
cdhost : cdint : 10 cdretry : 3 pincode : init_string1 : AT&F init_string2 : ATE0V1X1&D2&C1S0=0 apn : internet dial_string : ATDT*99# username : password : 4g_pincode : 4g_net_mode : 0 4g_apn : internet Vigor3900@config-t-wan-3g-usb1# set status enable set done Vigor3900@config-t-wan-3g-usb1# get status : Enable desc : proto : 3G/4G_PPP cdmode : none cdhost : cdint : 10 cdretry : 3 pincode : init_string1 : AT&F init_string2 : ATE0V1X1&D2&C1S0=0 apn : internet dial_string : ATDT*99# username : password : 4g_
. There are several functions for WAN – General Setup (command “pf”), Inter-LAN Route, IP Bind MAC, IP Routing, Route/Route 6 and Switch. Available sub-commands under LAN include: - ipbindmac (refer to 6.5.1) - iprouting (refer to 6.5.2) - pf (refer to 6.5.3) - route (refer to 6.5.4) - route6 (refer to 6.5.5) - switch (refer to 6.5.6) Note: [XXX XXX] - [ ] means such command is optional. The former is command itself; the latter is value/selection for such command.
6.5.1.1 Telenet Command: ipbindmac add ? To configure detailed settings for an IP bind MAC profile, users could use [ipbindmac add] to create a new profile with detailed settings. Syntax Vigor2960@config-t-lan#ipbindmac add [ip ip] [macaddr macaddr] [comment comment] Command Description add Add a new IP Bind MAC profile. [ip ip] [IP] - Define an IPv4 address in this field. [macaddr macaddr] [MAC address] - Enter the MAC address.
Vigor2960@config-t-lan#ipbindmac Bind_carrie Vigor2960@config-t-lan-ipbindmac-Bind_carrie# Vigor2960@config-t-lan-ipbindmac-bind_carrie# set ip 192.168.1.86 set done Vigor2960@config-t-lan-ipbindmac-bind_carrie# get ip macaddr comment : 192.168.1.86 : : 6.5.2 Telnet Command: iprouting Users could use [iprouting] command to configure IP Routing (LAN/WAN Proxy ARP) to add or delete the profile or use “show” to get the profile list in the directory.
Vigor2960@config-t-lan# iprouting add [status status] [wan_pf wan_profile] [lan_pf lan_profile] [ipaddr ipaddr] [mask mask] Command Description add Add a new IP routing profile. [status status] [status] - Enter Enable or Disable. [wan_pf wan_profile] [wan_profile] - Enter the name (e.g., w_carrie) of WAN profile. [lan_pf lan_profile] [lan_profile] - Enter the name (e.g., lan_carrie) of LAN profile. [ipaddr ipaddr] [ipaddr] - Enter the IP address for such profile.
wan_profile] [lan_pf lan_profile] [lan_profile] - Enter the name (e.g., lan_carrie) of LAN profile. [ipaddr ipaddr] [ipaddr] - Enter the IP address for such profile. [mask mask] Enter the network mask for such profile. [mask] - Available options include: 255.255.255.252/30 255.255.255.248/29 255.255.255.240/28 255.255.255.224/27 255.255.255.192/26 255.255.255.128/25 255.255.255.
pf show Display a summary for all LAN profiles. pf show Display detailed settings for the specified LAN profile. pf Modify detailed settings for the selected profile. - Enter the name (e.g., lan_carrie) of LAN profile to be modified. Example Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#lan Vigor2960@config-t-lan# Vigor2960@config-t-lan#pf show interface status desc vid ipaddr mask dhcp_status proto6 lan1 enable 10 192.168.1.1 255.255.255.
[lan_dns_redirect lan_dns_redirect] [proto6 proto6] [ip6addr static_ip6address] [ip6length static_ip6length] [sla_wan dhcp6_sla_wan] [sla_id dhcp6_sla_id] Command [status status] Description Enable or disable the specified LAN profile. [status] - Enter Enable or Disable. [desc description] Make a brief explanation for the LAN profile. [description] - Enter any words to describe such LAN profile. Specify the name of the VLAN ID. [vid] - Set a number (1 ~ 4095) as VLAN ID.
[dhcp_dns] - Enter an IP address. [lease lease] Set a lease time for the DHCP server. The time unit is minute. [lease] - Enter any number. [router router] Vigor router will be treated as gateway in default. If you want to assign other device as gateway, please enter the IP address in this field. [router] - Enter the IP address of the other gateway. [dhcp_next_server dhcp_next_server] Set next server for DHCP server. [dhcp_next_server] - Enter the IP address of the secondary DHCP server.
Vigor2960# configure terminal Vigor2960@config-t# lan Vigor2960@config-t-lan # pf add status enable lan_test vid 6 pvid 2 proto none Vigor2960@config-t-lan-pf-lan_test# Vigor2960@config-t-lan-pf-lan_test#exit Vigor2960@config-t-lan# 6.5.3.2 Telnet Command: 2nd_subnet Users could use [2nd_subnet] command to modify second subnet of a specified LAN profile (e.g., lan_carrie).
Vigor2960@config-t-lan-pf-_dhcp# set [status status] [start start] [end end] [dns dns] [router router] [lease lease] [rdi_pool status] [rdi_start rdi_start] [rdi_end rdi_end] Command Description dns add Add an IP address as DNS server. - Enter IP address for DNS server. dns remove Remove the IP address of the DNS server. - Enter IP address for DNS server to be removed. get Display current DHCP status of the selected LAN profile.
Users could use [dhcp6] command to modify DHCPv6 server settings (such as DHCPv6 server) for an existing LAN profile. Use the [get] or [set] command to configure the information. Syntax Vigor2960@config-t-lan-pf-# dhcp6 Vigor2960@config-t-lan-pf--dhcp6# get Vigor2960@config-t-lan-pf--dhcp6# set [status status] [mode mode] [dns_auto dns_auto] [start start] [end end] [dns dns] Command Description get Display current DHCPv6 status of the selected LAN profile.
dns : 6.5.3.5 Telnet Command: dhcprelay Users use [dhcprelay] command to modify / configure DHCP Relay agent, then type the [get] or [set] command to configure the details information. Syntax Vigor2960@config-t-lan-pf-# dhcprelay Vigor2960@config-t-lan-pf--dhcprelay>#get Vigor2960@config-t-lan-pf--dhcprelay>#set [status status] [wan wan_profile] [server server_ip] [agent_ip agent_ip] Command Description get Get the configuration of DHCP relay profile.
6.5.3.7 Telnet Command: get Users could use this command to display the detailed configuration information of the selected LAN profile Syntax Vigor2960@config-t-LAN-pf-# get Example In this example, we create a LAN profile named with “lan_carrie”.
set Modify settings for the selected profile. [status status] Enable or Disable the RADVD function. [status] – Enter Enable or Disable. [lifetime lifetime] Enter a value (ranging from 10 ~ 150 minutes) for advertisement lifetime. [lifetime] – Enter a value. Example In this example, we create a LAN profile named with “lan_carrie”.
default setting. [default_mac] - Enter Enable or Disable. [mac macaddr] Enter the MAC address if default MAC address is disabled. [macaddr] - Enter the MAC address with the format of “xx-xx-xx-xx-xx-xx” [mode mode] From this subnet to remote network, you have to do NAT or ROUTING (NAT/ROUTING) [mode] - Enter NAT or ROUTING. [ipaddr ipaddress] Set a private IP address of this router for LAN profile. [ipaddress] - Enter a private IP address. [mask mask] Set a subnet mask for LAN profile.
[rdi_start rdi_start] Set the starting IP address for remote dial-in IP range. [rdi_start] - Enter an IP address. [rdi_end rdi_end] Set the ending IP address for remote dial-in IP range. [rdi_end] - Enter an IP address. [2nd_subnet 2nd_subnet] Specify the second subnet. <2nd_subnet> - Enter the IP address. [lan_dns_redirect lan_dns_redirect] Enable or disable the function of redirecting DNS queries from such LAN profile to router's DNS Server. [lan_dns_redirect]- Enter Enable or Disable.
Vigor2960@config-t-lan#route show Vigor2960@config-t-lan#route show Vigor2960@config-t-lan#route Command Description route add Add a new route profile. - Enter the name of route profile. route delete Remove a selected route profile. - Enter the name (e.g., route_carrie) of route profile to be deleted. route show Display the status for all route profiles.
[profile] – Enter the name of the profile. [metric metric] Enter the distance to the target (usually counted in hops). [metric] – Enter the value. Enter the name (e.g., rout_marketing) of static route profile. Example Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#lan Vigor2960@config-t-lan#route add status enable dest 192.168.1.100 route_david Vigor2960@config-t-lan-route-route_david# 6.5.4.
[metric] – Enter the value. Example Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#lan Vigor2960@config-t-lan#route add status enable dest 192.168.1.100 route_marketing Vigor2960@config-t-lan-route-route_marketing# Vigor2960@config-t-lan-route-route_marketing# get status dest mask gateway pf metric : Enable : 192.168.1.100 : : : : Vigor2960@config-t-lan-route-route_marketing# Vigor2960@config-t-lan-route-route_marketing# set status enable dest 192.168.10 120 mask 255.255.
- Enter the name (e.g., route6_production) of route profile to be modified. Example Vigor2960>enable Vigor2960# configure terminal Vigor2960@config-t#lan Vigor2960@config-t-lan#route6 add route6_production Vigor2960@config-t-lan-route6-route6_production# 6.5.5.1 Telenet Command: route6 add ? To configure detailed settings for a route profile (based on IPv6), users could use [route6 add] to create a new profile with detailed settings.
It is used for reviewing the detailed settings or modifying settings for the selected profile (e.g., route6_production). Syntax Vigor2960@config-t-lan-route6-# get Vigor2960@config-t-lan-route6-# set [status status] [dest dest] [prefix_len prefix_len] [nexthop nexthop] [pf profile] [metric metric] Command Description Display the name of the profile. get Get the configuration of route6 profile. set Modify settings for the selected profile.
Vigor2960@config-t-lan-switch# vlan add Vigor2960@config-t-lan-switch# vlan delete Vigor2960@config-t-lan-switch# vlan show Vigor2960@config-t-lan-switch-vlan-# get Vigor2960@config-t-lan-switch-vlan-# member add Vigor2960@config-t-lan-switch-vlan-# member remove Vigor2960@config-t-lan-switch-vlan-# untag add Vigor2960@config-t-lan-switch-vlan-# untag remove Command Description vlan add Add a new
To make NAT configuration, you have to type “configure nat” to access into next phase. Vigor2960>enable Vigor2960# configure nat Vigor2960@config-nat# ? . There are three functions for NAT – Port Redirection, DMZ. Available sub-commands under NAT include: - port_redirect (refer to 6.6.1) - dmz (refer to 6.6.2) Note: [XXX XXX] - [ ] means such command is optional. The former is command itself; the latter is value/selection for such command. - < > means such command is required.
Vigor2960# configure nat Vigor2960@config-nat# ? Vigor2960@config-nat# port_redirect add status enable port_r_carrie Vigor2960@config-nat-pr-port_r_carrie# 6.6.1.1 Telnet Command: port_redirct add ? To configure detailed settings for a port redirect profile, users could use [port redirect add] to create a new port redirect profile with detailed settings.
[public_port_end public_port_end] It is available when Range to One or Range to Range (port) or Range to Range (IP) is selected as Port Redirection Mode. - Enter ending number of the public port. [private_ip private_ip] Specify the private IP address of the internal host providing the service. [private_ip]- Enter a private IP address. [private_ip_end private_ip_end] It is available when Range to Range (IP) is selected as Port Redirection Mode.
set Modify settings for the selected profile. [status status] Enable or Disable the port redirection profile. [status] – Enter Enable or Disable. [redirect_mode redirect_mode] Specify the direction for the port to be redirected. Available options include: One_to_One Range_to_One Range_to_Range_port Range_to_Range_IP [public_prof public_prof] Specify the WAN profile for such profile. [public_prof] - Enter the name of the WAN profile (e.g.
more_1to1_port] Mode. It allows to configure more port numbers. [more_ltol_port]- Enter a number. Example Vigor2960>enable Vigor2960# configure nat Vigor2960@config-nat# ? Vigor2960@config-nat# port_redirect add status enable port_r_david Vigor2960@config-nat-pr-port_r_david# set status enable more_1to1_port 10 set done Vigor2960@config-nat-pr-port_r_david# 6.6.
6.6.2.1 Telnet Command: dmz add ? To configure detailed settings for a DMZ host profile, users could use [dmz add] to create a new DMZ host profile with detailed settings. Syntax Vigor2960@config-nat#dmz add [status status] [prof prof] [useipalias useipalias] [ipalias ipalias] [ip private_ip] [allow_access allow_access] [dst_ip_obj dst_ip_obj] [dst_ip_grp dst_ip_grp] [servicetype servicetype] Command Description [status status] Enable or Disable the DMZ profile.
ipalias ip allow_access dst_ip_obj dst_ip_grp servicetype : 0.0.0.0 : 192.168.2.65 : Enable : : : 6.6.2.2 Telnet Command: set, get It is used for reviewing the detailed settings or modifying settings for the selected DMZ profile (e.g., dmz_david).
Vigor2960>enable Vigor2960# configure nat Vigor2960@config-nat# dmz dmz_david Vigor2960@config-nat-dmz-dmz_david#set prof wan1 Set done Vigor2960@config-nat-dmz-dmz_david# get status prof useipalias ipalias ip allow_access dst_ip_obj dst_ip_grp servicetype Vigor2960 Series User’s Guide : : : : : : : : : Enable wan1 Disable 0.0.0.0 192.168.2.
6.7 Objects Setting Configuration Vigor2960 provides many functions in Objects Setting. Users could use the commands below to set up the details. To make object setting configuration, you have to type “configure object_setting” to access into next phase. Vigor2960>enable Vigor2960# configure object_setting Vigor2960@config-object# . There are several functions for object settings. Available sub-commands under Object Setting include: - fext_object (refer to 6.7.1) - ip_group (refer to 6.7.
Extension Object profile to be deleted. fext_object show Display the status for all File Extension Object profiles. fext_object show Display the status of selected File Extension Object profile. - Enter the name (e.g., fex_obj_carrie) of File Extension Object profile. fext_object Modify detailed settings for the selected profile. - Enter the name (e.g., fex_obj_carrie) of File Extension Object profile to be modified.
.ace/.arj/.bzip2/.bz2/.cab/.gz/.gzip/.rar/.sit/.zip [exe exe] Specify the execution file extension. [exe] - Available settings include: .bas/.bat/.com/.exe/.inf/.pif/.reg/.scr < ProfileName > - Enter the name (e.g., fex_obj_david) of File Extension Object profile. Example Vigor2960>enable Vigor2960# configure object_setting Vigor2960@config-object# Vigor2960@config-object# fext_object add image .bmp java .class exe .bat fex_obj_david Vigor2960@config-object-fext-fex_obj_david# 6.7.1.
audio add Add a new type to such profile. - Specify the audio file extension. Available settings include: .aac/.aiff/.au/.mp3/.m4a/.m4p/.ogg/.ra/.ram/.vox/.wav/.wma audio remove Remove a type from the profile. - Specify the audio file extension. Available settings include: .aac/.aiff/.au/.mp3/.m4a/.m4p/.ogg/.ra/.ram/.vox/.wav/.wma compression add Add a new type to such profile. - Specify the compression file extension.
pp2/.3g2 video remove Remove a type from the profile. - Specify the video file extension. Available settings include: .asf/.avi/.mov/.mpe/.mpeg/.mpg/.mp4/.qt/.rm/.wmv/.3gp/.3gpp/.3g pp2/.3g2 Example In this example, we create a file extension profile named with “fex_obj_david”. Vigor2960>enable Vigor2960# configure object_setting Vigor2960@config-object# fext_object fex_obj_david Vigor2960@config-object-fext-fex_obj_david#get Vigor2960@config-object-fext-fex_obj_david# image add .
ip_group add Add a new IP group profile. - Enter the name of IP group profile. ip_group delete Remove a selected IP group profile. - Enter the name (e.g., ip_grp_carrie) of IP group profile to be deleted. ip_group show Display the status for all IP group profiles. ip_group show Display the status of selected IP group profile. - Enter the name (e.g., ip_grp_carrie) of IP group profile.
Syntax Vigor2960@config-object-ipgrp-#set [desc description] Vigor2960@config-object-ipgrp-#objects add Vigor2960@config-object-ipgrp-#objects remove Vigor2960@config-object-ipgrp-#get Command Description get Get the configuration of object profile. set Modify settings for the selected profile. [desc description] Enter a brief description for this profile. [description] – Enter the description.
ip_object add Add a new IP Object profile. - Enter the name of IP Object profile. ip_object delete Remove a selected IP Object profile. - Enter the name (e.g., ip_obj_carrie) of IM Object profile to be deleted. ip_object show Display the status for all IP Object profiles. ip_object show Display the status of selected IP Object profile. - Enter the name (e.g., ip_obj_carrie) of IP Object profile.
Example In this example, we create an IP object profile named with “ip_obj_david”. Vigor2960>enable Vigor2960# configure object_setting Vigor2960@config-object#ip_object add type single sip 192.168.1.72 ip_obj_david Vigor2960@config-object-ipobj-ip_obj_david# Telnet Command: set, get It is used for reviewing the detailed settings or modifying settings for the selected profile (e.g., ip_obj_david).
mask : 6.7.4 Telnet Command: keyword_object Users could use [keyword_object] command to add or delete keyword object profile or use “show” to get the profile list in the directory. Enter the profile name to open it and modify the profile directly.
[member member] The object is used to match the keywords in the whole URL. [member]- Enter the string for a keyword. < ProfileName > - Enter the name (e.g., key_obj_david) of keyword object profile. Example In this example, we create a keyword object profile named with “key_obj_teacher”.
6.7.5 Telnet Command: service_group Users could use [service_group] command to add or delete the Service Group profile or use “show” to get the profile list in the directory. Enter the profile name to open it and modify the profile directly.
Example In this example, we create a service group profile named with “ser_grp_david”. Vigor2960>enable Vigor2960# configure object_setting Vigor2960@config-object# service_group add desc combine_all ser_grp_david Vigor2960@config-object-srvgrp-ser_grp_david# 6.7.5.2 Telnet Command: set, objects, get It is used for reviewing the detailed settings or modifying settings for the selected service group profile (e.g., ser_grp_david).
Syntax Vigor2960@config-object#service_object Vigor2960@config-object#service_object Vigor2960@config-object#service_object Vigor2960@config-object#service_object Vigor2960@config-object#service_object add delete show show Command Description service_object add Add a new service object profile. - Enter the name of service object profile. service_object delete Remove a selected service object profile.
[spt_end src_port_end] Enter a value as the ending point for source port. [src_port_end] - Enter a number (range from 0 – 65535 ) [dpt_start dest_port_start] Enter a value as starting point for destination port. [dest_port_start] - Enter a number (range from 0 – 65535 ) [dpt_end dest_port_end] Enter a value as ending point for destination port. [dest_port_end] - Enter a number (range from 0 – 65535 ) < ProfileName > - Enter the name (e.g., pro_obj_david) of service object profile.
Example In this example, we create a service object profile named with “ser_obj_david”.
Example In this example, we create a time group profile named with “time_grp_carrie”. Vigor2960>enable Vigor2960# configure object_setting Vigor2960@config-object# time_group add time_grp_carrie Vigor2960@config-object-timegrp-time_grp_carrie# 6.7.7.1 Telnet Command: time_group add ? To configure detailed settings for a time group profile, users could use [time_group add] to create a new time group profile with detailed settings.
- Enter the name of the object profile. Example In this example, we create a service object profile named with “time_grp_david”.
Vigor2960@config-object# time_object add time_obj_carrie Vigor2960@config-object-timeobj-time_obj_carrie# 6.7.8.1 Telnet Command: time_object add ? To configure detailed settings for a time object profile, users could use [time_object add] to create a new time object profile with detailed settings.
Vigor2960@config-object-timeobj-#set [freq frequency] [sdate startdate] [stime starttime] [edate enddate] [etime endtime] Vigor2960@config-object-timeobj-#weekdays add Vigor2960@config-object-timeobj-#weekdays remove Vigor2960@config-object-timeobj-#get Command Description Display the name of the profile. get Get the configuration of object profile. set Modify settings for the selected profile.
Sun Example In this example, we create a service object profile named with “ser_obj_david”.
web_categroy show Display the status of selected web category profile. - Enter the name (e.g., web_obj_carrie) of web category profile. web_categroy Modify detailed settings for the selected profile. - Enter the name (e.g., web_obj_carrie) of web category profile to be modified. Example In this example, we create a web category object profile named with “web_obj_carrie”.
Instant_Messaging [computer computer] Select category to filter the web page related to computer. Available setting include: Anonymizers/Forums_And_Newsgroups/Computers_And_Techn ology/Down_sites/Streaming_Media_And_Downloads/Phishing_ And_Fraud/Search_engines_And_Portals/Social_Networking/Spa m_sites/Malware/Botnets/Hacking/Illegal_Softwares/Information _Security/Peer_to_Peer [other other] Select category to filter the web page for special purpose.
Vigor2960@config-object-webcate-#leisure add Vigor2960@config-object-webcate-#leisure remove Vigor2960@config-object-webcate-#other add Vigor2960@config-object-webcate-#other remove Vigor2960@config-object-webcate-#get Command Description Display the name of the profile. get Get the configuration of object profile.
y_explicit/Violence/Weapons/School_Cheating/Sex_Education/Ta steless/Child_Abuse_Images computer add Add a category to such profile. - Select category to filter the web page related to computer.
- Select category to filter the web page for special purpose.
6.8 User Management Configuration User Management can manage all the accounts (user profiles) to connect to Internet via different protocols. To make user management configuration, you have to type “configure user” to access into next phase. Vigor2960>enable Vigor2960# configure user Vigor2960@config-user# . There are several functions for user management – users, group. Available sub-commands under User include: - users (refer to 6.8.1) - group (refer to 6.8.
account profile to be modified. Example In this example, we create a user account profile named with “user_carrie”. Vigor2960>enable Vigor2960# configure user Vigor2960@config-user# users add user_carrie Vigor2960@config-usr-user_carrie# 6.8.1.1 Telnet Command: users add ? To configure detailed settings for a user account profile, users could use [user add] to create a new users account profile with detailed settings.
[if pptpif] Specify a LAN profile for DHCP server IP dispatching. [pptpif] – Enter the name of the LAN profile. [fixip fixip] Assign the fixed IP address when user login via PPTP or L2TP. [fixip] - Enter IP address. [user_mnt_status user_mnt_status] Enable web portal login with such profile. [user_mnt_status] - Enter Enable or Disable. [user_enable_time_ quota user_enable_time_q uota] Enable the time quota mechanism for this user account. [user_enable_time_quota] - Enter Enable or Disable.
[ssl_proxy]- Specify one of the SSL proxy profile. [ssl_vnc ssl_vnc] It is available when sysuser (System User) is set with false. [ssl_vnc] - Specify one of the SSL Application profiles (VNC) for applying into this profile. [ssl_rdp ssl_rdp] It is available when sysuser (System User) is set with false. [ssl_rdp] - Specify one of the SSL Application profiles (RDP) for applying into this profile. [remote_ip remote_ip] Specify Remote IP Address/Domain Name for remote dial-in VPN client.
6.8.1.2 Telnet Command: set, get It is used for reviewing the detailed settings or modifying settings for the selected user account profile (e.g., user_david).
[user_mnt_status user_mnt_status] Enable web portal login with such profile. [user_mnt_status] - Enter Enable or Disable. [user_enable_time_ quota user_enable_time_q uota] Enable the time quota mechanism for this user account. [user_enable_time_quota] - Enter Enable or Disable. [user_set_time_quot a user_set_time_quot a] Set time quota for this account. [user_set_time_quota] - Enter the time value.
[ssl_rdp ssl_rdp] It is available when sysuser (System User) is set with false. [ssl_rdp] - Specify one of the SSL Application profiles (RDP) for applying into this profile. [remote_ip remote_ip] Specify Remote IP Address/Domain Name for remote dial-in VPN client. [remote_ip] - Enter IP address or domain name. [pppoe pppoe] Activate related PPPoE configuration for such profile. [pppoe] - Enter Enable or Disable. [quota_rst_freq quota_rst_freq] Specify the cycle time for PPPoE quota.
login_quota forced_logout for_remote_dailin pptp l2tp ssltunnel openvpn ipsec motp pin secret time_obj sslproxy ssl_vnc ssl_rdp remote_ip pppoe quota_rst_freq quota_time time_used quota_traffic traffic_used en_bindmac bind_mac vsftpd_status smb radiusd_status : : : : : : : : : : : : : : : : : : : : : : : : : : : -1 Disable Disable Disable Disable Disable Disable Disable Disable None -1 0 -1 0 Disable 00:00:00:00:00:00 Disable Disable Disable 6.8.
profile. group Modify detailed settings for the selected profile. - Enter the name (e.g., user_carrie) of user group profile to be modified. Example In this example, we create a web category bject profile named with “user_grp_carrie”. Vigor2960>enable Vigor2960# configure user Vigor2960@config-user#group add user_grp_carrie Vigor2960@config-usr-group-user_grp_carrie# 6.8.2.
[status status] Enable the user group profile. [status] - Enter Enable or Disable. member add Add a user profile to such group profile. [member] - Enter the name of the user profile. member remove Remove a user profile from such group. [member] - Enter the name of the user profile. Example In this example, we create a user group profile named with “user_grp_carrie”.
6.9 Applications Configuration To make applications configuration, you have to type “configure application” to access into next phase. Vigor2960>enable Vigor2960# configure applications Vigor2960@config-app# . There are several functions for application – DDNS, GVRP, HA, LDAP, OSPF, RIP, SIP ALG, and UPnP. Available sub-commands under Application include: - DDNS (refer to 6.9.1) - GVRP (refer to 6.9.2) - LDAP (refer to 6.9.3) - OSPF (refer to 6.9.4) - RIP (refer to 6.9.5) - SIP ALG (refer to 6.9.
[if-policy] - Available settings include selected_wan_first selected_wan_only. [provider provider] Specify DDNS server provider. [provider] - Available settings include: User-Defined/DrayTek_Global/3322/afraid/changeip/dns4biz/dns dynamic/dnsexit/dnsmax/dnsomatic/dtdns/dy-name-server/dynami /dyndns/editdns/Google_Domains/he.net/huagai/namecheap/no-ip /OpenDNS/ovh/selfhost/strato/thatip/twoddns/tzo/ubddns.org/vigo rddns/zoneedit [stype server_type] Specify service type for such DDNS profile.
Vigor2960@config-apps-ddns# set status enable ddns1 set done Vigor2960@config-apps-ddns# get ddns1 status : Disable if : wan1 policy : selected_wan_first provider : dyndns stype : Dynamic domain : login : pw : ip_source : 0 wildcard : Disable backup_mx : Disable mx : time_interval : 14400 status : 0 Vigor2960@config-apps-ddns# 6.9.2 Telnet Command: GVRP Users could use [gvrp] command to define a method for changing the VLAN information among device.
set done Vigor2960@config-app# gvrp set join_time 20 set done Vigor2960@config-app# 6.9.3 Telnet Command: ldap Users could use [ldap] command to configure LDAP profile. Syntax Vigor2960@config-app#ldap Vigor2960@config-app#ldap Vigor2960@config-app#ldap Vigor2960@config-app#ldap Vigor2960@config-app#ldap add delete show show Command Description ldap add Add a new profile. - Enter the name of LDAP profile.
[base_dn base_dn] [group_dn group_dn] [regular_dn regulardn] [regular_pwd regular_pwd] [usage_time usage_time] Command Description [status status] The first [status status] command is used to enable/disable LDAP function. [status]- Enter Enable or Disable. [status status] The second [status status] command is used to enable/disable LDAP with TLS. [status]- Enter Enable or Disable. [bind_type bind_type] Specify the Bind Type.
It is used for reviewing the detailed settings or modifying settings for the selected LDAP profile (e.g., ldap_david). Syntax Vigor2960@config-app-ldap-#set [status status] [status status] [bind_type bind_type] [server_ip server_ip][port port] [cid cid] [base_dn base_dn] [group_dn group_dn] [regular_dn regulardn] [regular_pwd regular_pwd] [usage_time usage_time] Vigor2960@config-app-ldap#get Command Description Display the name of the profile.
Example Vigor2960>enable Vigor2960# configure applications Vigor2960@config-app#ldap Vigor2960@config-app-ldap#get status : Disable status : disable bind_type : 0 server_ip : port : 389 cid : cn base_dn : group_dn : regular_dn : regular_pwd : usage_time : -1 Vigor2960@config-app-ldap#ldap ldap_carrie Vigor2960@config-app-ldap-ldap_carrie# set status enable bind_type Simple_Mode set done Vigor2960@config-app-ldap-ldap_carrie# get status status bind_type server_ip port cid base_dn group_dn regular_dn regular_
Create a new profile. - Enter a name of WAN/LAN profile. - An AS will be divided into several areas. Each area must be assigned with a dedicated number. [status status] Enable the OSPF function. [status] - Enter Enable or Disable. [router_id router_id] Specify an IP address for Vigor router which will be recognized in an autonomous system. [router_id] - Enter an IP address (e.g., 192.168.1.56). [pf profile] [profile] - Enter the name of LAN/WAN profile.
Vigor2960@config-app-rip#get status : Disable pf : wan1 Vigor2960@config-app-rip#set status enable pf wan1 6.9.6 Telnet Command: SIP ALG Users could use [sipalg] command to configure SIP ALG setting. Syntax Vigor2960@config-app-sipalg#set [status status] [sip_port sip_port] Vigor2960@config-app-sipalg#get Command Description get Get the configuration for SIP ALG. set Modify settings for for SIP ALG. [status status] Enable the function of UPnP. [status] - Enter Enable or Disable.
download] kilobits/second. [download] - Enter the speed rate (in kpbs). [upload upload] Enter the maximum sustained WAN upload speed in kilobits/second. [download] - Enter the speed rate (in kpbs). [external external] Select a WAN profile for UPnP protocol. [external] - Enter the name of the WAN profile. [inernal internal] Select a LAN profile for UPnP protocol. [internal] - Enter the name of LAN profile. [max_session max_session] Determine the maximum session number for UPnP function.
Note: [XXX XXX] - [ ] means such command is optional. The former is command itself; the latter is value/selection for such command. - < > means such command is required. The former is command itself; the latter is value/selection for such command. 6.10.1 Telnet Command: lan2lan Users could use [lan2lan] command to configure LAN to LAN, then use [ipsecpolicy], [ipsecsetup], [pptpdialin], [pptpdialout] commands to set the details.
Vigor2960@config-vpn-l2l# ipsecpolicy add l2l_carrie Vigor2960@config-vpn-l2l# ipsecpolicy l2l_carrie Vigor2960@config-vpn-l2l-ipsecpolicy-l2l_carrie# Telnet Command: ipsecpolicy add ? To configure detailed settings for a LAN to LAN profile, users could use [ipsecpolicy add] to create a new profile with detailed settings.
[lefthost_if_alias_ip lefthost_if_alias_ip] Specify one WAN Alias IP. [lefthost_if_alias_ip] – Enter the IP address (configured as WAN Alias IP). [lefthost_if_alias lefthost_if_alias] Enable / disable the function of WAN Alias IP. [lefthost_if_alias] – Enter Enable or Disable. [localhost lefthost_if] Specify the WAN interface for dialing out. [lefthost] – Enter the name of WAN profile. [localhost lefthost_if_bk] Specify WAN interface as backup WAN (failover WAN).
[peerid_type remoteid] Specify peer ID type for remote end by entering the required string. [remoteid] – Available settings are: AcceptAny SubjectAlterName:IP SubjectAlterName:DomainName SubjectAlterName:Email Certificate [peerid_value remoteid] Set the value for the remote client, if “2”, “3” or “4” is set as peer ID type. [remoteid] – Enter the IP address, Domain name or Email of remote client (based on the ID type selected for peer side).
[pinghost pinghost] Specify the IP address for the system to PING it for keeping alive. [pinghost] – Enter the IPv4 address. [natmode natmode] Specify NAT mode for LAN subnet to remote network. [natmode] – Available settings are: Route NAT [srcip srcip] Specify the source IP address for the router to use when transmitting a packet to the remote IPsec gatway. [srcip] – Available settings include: Enter “auto_detect_srcip”. Enter the name of a LAN profile.
[grekeyout grekeyout] Specify the GRE out key. [grekeyout] – Enter the key. [ikephase1proposal ikephase1proposal] Specify the IKE phase1 proposal.
[ikephase2authprop osal ikephase2authprop osal] Specify the authentication mofe for IKE phase2. [ikephase2authproposal] – Available settings are: ALL MD5 SHA1 SHA2_256 [acceptall acceptall] Specify the proposal for dial-in. [acceptall]- Available settings are: acceptall acceptabove Specify a name for LAN to LAN profile.
Command Description [status status] Enable the LAN to LAN profile. [status] - Enter Enable or Disable. [always_on always_on] Enable the function of Always On. If it is disabled, [always_on_bk] will be invalid. [status] - Enter Enable or Disable. [always_on_agent always_on_agent] Enable the function of Always On. [status] - Enter Enable or Disable. [always_on_bk always_on_bk] When the select WAN profile is down, such LAN to LAN profile be used for dialing-out.
IKEv2 [aggrmode aggrmode] Specify the aggressive mode for IKEv1 Phase 1. [aggrmode] – Available settings are: Main_Mode Aggressive_Mode [auth auth] Specify the authentication type for Pre-Shared Key or RSA Signature. [auth]- Available settings are: PSK RSA [leftpem leftpem] Specify local certificate. It should be specified when RSA is selected as “auth” type. [leftpem] – Enter the name of local certificate. [localid_type localid] Specify local peer ID.
ESP AH [phase1keylifetime phase1keylifetime] Specify the life time for IKE Phase 1 key. [phase1keylifetime] – Enter a number (from 3600 to 86400 sec.). [phase2keylifetime phase2keylifetime] Specify the life time for IKE Phase 2 key. [phase2keylifetime] –Enter a number (from 3600 to 86400 sec.). [pfs pfs] Enable / disable the perfect forward secrecy status [pfs] – Enter Enable or Disable. [dpd dpd] Enable / disable the dead peer detection (DPD) status. [dpd] – Enter Enable or Disable.
[rip_pass] - Enter Enable or Disable. [pkt_trigger pkt_trigger] Enable / disable the function of Packet-Triggered. [pkt_trigger] - Enter Enable or Disable [forceencaps forceencaps] Enable / disable the function of Force UDP Encapsulation with 4500 port. [forceencaps] - Enter Enable or Disable. [gre gre] Enable / disable the GRE function. [gre] - Enter Enable or Disable. [localgreip localgreip] Specify local GRE IP address. [localgreip] – Enter the IPv4 address.
[ikephase1authprop osal ikephase1authprop osal] Specify the authentication mofe for IKE phase1. [ikephase1authproposal] – Available settings are: ALL MD5 SHA1 SHA2_256 [ikephase2proposal ikephase2proposal] Specify the proposal mofe for IKE phase2.
6.10.1.2 Telnet Command: pptpdialin Users could use [pptpdialin] command to add or delete the PPTP dail-in profile or use “show” to get the profile list in the directory. Enter the profile name to open it and modify the profile directly.
Command Description add Create a new dial-in profile based on PPTP. [status status] Enable the LAN to LAN profile. [status] - Enter Enable or Disable. [username username] Specify a user name for such profile. [username] – Enter a string as username. [localsubnet localsubnet] Specify the local subnet. [localsubnet] – Enter the subnet with mask (e.g., 192.168.1.0/24). [remotesubnet remotesubnet] Specify remote subnet. [remotesubnet] – Enter the subnet with mask (e.g., 192.168.1.0 /24).
[status status] Enable the LAN to LAN profile. [status] - Enter Enable or Disable. [username username] Specify a user profile (user account with PPTP dial-in enabled) for such VPN LAN to LAN profile. [username] – Enter the name of user profile (e.g., user_david). [localsubnet localsubnet] Specify the local subnet. [localsubnet] – Enter the subnet with mask (e.g., 192.168.1.0/24). [remotesubnet remotesubnet] Specify remote subnet. [remotesubnet] – Enter the subnet with mask (e.g., 192.168.1.0 /24).
Syntax Vigor2960@config-vpn-l2l# Vigor2960@config-vpn-l2l# Vigor2960@config-vpn-l2l# Vigor2960@config-vpn-l2l# Vigor2960@config-vpn-l2l# pptpdialout pptpdialout pptpdialout pptpdialout pptpdialout add delete show show Command Description pptpdialout add Add a new LAN to LAN profile. - Enter the name of LAN to LAN profile. pptpdialout delete Remove a selected LAN to LAN profile.
Syntax Vigor2960@config-vpn-l2l# pptpdialout add [status status] [alwayson alwayson] [lefthost_if_alias_ip lefthost_if_alias_ip] [lefthost_if_alias lefthost_if_alias] [lefthost_if lefthost_if] [lefthost_if_bk lefthost_if_bk] [idle idle] [serverip serverip] [username username] [password password] [localsubnet localsubnet] [remotesubnet remotesubnet] [natmode natmode] [nbns_pass nbns_pass] [mcast_pass mcast_pass] [rip_pass rip_pass] Command Description add Create a new LAN to LAN profile.
[mcast_pass mcast_pass] Enable / disable the function of Multicast via VPN. [mcast_pass] - Enter Enable or Disable. [rip_pass rip_pass] Enable / disable the function of passing RIP packet via VPN. [rip_pass] - Enter Enable or Disable. Enter the name of the profile.
lefthost_if_alias] [lefthost_if_alias] – Enter Enable or Disable. [localhost lefthost_if] Specify the WAN interface for dialing out. [lefthost] – Enter the name of WAN profile. [localhost lefthost_if_bk] Specify WAN interface as backup WAN (failover WAN). [lefthost_if_bk]- Enter WAN interface profile. [idle idle] Set a timeout for idle period. [idle] – Enter the value. Default is 300 (sec.). [serverip serverip] Specify the IP address of PPTP server. [serverip] – Enter the IP address.
6.10.2 Telnet Command: remotedialin Users could use [remotedialin] command to configure remote dial-in profiles, then use [ipsecremotedialin], [l2tpserver], [pptpserver] commands to set the details. Refer to the following chapters for descriptions of commonly used commands. Vigor2960> enable Vigor2960# configure vpn Vigor2960@config-vpn# Vigor2960@config-vpn# remotedialin Vigor2960@config-vpn-remotedialin# 6.10.2.
[relay_ip]- Enter an IP address. [force_ipsec status] Enable / disable the function of Force L2TP with IPsec Policy. [status] - Enter Enable or Disable.
[encryption] – Availalbel settings include: 40/128_bit 128_bit Disable [user_auth user_authentication ] Specify a type for user authentication. [user_authentication] – Available settings include: Local RADIUS LDAP [ldap_profile ldap_profile] Choose a LDAP profile. [ldap_profile] – Enter the name of LDAP profile. [lanpf lan_profile] Specify a LAN interface for local IP address. [lan_profile] – Enter the name of LAN interface. [localhost localhost] Specify a WAN interface.
lanpf localhost dhcp_relay dhcp_loc relay_ip mss dummy disable_mcast dummy : : : : : : : : : lan1 0 wan1 1300 1 1 Enable Vigor2960@config-vpn-remotedialin-pptpserver#set encp 40/128_bit lanpf lan_carrie set done set dummy pass dummy block 6.10.3 Telnet Command: trunk Users could use [trunk] command to configure VPN TRUNK Manager, then use [ipseclbpool], [ipseclbrule] commands to set the details. Refer to the following sections for descriptions of commonly used commands.
- Enter the name (e.g., lbrule_carrie) of load balance profile to be modified. Example Vigor2960>enable Vigor2960# configure vpn Vigor2960@config-vpn# Vigor2960@config-vpn# trunk Vigor2960@config-vpn-trunk# ipseclbrule add lbrule_carrie Vigor2960@config-vpn-ipsec-trunk-lb-rule-lbrule_carrie# Telnet Command: ipseclbrule add ? To configure detailed settings for a profile, users could use [ipseclbrule add] to create a new profile with detailed settings.
[dport dest_port] Specify a port number as destination port. [dest_port] – Enter a value. [dport_end dest_port_end] Specify the ending port number. [dest_port_end] – Enter a value. [pool lb_pool] Specify a load balance pool profile. [lb_pool] – Enter the name of the load balance pool profile. Enter the name (e.g., lbrule_carrie) of IPsec load balance profile.
POP3 [sip src_ip] Specify an IP address as source IP. [src_ip]- Enter an IP address. [smask src_mask] Specify subnet mask for source IP. [src_mask] – Enter a subnet mask. [dip dest_ip] Specify an IP address as destination IP. [dest_ip]- Enter an IP address. [dmask dest_mask] Specify subnet mask for destination IP. [dest_mask] – Enter a subnet mask. [dport dest_port] Specify a port number as destination port. [dest_port] – Enter a value.
Command Description ipseclbpool add Add a new load balance pool profile. - Enter the name of load balance pool profile. ipseclbpool delete Remove a selected load balance pool profile. - Enter the name (e.g., lbpool_carrie) of load balance pool profile to be deleted. ipseclbpool show Display the status for all load balance pool profiles. ipseclbpool show Display the status of selected load balance pool profile.
Example Vigor2960>enable Vigor2960# configure vpn Vigor2960@config-vpn# Vigor2960@config-vpn# trunk Vigor2960@config-vpn-trunk#ipseclbpool add mode load_balance ibpool_david Vigor2960@config-vpn-ipsec-trunk-lb-pool-ibpool_david# Telnet Command: set, get, add, remove It is used for reviewing the detailed settings or modifying settings for the selected load balance profile (e.g., lbpool_david).
Vigor2960@config-vpn-ipsec-trunk-lb-pool-ibpool_david# set lbif vpn_l2l_carrie Vigor2960@config-vpn-trunk-ipsec-lb-pool-ibpool_david# set lbif vpn_l2l_carrie set done Vigor2960@config-vpn-trunk-ipsec-lb-pool-ibpool_david# get mode : Load_Balance lbif : vpn_l2l_carrie primary : backup : 6.11 Bandwidth Management Configuration Vigor2960 provides three functions in Bandwidth Managemant – bandwidth limit and sessions limit .Users could use the commands below to set up the details.
pptp Ipsec Web telnet https ssh ftp [action] – Enable or disable the access barrier function. on off Example Vigor2960>enable Vigor2960# configure bandwidth Vigor2960@config-bandwidth# Vigor2960@config-bandwidth# access_barrier pptp on Success !! Vigor2960@config-bandwidth# 6.11.2 Telenet Command: bandwidth_limit Users could use [bandwidth_limit] command to add or delete the bandwidth limit profile or use “show” to get the profile list in the directory.
Example Vigor2960>enable Vigor2960# configure bandwidth Vigor2960@config-bandwidth# bandwidth_limit add bandli_carrie Vigor2960@config-bw-limit-bandli_carrie# 6.11.2.1 Telenet Command: bandwidth_limit add ? To configure detailed settings for a bandwidth limit profile, users could use [bandwidth_limit add] to create a new bandwidth limit profile with detailed settings.
[ldap_grp ldap_grp] Specify a LDAP group to apply such profile. [ldap_grp] - Enter a name of the LDAP group profile. [guest_grp guest_grp] Specify a guest group to apply such profile. [guest_grp] - Enter a name of the guest group profile. [srv_obj srv_obj] Specify a service object to apply such profile. [usr_obj] - Enter a name of the service object profile. [srv_grp srv_grp] Specify a service group to apply such profile. [usr_grp] - Enter a name of the service group profile.
End IP share the speed defined in TX limit and RX limit fields. [mode] - Available modes include: Each Shared [ip_obj ip_obj] Specify an IP object to apply such profile. [ip_obj] - Enter a name of the IP object profile. [ip_grp ip_grp] Specify an IP group to apply such profile. [ip_grp] - Enter a name of the IP group profile. [time_objs time_objs] Specify a time object to apply such profile. [time_objs] - Enter a name of the time object profile.
guest_grp : srv_obj : srv_grp : Vigor2960@config-bw-limit-bandli_david# 6.11.3 Telenet Command: sesslimit Users could use [sesslimit] command to add or delete the sessions limit profiles or use “show” to get the profile list in the directory. Enter the profile name to open it and modify the profile directly.
Command Description [status status] Enable / disable the session limit profile. [status] - Enter Enable or Disable the session limit profile. [session session] Define the maximum sessions for such profile. [session] – Enter a number ranging from 20 to 1000. [ip_obj ip_obj] Specify an IP object to apply such profile. [ip_obj] - Enter a name of the IP object profile. [ip_grp ip_grp] Specify an IP group to apply such profile. [ip_grp] - Enter a name of the IP group profile.
Display the name of session limit profile. get Get the configuration of session limit profile. set Modify settings for the selected session limit profile. [status status] Enable / disable the session limit profile. [status] - Enter Enable or Disable the session limit profile. [session session] Define the maximum sessions for such profile. [session] – Enter a number ranging from 20 to 1000. [ip_obj ip_obj] Specify an IP object to apply such profile.
6.12 System Management Configuration Vigor2960 provides many functions in system management .Users could use the commands below to set up the details. To make system management configuration, you have to type “configure system” to access into next phase. Vigor2960>enable Vigor2960# configure system Vigor2960@config-sys# There are several functions for System Managemant – acc_ctrl, admin_passwd, autodiscovery, cc, cmm, config, firmware, mailalert, ntpclient, reboot, snmpagent, syslogd and tr069.
[https_allow https_allow] [sslproxy_allow sslproxy_allow] [ftp_allow ftp_allow] [samba_allow samba_allow] [tr069_allow tr069_allow] [server_cert server_cert] [user_define_ip user_define_ip] [allow_ip allow_ip] [wan_ping_allow wan_ping_allow] [allow_to_lan allow_to_lan] [apply_to_lan_subnet apply_to_lan_subnet] [web_lan_allow web_lan_allow] [telnet_lan_allow telnet_lan_allow] [ssh_lan_allow ssh_lan_allow] [https_lan_allow https_lan_allow] [sslproxy_lan_allow sslproxy_lan_allow] [ftp_lan_allow ftp_lan_allow]
[ftp_allow ftp_allow] Enable or disable the permission of FTP access. [ftp_allow] - Enter Enable or Disable. [samba_allow samba_allow] Enable or disable the permission of SAMBA access. [samba_allow] - Enter Enable or Disable. [tr069_allow tr069_allow] Enable or disable the permission of TR069 access. [tr069_allow] - Enter Enable or Disable. [server_cert server_cert] Specify a server certificate. [server_cert] – Enter ‘Default” to use the default sever certificate.
web_port] [web_port] – Enter a number. (The default value is 80) [telnet_port telnet_port] Specify a number as telnet service port. [telnet_port] – Enter a number. (The default value is 23) [ssh_port ssh_port] Specify a number as SSH service port. [ssh_port] - Enter a number. (The default value is 22) [https_port https_port] Specify a number as HTTPS service port. [https_port] - Enter a number. (The default value is 443) [sslproxy_port sslproxy_port] Specify a number as SSL Proxy service port.
6.12.2 Telnet Command: admin_passwd Users could use the [admin_passwd] command to configure administrator password by entering new password, and confirm password. Syntax Vigor2960@config-sys# admin_passwd Example Vigor2960>enable Vigor2960# configure system# Vigor2960@config-sys# admin_passwd Vigor2960@config-sys# admin_passwd Changing password for admin New password: Bad password: similar to username Retype password: Password for admin changed by root Vigor2960@config-sys# 6.12.
Syntax Vigor2960@config-sys# cc get Vigor2960@config-sys# cc set [value] Command Description get Get the configuration of country code. set Configure settings for country code. [value] Enter the number which can represent a country. Example Vigor2960>enable Vigor2960# configure system# Vigor2960@config-sys# Vigor2960@config-sys# cc set 23 Set country code success. Vigor2960@config-sys# cc get Country code=23 6.12.
mspmem vlan gre GRE settings 6.12.6 Telnet Command: config Users could use [config] command to configure Configuration Backup. 6.12.6.1 Telnet Command: automatic get, automatic set It is used for reviewing the detailed settings or modifying settings for automatic backup configuration.
Example Vigor2960>enable Vigor2960# configure system# Vigor2960@config-sys# Vigor2960@config-sys# config automatic set date_time 01:01 only_change enable set done Vigor2960@config-sys# config automatic set status enable Vigor2960@config-sys# config automatic get status : Enable interval : Weekly date_day : 1 date_weekday : Sun date_time : 01:01 only_change : Enable cfg_files : backup-20110102-080509-1.4.0_Beta, backup-20110102-080858-1.4.0_Beta Vigor2960@config-sys# 6.12.6.
Command Description default_set enable [filename] Enable the function of customized default configuration. [filename] – Enter the name of configuration backup file (created by using config local backup, refer to 6.12.6.4). default_set disable Disable the function of customized default configuration. default_set get Get the information for customized default configuration.
restore [filename] Restore backup configuration from the local storage. [filename] – Enter the name (e.g., backup-20180105-150537-1.4.0_Beta) of the backup configuration file. Upload [serverip] [filename] Upload backup configuration file from TFTP server to local storage. [serverip] – Enter the IP address (e.g., 192.168.1.130) of TFTP server for storing the configuration file. [filename] – Enter the name of the backup configuration file (e.g., backup-20180105-150537-1.4.0_Beta).
Example Vigor2960>enable Vigor2960# configure system# Vigor2960@config-sys# config restore Vigor2960@config-sys# config restore 192.168.1.130 cfg.tar.gz Configuration restore... tar: removing leading '/' from member names etc/persistence/config/ etc/persistence/config/vs etc/persistence/config/dmz etc/persistence/config/lpd etc/persistence/config/nat etc/persistence/config/qos etc/persistence/config/rrd etc/persistence/config/swm ……. etc/persistence/data/ipsec.d/private/private_key_Local_CA.
Firmware Update: Upgrade success. from Firmware Update: Rebooting... 6.12.8 Telnet Command: mailalert Users could use [mailalert] command to configure Mail Alert settings and use the [get], [set], [mailto] command to configure the details information.
mailto add Add a destination e-mail address. - Enter an e-mail address. mailto remove Remove an existed e-mail address. - Enter an e-mail address. Example Vigor2960>enable Entering enable mode...
[interval] - Enter [zone zone] Specify the time zone for Vigor router.
Vigor2960@config-sys# 6.12.10 Telnet Command: reboot Users can use the [reboot] command to reboot Vigor router and type the [reboot default] command to reboot with factory by default. Syntax Vigor2960@config-sys# reboot Vigor2960@config-sys# reboot default 6.12.11 Telnet Command: snmpagent Users can use the [snmpagent] command to configure SNMP and then use the [get], [set] command to configure the the details information.
auth_algorithm] [auth_algorithm] – Available settings include: No_Auth MD5 SHA [auth_password auth_password] Set a password for authentication. [auth_password] – Enter a string as password. [privacy privacy_algorithm] Specify the privacy algorithm. [privacy_algorithm] – Available settings include: No_Priv DES AES [privacy_password privacy_password] Set a password for privacy. [privacy_password] – Enter a string as password.
[status] – Available settings include: Disable Remote Local Both [ip remotehost] Such option is available when Remote / Both is selected in Status. Set the IP address of host name of Syslog server. [remotehost] – Enter the IP address or host name. [port remoteport] Set the port number for the Syslog server. Such option is available when Remote / Both is selected in Status. [remoteport] – Enter a port number. [log_to_usb log_to_usb] Enable / disable the function of storing syslog in USB disk.
log_to_usb reposit_days routername firewall vpn useraccess ua_high_priority wan others : : : : : : : : : Disable 6 Vigor Enable Disable Disable Disable Enable Enable 6.12.13 Telnet Command: tr069 Users can use the [tr069] command to configure TR-069 settings and use [get] or [set] command to configure the details information.
[port port] Specify a port number for Vigor router. [port] – Enter a port number (ranging from 0 – 65535). [cpe_username cpe_username] Specify user name for the CPE which will be used by the administrator of VigorACS to log into the WUI of Vigor2960. [cpe_username] – Enter a string as username. [cpe_password cpe_password] Specify password for the CPE which will be used by the administrator of VigorACS to log into the WUI of Vigor2960. [cpe_password] – Enter a string as password.
connect_acs_status cpe_proto port cpe_url cpe_username cpe_password tr069_log period_status period stun_status stun_host stun_port stun_min_period stun_max_period Vigor2960 Series User’s Guide : : : : : : : : : : : : : : OFF http 8069 http://:8069/cwmp/creq vigor ********** Enable Enable 1000 Disable 0.0.0.