Vigor 3300 Series Broadband VoIP/Security/Load Balance Router User’s Guide Version: 2.
Copyright Information Copyright Copyright 2006 All rights reserved. This publication contains information that is Declarations protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. The scope of delivery and other details are subject to change without prior notice.
Table of Contents 1 Preface ...............................................................................................................1 1.1 LED Indicators and Connection .............................................................................................. 2 1.1.1 LED Indicators and Connectors for Vigor3300V .............................................................. 2 1.1.2 LED Indicators and Connectors for Vigor3300................................................................. 4 1.1.
3.3.8 LAN Port Mirroring Setup................................................................................................ 68 3.3.9 LAN VLAN Setup ............................................................................................................ 68 3.3.10 SNMP............................................................................................................................ 71 3.4 Firewall Setup ...........................................................................................
1 Preface The Vigor3300 Series integrates a rich suite of functions, including NAT, firewall, VPN, load balance, bandwidth management, and VoIP capability. These products are very suitable for providing multi-integrated solutions to SME markets. An application scenario for the Vigor3300 Series is depicted in Figure 1-1, which illustrates interconnections among branch offices through the Internet via the Vigor3300 Series routers.
T.38 fax relay. By enabling and configuring fax rate on a dial peer, the originating and the terminating V3300V can enter fax relay transfer mode. By using the T.38 function, customers can also save on fax expenses. Lastly, by enabling the load balance feature on multiple WAN ports, lease lines can be replaced to provide a cost-effective method for network infrastructure. 1.
LED LNK LAN (1, 2, 3, 4) 100 FDX LNK WAN/DMZ (1, 2, 3, 4) 100 FDX Status Explanation On The Ethernet link is established on corresponding port. Off No Ethernet link is established. On It means that a normal 100 Mbps connection is through its corresponding port. Off It means that a normal 10 Mbps connection is through its corresponding port. On It means a full duplex connection on corresponding port. Off It means a half duplex connection on corresponding port.
1.1.2 LED Indicators and Connectors for Vigor3300 LED Status Explanation PWR On The router is powered on. Off The router is powered off. On/Blinking The system is active. Off The system is hanged. WLAN No Reserved for future use. VPN On The VPN tunnel is launched. Off The VPN tunnel is closed. On The Attack function is active. Off The Attack function is inactive. On The QoS function is active. Off The QoS function is inactive.
LED 100M FDX Status Explanation On It means that a normal 100Mbps connection is through its corresponding port. Off It means that a normal 10Mbps connection is through its corresponding port. On It means a full duplex connection on corresponding port. Off It means a half duplex connection on corresponding port. Interface Description Console Provided for technician use. LAN (P1 ~ P4) Connecter for local networked devices. WAN/DMZ (WAN1 ~ WAN3) Connecter for remote networked devices.
1.1.3 LED Indicators and Connectors for Vigor3300B+ LED Status Explanation PWR On The router is powered on. Off The router is powered off. On/Blinking The system is active. Off The system is hanged. On The Attack function is active. Off The Attack function is inactive. On The QoS function is active. Off The QoS function is inactive. On The Ethernet link is established on corresponding port. Off No Ethernet link is established.
LED FDX Status Explanation On It means a full duplex connection on corresponding port. Off It means a half duplex connection on corresponding port. Interface Description Console Provided for technician use. LAN (P1 ~ P4) Connecter for local networked devices. WAN1 ~ WAN3 Connecter for remote networked devices.
1.2 Hardware Installation Before starting to configure the router, you have to connect your devices correctly. 1. Connect the power cord to the power port of Vigor3300 router on the rear panel, and the other side into a wall outlet. 2. Power on the device by pressing the power switch on the rear panel. The PWR LED should be ON. 3. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. 4.
1.2.1 Detailed Explanation for the Connector Here provides you detailed explanation for some specific connectors that you have to be familiar. The RS232 Connector The RJ45 connection jet is used for CLI commands for system configuration and control functions in the Vigor3300 Series. The jet is used for initialization of the Vigor3300 Series during preliminary installation. The “management cable”, as shown in Figure 1-5, converts the RJ45 to the RS232 interface.
X Y After the bracket installation, the Vigor3300 Series chassis can be installed in a rack by using four screws for each side of the rack. Desktop Type Installation Rubber pads are included with the Vigor3300 Series. These rubber pads improve the air circulation and decrease unnecessary rubbing on the desktop.
2 Configuring Basic Settings For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully. 2.1 Changing Password To change the password for this device, you have to access into the web browser with default password first. 1. Make sure your computer connects to the router correctly.
12 3. Now, the Main Screen will pop up. 4. Go to System page and choose Change Password. 5. The following screen will appear. 6. Enter the login password (1234) on the field of Old Password. Type a new one in the field of New Password and retype it on the field of Confirm Password. Then click Apply to continue.
7. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. 8. Next, you will see the login screen after clicking Apply. Please use new password to re-enter the system configuration. 2.2 Quick Setup Quick Setup is designed for configuring your broadband router accessing Internet with simply steps. There are two phases of quick setup, one is WAN configuration and the other is LAN configuration. 2.2.
MAC Address Router DefaultUse the default Mac address stored originally in router. User DefinitionUse a MAC address defined by the user. 14 Downstream Rate Assign the downstream rate for this WAN interface. The default value is 102400 kbps (100 Megabit). This setting is very important for Vigor3300 Series incoming buffer adjustment. If you use a DSL subscriber service with a 2Mbps downstream, please set the downstream rate setting with 2Mbps.
2.2.2 Static Mode You can manually assign a static IP address to the WAN interface and complete the configuration by applying the settings and rebooting your router. Choosing Static as the IP mode, you will see the following page: All the settings here are set by privately. Your ISP will not provide these settings. IP Address Assign a private IP address to the WAN interface. Subnet Mask Assign a subnet mask value to the WAN interface. Default Gateway Assign a private IP address to the gateway.
IP Address Assign an IP address for the LAN interface. Subnet Mask Assign the subnet mask for the LAN interface. Status Click Enable to use DHCP server; click Disable to close DHCP server; click Relay Agent to activate relay agent function. Start IP Assign the start IP address of the IP pool that DHCP server can use for clients in LAN. End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN. Primary DNS Type the IP address for primary DNS.
2.2.3 DHCP Mode DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP address for Vigor3300 automatically. It is not necessary for you to assign any setting. (Host Name and Domain Name are required for some ISPs). S imply click Next to setup LAN interface. After setting up the WAN interface, the user can click Next to setup the LAN interface continuously.
End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN. Primary DNS Type the IP address for primary DNS. When you finished the above required settings, please click Finish. A system reboot page will appear. Click Apply to activate the DHCP mode configuration. 2.2.4 PPPoE This mode is used for most of DSL modem users. All local users can share one PPPoE connection to access the Internet.
IP Address Assign an IP address for the LAN interface. Subnet Mask Assign the subnet mask for the LAN interface. Status Click Enable to use DHCP server; click Disable to close DHCP server; click Relay Agent to activate relay agent function. Start IP Assign the start IP address of the IP pool that DHCP server can use for clients in LAN. End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN. Primary DNS Type the IP address for primary DNS.
2.2.5 PPTP This mode lets user get the IP group information by a DSL modem with PPTP service from ISP. Your service provider will give you user name, password, and authentication mode for a PPTP setting. If your ISP offers you PPTP (Point-to-Point Tunneling Protocol) mode, please select PPTP for this router. Next, enter the PPTP Subnet Mask (e.g., 255.255.255.0), PPTP Local Address (e.g., 10.66.99.88) and PPTP Remote Address (e.g., 172.66.99.88) provided by your ISP on the web page.
IP Address Assign an IP address for the LAN interface. Subnet Mask Assign the subnet mask for the LAN interface. Status Click Enable to use DHCP server; click Disable to close DHCP server; click Relay Agent to activate relay agent function. Start IP Assign the start IP address of the IP pool that DHCP server can use for clients in LAN. End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN. Primary DNS Type the IP address for primary DNS.
3 Advanced Configuration After finished basic configuration of the router, you can access Internet with ease. For the user who wants to adjust more setting for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. 3.
Basic Status General status of this router will be displayed on Basic Status page. Model Displays the model name of the router. Hardware Version Displays the hardware version of the router. Firmware Version Displays the firmware version of the router. Build Date&Time Displays the date and time of the current firmware build. System Uptime Displays the amount of time that the router has been online. CPU Usage Displays the average percentage of the CPU being used.
24 High Available Status The High Available Status is shown when the function is enabled. When there are two Vigor3300 devices in the same LAN, one can be set as Master device and the other can be set as Slave device. Master - It means that Vigor3300 plays the Master role in high availability feature. Slave - It means that Vigor3300 plays the Slave role in high availability feature. If there is only one Vigor3300 used in LAN, this line will be blank.
WAN Status The status of WAN interface (Static, DHCP, PPPoE, PPTP or DMZ) is shown in this page. Simply click WAN Status tag to get the detailed. There are four sets of WAN status can be shown in this page at one time. The sample below just lists one set of WAN status for only WAN1 interface is used. IP Address Displays the IP address of the WAN interface. MAC Address Displays the MAC address of the WAN Interface. Primary DNS Displays the IP address of the primary DNS.
3.1.2 Time As an NTP (Network Time Protocol) client, the router gets standard time from the time server. Some time-based functions, such as Call Schedule and URL Content filtering, cannot work properly until the system time functions run successfully. Typically, NTP achieves high accuracy and reliability with multiple redundant servers and diverse network paths. The Vigor3300 Series supports synchronization with a specific NTP server or the remote PC host of the administrator.
3.1.3 Syslog The Vigor3300 Series supports a Syslog function to keep a record of abnormal conditions. The router will send Syslog packets to a Syslog server on the remote site. The administrator can observe any abnormal events from Vigor3300. In the System group, click the Syslog option. The Syslog web page is shown below: Status Click Enable to activate this function. The router will send system log message for your reference.
3.1.4 Access Control This page allows you to determine which services (HTTP/Telnet/SSH) is used for the user to access Vigor3300 Series. In addition, you can also limit some hosts to access Vigor3300 Series with specified IP address. In the System group, click the Access Control option. You will get the following page: Management Method There are three management methods provided here for you to choose for your router. Check HTTP/Telnet/SSH for the router.
User Defined Ports - Or you can assign new port numbers for HTTP, Telnet and SSH respectively. PING Restriction Disable PING from the LAN -Choose this function to reject all ICMP packets from LAN side. Disable PING from the WAN - Choose this function to reject all ICMP packets from WAN side. 3.1.5 Configuration Setup Most of the settings can be saved locally as a configuration file, and can be applied to another router.
3.1.6 Firmware Upgrade Setup Vigor3300 Series allows users to upgrade firmware through a Web interface. In the System group, click the Firmware Upgrade option. You can see the following page then. Before you execute the firmware upgrade, please download the newest firmware from Draytek’s website (www.draytek.com) or FTP site (ftp.draytek.com) on the computer first. Caution Displays a caution for your reference. Current Version Displays current firmware version that you are using.
The default setting of the console port is “baud rate 57600, no parity, and 8 bit with 1 stop bit.” 3. Power on Vigor3300, then press ENTER before the system reboots completely. 4. Open Hyper Terminal on the PC. Now, Vigor3300 can accept a TFTP download and will display the following message: **************************** * DrayTek V3300 Bootloader * **************************** Press [ENTER] key within 5 sec. to download image...2 Current LAN IP is 192.168.1.1 New IP: Prepare downloading. 5.
6. Now in the Console you will find the following information. When Updating flash block at bfXXXXXX appears, it means the firmware is under downloading. 7. When set flash0_0 "780000:800000:general" appears, it means the firmware downloading has been completed. The router will reboot itself and you will see the Firmware version: V2.5.7. Please wait about 70 seconds to relogin the router. The procedure is finished now.
3.1.7 Reboot The Vigor3300 Series system can be restarted from a Web browser. Reboot screen can appear after you finish the changing of WAN and LAN settings. You have to reboot the router to invoke the configured settings that you made before. Besides, you can select Reset to factory default to reboot the device and retrieve the default settings. In the System group, choose the Reboot option.
3.1.8 Diagnostic Tools In some cases, a user may need to know some information about the router, such as static or dynamic databases, or other routing information. The Vigor3300 Series supports four functions, Routing Table, ARP Cache Table, DHCP Assignment Table, and NAT Active Sessions Table for the user to review such information.
z z Select View ARP Cache Table to get the following page: IP Address Displays the IP address for different ARP cache. MAC Address Displays the MAC address for different ARP cache. Interface Denoted by eth0 if it is a LAN interface and eth1 if it is a WAN interface. Refresh Click Refresh to re-display this web page for getting newest ARP information. Select View DHCP Assignment Table to get the following page: Assigned IP Displays the IP address of the static DHCP server.
z 36 Select View NAT Active Sessions Table to get the following page. This table can display about 30000 sessions with 20 pages. Type Displays the protocol used for the active session. Expire in Displays the remaining time (second) of this session. State Displays the condition of this session. Source IP Displays the source IP address of the packet transmitted. Dest IP Displays the destination IP address of the packet transmitted. sPort Displays the source port of the packet transmitted.
3.2 Network Setup For Internet access, it is necessary for you to set WAN and LAN interfaces for the router. 3.2.1 WAN and Internet Access Setup The Vigor3300 Series supports four WAN interfaces (Static, DHCP, PPPoE and PPTP), which share the same setting page. In the Network group, please click the WAN option. The following page will be shown. Note: Vigor3300/3300V supports four WAN interfaces, yet Vigor3300B+ supports three WAN interfaces. That is, #WAN4 will be disabled for Vigor3300B+.
Edit Open the configuration page of this WAN interface. IP Mode Displays current mode of this WAN interface. There are five options: Static, DHCP, PPPoE, PPTP and DHCP. Active Activates/closes this WAN interface. Default Route Sets this WAN interface as default route interface. Load Balance Adds this WAN interface to the load balance group. Weight Sets the weight load (10-90%) for this WAN interface for load balance. This selection is available only when Auto Weight is unchecked.
IP Mode Sets an IP Mode with Static (fixed IP), DHCP (dynamic IP address), PPPoE, PPTP or DMZ and creates the IP group information. Most cable modem users will use DHCP to get a globally reachable IP address from the cable head-end system. Different mode will lead different configuration and will be explained in later section. Before you connect a broadband access device e.g. a DSL/Cable modem to Vigor3300 Series, you need to know what kind of Internet access your ISP provides.
40 Host Name Some ISP may ask you to type your host name. Please type in if necessary. Domain Name Some ISP may ask you to type your domain name. Please type in if necessary. Detect Type Select a detecting type for this WAN interface. There are three ways Send ARP to Gateway, Send PING and Send HTTP Request supported in 3300. Detect Interval (sec) Assign an interval period of time for each detecting. The minimum value is 3 and no limit for maximum value.
DHCP Client Setup If the WAN interface is set as a DHCP client, the Vigor3300 Series will ask for IP network settings from the DHCP server or DSL modem automatically. It is not necessary for users to manually configure the router. Detect Type Select a detecting type for this WAN interface. There are three ways Send ARP to Gateway, Send PING and Send HTTP Request supported in the router. Detect Interval (sec) Assign an interval period of time for each detecting.
Apply Click Apply to go back to the WAN Interface Configuration page. To apply all settings, click Apply on the WAN Interface Configuration page and reboot your router. Reset Click this button to clear all the configurations for this page. PPPoE with a DSL Modem Setup Most DSL modem users will use this mode. All the local users can share one PPPoE connection to access the Internet. 42 User Name Assign a specific valid user name provided by local ISP.
PPTP with a DSL Modem Setup The service provider must provide the exact settings for this mode. User Name Assign a specific valid user name provided by local ISP. Password Assign a valid password provided by local ISP. Authentication Select PAP or CHAP protocol for widest compatibility. The default value is PAP. The password will be encrypted in CHAP but not in RAP. Service Name Assign a service name required for some ISP services. PPTP Local Address Assign a local IP address.
3.2.2 LAN In the Network group, select LAN option. The following page for LAN IP/DHCP will be shown. For LAN IP/DHCP In the Vigor3300 Series router, there are some IP address settings for the LAN interface. The IP address/subnet mask is for private users or NAT users. The IP address of the default gateway on other local PCs should be set as the Vigor3300 Series’ server IP address. When the DSL connection between the DSL and the ISP has been established, each local PC can directly route to the Internet.
Secondary DNS Sets the private IP address of the secondary DNS. Lease Time (Min) Sets a lease time for the DHCP server. The time unit is minute. Gateway IP (Optional) Sets a gateway IP address for the DHCP server. Click Apply to reboot the system and apply the settings. Note: If both the Primary and Secondary DNS fields are left empty, the router will assign its own IP Address to local users as a DNS proxy server and maintain a DNS cache.
For IP Routing This page allows users to type in secondary IP address for connecting to a subnet. You can set IP routing for each WAN interface respectively. Status Click Enable or Disable to activate or close the IP routing of specific WAN interface. IP Address Type an IP address for the WAN interface (WAN1/WAN2/WAN3/WAN4). Subnet Mask Type the subnet mask for the WAN interface (WAN1/WAN2/WAN3/WAN4). LAN Interface Select a proper LAN interface for WAN interface (WAN1/WAN2/WAN3/WAN4).
3.2.3 Load Balance Policy Vigor3300 Series supports a load balancing function. It can assign traffic with protocol type, IP address for specific host, a subnet of hosts, and port range to be allocated in WAN interface. User can assign traffic category and force it to go to dedicate network interface based on the following web page setup. VoIP and VPN traffic can also be assigned to specific WAN ports. In the Network group, click the Load Balance Policy option. You will get the following page.
Delete/Delete All Click this button to delete the selected setting or all settings. A confirmation dialog box will appear. Click OK to delete this entry from the Load Balance Policy table. In addition, click Delete All in the Load Balance Policy page to delete all of 10 entries on this page. To edit an entry, select it by clicking the radio button (from 1 to 10). Then click the Edit button on the bottom to bring up the following Web page. Protocol Select the desired protocol for the selected entry.
“Master”) to the backup component (the “Slave”). This process remains system-wide resources, recovers partial of failed transactions, and restores the system to normal within a matter of microseconds. Take the following picture as an example. The left V3300 Series is regarded as Master device, the right V3300 Series is regarded as Slave device. When Master V3300 Series is broken down, the Slave device could replace the Master role to take over all jobs as soon as possible.
High Availability Disables or enables this function. When the master device fails down, the slave device will take its work over. Group Number Assign a group number. The range is from 1 to 255. PCs on the same group (in LAN) can support for each other. Role Select a role for this device as Master or Slave. Virtual IP Assign an IP address as a virtual IP. Click Apply to reboot the system and apply the settings. 3.2.5 Static DHCP This page can assign static IP address for specified clients in LAN.
Edit Click this button to open the edit page for adjusting the settings. Delete/Delete All Click this button to delete the selected setting or all settings. A confirmation dialog box will appear. Click OK to delete this entry from the Load Balance Policy table. In addition, click Delete All in the Load Balance Policy page to delete all of 10 entries on this page. To edit an entry, select it by clicking the radio button (from 1 to 10).
3.3.1 Static Route Setup When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other methods. You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP. This function allows users to assign static routing information. In the Advanced group, choose Static Route. You will get the following page.
Network Interface Select a network interface as a destination to be sent. It includes LAN, and WAN1~WAN4. Gateway IP Assign an IP address of the gateway for the interface selected above. Destination IP Assign the IP address of the destination that data will be transferred to. Packets ready to destination will be sent out through the network interface chosen in this page. Subnet Mask Assign a value of subnet mask for destination IP address. Click Apply to reboot the system and apply the settings.
3.3.2 NAT Setup NAT (Network Address Translation) is a method of mapping one or more IP addresses and/or service ports into different specified services. It allows the internal IP addresses of many computers on a LAN to be translated to one public address to save costs and resources of multiple public IP addresses. It also plays a security role by obscuring the true IP addresses of important machines from potential hackers on the Internet.
Comment Displays the name of the entry. Protocol Displays the protocol used for the entry. Public Port Start Displays the start point in the range of public port. Public Port End Displays the end point in the range of public port. Private IP Displays the private IP used for this entry. Private Port Start Displays the start point in the range of private port. Private Port End Displays the end point in the range of private port. Edit Allows users to edit the selected port redirection settings.
Protocol Assign the transport layer protocol with TCP or UDP. Public Port Range Assign a port range from starting to end public port number. The port range is from 1 to 65535. Private IP Assign a local IP address to be transferred into. Private Port Range Assign a port range from starting to end private port number. Use IP Alias “Disable” option uses IP address of WAN interface, “Enable” option uses IP alias addresses.
Address Mapping If you have a group of static IP addresses, then you can use the address-mapping feature to multiple open ports hosts in the Vigor3300 Series of broadband security routers. The following session will show you how to setup address-mapping feature. In the Advanced group, move to NAT option and choose Address Mapping to get the corresponding page. Protocol Display the protocol used for this address mapping. Public IP Display the public IP address selected for this entry.
Protocol Select the transport layer protocol. It could be TCP, UDP, or All for selection. Public IP Select an IP address (the selections provided here are set in IP Alias List of Network >>WAN interface). Local host can use this IP to connect to Internet. If you want to choose any on of the Public IP settings, you must specify some IP addresses in the IP Alias List of the Static/DHCP Configuration page first.
In the Advanced group, move to NAT option and choose DMZ Host to get the corresponding page. WAN Interface Display the WAN interface chosen for this entry. Private IP Display the private IP address of this entry. Use IP Alias Display the activation status (enable or disable) of this DMZ host. IP Alias Display the WAN IP address. Edit Allow users to edit the selected DMZ host settings. Delete/Delete All Remove one/all the selected DMZ host settings.
Use IP Alias Disable option uses WAN interface, Enable option uses IP Alias addresses. IP Alias Select an IP address which are set within the list of IP Alias configured in Network >>WAN interface. Apply Click Apply to reboot the system and apply the settings. Common Ports List This page lists common ports used in Internet. The information includes service/application, protocol for that service and port number of that service. 3.3.
Enable/Disable Click Disable to disable this function. Click Enable to activate this function. Server IP Address Assign an IP address of a Radius server. Destination Port Assign a destination port number used for Radius function. Shared Secret Assign a code for authentication to server. The RADIUS server and client share a secret which is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret.
3.3.4 Port Block The Port Block function provides a user to set lots of proprietary port numbers. Packets will be dropped if destination ports (both TCP and UCP) of packets with these assigned port numbers are on WAN and LAN. The advantage of this feature is to filter some unnecessary packets or attacking packets on Internet environment or LAN network. Vigor3300 Series supports ten port numbers to be blocked. In the Advanced group, click Port Block option. You will get the following page.
In the Advanced group, click DDNS option. You will get the following page. Domain Name Display the domain name set for the entry. Service Provider Display the service provider that supports DDNS. Service Type Display the service type for the entry. Active Display the activation status (disable or enable) for this entry. Status Display the connection status of this entry. Click Refresh to re-display the whole page information. To modify DDNS setting, click an entry number to get into edit mode.
Server Provider Assign a provider name to support DDNS server. The Vigor3300 supports 7 domain server providers as default. Server Type Select Static, Dynamic or Custom type for this entry of DDNS settings. Domain Name Assign a private domain name to be accessed. Login Name Assign a name to login into DDNS server. Login Password Assign a password to login into DDNS server. Wild Card If you want anything-here.yourhost.dyndns.org to work (EX. To make things like www.yourhost.dyndns.
3.3.6 Call Schedule Setup These call schedule profiles will control the up or down time of the router’s dialer or connection manager. In order to do the proper call schedule function, a user must have to setup time function and arrange schedules for specified Internet access profile or LAN-to-LAN profile. Vigor3300 Series support lots of profiles for call schedule usage. In the Advanced group, click the Call Schedule option.You will get the following page.
Enable/Disable Click Disable to disable this function. Click Enable to activate this function. Start Date Assign a date for starting this profile. Start Time Assign a time for starting this profile. Action Force down means to inactivate the Network Interface. Force up means to activate the Network Interface. How often Once means only for one time. Weekdays means that user can select some weekdays to apply. Network Interface Select one specific WAN interface to be applied.
Also, users can click Delete All to remove all entries in the table. 3.3.7 WAN Port Mirroring Setup Vigor 3300 Series supports port mirroring function in WAN interfaces. Generally speaking, this function copies traffic from one or more specific ports to a target port. This mechanism helps user track the network errors or abnormal packets transmission without interrupting the flow of data access the network. By the way, user can apply this function to monitor all traffics which user needs to check.
3.3.8 LAN Port Mirroring Setup Port mirror can be applied for the users in LAN. It has the same mechanism like WAN port mirroring. In the Advanced group, click the LAN Port Mirroring option. Enable/Disable Click Disable to disable this function. Click Enable to activate this function. Mirroring Port Select a port to view traffic sent from mirrored ports. Mirrored Port(s) Click which ports are necessary to be mirrored. After finishing the settings, please click Apply. 3.3.
For Port Base VLAN In the Advanced group, click the LAN VLAN option. There are two VLAN settings offered here for you to configure. If you click Disable, no configuration can be completed. Please choose Port Base VLAN to open the following page. P1 – P4 Check the box to make the computer connecting to the port being grouped in the specified VLAN. Be aware that each port can be grouped in different VLAN at the same time only if you check the box.
For 802.1Q VLAN Another way to set VLAN is based on 802.1Q. Please choose 802.1Q VLAN to open the following page. This page is available only for the PCs with certain network cards which support 802.1Q VLAN feature. It is useless for general network cards. Active Check this box to activate the settings of this entry. If you check the Management Port box below, Index 4 will be unchangeable and locked. And, you have to set Port VLAN ID for P4 previously before you check Management Port.
Frame Tag Operation Basically, the default settings for tagged or untagged VLAN will be shown automatically when you type VLAN ID/Name and check the Active box. By the way, you can modify the tag operation for each VLAN in this page for obtaining proper control. Use the drop down list to choose a tag operation for each port. Tagged – All the computers behind that port must support VLAN and are tagged with certain VLAN groups with specified ID numbers.
information available to NMSs by using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, computers hosts, or printers. This function is to define a community string name. An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. An NMS executes applications that monitor and control managed devices.
Community Type the community string (e.g., public) for SNMP. Host/mask Assign a value of subnet mask for host IP address.
Max Access Select the authority as Read only or Read/Write. Read only means user only can monitor managed devices. Read/Write means user can control managed devices including change the values of variable stored within managed devices. Apply Click Apply to save this setting and return the previous page. To delete an item, click the radio button of the item that you want to delete. Then click Delete on the bottom of the page to remove the entry. A dialog will be prompted for you to ask confirmation.
Trap server Assign an IP address of trap server. Trap community Assign a community string for Trap packet using. Trap server port Assign a port number for Trap server using. Apply Click Apply to save this setting and return the previous page.
3.4 Firewall Setup The firewall controls the allowance and denial of packets through the router. The Firewall Setup in the Vigor 3300 Series mainly consists of packet filtering, Denial of Service (DoS) and URL (Universal Resource Locator) content filtering facilities. These firewall filters help to protect your local network against attack from outsiders.
Data Filter Disable or Enable the firewall function. This firewall can only be enabled if at least one filter group exists. The default is Disable. Start Filter Group Default group names provided here are Pass and Block. Select the first filter group to begin filtering mechanism. The group in this list must exist and had been pre-configured. The system provides three types of filter for you to choose in default.
Delete Allows you to delete selected IP filter table configuration. If this entry is assigned as the started filter group already, it cannot be deleted. To add a new group, please click Add on the Group Table page to access into the following page. In this page, you can type in new group name and decide the next group name. Also, you can type in your comment for such group. After you click Apply, the new group will be added and you will see it from the drop down menu of Start Filter Group.
Source IP It means the source IP address. Placing the symbol “!” before a particular IP address will prevent this rule from being applied to that IP address. It is equal to the logical NOT operator. Subnet Mask It means the subnet mask for the source IP. Source Port It means the port for the source IP. Type the values in the boxes of start port and end port. As for the operators If the Start Port column is empty, the Start Port and the End Port column will be ignored.
Between - Specifies the port number is between the Start Port and End Port. Destination IP It means the destination IP address for this filter rule. Placing the symbol “!” before a particular IP address will prevent this rule from being applied to that IP address. It is equal to the logical NOT operator. Destination Mask It means the subnet mask for the destination IP. Destination Port It means the port for the destination IP. Group Name It means the filter group for the current rule.
Pass immediately - Pass the packet immediately. Block if no further match - means to locks the packet if no further rules are matched. Pass if no further match - means to passes the packet if no further rules are matched. Note: It is recommended placing pass rules in “pass” group and block ones be in “block” group. Next Group Name It indicates the next filter group.
DoS Defense Enables or disables the DoS Defense function. The default value is Disable. Enable SYN Flood Defense Activates the SYN flood defense function. If the amount of TCP SYN packets from the Internet exceeds the user-defined threshold value, the router will be forced to randomly discard the subsequent TCP SYN packets within the user-defined timeout period. The default setting for threshold and timeout are 300 packets per second and 10 seconds, respectively.
Enable Block IP Options Activates the Block IP options function. The router will ignore any IP packets with IP option field appearing in the datagram header. Enable Block Land Activates the Block Land function. A Land attack occurs when an attacker sends spoofed SYN packets with identical source address, destination addresses and port number as those of the victim. Enable Block Smurf Activates the Block Smurf function. The router will reject any ICMP echo request destined for the broadcast address.
rating a site as objectionable, and refusing to display it on user's browser, URL content filter can prevent employee on SME from accessing inappropriate Internet resources. Instead of traditional firewall inspects packets based on the fields of TCP/IP headers, the URL content filter checks the URL strings or the payload of TCP/IP packets. The URL content filter in the series of broadband security routers inspects every URL string in the HTTP requestt.
Enable/Disable Disable or Enable URL Filter function. Keyword The keyword(s) used to filter URLs. Keywords can be partial words or complete URLs. The router will reject any Website which whole or partial URL matches any keywords. Keyword List The list of keywords. Block Direct IP Web Access Deny any Web surfing activity that directly uses an IP address. Enable Exception List Click it to allow specified IP addresses or subnets to be passed through. IP Address The allowed IP address.
CPA Server Enable or Disable URL Access Control. Select a CPA Server The domain name is used to as a CPA server. The name should be filled when enable CPA Server, otherwise it will impact performance. Permitted Categories List The permitted categories are obtained from the selected CPA server. Forbidden Categories List The forbidden categories are obtained from the selected CPA server. URL The URL domain name. Option Allow or Deny the selected URL. Exception URL List The list of filtered URLs.
Malicious code may be embedded in some executable objects, such as ActiveX, Java Applet, compressed files, executable files, Proxy, and Multimedia. For example, an ActiveX object with malicious code may gain unlimited access to the system. Java Activates the Block Java object function. The router will discard Java objects from the Internet. ActiveX Activates the Block ActiveX object function. The router will discard ActiveX object from the Internet.
Always Block The URL content filtering facility is always active. Block only at The URL content filtering facility is active during the specified times from H1:M1 to H2:M2 in one day, where H1 and H2 indicate the hours and M1 and M2 represent the minutes. Days of Week - The URL content filtering facility is active during the specified days of the week. The default value is 8:00 to 18:00 from Monday to Friday.
users/services or guarantee allocation of finite bandwidth resources to network or servers for supporting timing-sensitive and mission-critical network applications, such as VoIP (Voice over IP) and online gaming applications. Differentiated quality of service is therefore one of the most important issues over the Internet infrastructure. In the Vigor 3300 Series, DSCP (Differentiated Service Code Point) support is also taken into consideration in the design of theQoS-guaranteed control module.
3.5.1 Incoming/Outgoing Class Setup Incoming/Outgoing Class Setup allows you to configure bandwidth percentage for data and voice signals transmission. Click the QoS option and choose Incoming Class Setup/Outgoing Class Setup. There are eight queues that can be configured. The total sum of bandwidth has to be 100 percent for all configured queues. Any leftover bandwidth is assigned to eight queues to meet 100 percent totally. Disable/Enable Click Disable to close this setting.
Priority You are allowed to set ten filters. The priority for the filter of number 1 is the highest; and the priority for number 10 is the lowest. Source IP Displays the source IP address for the filter. Destination IP Displays the destination IP address for the filter. Service Type Status Displays the service type that you choose for the filter. DiffServ CodePoint Status Displays the setting for DiffServ CodePoint.
Service Type Select the service type that you want to use. There are thirty-five service types provided. Protocol There are three options: TCP, UDP, and TCP/UDP. Choose the one you need. Port Type the port number for this filter. DiffServ CodePoint Status There are three options: Basic – Only the DiffServ CodePoint Type field can be configured. Advanced – Only the DiffServ CodePoint field can be configured. None –No field is allowed to be configured.
3.6 VPN and Remote Access Setup This page allows you to setup the configuration of VPN and Remote Access to create a virtual private network for security in the Internet. A Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks like the Intranet. A VPN enables you to send data between two hosts across a shared or public network in a manner that emulates the properties of a point-to-point private link.
keying material for use with ISAKMP, and for other security associations such as AH and ESP for the IPsec DOI. 3.6.1 IPSec The IPSec services can provide access control, connectionless integrity, data origin authentication, rejection of replayed packets that is a form of partial sequence integrity, and confidentiality by encryption.
z For Default Configuration To edit or add a policy table, please click one of the radio buttons and click Edit. The following page of default configuration will be shown: Profile Status Set the initialization of IPSec Tunnel with this profile settings. Enable – Choose this one to invoke this profile manually. In addition to select Enable, you have to click Initiate under the page of VPN-IPSec Tunnel-Policy Table.
z 96 Security Protocol AH - Specify the IPSec protocol for the Authentication Header protocol. The data will be authenticated but not be encrypted. ESP - Specify the IPSec protocol for the Encapsulating Security Payload protocol. The data will be encrypted and authenticated. NAT Traversal Click Enable to let multi IPSec tunnels passing through this router. Click Disable to close this function. WAN Interface The WAN interface to be used.
Click Advanced tab. The following page of default configuration will be shown: Key Lifetime (main) The rekey-renegotiated period of the IKE Phase1 keying channel of a connection. The acceptable range is from 5 to 480 minutes (8 hours). Proposal (main) The proposed encryption and/or authentication algorithms for IKE Phase1 negotiation.
Proposal (quick) The proposed encryption and/or authentication algorithms for IKE Phase2 negotiations. There are 2 options. Encryption algorithms –NULL/DES/3DES/AES. Authentication algorithms - MD5/SHA1 Accepted Proposal If you choose Only accept proposal listed above, only the selected proposal will be accepted and applied by this device. If you choose Accecpt all supported proposal, all the proposals supported by this device will be accepted and applied.
If user expects the local gateway to act as the IKE initiator, i.e., emit the first IKE main mode message, user can click the hyperlink Initiate to start the IKE negotiation or set admin status to be always on to automatically restart IKE negotiation. During the negotiation, you can press Refresh to show the latest status of all policies. Log At any time, you can click VPN > Log to monitor the VPN tunnel status. The log is helpful for solving some setting problems.
User Certificate This page allows you to set up the CA configuration to generate user’s certificate. Click the VPN>>IPSec >>User Certificate option. 100 Generate Generate a new entry for user certification. Download Download a certification file generated from router to be stored in local host. Import Import a certificated file from the local host. Delete Delete an assigned entry. View Show configuration of the assigned entry.
z To generate a user certificate, please click one radio button to select the entry and click the Generate button. Certification Name The name of the certification entry. ID Type The ID type for this entry. There are three types: Domain Name: Certificated by domain name. IP: Certificated by IP address. Email: Certificated by email address. ID Value The ID value for this entry. Organization Unit The unit value of this organization. Organization The value of this organization.
After you click the Download button, the system will guide you to save the downloaded file (newreq_RD-computer_1.pem) to a place that you assign. z To import a user certificate that you saved previously, please click index number one (with the status of Request Generated) and click the Import button. If not, you might see the following dialog to warn you. After you click the Import button, the system will guide you to import a saved file to a place that you want.
delete it or click Cancel to leave the dialog without deletion. z To view a user certificate, please click the index number that you want to view the detailed information of the certificate and click the View button. The following page will be shown for your reference. Status This page will show the VPN connection status. Name Displays the name of the IPSec tunnel. Status Displays the status of the tunnel (up or down). Algorithm Displays the algorithm used by this IPSec.
3.6.2 PPTP General Setup To configure the general setup, please click VPN -> PPTP->General Setup. Status Sets the function to Active or Inactive. PPTP Authentication Allows you to choose an authentication mode to be used. The default setting is CHAP. PPTP Encryption Allows you to choose an encryption mode to be used. If PPTP authentication mode is set to CHAP or PAP, PPTP Encryption mode does not need to be set. User Authentication Sets user authentication to Local server or RADIUS server.
Start IP Type the starting IP address. The default group value is 192.168.1.224/28. Subnet Mask Select the value of subnet mask for the Start IP. Accessed IP Type the accessed IP address. Subnet Mask Select the value of subnet mask for the Accessed IP. Authentication This page allows you to set up to 30 sets of accounts for authentication. User Name The user name for this entry. User Password The password for this entry. Group The group for this entry.
Type username, password and choose proper group for this entry. When you finish it, click Apply. Delete Allows you to remove the selected group. Delete All Allows you to remove all of the groups. When you finish the configuration, please click Apply to invoke it. Status This page displays some relevant information about PPTP connection. It will refresh automatically every 10 seconds. 106 Index Displays the index number of the tunnel. Remote IP Displays remote IP address of the tunnel.
3.7 VoIP Setup Voice over Internet Protocol (VoIP) is a technology that allows you to make telephone calls using a broadband Internet connection instead of a regular (or analog) phone line. The Vigor3300/Vigor3300V provides cost effective voice solution for SME customers which can be explained with the following diagram. 3.7.1 Protocol There are two protocols can be used for VoIP - SIP and MGCP. You should click either one of buttons to set corresponding settings for VoIP phones.
For SIP Configuration SIP Local Port Type the port number for SIP protocol. The default value is 5060. Active Click this box to activate this SIP proxy server setting. Outbound Proxy Check this box to enable this function for sending SIP protocol packets to an SIP proxy server. Proxy Name Type the name of the SIP proxy server. Proxy Address Type the IP address of the SIP proxy server. Proxy Port Type the port number of the SIP proxy server.
For MGCP Configuration MGCP Local Port The UDP port number in MGCP local terminal. MGCP Call Agent Address The IP address of the Call Agent server in MGCP. MGCP Call Agent Port The UDP port number for the Call Agent server. EndPoint Name Style Choose a proper name style for the VoIP settings. There are three options for you to choose. aaln/#@[ip_addr] - ex: aaln/1@[1.1.1.1] mac_addr/#@[ip_addr]- ex: 000504030201/1@[1.1.1.1] aaln/#@mac_addr- ex: aaln/1@000504030201 aaln/#@ - ex: aaln/1@v3300.draytek.
3.7.2 Port Settings Port Settings page allows users to set phone number and phone groups for different call receivers. For Phone Number Edit Click this button to access into the Edit page for each phone number. Type Displays the type of the VoIP connection. Active Displays the status (active or not) for the VoIP connection. Group Displays the group number of the VoIP connection., Username Displays the username that you typed for the VoIP connection.
Port 1 (FXS) Click Enable to activate this port or Disable to close this port. User Name – Type the user name (a number) for each phone line. Password - Type the user password for each phone line. Display Name - Type the user name to be displayed on another phone terminal. Authentication ID - Type the characters for authenticate this port. Proxy Server - Type the SIP proxy server to be applied on this port. VoIP IP Address - The interface is used to apply VoIP traffics.
Hotline Number to PBX / PSTN- Pre-set a phone number to make the port dialing out to PBX/PSTN automatically. FXO Manual Disconnection - Click Disconnect to disconnect this phone line by manual. Codec Preferred Codec - It can be applied on this port. Vigor3300 supports five Codecs. The default setting is G.729A. You can choose another one as preferred Codec for outgoing calls. Single Codec - If you checked this box, only preferred codec will be used for outgoing and incoming calls.
FAX Bypass Codec Rate - Select one option (20 or 40) to be applied if FAX mode is configured as Bypass mode. The stability for the faxing result of documents with codec rate 20ms is higher than 40ms. Yet, the bandwidth request for 40ms is less than 20ms. DTMF DTMF Mode InBand: Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone.
Rings all ports in the group Click this radio button to make all ports in the same group ringing while receiving incoming calls. Rings the first available port Click this radio button to make the first available port in the same group ringing while receiving incoming calls. Default Group Click this button to return to the factory group settings. 3.7.3 Speed Dial This page allows you to set a simple way to dial a specific number. Up to 150 numbers can be stored in Vigor3300V.
3.7.4 Advanced Speed Dial Speed dial allows users to call out with simple buttons instead of dialing long numbers. To set a speed dial with specified settings, please open the following page. Prefix Displays the prefix number of the entry. Strip Length Displays the strip length of the entry. Append Displays the appended number of the entry. Destination Displays the IP address of the destination of the entry. Memo Displays the brief description stated in memo field of the entry.
numbers of 03654321 and 04556890. In which, 03654321 is suitable for this speed dial rule. Strip Length Assign the length of digit to be removed from the original phone number. For example, suppose the original phone number is 03654321 and the strip length is 2. The first two numbers (03) will be removed and the final phone number becomes 654321. Append Assign a new number to be added before the phone number (after removing length of digit). For example, suppose the original phone number is 03654321.
Timeout several seconds but not finish the complete dialing. The system will force to dial the incomplete number after the time you set in this field to finish that call. For example, the phone number is 03654321 and the dialing completion timeout is set to 4 (secs). The user dials with 036 and stops to dial. After passing through 4 seconds, the router will send out that phone call automatically. VoIP ToS The ToS value in VoIP protocol packet. The default setting is 0xa0.
118 Region Choose the country area that the Vigor3300 located for using VoIP feature. Or, select User Defined for proprietary settings. Caller ID Type If User Defined is selected in the Region field, users can select one of the supported values. If a country is selected, this field will display ID type value automatically. Dial tone A tone means the phone line is ready to make a call. Ringing tone A tone means the call is ringing. Busy tone A tone means the phone line is busy.
3.7.7 QoS This Quality of Service (QoS) function is only for the VoIP feature. When this function is enabled, the Vigor 3300 Series will set rate limitation for incoming and outgoing transmissions to ensure the best quality of service in VoIP. Disable Click this button to disable QoS function. The voice quality cannot be quaranteed and the data throughput will be higher. Enable Click this button to invoke QoS function. The voice quality can be good and the data throughput will be lower.
3.7.8 NAT Traversal NAT traversal is a challenge that all Service Providers looking to deliver public IP-based voice and multimedia services must solve. The goal of this function is to provide secure connection to subscribers behind NAT (Network Address Translation) devices and Firewalls. Overcoming this traversal problem will lead to widespread deployment of profitable voice and multimedia over IP services to any subscriber with broadband connection. Disable Disables this function.
Full-auto, no need to config NAT (only for SIP)- If you click this function; the user does not configure NAT information. STUN Local Port - Type the port number of the STUN server. STUN Server Address - Type the IP address of the STUN server. STUN Server Port - Type the port number of the STUN server. Symmetric Media Disable symmetric RTP and T.38 – Click this button to make RTP and T.38 being not symmetrical. Enable symmetric RTP and T.38 - Click this button to make RTP and T.38 being symmetrical.
Allow all incoming calls – All incoming calls from remote ends are accepted by this router. Allow only calls from allow list – Only the calls listed in the Allow List page will be accepted by this router. Allow only calls from speed dial entries – Only the calls listed in the speed dial entries will be accepted by this router. Deny only calls from deny list – The calls listed on Deny List page will not be accepted by this router. And others calls are accepted.
Name The name or number in the deny list. IP/Domain The IP address or domain name to be denied. If the peer is registered in SIP proxy server, use the domain name of the SIP proxy server. Otherwise, use the static IP address or DDNS domain name. 3.7.10 Call History This page lists the call history through Vigor3300. You can click Refresh to get the latest history information for these VoIP phones. Besides, this page refreshes automatically every 10 seconds. Port Number The port number of VoIP.
Remote RTP Address The IP address of remote voice site. Remote RTP Port The used port number of remote voice site. RTP Statistic The statistic of RTP with abbreviation will be shown in this field (e.g., PS: Packets Sent; OS: Octets Sent; PR: Packets Received; OR: Octets Received; PL: Packets Lost; JI: Interarrival Jitter Estimate (ms); LA: Average TX Delay(ms)). Codec Type The Codec mode used for this phone calling. Packet Period The period of time for sampling on voice signal.
You can click Refresh to get the latest status information for these VoIP phones. In addition, you can set the time interval of refreshing. Use the drop down list of Refresh Option to choose an automatic refreshing setting. If you choose No Refresh, the system will not refresh this page until you click Refresh button.
126 Vigor3300 Series User’s Guide
4 Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow below sections to check your basic installation stage by stage. ¾ Checking if the hardware status is OK or not. ¾ Checking if the Network Connection Settings on your computer is OK or not. ¾ Pinging the Router from your computer. ¾ Checking if the ISP Settings are OK or not.
4.2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. For Windows The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. 128 1.
3. Select Internet Protocol (TCP/IP) and then click Properties. 4. Select Obtain an IP address automatically and Obtain DNS server address automatically.
For MacOs 1. Double click on the current used MacOs on the desktop. 2. Open the Application folder and get into Network. 3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
4.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing for this command is that the computer will receive a reply from 192.168.1.1 for correct link. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 3.
4.4 Checking If the ISP Settings Are OK or Not 1. Go to the web configuration GUI (http://192.168.1.1), click Network >> WAN to check your ISP settings for IP modes. 2. Make sure the Active check box has been selected. For PPPoE Mode 132 1. Check if Username and Password are entered with correct values that you got from your ISP. 2. Check if the setting of Authentication is correct or not. You may need to try both PAP and CHAP.
3. Check if Service Name (optional) is correct or not. It is required by some ISPs. After finishing the settings, go to System - Status page and click WAN Status. You will get a correct web page of WAN settings. For Static Mode 1. Check if the values of IP Address, Subnet Mask, Gateway IP Address and Primary DNS that you got from ISP are set properly or not. If you forget, please contact with ISP for getting new ones. 2.
For DHCP Mode 134 1. Check if Host Name (optional) and Domain Name (optional) are correct or not. Both them are required for some ISPs. 2. If anything wrong, please check and retype correct values. Then try the network connection again. 3. After finishing the settings, go to System - Status page and click WAN Status. You will get a correct web page of WAN settings.
For PPTP Mode 1. Check if the settings of Username and Password are correct or not. 2. Check if the setting of Authentication is correct or not. You may need to try both PAP and CHAP. 3. Check if the value of PPTP Local Address, PPTP Subnet Mask, and PPTP Remote Address are correct or not. 4. After finishing the settings, go to System - Status page and click WAN Status. You will get a correct web page of WAN settings. 4.
Hardware Reset While the router is running (ACT LED blinking), press the RST button and hold for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the button. Then, the router will restart with the default configuration. After restore the factory default setting, you can configure the settings for the router again to fit your personal request. 4.
Appendix A Application for 802.1 VLAN A.1 Block LAN-to-LAN Communication To control the communication of PCs among different network segments effectively, please adjust firewall setting to deny LAN to LAN communication from Firewall >IP Filter Group Table. Thus, PCs that belong to various LANs will not connect with each other through the router. To a company with several departments, such feature is useful for it to determine data sharing among different departments. 1.
4. Now you will get the following page. A.2 How to Check/Edit VLAN ID on Your PC? Not all the network cards support VLAN features. If you cannot sure if the network card of your computer supports tagged VLAN or not, please do the following steps to check (or edit) VLAN ID on your PC. 1. 138 Go to Control Panel and then double-click on Network Connections.
2. Right-click on Local Area Connection and click on Status. 3. On the following dialog, click Properties.
140 4. Click Configure to access into next screen. 5. On this dialog box, locate VLANs tag and click on it. If you cannot find out VLANs tag, that means your network card does not support VLAN feature.
6. In this screen, there is no VALN existed. You can create a new one. Please click the New…button.
142 7. In New VLAN dialog, please type a number in the box of VLAN ID. Here, “5” is entered. The corresponding VLAN Name will appear automatically. Next, click OK to create it. 8. After you click OK, the system will configure for the VLAN settings. Please wait for several seconds.
9. When the configuration is finished, the new VLAN settings with ID number and name will appear on previous dialog, Desktop Adapter Properties. Click OK to exit this dialog. 10. Now, the Desktop Adapter – VLAN dialog will appear as follows. Please click OK.
11. Next time, if you want to check VLAN setting again, please open Settings tag to modify it.
A.3 Applications A.3.1 Four VLANs for Different Departments in A Company A company wants to separate the Engineer Department, Sales Department, Marketing Department and Other Department to limit their communication with each other to ensure the security. In this case, we can define four VLANs that are VLAN5, VLAN6, VLAN7 and VLAN8. The subnet of VLAN5 is 192.168.1.0; the subnet of VLAN6 is 192.168.2.0; the subnet of VLAN7 is 192.168.3.0, and the subnet of VLAN8 is 192.168.4.0.
146 7. After applying the settings, the web page will be redirected to “reboot” web page. You can ignore it and continue to configure the Network setting. After finishing Network setting, you can execute the reboot procedure. 8. After rebooting, the tagged ports will communicate with 802.1Q tagged devices only. 9. In the Network setting, type the subnet 192.168.1.0 to LAN. For example, the VLAN5 LAN IP is 192.168.1.1 and the Subnet Mask is 255.255.255.0.
A.3.2 Two VLANs for Different Departments in A Company A company wants to separate the Engineer Department and Other Departments to limit their communication to protect the engineering data. In this case, we can define two VLANs that are VLAN5 and VLAN6. The subnet of VLAN5 is 192.168.1.0, and the subnet of VLAN6 is 192.168.2.0. Procedure: 1. Refer to A.1 to block LAN-to-LAN communication. 2. Create VLAN5 and VLAN6 Groups. 3. In the VLAN5, type “5” to VLAN ID. In the Member field, choose p1 and p2.
148 5. After applying the settings, the web page will be redirected to “reboot” web page. User can it and continue to configure the Network setting. After finishing Network setting, you can execute the reboot procedure. 6. After rebooting, the tagged ports will communicate with 802.1Q tagged devices only. 7. In the Network setting, type the subnet 192.168.1.0 to LAN. For example, the VLAN5 LAN IP is 192.168.1.1 and the Subnet Mask is 255.255.255.0.
A.3.3 Example for the Companies in the Same Building There are four companies in the same building. They share the broadband network and use the Vigor3300V router to achieve the load balance, security, and VoIP features. In this case, we can define four VLANs including VLAN5, VLAN6, VLAN7 and VLAN8. The subnet of VLAN5 is 192.168.1.0; the subnet of VLAN6 is 192.168.2.0; the subnet of VLAN7 is 192.168.3.0; and the subnet of VLAN8 is 192.168.4.0. Procedure: 1. Refer to A.1 to block LAN-to-LAN communication.
150 6. In the VLAN8, type “8” to VLAN ID. In the Member field, choose p4. Then choose the “Tagged” for Frame Tag Operation in p4. We can ignore the PVID (Port VLAN ID), because 802.1q tag will be inserted to the frame from company D. 7. After applying the settings, the web page will be redirect to “reboot” web page. User can ignore it and continue to configure the Network setting. After finishing Network setting, you can execute the reboot procedure. 8.
A.3.4 Example for A Company and Guest A company wants to separate the Engineer Department, Sales Department, Marketing Department and guest to limit their communication with any department to ensure the security. In this case, we can define four VLANs that are VLAN5, VLAN6, VLAN7 and VLAN8. The subnet of VLAN5 is 192.168.1.0; the subnet of VLAN6 is 192.168.2.0; the subnet of VLAN7 is 192.168.3.0; and the subnet of VLAN8 is 192.168.4.0. However, the notebook of guest does not support 802.1Q. Procedure: 1.
152 6. In the VLAN8, type “8” to VLAN ID. In the Member field, choose p4. Then choose the “Untagged” for Frame Tag Operation in p4. We should configure the PVID to “8”, because the device does not support 802.1Q VLAN. 7. After applying the settings, the web page will be redirected to “reboot” web page. User can ignore it and continue to configure the Network setting. After finishing Network setting, you can execute the reboot procedure. 8. After rebooting, the tagged ports will communicate with 802.
A.3.5 Example for Trunk Usage A company wants to separate the Engineer Department, Sales Department, Marketing Department and other departments to limit their communication with each other to ensure the security. Many employees of the company use some switches supported 802.1Q VLAN to expand the network. In this case, we can define four VLANs that are VLAN5, VLAN6, VLAN7 and VLAN8. Each LAN port is Trunk port which supports multiple VLAN. The subnet of VLAN5 is 192.168.1.0; the subnet of VLAN6 is 192.168.2.
the PVID (Port VLAN ID), because 802.1q tag will be inserted to the frame from the switch. 154 6. In the VLAN8, type “8” to VLAN ID. In the Member field, choose p1, p2, p3 and p4. Then choose the “Tagged” for Frame Tag Operation in p1, p2, p3 and p4. We can ignore the PVID (Port VLAN ID), because 802.1q tag will be inserted to the frame from some users. 7. After applying the settings, the web page will be redirected to “reboot” web page. User can ignore it and continue to configure the Network setting.