Page 2 Vigor3910 Series Multi-WAN Security Router User’s Guide Version: 1.0 Firmware Version: V3.9.1.2 (For future update, please visit DrayTek web site) Date: December 18, 2019 Vigor3910 Series User’s Guide...
Page 3 Web registration is preferred. You can register your Vigor router via http://www.DrayTek.com. Firmware & Tools Updates  Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents. http://www.DrayTek.com...
Page 4: Table Of Contents
II-2-2-10 Details Page for IPv6 – 6rd in Ethernet WAN........55 II-2-3 Multi-VLAN ........................57 II-3 LAN ............................60 Web User Interface ........................62 II-3-1 General Setup ........................62 II-3-1-1 Details Page for LAN1 – Ethernet TCP/IP and DHCP Setup ......63 Vigor3910 Series User’s Guide...
Page 5 A-2 How to use DrayDDNS? ..............130 II-6 Routing............................. 135 Web User Interface ........................136 II-6-1 Static Route ........................136 II-6-2 Load-Balance /Route Policy ................... 140 II-6-2-1 General Setup ................140 II-6-2-2 Diagnose for Route Policy ............146 II-6-3 OSPF ..........................148 Vigor3910 Series User’s Guide...
Page 6 Part IV Security ......................213 IV-1 Firewall............................ 214 Web User Interface ........................216 IV-1-1 General Setup ....................... 216 IV-1-2 Filter Setup........................221 IV-1-3 Defense Setup ......................230 IV-1-3-1 DoS Defense ................230 IV-1-3-2 Spoofing Defense..............233 IV-1-4 Diagnose ........................233 Vigor3910 Series User’s Guide...
Page 7 V-1-16 Internal Service User List..................... 302 V-1-17 Dashboard Control ....................... 303 V-2 Bandwidth Management ......................304 Web User Interface ........................306 V-2-1 Sessions Limit ........................ 306 V-2-2 Bandwidth Limit......................308 V-2-3 Quality of Service ......................310 V-3 User Management ........................317 Vigor3910 Series User’s Guide...
Page 8 Application Notes ........................408 A-1 How to Send a Notification to Specified Phone Number via SMS Service in WAN Disconnection ..................408 Part VII Troubleshooting ....................413 VII-1Diagnostics ..........................414 Web User Interface ........................415 VII-1-1 Dial-out Triggering......................415 Vigor3910 Series User’s Guide viii...
Page 9 VII-7 Contacting DrayTek ....................... 444 Part VIII DrayTek Tools ....................445 VIII-1 SmartVPN Client........................446 VIII-1-1 DrayTek Android-based SmartVPN APP for the establishment of SSL VPN connection ..............................446 VIII-1-2 How to Use SmartVPN Android APP to Establish SSL VPN Tunnel?......447 Part IX Telnet Commands....................451...
Page 11: Part I Installation
This part will introduce Vigor router and guide to install the device in hardware and software. Vigor3910 Series User’s Guide...
Page 12: Introduction
Vigor3910 Series, a broadband router, integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DES, the router increases the performance of VPN greatly and offers several protocols (such as IPSec/PPTP/L2TP) with up to 100 VPN tunnels.
Page 13: I-1-1 Indicators And Connectors
The port is connected with 1000Mbps. The port is connected with 10/100Mbps Left The port is connected. WAN1~ The port is disconnected. WAN4 Blinking The data is transmitting. Right The port is connected with 1000Mbps. The port is connected with 10/100Mbps Vigor3910 Series User’s Guide...
Page 14 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connecter for a power cord. ON/OFF - Power switch. Vigor3910 Series User’s Guide...
Page 15: Hardware Installation
Power on the device by pressing down the power switch on the rear panel. The PWR LED should be ON. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. Below shows an outline of the hardware installation for your reference. Vigor3910 Series User’s Guide...
Page 16: I-2-2 Rack-Mounted Installation
Attach the brackets to the chassis of a rack. The second bracket attaches the other side of the chassis. After the bracket installation, the Vigor3910 Series chassis can be installed in a rack by using four screws for each side of the rack.
Page 17: I-2-3 Installing Usb Printer To Vigor Router
You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows 7. For other Windows system, please visit www.DrayTek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
Page 18 A dialog will appear. Click Add a local printer and click Next. In this dialog, choose Create a new port. In the field of Type of port, use the drop down list to select Standard TCP/IP Port. Then, click Next. Vigor3910 Series User’s Guide...
Page 19 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Hostname or IP Address and type 192.168.1.1 as the Port name. Then, click Next. Click Standard and choose Generic Network Card. Vigor3910 Series User’s Guide...
Page 20 Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next. Type a name for the chosen printer. Click Next. Vigor3910 Series User’s Guide...
Page 21 10. Choose Do not share this printer and click Next. 11. Then, in the following dialog, click Finish. Vigor3910 Series User’s Guide...
Page 22 12. The new printer has been added and displayed under Printers and Faxes. Click the new printer icon and click Printer server properties. 13. Edit the property of the new printer you have added by clicking Configure Port. Vigor3910 Series User’s Guide...
Page 23 14. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name. Vigor3910 Series User’s Guide...
Page 24: Accessing Web Page
Please type “admin/admin” as the Username/Password and click Login. Info If you fail to access to the web configuration, please go to “Trouble Shooting” for detecting and solving your problem. Vigor3910 Series User’s Guide...
Page 25 The web page can be logged out according to the chosen condition. The default setting is Auto Logout, which means the web configuration system will logout after 5 minutes without any operation. Change the setting for your necessity. Vigor3910 Series User’s Guide...
Page 26: Changing Password
New Password and Confirm Password. Then click OK to continue. Info The maximum length of the password you can set is 23 characters. Now, the password has been changed. Next time, use the new password to access the Web user interface for this router. Vigor3910 Series User’s Guide...
Page 27 Info Even the password is changed, the Username for logging onto the web user interface is still “admin”. Vigor3910 Series User’s Guide...
Page 28: Dashboard
IPv6 Internet Access, Interface (physical connection), Security and Quick Access. Click Dashboard from the main menu on the left side of the main page. A web page with default selections will be displayed on the screen. Refer to the following figure: Vigor3910 Series User’s Guide...
Page 29: I-5-1 Virtual Panel
LAN port is connected at 1 Gbps. Black WAN port is disconnected. Orange WAN port is connected at 10/100 Mbps. Green WAN port is connected at 1 Gbps. For detailed information about the LED display, refer to I-1-1 LED Indicators and Connectors. Vigor3910 Series User’s Guide...
Page 30: I-5-2 Quick Access For Common Used Menu
Besides, LAN, IP Routed Subnet, WAN interfaces, VPN security settings such as Remote Dial-in User and LAN to LAN also can be accessed on this page easily. Scroll down the page to find them and move your mouse cursor on the item to open the configuration web page. Vigor3910 Series User’s Guide...
Page 31: I-5-3 Gui Map
All the functions the router supports are listed with table clearly in this page. Users can click the function link to access into the setting page of the function for detailed configuration. Click the icon on the top of the main screen to display all the functions. Vigor3910 Series User’s Guide...
Page 32 Vigor3910 Series User’s Guide...
Page 33: I-5-4 Web Console
There is one way to store current used settings quickly by clicking the Config Backup icon. It allows you to backup current settings as a file. Such configuration file can be restored by using System Maintenance>>Configuration Backup. Simply click the icon on the top of the main screen. Vigor3910 Series User’s Guide...
Page 34: I-5-6 Manual Download
Click this icon to open online user’s guide of Vigor router. This document offers detailed information for the settings on web user interface. Click this icon to exit the web user interface. Vigor3910 Series User’s Guide...
Page 35: I-5-8 Online Status
Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. Physical Connection for IPv4 Protocol Vigor3910 Series User’s Guide...
Page 36 Enable – Yes in red means such interface is available but not enabled. Yes in green means such interface is enabled. Line – Displays the physical connection (VDSL, ADSL, Ethernet, or USB) of this interface. Name – Display the name of the router. Vigor3910 Series User’s Guide...
Page 37: I-5-8-2 Virtual Wan
Internet. Such page displays the virtual WAN connection information. Virtual WAN are used by TR-069 management, VoIP service and so on. The field of Application will list i-9the purpose of such WAN connection. Vigor3910 Series User’s Guide...
Page 38: Registering Vigor Router
Please login the web configuration interface of Vigor router by typing “admin/admin” as User Name / Password. Click Support Area>>Production Registration from the home page. A Login page will be shown on the screen. Please type the account and password that you created previously. And click Login. Vigor3910 Series User’s Guide...
Page 39 Agreement regarding user rights carefully while creating a user account. The following page will be displayed after you logging in MyVigor. Type a nickname for the router, then click Add. When the following page appears, your router information has been added to the database. Vigor3910 Series User’s Guide...
Page 40 After clicking OK, you will see the following page. Your router has been registered to myvigor website successfully. Vigor3910 Series User’s Guide...
Page 41: Part Ii Connectivity
Address Translation (NAT) function of the router will dedicate to translate public/private addresses, and the packets will be delivered to the correct host PC in the local area network. DNS, LAN DNS, IGMP, WOL, RADIUS, … Static Route, Load-Balance/Route Policy, OSPF, BGP Vigor3910 Series User’s Guide...
Page 42: Port Setup
P1 ~ P2 - Available options include Auto, 10G and 1G. P3 ~ P4 - Available options include Auto and 2.5G. Due to the hardware limitation, the speed for P4 is the same as P3. P5 ~ P12- Available options include Auto, 1G, 100M, and 10 Vigor3910 Series User’s Guide...
Page 43: Wan
Users can use LAN ports on the router to access Internet. Also, they can access Internet via 802.11(a/b/g/n/ac) wireless standard, and enjoy the powerful firewall, bandwidth management, and VPN features of Vigor3910n series. Vigor3910 Series User’s Guide...
Page 44 Besides, 3G/4G USB Modem in WAN3/WAN4 also can be used as backup device. Therefore, when WAN1 and WAN2 are not available, the router will use 3.5G for supporting automatically. The supported 3G/4G USB Modem will be listed on DrayTek web site. Please visit www.draytek.com for more detailed information.
Page 45: Web User Interface
FTP. If you have no strong demand about speed test result, keep default settings as IP based. Index (WAN1 ~WAN8) Click the WAN interface link under Index to access into the Vigor3910 Series User’s Guide...
Page 46 Choose No to disable the settings for this WAN interface. Display Name Type the description for such WAN interface. Physical Mode Display the physical mode of such WAN interface. Physical Type You can change the physical type for WAN or choose Auto Vigor3910 Series User’s Guide...
Page 47 WAN interfaces (checked below) disconnect. Check boxes for WAN1 to WAN5 – Specify the WAN  interface by checking the WAN box. After finished the above settings, click OK to save the settings. Vigor3910 Series User’s Guide...
Page 48: Ii-2-2 Internet Access
If IPv6 service is active on this WAN interface, the color of “IPv6” will become green. DHCP Client Option This button allows you to configure DHCP client options. DHCP packets can be processed by adding option number and data information when such function is enabled and configured. Vigor3910 Series User’s Guide...
Page 49 Data – Type the content of the data to be processed by the function of DHCP option. Info If you choose to configure option 61 here, the detailed settings in WAN>>Interface Access will be overwritten. Vigor3910 Series User’s Guide...
Page 50: Ii-2-2-1 Details Page For Pppoe In Etherenet Wan
The maximum length of the password you can set is 62 characters. More Options - It shows optional settings for configuration. Service Name - Enter the description of the specific  network service. PPPoE Pass-through The router offers PPPoE dial-up connection. Besides, you Vigor3910 Series User’s Guide...
Page 51 MTU reduce size by– It determines the decreasing size of MTU value. For example, the number specified in this field is “8”. The maximum MTU size is “1500”. After clicking the “detect” button, the system will Vigor3910 Series User’s Guide...
Page 52: Ii-2-2-2 Details Page For Static Or Dynamic Ip In Etherenet Wan
If you have a public subnet, you could assign an IP address or many IP address to the WAN interface. To use Static or Dynamic IP as the accessing protocol of the internet, please click the Static or Dynamic IP tab. The following web page will be shown. Vigor3910 Series User’s Guide...
Page 53 - Username: Type a name as username. The maximum length of the user name you can set is 63 characters. - Password: Type a password. The maximum length of the password you can set is 62 characters. Vigor3910 Series User’s Guide...
Page 54 Default setting is 1500.  MTU reduce size by– It determines the decreasing size of MTU value. For example, the number specified in this field is “8”. The maximum MTU size is “1500”. Vigor3910 Series User’s Guide...
Page 55 MAC address for access authentication. In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field. After finishing all the settings here, please click OK to activate them. Vigor3910 Series User’s Guide...
Page 56: Ii-2-2-3 Details Page For Ipv6 - Offline In Ethernet Wan
WAN detection. Always On means no detection will be executed. The network connection will be on always.  Ping IP/Hostname – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging. Vigor3910 Series User’s Guide...
Page 57: Ii-2-2-5 Details Page For Ipv6 - Tspc In Etherenet Wan
After getting the IPv6 prefix and starting router advertisement daemon (RADVD), the PC behind this router can directly connect to IPv6 the Internet. Vigor3910 Series User’s Guide...
Page 58 IP address in this field for pinging.  TTL (Time to Live) –If you choose Ping Detect as detection mode, you have to type TTL value. After finished the above settings, click OK to save the settings. Vigor3910 Series User’s Guide...
Page 59: Ii-2-2-6 Details Page For Ipv6 - Aiccu In Ethernet Wan
ID (e.g., T115394). Type the ID offered by Tunnel Broker. Subnet Prefix Type the subnet prefix address obtained from service provider. The maximum length of the prefix you can set is 128 characters. Vigor3910 Series User’s Guide...
Page 60 IP address in this field for pinging.  TTL (Time to Live) –If you choose Ping Detect as detection mode, you have to type TTL value. After finished the above settings, click OK to save the settings. Vigor3910 Series User’s Guide...
Page 61: Ii-2-2-7 Details Page For Ipv6 - Dhcpv6 Client In Ethernet Wan
(user profiles) under User Management will be ignored. And all of the filter rules defined and enabled in Firewall menu will be activated. Bridge Subnet – Make a bridge between the selected LAN subnet and such WAN interface. Vigor3910 Series User’s Guide...
Page 62: Ii-2-2-8 Details Page For Ipv6 - Static Ipv6 In Ethernet Wan
IPv6 Gateway Address - Type your IPv6 gateway address Configuration here. WAN Connection Such function allows you to verify whether network Detection connection is alive or not through Ping Detect. Mode – Choose Always On, NS Detect or Ping Detect for the Vigor3910 Series User’s Guide...
Page 63: Ii-2-2-9 Details Page For Ipv6 - 6In4 Static Tunnel In Ethernet Wan
Such mode allows the router to access IPv6 network through IPv4 network. However, 6in4 offers a prefix outside of 2002::0/16. So, you can use a fixed endpoint rather than anycast endpoint. The mode has more reliability. Available settings are explained as follows: Item Description Vigor3910 Series User’s Guide...
Page 64 TTL (Time to Live) –If you choose Ping Detect as detection mode, you have to type TTL value. After finished the above settings, click OK to save the settings. Below shows an example for successful IPv6 connection based on 6in4 Static Tunnel mode. Vigor3910 Series User’s Guide...
Page 65: Ii-2-2-10 Details Page For Ipv6 - 6Rd In Ethernet Wan
IP address in this field for pinging.  TTL (Time to Live) –If you choose Ping Detect as detection mode, you have to type TTL value. After finished the above settings, click OK to save the settings. Vigor3910 Series User’s Guide...
Page 66 Below shows an example for successful IPv6 connection based on 6rd mode. Vigor3910 Series User’s Guide...
Page 67: Ii-2-3 Multi-Vlan
Display whether the settings in this channel are enabled (checked) or not (unchecked). WAN Type Displays the physical medium that the channel will use. VLAN Tag Displays the VLAN tag value that will be used for the packets traveling on this channel. Vigor3910 Series User’s Guide...
Page 68 Open WAN Interface for Check the box to enable relating function. this Channel WAN Application – Management – It can be specified for general  management (Web configuration/telnet/TR-069). If you choose Management, the configuration for this Vigor3910 Series User’s Guide...
Page 69 DNS Server IP Address - Type in the primary IP address for the router. If necessary, type in secondary IP address for necessity in the future. After finished the above settings, click OK to save the settings and return to previous page. Vigor3910 Series User’s Guide...
Page 70: Lan
IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor3910 Series User’s Guide...
Page 71 You can group local hosts by physical ports and create up to 8 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor3910 Series User’s Guide...
Page 72: Web User Interface
DHCP box for each LAN. IP Address - Display the IP address for each LAN item. Such information is set in default and you can not modify it. Details Page - Click it to access into the setting page. Each Vigor3910 Series User’s Guide...
Page 73: Ii-3-1-1 Details Page For Lan1 - Ethernet Tcp/Ip And Dhcp Setup
There are two configuration pages for LAN1, Ethernet TCP/IP and DHCP Setup (based on IPv4) and IPv6 Setup. Click the tab for each type and refer to the following explanations for detailed information. Available settings are explained as follows: Item Description Network Configuration For NAT Usage, Vigor3910 Series User’s Guide...
Page 74 IP addresses available for assignment is the IP Pool Counts, or 1021 minus the last octet of the Start IP Address, whichever is smaller.  Gateway IP Address - The IP address of the gateway, Vigor3910 Series User’s Guide...
Page 75 When you finish the configuration, please click OK to save and exit this page. Private IP addresses can be assigned automatically to LAN clients using Dynamic Host Configuration Protocol (DHCP), or manually assigned. The DHCP server can either be the Vigor3910 Series User’s Guide...
Page 76: Ii-3-1-2 Details Page For Lan1 - Ipv6 Setup
There are two configuration pages for LAN1, Ethernet TCP/IP and DHCP Setup (based on IPv4) and IPv6 Setup. Click the tab for each type and refer to the following explanations for detailed information. Below shows the settings page for IPv6. Vigor3910 Series User’s Guide...
Page 77 It provides 2 daemons for LAN side IPv6 address configuration. One is SLAAC(stateless) and the other is DHCPv6 Server (Stateful). Vigor3910 Series User’s Guide...
Page 78 Setting the M-bit (see Management above) has the same effect as implicitly setting the O-bit, as DHCPv6 supplies all IPv6 configuration information, including what is indicated as available when the O-bit is set. DHCPv6 Server Enable Server –Click it to enable DHCPv6 server. DHCPv6 Vigor3910 Series User’s Guide...
Page 79 The router advertisement daemon sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 stateless auto-configuration. Vigor3910 Series User’s Guide...
Page 80 After making changes on the Advance setting page, click the OK button to retain the changes and return to the LAN IPv6 Setup page. Be sure to click OK on the LAN IPv6 Setup page or else changes made on the Advance setting page will not be saved. Vigor3910 Series User’s Guide...
Page 81: Ii-3-1-3 Details Page For Ip Routed Subnet
DHCP server to start with when issuing IP addresses. If the 1st IP address of your router is 192.168.1.1, the starting IP address must be 192.168.1.2 or greater, but smaller than 192.168.1.254. IP Pool Counts - Enter the maximum number of PCs that you Vigor3910 Series User’s Guide...
Page 82: Ii-3-1-4 Dhcp Server Option
DHCP Options can be configured by clicking the Advanced button on the LAN General Setup screen. Available settings are explained as follows: Item Description Customized List Shows all the DHCP options that have been configured in the Vigor3910 Series User’s Guide...
Page 83 After making all necessary changes, click Update to save the changes. Delete To delete a DHCP option entry, click on it in Customized List, and then click Delete. Reset Clear the current settings. Vigor3910 Series User’s Guide...
Page 84: Ii-3-2 Vlan
Settings in this page only applied to LAN port but not WAN port. Available settings are explained as follows: Item Description Enable Click it to enable VLAN configuration. LAN Port Check the boxes to group them under the selected VLAN. Vigor3910 Series User’s Guide...
Page 85 Inter-LAN Routing allows different LAN subnets to be interconnected or isolated. It is only available when the VLAN functionality is enabled. In the Inter-LAN Routing matrix, a selected checkbox means that the 2 intersecting LANs can communicate with each other. Vigor3910 Series User’s Guide...
Page 86: Ii-3-3 Bind Ip To Mac
IP/MAC which is not listed in IP Bind List also can connect to Internet. Disable Click this radio button to disable this function. All the settings on this page will be invalid. Strict Bind Check the box to block the connection of the IP/MAC which is Vigor3910 Series User’s Guide...
Page 87 IP Bind List. IP Bind List It displays a list for the IP bind to MAC information. Backup IP Bind List Click Backup and enter a filename to back up IP Bind List to a file. Vigor3910 Series User’s Guide...
Page 88: Ii-3-4 Pppoe Server
Item Description PPPoE Server Enable – Activate the built-in PPPoE Server. Disable – Disable the built-in PPPoE Server. Primary DNS / Secondary Type the IP address(es) of Primary /Secondary DNS server for PPPoE Client(s) in LAN. Vigor3910 Series User’s Guide...
Page 89: Nat
Usually we use the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods. Vigor3910 Series User’s Guide...
Page 90: Web User Interface
IP address/port of the server. The port redirection can only apply to incoming traffic. To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides port-mapping entries for the internal hosts. Vigor3910 Series User’s Guide...
Page 91 Source IP Display the IP object of the source IP. Private IP Display the IP address of the internal host providing the service. Press any number under Index to access into next page for configuring port redirection. Vigor3910 Series User’s Guide...
Page 92 Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc. Since the common port numbers of these services (servers) are all the same, you may need to reset the router in order to avoid confliction. Vigor3910 Series User’s Guide...
Page 93 80 to avoid conflict, such as 8080. This can be set in the System Maintenance >>Management Setup. You then will access the admin screen of by suffixing the IP address with 8080, e.g., http://192.168.1.1:8080 instead of port 80. Vigor3910 Series User’s Guide...
Page 94: Ii-4-2 Dmz Host
Click DMZ Host to open the following page. You can set different DMZ host for each WAN interface. Click the WAN tab to switch into the configuration page for that WAN. Vigor3910 Series User’s Guide...
Page 95 WAN1 only. See the following figure. If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface, you will find them in Aux. WAN IP for your selection. Vigor3910 Series User’s Guide...
Page 96 When you have selected one private IP from the above dialog, the IP address will be shown on the screen. Click OK to save the setting. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 97: Ii-4-3 Open Ports
Specify the name for the defined network service. WAN Interface Display the WAN interface used by such index. Aux. WAN IP Display the IP alias setting used by such index. If no IP alias setting exists, such field will not appear. Vigor3910 Series User’s Guide...
Page 98 Specify the transport layer protocol. It could be TCP, UDP, or ----- (none) for selection. Start Port Specify the starting port number of the service offered by the local host. End Port Specify the ending port number of the service offered by the local host. Vigor3910 Series User’s Guide...
Page 99: Ii-4-4 Port Triggering
The duration that these ports are opened depends on the type of protocol used. The  "default" durations are shown below and these duration values can be modified via telnet commands. TCP: 86400 sec. UDP: 180 sec. IGMP: 10 sec. TCP WWW: 60 sec. TCP SYN: 60 sec. Vigor3910 Series User’s Guide...
Page 100 Incoming Protocol Display the protocol for the incoming data of such triggering profile. Incoming Port Display the port for the incoming data of such triggering profile. Click the index number link to open the configuration page. Vigor3910 Series User’s Guide...
Page 101 (TCP, UDP or TCP/UDP) for the incoming data of such triggering profile. Incoming Port Type the port or port range for the incoming packets. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 102: Ii-4-5 Alg
Type a port number for SIP or RTSP protocol. Check the box to make correspond protocol message packet from TCP transmit and receive via NAT. Check the box to make correspond protocol message packet from UDP transmit and receive via NAT. Vigor3910 Series User’s Guide...
Page 103: Applications
FTP, Mail or Web server inside LAN, you can specify specific private IP address (es) to correspondent servers. Thus, even the remote PC is adopting public DNS as the DNS server, the LAN DNS resolution on Vigor3910 Series will respond the specified private IP address.
Page 104 Wake on LAN (WOL) of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting. Vigor3910 Series User’s Guide...
Page 105: Web User Interface
Clear all profiles and recover to factory settings. Default Enable Dynamic DNS Check this box to enable DDNS function. Setup View Log Display DDNS log status. Force Update Force the router updates its information to DDNS server. Vigor3910 Series User’s Guide...
Page 106 Domain Name block. The following two blocks should be typed your account Login Name: test and Password: test. If User-Defined is specified as the service provider, the web page will be changed slightly as follows: Vigor3910 Series User’s Guide...
Page 107 WAN IP. When the WAN IP used by Vigor router is private IP, this function can detect the public IP used by the NAT router and use the detected IP address for DDNS update. Vigor3910 Series User’s Guide...
Page 108 Click OK button to activate the settings. You will see your setting has been saved. DrayDDNS, a new DDNS service developed by DrayTek, can record multiple WAN IP (IPv4) on single domain name. It is convenient for users to use and easily to set up. Each Vigor Router is available to register one domain name.
Page 109 In the DDNS setup menu, uncheck Enable Dynamic DNS Setup, and push Clear All button to disable the function and clear all accounts from the router. In the DDNS setup menu, click the Index number you want to delete and then push Clear All button to delete the account. Vigor3910 Series User’s Guide...
Page 110: Ii-5-2 Lan Dns / Dns Forwarding
FTP, Mail or Web server inside LAN, you can specify specific private IP address (es) to correspondent servers. Thus, even the remote PC is adopting public DNS as the DNS server, the LAN DNS resolution on Vigor3910 Series will respond the specified private IP address.
Page 111 Add – Click it to add a new host with specified reference. Delete – Click it to remove the setting. IP Address List The IP address listed here will be used for mapping with the domain name specified above. In general, one domain name Vigor3910 Series User’s Guide...
Page 112 Type the domain name for such profile. DNS Server IP Address Type the IP address of the DNS server you want to use for DNS forwarding. Click OK button to save the settings. A new LAN DNS profile has been created. Vigor3910 Series User’s Guide...
Page 113: Ii-5-3 Dns Security
Sometime, Vigor router might encounter packets from bogus DNS inquiry. There are two ways to reply such DNS inquiry. Drop – Discard the packets. Pass – Accept the packets and let them pass through Vigor router. Vigor3910 Series User’s Guide...
Page 114: Ii-5-3-2 Domain Diagnose
DNS Server Type the IP address of the DNS Server which will diagnose the domain specified above. Diagnose Click it to perform the diagnosis for the domain. Result The diagnosed information will be displayed on such field. Vigor3910 Series User’s Guide...
Page 115: Ii-5-4 Schedule
Maintenance>>Time and Date). Set to Factory Default Clear all profiles and recover to factory settings. Index Click the index number link to access into the setting page of schedule. Enable Click the box to enable such schedule profile. Vigor3910 Series User’s Guide...
Page 116 Duration Time are configured well. Action Specify which action Call Schedule should apply during the period of the schedule. Force On -Force the connection to be always on. Force Down -Force the connection to be always down. Vigor3910 Series User’s Guide...
Page 117 Assign these two profiles to the PPPoE Internet access profile. Now, the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre-defined in the schedule profiles. Vigor3910 Series User’s Guide...
Page 118: Ii-5-5 Radius/Tacacs
Display the IP address of the secondary server. Click any index number to open the following page. It is used to configure settings for external RADIUS server. Then users of the Vigor router will be authenticated by this server for the network application. Vigor3910 Series User’s Guide...
Page 119 Retry - Set the number of attempts to perform reconnection. If the connection (with the Secondary Server) still fails, stop the connection attempt. The client authentication would be determined as "failed". After finished the above settings, click OK button to save the settings. Vigor3910 Series User’s Guide...
Page 120: Ii-5-5-2 Internal Radius
Index - The index number of the client entry. Enable - Select to enable this client entry. Shared Secret - A text string that is known to both the router’s RADIUS server and the RADIUS client that is used to Vigor3910 Series User’s Guide...
Page 121 To remove a User Profile from the RADIUS server, select it under Selected Authentication List, then click the button. To save changes on the page, click OK. To discard changes, click Cancel. To reset all settings to blank, click Clear. Vigor3910 Series User’s Guide...
Page 122: Ii-5-5-3 External Tacacs
Maximum length is 36 characters. Confirm Shared Secret Enter the Shared Secret for confirmation. To save changes on the page, click OK. To discard changes, click Cancel. To reset all settings to blank, click Clear. Vigor3910 Series User’s Guide...
Page 123: Ii-5-6 Active Directory/ Ldap
Type a port number as the destination port for LDAP server. Use SSL Check the box to use the port number specified for SSL. Regular DN Type this setting if Regular Mode is selected as Bind Type. Vigor3910 Series User’s Guide...
Page 124 / Group Distinguished the LDAP server. Name Sometimes, you may forget the Distinguished Name since it’s too long. Then you may click the button to list all the account information on the AD/LDAP Server to assist you finish Vigor3910 Series User’s Guide...
Page 125 After finished the above settings, click OK to save and exit this page. A new profile has been created. Vigor3910 Series User’s Guide...
Page 126: Ii-5-7 Igmp
ISP. If you have no idea to enable or disable, simply contact your ISP providers. Enable IGMP syslog - Check the box to store the IGMP status ontot Syslog. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 127: Ii-5-7-2 Working Group
Click this link to renew the working multicast group status. Group ID This field displays the ID port for the multicast group. The available range for IGMP starts from 224.0.0.0 to 239.255.255.254. P2 to P12 It indicates the LAN port used for the multicast group. Vigor3910 Series User’s Guide...
Page 128: Ii-5-8 Wake On Lan
MAC Address Enter any one of the MAC address of the bound PCs. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box. Vigor3910 Series User’s Guide...
Page 129: Ii-5-9 Sms / Mail Alert Service
Schedule (1-15) Type the schedule number that the SMS will be sent out. You can click the Schedule(1-15) link to define the schedule. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 130 Schedule (1-15) Type the schedule number that the notification will be sent out. You can click the Schedule(1-15) link to define the schedule. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 131: Ii-5-10 Bonjour
Below shows an example for applying the bonjour feature that Vigor router can be used as the FTP server. 1. Here, we use Firefox and DNSSD to discover the service in such case. Therefore, just ensure the Bonjour client program and DNSSD for Firefox have been installed on the computer. Vigor3910 Series User’s Guide...
Page 132 2. Open the web browse, Firefox. If Bonjour and DNSSD have been installed, you can open the web page (DNSSD) and see the following results. 3. Open System Maintenance>>Management. Type a name (e.g., DrayTek) as the Router Name and click OK.
Page 133 6. Now, any page or document can be printed out through Vigor router (installed with a printer). Vigor3910 Series User’s Guide...
Page 134: Ii-5-11 High Availability
In a matter of seconds the system returns to normal operation. In order to set up High Availability, at least 2 DrayTek routers have to be configured in the following manner: ...
Page 135 >> General Setup page) have higher priority. Authentication Key Enter an authentication key up to 31 characters long. This is used to encrypt the DARP (DrayTek Address Redundancy Protocol) traffic to guard against malicious attacks. Protocol Select the IP protocol to be used for DARP.
Page 136: Ii-5-11-2 Config Sync
Day / Hour / Minute - Primary router will sync its configuration to secondary router based on the time interval set here. Exclude the following Settings selected in this field will be excluded when settings from config sync executing configuration synchronization. This setting is Vigor3910 Series User’s Guide...
Page 137 Take the following picture as an example. The upper Vigor3910 is regarded as primary device, the lower Vigor3910 is regarded as secondary device. When primary Vigor3910 Series is broken down, the secondary device could replace the primary role to take over all jobs as soon as possible.
Page 138: Application Notes
Create LDAP server profiles. Click the Active Directory /LDAP tab to open the profile web page and click any one of the index number link. If we have two groups “RD1” and “SHRD” on LDAP server, we can configure two LDAP server profiles with different Group Distinguished Name. Vigor3910 Series User’s Guide...
Page 139 Click OK to save the settings above. Open User Management>>General Setup. Select User-Based as the Mode option. Vigor3910 Series User’s Guide...
Page 140: How To Use Drayddns
Vigor router supports various DDNS service providers, user can set up user-defined profile to update the DDNS even the service provider is not on the list. Now, DrayTek starts to support our own DDNS service - DrayDDNS. We will provide a domain name for each Vigor router, this single domain name can record IP addresses of all WAN.
Page 141 Make sure you have read the License Agreement. Check I have read and accept the above Agreement, then click Next. Confirm the information, then click Activate. MyVigor server will reply with the service activation information. Vigor3910 Series User’s Guide...
Page 142 Currently, only the domain name is allowed to be modified MyVigor website. We will need to register the router to MyVigor server, and log in to MyVigor website to modify it. Please visit https://myvigor.draytek.com/ or go to Applications >> Dynamic DNS Setup >> DrayDDNS profile and click Edit domain.
Page 143 Log in to MyVigor Website, choose the profile, then click Edit DDNS settings. Input the desired Domain name and click Update. Vigor router will get the modified domain name when the it performs next DDNS updating. We can click Sync domain to accelerate this process. Vigor3910 Series User’s Guide...
Page 144 After few seconds, the router will get the new domain name and print it on the profiles list. Vigor3910 Series User’s Guide...
Page 145: Routing
Other routing Specify routing policy to determine the direction of the data transmission. Info For more detailed information about using policy route, refer to SUPPORT >> TECH SUPPORT >>FAQs on www.draytek.com. Vigor3910 Series User’s Guide III-135...
Page 146: Web User Interface
Go to Routing to open setting page and choose Static Route. The router offers IPv4 and IPv6 for you to configure the static route. Both protocols bring different web pages. Available settings are explained as follows: Vigor3910 Series User’s Guide...
Page 147 Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2.  Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Vigor3910 Series User’s Guide III-137...
Page 148 Use the drop down list to specify an interface for such static route. Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Click OK. Vigor3910 Series User’s Guide...
Page 149 Set to Factory Default Clear all of the settings and return to factory default settings. Viewing IPv6 Routing Displays the routing table for your reference. Table Click any underline of index number to get the following page. Vigor3910 Series User’s Guide III-139...
Page 150: Ii-6-2 Load-Balance /Route Policy
General Setup lists all the policies and shows whether the policy is enabled / disabled, what are the criteria to match, and through which the interface should the traffic to go if the criteria are matched, and also its priority. Vigor3910 Series User’s Guide...
Page 151 Allow to configure detailed settings of route policy. To use Wizard Mode, simple do the following steps: 1. Click the Wizard Mode radio button. 2. Click Index 1. The setting page will appear as follows: Vigor3910 Series User’s Guide III-141...
Page 152 Available settings are explained as follows: Item Description Interface Use the drop down list to choose an interface (LAN/WAN) or VPN profile. Packets match with the above criteria will be transferred to the interface chosen here. Vigor3910 Series User’s Guide...
Page 153 It determines which mechanism that the router will use to Routing forward the packet to WAN. 5. After choosing the mechanism, click Next to get the summary page for reference. 6. If there is no error, click Finish to complete wizard setting. Vigor3910 Series User’s Guide III-143...
Page 154 Network – Type an IP address here.  Mask – Use the drop down list to choose a suitable mask for the network. IP Object / IP Group– Use the drop down list to choose a Vigor3910 Series User’s Guide...
Page 155  VPN – Use the drop down list to choose a VPN tunnel as a failover tunnel.  Route Policy – Use the drop down list to choose an existed route policy profile. Priority Vigor3910 Series User’s Guide III-145...
Page 156: Ii-6-2-2 Diagnose For Route Policy
With the analysis done by such page, possible path (static route, routing table or policy route) of the packets sent out of the router can be traced. Click the Diagnose link on Routing>>Load-Balance/Route Policy or the Diagnose button on the configuration page based on Advanced Mode. Vigor3910 Series User’s Guide...
Page 157 Analyze – Click it to perform the job of analyzing. The analyzed result will be shown on the page. If required, click export analysis to export the result as a file. Vigor3910 Series User’s Guide III-147...
Page 158: Ii-6-3 Ospf
Note that both routers must support OSPF function at the same time to build the OSPF connection. Open Routing >> OSPF to get the following page. Available settings are explained as follows: Item Description Local Enable OSPF Check the box to enable the function. Vigor3910 Series User’s Guide...
Page 159 IP address of the active interface will be used by system automatically. Neighborhoods Displays current neighbors status in BGP routing environment. When you finish the configuration, please click OK to save and exit this page. Vigor3910 Series User’s Guide III-149...
Page 160: Ii-6-4 Bgp
Each AS shall be assigned with one AS number (ASN). The ASN is is a unique identifier for AS to distinguish each network group in the whole interconnected network. It can be operated by one or several ISPs and follows the routing policies made by ISP. Vigor3910 Series User’s Guide...
Page 161: Ii-6-4-1 Basic Settings
Display the name of the neighboring profile. IP Address Display the IP address specified for the neighboring profile. MD5 Auth Display the status (enable or disable) of MD5 Auth. Status Display the connection status for local router and neighboring router. Vigor3910 Series User’s Guide III-151...
Page 162: Ii-6-4-2 Static Network
Available settings are explained as follows: Item Description Select Check the box to enable the configuration for the selected index entry. IP Address Enter the IP address for a router. Subnet Mask Choose the mask value for the IP address. Vigor3910 Series User’s Guide...
Page 163: Application Notes
Example 1: In the following figure, a LAN to LAN VPN tunnel is built between DrayTek VPN router (e.g., Vigor3910 Series) and the remote router. Firewall Router can receive all of the traffic coming from remote PC which wants to access into Internet; and send back the packets to Remote Router through VPN Router.
Page 164 To route the packets coming from the Firewall Router back to the remote router, access into the web user interface of the Firewall Router. Then, set “192.168.1.1/24” as the gateway IP address and set “172.16.3.0/24” as the destination IP address. Vigor3910 Series User’s Guide...
Page 165 In the following web page, check Enable; type “192.168.1.10” as Src IP Range; type “213.57.89.100” as the Destination IP for the remote VPN server; and choose VPN as the Interface setting. Click OK to save the settings. Vigor3910 Series User’s Guide III-155...
Page 166 This page is left blank. Vigor3910 Series User’s Guide...
Page 167: Part Iii Vpn
Here Vigor router support digital certificates conforming to standard X.509. Vigor3910 Series User’s Guide...
Page 168: Vpn And Remote Access
The VPN built is suitable for: Communication between home office and customer  Secure connection between Teleworker, staff on business trip and main office  Exchange data between remote office and main office   POS between chain store and headquarters Vigor3910 Series User’s Guide...
Page 169: Iii-1-1 Remote Access Control
LAN, you should disable the VPN service of Vigor Router to allow VPN tunnel pass through, as well as the appropriate NAT settings, such as DMZ or open port. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 170: Iii-1-2 Ppp General Setup
Maximum MPPE - This option indicates that the router  will use the MPPE encryption scheme with maximum bits (128-bit) to encrypt the data. Mutual Authentication The Mutual Authentication function is mainly used to (PAP) communicate with other routers or clients who need Vigor3910 Series User’s Guide...
Page 171 If PPP connection will be authenticated via RADIUS server or LDAP Authentication LDAP profiles, it is necessary to specify the LAN profile for the dial-in user to get IP from. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 172: Iii-1-3 Ipsec General Setup
On the receiving side, the peer will perform the same one-way hash on the packet and compare the value with the one in the AH it receives. Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality and protection with optional authentication and replay detection service. Vigor3910 Series User’s Guide...
Page 173 Security Payload (ESP) protocol can be used to provide authentication and encryption to IPsec traffic. Three encryption standards are supported for ESP: DES, 3DES and AES, in ascending order of security. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 174: Iii-1-4 Ipsec Peer Identity
Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor3910 Series User’s Guide...
Page 175 The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 176: Iii-1-5 Openvpn
CA certificate and local certificate for OpenVPN tunnel. Certificate authentication can offer more secure VPN tunnel between the client and the router. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 177: Iii-1-5-2 Client Config
Enter the private key file name obtained from 3rd party provider Export The settings in this page can be saved as a file after clicking such button. Later, the downloaded file can be imported to the VPN client for building OpenVPN connection. Vigor3910 Series User’s Guide...
Page 178: Iii-1-6 Remote Dial-In User
Online – Click it to display the online user accounts. Offline – Click it to display the offline user accounts. Index Click the number below Index to access into the setting page of Remote Dial-in User. Vigor3910 Series User’s Guide...
Page 179 Select all VPN protocols allowed for this profile. For L2TP, specify how IPsec should be applied. Options are None – IPsec cannot be used with L2TP connections. Nice to Have – IPsec is preferred but not mandatory for  L2TP connections. Vigor3910 Series User’s Guide...
Page 180 Enable Mobile One-Time Passwords (mOTP) - Select to enable one-time passwords (Mobile-OTP). Enter the PIN Code and Secret. DrayTek’s SmartVPN client has built-in support for mOTP. Third-party mOTP clients can be used to generate passwords when using other VPN clients. For more information on mOTP, visit Mobile-OTP's homepage.
Page 181: Iii-1-7 Lan To Lan
ID, connection type (VPN connection - including PPTP, IPsec Tunnel, and L2TP by itself or over IPsec) and corresponding security methods, etc. The following figure shows the summary table according to the item (All/Trunk/Online/Offline) selected for View. Vigor3910 Series User’s Guide...
Page 182 Click each index to edit each profile and you will get the following page. Each LAN-to-LAN profile includes 5 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. Vigor3910 Series User’s Guide...
Page 183  WAN1 failed, the router will use WAN2 for VPN connection. Netbios Naming Packet Pass – click it to have an inquiry for data transmission  between the hosts located on both sides of VPN Tunnel Vigor3910 Series User’s Guide...
Page 184 L2TP with IPsec Policy - Build a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPsec. Select from below: None: Do not apply the IPsec policy. Accordingly, the  VPN connection employed the L2TP without IPsec Vigor3910 Series User’s Guide...
Page 185 3DES with Authentication-Use triple DES encryption  algorithm and apply MD5 or SHA-1 authentication algorithm. AES without Authentication-Use AES encryption  algorithm and not apply any authentication scheme. Vigor3910 Series User’s Guide...
Page 186 Schedule Profile - Set the wireless LAN to work at certain time interval only. You may choose up to 4 schedules out of the 15 schedules pre-defined in Applications >> Schedule setup. The default setting of this field is blank and the function will always work. Vigor3910 Series User’s Guide...
Page 187 SSL VPN connection through Internet. Specify Remote VPN Gateway - You can specify the IP address of the remote dial-in user or peer ID (should be the same with the ID setting in dial-in type) by checking the box. Vigor3910 Series User’s Guide...
Page 188 VPN tunnel by using the characteristic of GRE. Even hacker can decipher IPsec encryption, he/she still cannot ask LAN site to do data transmission with any information. Such Vigor3910 Series User’s Guide...
Page 189 Herein, we provide four options: TX/RX Both, TX Only, RX Only, and Disable. From first subnet to remote network, you have to do - If the remote network only allows you to dial in with single IP, Vigor3910 Series User’s Guide...
Page 190 Advanced – Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you find there are several subnets behind the remote VPN router. Vigor3910 Series User’s Guide...
Page 191 Virtual IP Mapping – A pop up dialog will appear for you to specify the local IP address and the mapping virtual IP address. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 192: Iii-1-8 Vpn Trunk Management
The TCP Session transmitted by using VPN TRUNK-VPN Load Balance mechanism will not be lost due to one of VPN Tunnels disconnected. Users do not need to reconnect with setting TCP/UDP Service Port again. The VPN Load Balance function can keep the transmission for internal data on tunnel stably Vigor3910 Series User’s Guide...
Page 193 IPsec, PPTP, L2TP, L2TP over IPsec (NICE), L2TP over IPsec(MUST) and so on. Member2 - Display the dial-out profile selected from the Member2 drop down list below. Advanced – This button is available only when LAN to LAN profile (or more) is created. Vigor3910 Series User’s Guide...
Page 194 Member2 drop down list below. Advanced – This button is only available when there is one or more profiles created in this page. Detailed information for this dialog, see later section - Advanced Load Balance and Backup. Vigor3910 Series User’s Guide...
Page 195 For there is one Tunnel created and connected successfully, to keep the load balance effect between two tunnels, auto-dial will be executed within two seconds. To close two tunnels of load balance after connecting, please click Disable for Status in General Setup field. Vigor3910 Series User’s Guide...
Page 196 If the router will be used as the VPN Server (i.e., with virtual address 192.168.50.200). Please type 192.168.50.200 in the field of My GRE IP. Type IP address (192.168.50.100) of the client in the field of Peer GRE IP. See the following graphic for an example. Vigor3910 Series User’s Guide...
Page 197 IP address of the server (192.168.50.200) in the field of Peer GRE IP. After setting profiles for load balance, you can choose any one of them and click Advance for more detailed configuration. The windows for advanced load balance and backup are different. Refer to the following explanation: Vigor3910 Series User’s Guide...
Page 198 VPN Load Balance Policy Below shows the algorithm for Load Balance. Edit – Click this radio button for assign a blank table for configuring Binding Tunnel. Insert after – Click this radio button to adding a new binding Vigor3910 Series User’s Guide...
Page 199 TCP Service Port/UDP Service Port/ICMP/IGMP, such binding tunnel table can be established. Detail Information This field will display detailed information for Binding Tunnel Policy. Below shows a successful binding tunnel policy for load balance: Vigor3910 Series User’s Guide...
Page 200 List the backup profile name. ERD Mode ERD means “Environment Recovers Detection”. Normal – choose this mode to make all dial-out VPN TRUNK backup profiles being activated alternatively. Resume – when VPN connection breaks down or disconnects, Vigor3910 Series User’s Guide...
Page 201: Iii-1-9 Connection Management
VPN TRUNK Management (with Index number and VPN Server IP address). The VPN connection built by Backup Mode supports VPN backup function. Dial - Click this button to execute dial out function. Refresh Seconds - Choose the time for refresh the dial Vigor3910 Series User’s Guide...
Page 202 5, 10, and 30. Refresh - Click this button to refresh the whole connection status. Vigor3910 Series User’s Guide...
Page 203: Application Notes
(in this case, type VPN Server), and check the box of Enable This Profile. For Vigor router will be set as a server, the call direction shall be set as Dial-in and set 0 as Idle Timeout. Vigor3910 Series User’s Guide...
Page 204 Continue to navigate to the TCP/IP Network Settings for setting the LAN IP for remote side. Click OK to save the settings. Open VPN and Remote Access>>Connection Management to check the dial-in connection status (from branch office). Vigor3910 Series User’s Guide...
Page 205 (in this case, type VPN Client), and check the box of Enable This Profile. For such Vigor router will be set as a client, the call direction shall be set as Dial-out. Check the box of Always on for a permanent VPN connection. Vigor3910 Series User’s Guide...
Page 206 IKE Pre-Shared Key button to set the PSK; and select Medium (AH) or High (ESP) as the security method. Continue to navigate to the TCP/IP Network Settings for setting the LAN IP for the remote side. Click OK to save the settings. Vigor3910 Series User’s Guide...
Page 207 Open VPN and Remote Access>>Connection Management to check the dial-in connection status (from head office). Vigor3910 Series User’s Guide...
Page 208: Ssl Vpn
In short,  It is not necessary for users to preinstall VPN client software for executing SSL VPN connection.  There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN. Vigor3910 Series User’s Guide...
Page 209: Web User Interface
Self-signed to use the router’s built-in default certificate. The selected certificate can be used in SSL VPN server and HTTPS Web Proxy. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 210: Iii-2-2 User Account
With SSL VPN, Vigor3910 Series let teleworkers have convenient and simple remote access to central site VPN. The teleworkers do not need to install any VPN software manually. From regular web browser, you can establish VPN connection back to your main office even in a guest network or web cafe.
Page 211 (e.g., e759bb6f0e94c7ab4fe6). Allowed Dial-In Type Select the VPN protocols that this user is allowed to use. PPTP - Allow the remote dial-in user to establish VPN connections with the PPTP protocol. You should set the User Vigor3910 Series User’s Guide...
Page 212 Pre-Shared Key - Select this checkbox to enable Pre-shared Key function and enter a string of up to 63 characters as the pre-shared key. Digital Signature (X.509) – Select this checkbox to enable X.509 Digital Signature and choose a predefined profile that Vigor3910 Series User’s Guide...
Page 213 Local ID - Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 214: Certificate Management
Here you can manage generate and manage the local digital certificates, and set trusted CA certificates. Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Vigor3910 Series User’s Guide...
Page 215: Web User Interface
Click this button to open Generate Certificate Signing Request window. Type in all the information that the window request such as certifcate name (used for identifying different certificate), subject alternative name type and relational settings for subject name. Then click GENERATE again. Vigor3910 Series User’s Guide...
Page 216 The supported types are PKCS12 Certificate and Certificate with a private key. Click this button to import a saved file as the certification information. There are three types of local certificate supported by Vigor router. Vigor3910 Series User’s Guide...
Page 217 Netscape and Microsoft Internet Explorer with their import and export options. Upload Certificate and It is useful when users have separated certificates and private Private Key keys. And the password is needed if the private key is encrypted. Vigor3910 Series User’s Guide...
Page 218 Next, access your CA server and enter the page of certificate request, copy the information into it and submit a request. A new certificate will be issued to you by the CA server. You can save it. Click this button to remove the selected certificate. Vigor3910 Series User’s Guide...
Page 219: Iii-3-2 Trusted Ca Certificate
Therefore, Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user. Later, such root CA generated by DrayTek server can perform the issuing of local certificate. Info Root CA can be deleted but not edited.
Page 220 Trusted CA Certificate window. For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor3910 Series User’s Guide...
Page 221: Iii-3-3 Certificate Backup
Please click Backup on the following screen to save them. If you want to set encryption password for these certificates, please type characters in both fields of Encrypt password and Confirm password. Also, you can use Restore to retrieve these two settings to the router whenever you want. Vigor3910 Series User’s Guide...
Page 222: Iii-3-4 Self-Signed Certificate
Such self-signed certificate is signed with its own private key. The self-signed certificate will be applied in SSL VPN, HTTPS, and so on. In addition, it can be created for free by using a wide variety of tools. Vigor3910 Series User’s Guide...
Page 223: Part Iv Security
It also restricts users in the local network from accessing the Internet. CSM is an abbreviation of Central Security Management which is used to control IM/P2P usage, filter the web content and URL content to reach a goal of security management. Vigor3910 Series User’s Guide...
Page 224 It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor3910 Series User’s Guide...
Page 225 3. ICMP flood attack 11. TCP flag scan 4. Port Scan attack 12. Tear drop attack 5. IP options 13. Ping of Death attack 6. Land attack 14. ICMP fragment 7. Smurf attack 15. Unassigned Numbers 8. Trace route Vigor3910 Series User’s Guide...
Page 226: Firewall
Click Firewall and click General Setup to open the general setup page. Such page allows you to enable / disable Call Filter and Data Filter, determine general rule for filtering the incoming and outgoing data. Available settings are explained as follows: Item Description Vigor3910 Series User’s Guide...
Page 227 IPv4 - To prevent remote client accessing into the PCs on LAN, check the box to make the incoming packets via IPv4 being blocked by such router. It is effective only for the packets routed but not for packets translated by NAT. Vigor3910 Series User’s Guide...
Page 228 All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here. For detailed information, refer to the section of APP Enforcement profile setup. For troubleshooting needs, you can specify to record information for IM/P2P by Vigor3910 Series User’s Guide...
Page 229 Please use the drop-down list to choose a codepage. If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Vigor3910 Series User’s Guide...
Page 230 However, if the network is not stable, small value will be proper. Session timeout – Setting timeout for sessions can make the best utilization of network resources. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 231: Iv-1-2 Filter Setup
Enter filter set comments/description. Maximum length is 23–character long. Direction Display the direction of packet. Src IP / Dst IP Display the IP address of source /destination. Service Type Display the type and port number of the packet. Vigor3910 Series User’s Guide...
Page 232 Source/Destination IP To set the IP address manually, please choose Any Address/Single Address/Range Address/Subnet Address as the Address Type and type them in this dialog. Protocol Specify the protocol(s) which this filter rule will apply to. Vigor3910 Series User’s Guide...
Page 233 (created in CSM>> Web Content Filter) for applying with this router. Please set at least one profile for anti-virus in CSM>> Web Content Filter web page first. Or choose [Create New] from the drop down list in this page Vigor3910 Series User’s Guide...
Page 234 Block Immediately Packets matching the rule will be dropped immediately. 4. After choosing the mechanism, click Next to get the summary page for reference. 5. If there is no error, click Finish to complete wizard setting. Vigor3910 Series User’s Guide...
Page 235 Filter is only applied to outgoing traffic. Note: RT means routing domain for 2nd subnet or other LAN. Source IP / Country Click Edit to access into the following dialog to choose the source/destination IP or IP ranges. Destination IP / Country Vigor3910 Series User’s Guide...
Page 236 To set the service type manually, please choose User defined as the Service Type and type them in this dialog. In addition, if you want to use the service type from defined groups or objects, please choose Group and Objects as the Vigor3910 Series User’s Guide...
Page 237 Choose one of the QoS rules to be applied as firewall rule. For detailed information of setting QoS, please refer to the related section later. User Management Such item is available only when Rule-Based is selected in User Management>>General Setup. The general firewall Vigor3910 Series User’s Guide...
Page 238 Advance Setting Click Edit to open the following window. However, it is strongly recommended to use the default settings here. Codepage - This function is used to compare the characters among different languages. Choose correct codepage can Vigor3910 Series User’s Guide...
Page 239 TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web page. The default setting is Enabled.
Page 240: Iv-1-3 Defense Setup
By default, the threshold and timeout values are set to 2000 packets per second and 10 seconds, respectively. That means, when 2000 packets per second received, they will be regarded as “attack event” and the session will be paused for 10 seconds. Vigor3910 Series User’s Guide...
Page 241 The Vigor router will drop any packets having SYN flag and more fragment bit set. Block Fraggle Attack Check the box to activate the Block fraggle Attack function. Any broadcast UDP packets received from the Internet is blocked. Vigor3910 Series User’s Guide...
Page 242 All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor3910 Series User’s Guide...
Page 243: Iv-1-3-2 Spoofing Defense
Info The result obtained by using Diagnose is offered for RD debug. It will be different according to actual state such as netework connection, LAN/WAN settings and so on. Vigor3910 Series User’s Guide...
Page 244 (from Computer A to B or from the B to A) for the second packet. Protocol – It displays the mode selected above and the sate. If required, click the mode link to configure advanced setting. The common service type (Customize, Ping, Trace Vigor3910 Series User’s Guide...
Page 245 Execute the test and analyze the result. The following figure shows the test result after clicking Analyze. Processing state for the fuctions (MAC Filter, QoS, User management, etc.,) related to the firewall will be displayed by green or red LED. Vigor3910 Series User’s Guide...
Page 246: Application Notes
Firewall>>Filter Setup is used as the default setting, we have to create a new rule starting from Filter Rule 2 of Set 2. Access into the web user interface of Vigor router. Open Firewall>>Filter Setup. Click the Set 2 link and choose the Filter Rule 2 button. Vigor3910 Series User’s Guide...
Page 247 Type 192.168.1.10 in the field of Start IP, and type 192.168.1.20 in the field of End IP. Then, click OK to save the settings. The computers within the range can access into the Internet. Vigor3910 Series User’s Guide...
Page 248 Pass Immediately. Then, click OK to save the settings. Both filter rules have been created. Click OK. Now, all the settings are configured well. Only the computers with the IP addresses within 192.168.1.10 ~ 192.168.1.20 can access to Internet. Vigor3910 Series User’s Guide...
Page 249: Csm (Central Security Management)
Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Info The priority of URL Content Filter is higher than Web Content Filter. Vigor3910 Series User’s Guide...
Page 250: Web User Interface
Clear all profiles. Profile Display the number of the profile which allows you to click to set different policy. Name Display the name of the APP Enforcement Profile. Click the number under Index column for settings in detail. Vigor3910 Series User’s Guide...
Page 251 Check the box to select the APP to be blocked by Vigor router. The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow. Vigor3910 Series User’s Guide...
Page 252: Iv-2-2 Url Content Filter Profile
Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Profile Display the number of the profile which allows you to click to set different policy. Name Display the name of the URL Content Filter Profile. Vigor3910 Series User’s Guide...
Page 253 URL Access Control and Web Feature below, such function can determine the priority for the actions executed. For this one, the router will process the packages with the conditions set below for web feature first, then URL second. Vigor3910 Series User’s Guide...
Page 254 After specifying keywords, the Vigor router will decline the connection request to the website whose URL string matched to any user-defined keyword. It should be noticed that the more simplified the blocking keyword list is, the more efficiently the Vigor router performs. Vigor3910 Series User’s Guide...
Page 255 File Extension Profile – Choose one of the profiles that you configured in Object Setting>> File Extension Objects previously for passing or blocking the file downloading. After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 256: Iv-2-3 Web Content Filter Profile
Please refer to section of creating MyVigor account. WCF adopts the mechanism developed and offered by certain service provider (e.g., DrayTek). No matter activating WCF feature or getting a new license for web content filter, you have to click Activate to satisfy your request.
Page 257 Setup Test Server It is recommended for you to use the default setting, auto-selected. Find more Click it to open http://myvigor.draytek.com for searching another qualified and suitable server. Cache None – the router will check the URL that the user wants to access via WCF precisely, however, the processing rate is normal.
Page 258 Pass - allow accessing into the corresponding webpage with the characters listed on Group/Object Selections. If the web pages do not match with the specified feature set here, they Vigor3910 Series User’s Guide...
Page 259 If the web pages do not match with the specified feature set here, it will be processed with reverse action. After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 260: Iv-2-4 Dns Filter Profile
WCF license must be activated first. Otherwise, DNS filter does not have any effect on packets. Available settings are explained as follows: Item Description DNS Filter Profile Table It displays a list of different DNS filter profiles (with Vigor3910 Series User’s Guide...
Page 261 Vigor router. You can type the message manually for your necessity or click Default Message button to get the default text displayed on the field of Administration Message. After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 262: Application Notes
The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Anti-Spam, Web Content Filter, Anti-Intrusion, and etc.) to filtering the web pages for the sake of protecting your system. To access into MyVigor for getting more information, please create an account for MyVigor.
Page 263 2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. The system will ask if you are 16 years old or over.  If yes, click I am 16 or over. Vigor3910 Series User’s Guide...
Page 264  If not, click I am under 16 years old to get the following page. Then, click I and my legal guardian agree. 5. After reading the terms of service/privacy policy, click Agree. 6. In the following page, enter your personal information in this page and then click Continue. Vigor3910 Series User’s Guide...
Page 265 9. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 10. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor3910 Series User’s Guide...
Page 266 11. When you see the following page, please type in the account and password (that you just created) in the fields of UserName and Password. 12. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. Vigor3910 Series User’s Guide...
Page 267: How To Block Facebook Service Accessed By The Users Via Web Content Filter / Url Content Filter
Note: Manual setting (e.g., one keyword for one website.) Make sure the Web Content Filter license is valid. Open CSM >> Web Content Filter Profile to create a WCF profile. Check Social Networking with Action, Block. Vigor3910 Series User’s Guide...
Page 268 A. Block the web page containing the word of “Facebook” Open Object Settings>>Keyword Object. Click an index number to open the setting page. In the field of Contents, please type facebook. Configure the settings as the following figure. Vigor3910 Series User’s Guide...
Page 269 Open CSM>>URL Content Filter Profile. Click an index number to open the setting page. Configure the settings as the following figure. When you finished the above steps, click OK. Then, open Firewall>>General Setup. Vigor3910 Series User’s Guide...
Page 270 B. Disallow users to play games on Facebook Open Object Settings>>Keyword Object. Click an index number to open the setting page. In the field of Contents, please type apps.facebook. Configure the settings as the following figure. Vigor3910 Series User’s Guide...
Page 271 When you finished the above steps, please open Firewall>>General Setup. Click the Default Rule tab. Choose the profile just configured from the drop down list in the field of URL Content Filter. Now, users cannot open any web page with the word “facebook” inside. Vigor3910 Series User’s Guide...
Page 272: How To Use App Enforcement To Block Application Like Facebook, Youtube Or Teamviewer
APP Enforcement helps network administrator to block applications on LAN network. Draytek routers provide a few categories to set up the profiles e.g., IM, P2P, Protocol, Stream, Remote control. This section is going to demonstrate how to use APP Enforcement to block Facebook, Skype, YouTube and TeamViewer.
Page 273 Choose Skype in VoIP. Choose YouTube in Stream. Choose TeamViewer in Remote control. Click OK to save. Apply the APP Enforcement Profile to a Firewall Filter Rule. Go to Firewall >> Filter Setup, and click an available set. Vigor3910 Series User’s Guide...
Page 274 Select the Direction as LAN/DMZ/RT/VPN -> WAN. Edit the Source IP which should be blocked from the APP. Select Filter as Pass Immediately. Select APP Enforcement as the profile we created in Step 2. You may also check the Syslog if needed. Vigor3910 Series User’s Guide...
Page 275 Click OK to save. With the above configuration, LAN clients cannot be able to use the APP and website. Vigor3910 Series User’s Guide...
Page 276 This page is left blank. Vigor3910 Series User’s Guide...
Page 277: Part V Management
Sessions Limit, Bandwidth Limit, and Quality of Servie (QoS). It is a security feature which disallows any IP traffic (except DHCP-related packets) from a particular host until that host has correctly supplied a valid username and password. Vigor3910 Series User’s Guide...
Page 278: System Maintenance
System Status, TR-069, Administrator Password, User Password, Login Page Greeting, Configuration Backup, Syslog /Mail Alert, Time and Date, Management, Panel Control, Reboot System, Firmware Upgrade, Activation, Internal Service User List and Dashboard Control. Below shows the menu items for System Maintenance. Vigor3910 Series User’s Guide...
Page 279: Web User Interface
- Displays the subnet mask address of the LAN interface. DHCP Server - Displays the current status of DHCP server of the LAN interface. - Displays the assigned IP address of the primary DNS. Link Status - Displays current connection status of the WAN interface. Vigor3910 Series User’s Guide...
Page 280 Address - Displays the IPv6 address for LAN. Scope - Displays the scope of IPv6 address. For example, IPv6 Link Local is non-routable and can only be used for local connections. Internet Access Mode – Displays the connection mode of the WAN interface. Vigor3910 Series User’s Guide...
Page 281: V-1-2-1 Acs And Cpe Settings
ACS Server On Choose the interface for connecting the router to the Auto Configuration Server. ACS Server This section specifies the settings of the ACS Server. URL – Enter the URL for connecting to the ACS. Please refer Vigor3910 Series User’s Guide...
Page 282 -1 indicates that no maximum period is specified. Apply Settings to APs This feature is able to apply TR-069 settings (including STUN and ACS server settings) to all of APs managed by Vigor2865 at the same time. Vigor3910 Series User’s Guide...
Page 283: V-1-2-2 Reporting Configuration
Information related to the router's health are divided into several categories and listed in this field. After checking the item(s), Vigor router will arrange and send corresponding data to VigorACS as a reference for the system administrator. Vigor3910 Series User’s Guide...
Page 284: V-1-2-3 Export Parameters
Enable - Check the box to select the notification item(s). Vigor router will send the utilization status to VigorACS. Click OK to save changes on the page. Click Export to save the TR-069 parameter settings as an ".xml". Vigor3910 Series User’s Guide...
Page 285: V-1-3 Administrator Password
This page allows you to set or change the administrator password. Vigor3910 Series User’s Guide...
Page 286 Authentication method – Select from Basic or  Advanced authentication methods. Basic – Static passwords will be used to authenticate users.  Local Password – Enter the password for the local user. Advanced - Mobile One-time Passwords (mOTP) or Vigor3910 Series User’s Guide...
Page 287 LDAP Server Profiles Setup – Click to set up the LDAP/Active Directory server. Click OK to save changes on the page, and you will be directed to the login screen. Please log in with the new password. Vigor3910 Series User’s Guide...
Page 288: V-1-4 User Password
1. Navigate to System Maintenance>>User Password in the web user interface. 2. Check the box of Enable User Mode for simple web configuration to enable user mode operation. Enter a new password in the field of New Password and click OK. Vigor3910 Series User’s Guide...
Page 289 3. The following screen will appear. Simply click OK. 4. Log out the Vigor router web user interface by clicking the Logout button. 5. The following window will be shown. Enter the new user password in the Password field and click Login. Vigor3910 Series User’s Guide...
Page 290 6. The main screen with User Mode will be shown: Only basic settings are available in User Mode. These are a subset of the Admin Mode settings. Info Setting in User Mode can be configured as same as in Admin Mode. Vigor3910 Series User’s Guide...
Page 291: V-1-5 Login
Enable Check this box to enable the login customization function. Login Page Title Enter a brief description (e.g., Welcome to DrayTek) which will be shown on the heading of the login dialog. Welcome Message and Enter words or sentences here. It will be displayed for Bulletin bulletin message.
Page 292 Vigor3910 Series User’s Guide...
Page 293: V-1-6 Configuration Backup
You will be prompted to enter the password as shown below: Password – Enter a new password for encrypting the  configuration file. Confirm Password – Enter the new password again for  confirmation. Backup - Click to initiate the backup process. Vigor3910 Series User’s Guide...
Page 294 Go to System Maintenance >> Configuration Backup. The following windows will be shown. Click the Choose File button under Backup to bring up the open file dialog box to select the configuration file to be uploaded and restored. Click the Restore button and wait for few seconds. Vigor3910 Series User’s Guide...
Page 295: V-1-7 Configuration Export
Configuration for Vigor3910 can be exported as an user-readable text-based (.exp) file which can be applied to other Vigor router. In addition, it is possible to import an ".exp" file from other DrayTek routers onto the Vigor3910. Available settings are explained as follows:...
Page 296: V-1-8 Syslog/Mail Alert
Please assign the mail address first and click this button to execute a test for verify the mail address is available or not. SMTP Server/SMTP Port - The IP address/Port number of the SMTP server. Vigor3910 Series User’s Guide...
Page 297 For viewing the Syslog, please do the following: Just set your monitor PC’s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD. After installation, click on the Router Tools>>Syslog from program menu. Vigor3910 Series User’s Guide...
Page 298 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor3910 Series User’s Guide...
Page 299: V-1-9 Time And Date
Advanced – Click to enter a custom schedule to enable DST. Use the default time setting or set user defined time for your requirement. Default – uses the default DST schedule for the time  Vigor3910 Series User’s Guide...
Page 300: V-1-10 Snmp
This section allows you to configure settings for SNMP and SNMPV3 services. The SNMPv3 is more secure than SNMP through the use of encryption (supports AES and DES) and authentication (supports MD5 and SHA) for the management needs. Available settings are explained as follows: Item Description Vigor3910 Series User’s Guide...
Page 301 Auth Password Enter a password for authentication. The maximum allowed length is 23 characters. Privacy Algorithm Choose one of the methods listed below as the privacy algorithm. Choose an encryption method as the privacy algorithm. Vigor3910 Series User’s Guide...
Page 302 Type a password for privacy. The maximum length of the text is limited to 23 characters. Enter a password for privacy. The maximum allowed length is 23 characters. Select OK to save changes on the page, or Cancel to discard changes without saving. Vigor3910 Series User’s Guide...
Page 303: V-1-11 Management
Enter the router name provided by ISP. Default: Disable If enabled, the auto-logout function for the web user Auto-Logout interface will be disabled. The web user interface session will not terminate until you manually click the Logout icon. Vigor3910 Series User’s Guide...
Page 304 TLS/SSL Encryption Setup Enable SSL 3.0 and TLS 1.0/1.1/1.2 – Check the box to enable SSL 3.0/1.0/1.1/1.2 encryption protocols. For improved security, the HTTPS and SSL VPN servers that Vigor3910 Series User’s Guide...
Page 305 Disable PING from the Internet is unchecked, pings originating from the Internet will be accepted only if they are from one of the IP addresses and/or subnet masks specified below. This option has no effect if Disable PING Vigor3910 Series User’s Guide...
Page 306 Check the LAN interface for the administrator to use for accessing into web user interface of Vigor router. Index in IP Object- Type the index number of the IP object profile. Related IP address will appear automatically. Select OK to save changes on the page. Vigor3910 Series User’s Guide...
Page 307: V-1-12 Self-Signed Certificate
The self-signed certificate can be used for services such as SSL VPN and HTTPS. In addition, it can be created for free by using a wide variety of tools. Click Regeneration to open Regenerate Self-Signed Certificate window. Vigor3910 Series User’s Guide...
Page 308 Enter all requested information including certificate name (used to differentiate different certificates), subject alternative name type and relational settings for subject name. Then click GENERATE. Vigor3910 Series User’s Guide...
Page 309: V-1-13 Reboot System
When the system pops up Reboot System web page after you configure web settings, please click Reboot Now to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor3910 Series User’s Guide...
Page 310: V-1-14 Firmware Upgrade
Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com. Click System Maintenance>> Firmware Upgrade to launch the Firmware Upgrade Utility. Choose the right firmware by clicking Select. Then, click Upgrade. The system will upgrade the firmware of the router automatically.
Page 311: V-1-15 Activation
The Activate link brings you accessing into www.vigorpro.com to finish the activation of the account and the router. Authentication Message As for authentication information of web filter, the process of authenticating will be displayed on this field for your reference. Vigor3910 Series User’s Guide...
Page 312: V-1-16 Internal Service User List
If you check the box next to such item, all of the user profiles listed in this page will be enabled with RADIUS service enabled vice versa. Info For the detailed setting (such as IP address, port number) configuration of internal RADIUS, refer to Applications>>RADIUS/TACACS+. Vigor3910 Series User’s Guide...
Page 313: V-1-17 Dashboard Control
There are nine groups of setting information which can be displayed on Dashboard as a reference for administrator/user. Except for Front Panel and System Information, the settings information regarding to the groups listed on this page can be hidden if required. Vigor3910 Series User’s Guide...
Page 314: Bandwidth Management
This is called per-hop-behavior (PHB). The definition of PHB includes Expedited Forwarding (EF), Assured Forwarding (AF), and Best Effort (BE). AF defines the four classes of delivery (or forwarding) classes and three levels of drop precedence in each class. Vigor3910 Series User’s Guide...
Page 315 However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort. Vigor3910 Series User’s Guide...
Page 316: Web User Interface
Item Description Enable/Disable Enable - Click this button to activate the function of limit session. Disable - Click this button to close the function of limit session. Default Max Sessions - Defines the default session number Vigor3910 Series User’s Guide...
Page 317 All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 318: V-2-2 Bandwidth Limit
Disable - Click this button to close the function of limit bandwidth. Default Limit (Per User) TX Limit - Define the default speed of the upstream for each computer in LAN. RX Limit - Define the default speed of the downstream for Vigor3910 Series User’s Guide...
Page 319 Schedule Profile - You can type in four sets of time schedule for your request. All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. Vigor3910 Series User’s Guide...
Page 320: V-2-3 Quality Of Service
1000kbps for this box. The default value is 10000kbps.  Class 1 ~ 3 / Others –Define the ratio of bandwidth to upstream speed and bandwidth to downstream speed. There are four queues allowed for QoS control. The first Vigor3910 Series User’s Guide...
Page 321 WAN interface. As to class rule, simply click the Add link to access into next page for configuration. Display an online statistics for quality of service for your reference. This feature is available only when the Quality of Service for WAN interface is enabled. Vigor3910 Series User’s Guide...
Page 322 The rate of outbound/inbound must be smaller than the real bandwidth to ensure correct calculation of QoS. It is suggested to set the bandwidth value for inbound/outbound as 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. Vigor3910 Series User’s Guide...
Page 323 For adding a new rule, click Add to open the following page. Available settings are explained as follows: Item Description Enable Check this box to invoke these settings. IP Version Please specify which protocol (IPv4 or IPv6) will be used for this rule. Vigor3910 Series User’s Guide...
Page 324 Service Type drop down list. Those types are predefined in factory. Simply choose the one that you want for using by current QoS. QoS Class Specify the QoS class (1, 2 or 3) for this rule. Vigor3910 Series User’s Guide...
Page 325 By the way, you can set up to 20 rules for one Class. If you want to edit an existed rule, please select the radio button of that one and click Edit to open the rule edit page for modification. Vigor3910 Series User’s Guide...
Page 326 For example, in the following illustration, the VoIP packets in LAN go into Vigor router without any header. However, when they go forward to the Server on ISP through Vigor router, all of the packets are tagged with AF (configured in Bandwidth >>QoS>>Class) automatically. Vigor3910 Series User’s Guide...
Page 327: User Management
Filter rules configured under Firewall usually are applied to the host (the one that the router installed) only. With user management, the rules can be applied to every user connected to the router with customized profiles. Vigor3910 Series User’s Guide...
Page 328: Web User Interface
There are two modes offered here for you to choose. Each mode will bring different filtering effect to the users involved. User-Based - If you choose such mode, the router will apply the filter rules configured in User Management>>User Vigor3910 Series User’s Guide...
Page 329 Landing Page Type the information to be displayed on the first web page when the LAN user accessing into Internet via such router. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 330: V-3-2 User Profile
To set the user profile, please click any index number link to open the following page. Notice that profile 1 (admin) and profile 2 (Dial-In User) are factory default settings. Profile 2 is reserved for future use. Vigor3910 Series User’s Guide...
Page 331 When a user tries to access Internet through this router, an authentication step must be performed first. The user has to type the password specified here to pass the authentication. When the user passes the Vigor3910 Series User’s Guide...
Page 332 Login Permission Schedule - You can type in four sets of time schedule for your request. All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. Vigor3910 Series User’s Guide...
Page 333 Login Permission Schedule - When the scheduling time is up, the router will reset the quota with user-defined time/data values automatically. Schedule – The router will reset the quota with user-defined time/data values at the starting time configured in the selected schedule profile. Vigor3910 Series User’s Guide...
Page 334: V-3-3 User Group
This page allows you to bind several user profiles into one group. These groups will be used in Firewall>>General Setup as part of filter rules. Please click any index number link to open the following page. Vigor3910 Series User’s Guide...
Page 335 3, 4, 5 and so on. Selected Keyword Objects Click button to add the selected user objects in this box. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 336: V-3-4 User Online Status
Display the idle timeout setting for such profile. Action Block - can avoid specified user accessing into Internet. Unblock – allow the user to access into Internet. Logout – the user will be logged out forcefully. Vigor3910 Series User’s Guide...
Page 337: V-3-5 Pppoe User Online Status
Rx Bytes Displays the speed of octets received through such PPPoE user. Tx Bytes Displays the speed of octets transmitted through such PPPoE user. Up Time Displays the connection time of such PPPoE user. Vigor3910 Series User’s Guide...
Page 338: Application Notes
 browser, he will be redirected to the router’s Web authentication interface first. Then, the client is trying to access http://www.draytek.com and but brought to the Vigor router. Since this is an SSL connection, some web browsers will display warning messages.
Page 339  With Mozilla Firefox, you may get the following warning message. Select I Understand the Risks. Vigor3910 Series User’s Guide...
Page 340 With Chrome browser, you may get the following warning. Click Proceed  anyway. After that, the web authentication window will appear. Input the user name and the password for your account (defined in User Management) and click Login. Vigor3910 Series User’s Guide...
Page 341 If the authentication is successful, the client will be redirected to the original web site that he tried to access. In this example, it is http://www.draytek.com . Furthermore, you will get a popped up window as the following. Then you can access the Internet.
Page 342 With the default setup <body stats=1><script language='javascript'> window.location='http://www.draytek.com'</script></body>, you will be redirected to http://www.draytek.com . You may change it if you want. For example, you will get the following welcome message if you enter Login Successful in the Welcome Message table.
Page 343  Management account and a remote dial-in VPN profile can use the same Username, even with different passwords. However, we recommend you to use different usernames for different user profiles in User Management and VPN profiles. Vigor3910 Series User’s Guide...
Page 344 Here expired time is “Unlimited” means the Time Quota function is not enabled for this account. After login, this account will not be expired until it is logout. In the Web interface of router, the configuration page of Time Quota is shown as below. Vigor3910 Series User’s Guide...
Page 345 You will get the following message. The expired time is shown after you login. After you run out the available time, you can’t use this account any more until the administrator manually adds additional time for you. Vigor3910 Series User’s Guide...
Page 346 Any modification to the Firewall policy will break down the connections of all current users. They all have to authenticate again for Internet access. Info 2 The administrator may check the current users from User Online Status page. Vigor3910 Series User’s Guide...
Page 347: How To Use Landing
Landing Page is a special feature configured under User Management. It can specify the message, content to be seen or specify which website to be accessed into when users try to access into the Internet by passing the authentication. Here, we take Vigor3910 Series router as an example.
Page 348 Open any browser (e.g., FireFox, Internet Explorer). The logging page will appear and asks for username and password. Please enter the correct username and password. Click Login. If the logging is successful, you will see the message of Login Success from the browser you use. Vigor3910 Series User’s Guide...
Page 349 In the field of Landing Page, please type the words as below: “ <body stats=1><script language='javascript'> window.location='http://www.draytek.com'</script></body>” Next, enable the Landing Page function. Open User Management -> User Profile and click one of the index number (e.g., index number 3) links. Vigor3910 Series User’s Guide...
Page 350 Open any browser (e.g., FireFox, Internet Explorer). The logging page will appear and asks for username and password. Please enter the correct username and password. Click Login. If the logging is successful, you will be directed into the website of www.draytek.com. Vigor3910 Series User’s Guide...
Page 351: Hotspot Web Portal
Internet through the router. Users could be required to read and agree to terms and conditions, or authenticate themselves prior to gaining access to the Internet. Other potential uses include the serving of advertisements and promotional materials, and broadcast of public service announcements. Vigor3910 Series User’s Guide...
Page 352: Web User Interface
There are five login methods to choose from for authenticating network clients: Skip Login, Click Through, Social Login, PIN Login, and Social or PIN Login. Each login mode will present a different web page to users when they connect to the network. Vigor3910 Series User’s Guide...
Page 353 PIN code, password for RADIUS sever, they will be directed to the landing page and be granted access to the Internet. External RADIUS server will authenticate the users when they attempt to access the Internet for the first time via the router. Vigor3910 Series User’s Guide...
Page 354: V-4-1-2 Steps For Configuring A Web Portal Profile
Portal Server Portal Method There are four methods to be selected as for portal server. When Skip Loging, landing page only or Click through is selected as Portal Method Captive Portal URL Enter the captive portal URL. Vigor3910 Series User’s Guide...
Page 355: V-4-1-1 Login Method
Enter the captive portal URL. Redirection URL Enter the URL to which the client will be redirected. RADIUS Server Authentication Method - To configure the RADIUS server, click the External RADIUS Server link and you will be presented with the Vigor3910 Series User’s Guide...
Page 356 If you have chosen Skip Login, landing page only or External Portal Server as the portal method, skip to step 4 Whitelisting below. Otherwise, proceed to configure the login page by following steps 2 and 3. Vigor3910 Series User’s Guide...
Page 357 Available settings are explained as follows: Item Description Choose Login Select either Color Background or Image Background as the login Background page background scheme. Browser Tab Title Enter the text to be shown as the webpage title in the browser. Vigor3910 Series User’s Guide...
Page 358 Logo Image The DrayTek Logo will be displayed by default. However, you can enter HTML text or upload an image to replace the default logo. Login Method Select the background color of the login panel from the predefined Background Color color list, or select Customize Color and enter the RGB value.
Page 359 This section describes the Login Page setup if you have selected Click Through as the Login Method. Available settings are explained as follows: Item Description Welcome Message Enter the text to be displayed as the welcome message. Terms and Enter the text to be displayed as the Terms and Conditions Vigor3910 Series User’s Guide...
Page 360 Preview to preview the selected color. Save and Next Click to save the configuration on this page and proceed to the next page. Cancel Click to abort the configuration process and return to the profile summary page. Vigor3910 Series User’s Guide...
Page 361 Enter the text to be displayed as the welcome message. Terms and Enter the text to be displayed as the Terms and Conditions Conditions hyperlink text. Description Terms and Enter the text to be displayed in the Terms and Conditions pop-up Conditions Content window. Vigor3910 Series User’s Guide...
Page 362 Enter the text to be displayed on the Facebook login button. Description If you have selected Google login, the setting will appear: Item Description Google Login Enter the text to be displayed on the Google login button. Description Vigor3910 Series User’s Guide...
Page 363 Enter the text to be displayed on the submit PIN button Description Submit Button Color Select the color of the submit button from the predefined color list, or select Customize Color and enter the RGB value. Click Preview to preview the selected color. Vigor3910 Series User’s Guide...
Page 364 And finally, the save and cancel buttons are always displayed. Item Description Save and Next Click to save the configuration on this page and proceed to the next page. Cancel Click to abort the configuration process and return to the profile summary page. Vigor3910 Series User’s Guide...
Page 365 Enter text for the label of the hyperlink to return to the previous Description page. PIN Code Message Enter text to be displayed as the body text on the page. Default Country Select the default country code to be displayed using the dropdown Vigor3910 Series User’s Guide...
Page 366 Enter text to be displayed to notify the user after the PIN has been Message sent. Save and Next Click to save the configuration on this page and proceed to the next page. Cancel Click to abort the configuration process and return to the profile summary page. Vigor3910 Series User’s Guide...
Page 367 Enter up to 30 source IP addresses that are allowed through the router. Save and Next Click to save the configuration on this page and proceed to the next page. Cancel Click to abort the configuration process and return to the profile summary page. Vigor3910 Series User’s Guide...
Page 368 In this step you can configure advanced options for the Hotspot Web Portal. Available settings are explained as follows: Item Description Quota Management Expired Time After Enter the time duration that users are allowed to have Internet Activation access after logging in. Vigor3910 Series User’s Guide...
Page 369 Applied Interfaces Subnet The current Hotspot Web Portal profile will be in effect for the selected subnets. Finish Click to complete the configuration. Cancel Click to abort the configuration process and return to the profile summary page. Vigor3910 Series User’s Guide...
Page 370: V-4-2 Quota Management
Check the box to override the policy configured in Bandwidth Management>>Bandwidth Limit. Session Limit Check the box to override the policy configured in Bandwidth Management>>Session Limit. Quota Policy Profile Add - Create up to 20 policy profiles in such page. Vigor3910 Series User’s Guide...
Page 371 Hours.. min – After the login expires, the account cannot be  used to connect devices to the network for a set period of time. Bandwidth and Bandwidth Limit – Check the box to configure bandwidth limit for Vigor3910 Series User’s Guide...
Page 372 Download/Upload Limits – Set the maximum upload and  download speeds. Session Limit- Check the box to configure a maximum session limit for web portal clients. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 373: Application Notes
Facebook and Google. We demonstrate how to set up the hotspot web portal with Facebook login in the following paragraphs. Make sure the router is connected to the Internet. Go to Hotspot Web Portal >> Profile Setup, click on an available index. Vigor3910 Series User’s Guide...
Page 374 If Login with Facebook is selected, the protocol of the Captive Portal URL need to be changed to HTTPS instead of HTTP because Facebook force to use HTTPS URL in their policy. Enter the APP ID and secret. Click Save and Next. Vigor3910 Series User’s Guide...
Page 375 Choose the Color Background, customize the information a logo color, and click Save and Next. You can click the Step Icon on the top of the page to go to the step you want. The router will save your setting automatically. Vigor3910 Series User’s Guide...
Page 376 Or choose the Image Background, customize the information and background image, and click Save and Next. Vigor3910 Series User’s Guide...
Page 377 Customize the descriptions on the login page, then click Save and Next. You can set the Whitelist for the profile here to allow specific clients to access the internet or certain websites can be visited without login. Vigor3910 Series User’s Guide...
Page 378 Hotspot clients will see after they login successfully. Finally, select the interfaces to which you would like this hotspot profile apply to, then click Finish to save the setting. Then the Hotspot setup is finished. You may click Preview to check the login page. Vigor3910 Series User’s Guide...
Page 379  The client might not be able to access "portal.draytek.com" if this domain name is resolved by a DNS server on LAN. If so, set up LAN DNS to make sure the domain name will be resolved to the router's LAN IP.
Page 380 Network administrator can plug the USB disk to router, to record the basic information of the users who connect to the Wi-Fi and login with their social media accounts. The users' basic information will be listed on Hotspot Web Portal >> Users Information page. Vigor3910 Series User’s Guide...
Page 381: How To Allow Hotspot Clients To Get Login Pin Code Via Sms
PIN code to clients by SMS messages. 1. Make sure the router is connected to the Internet. 2. Create an SMS Object to send SMS messages. Go to Objects Setting >> SMS Service Object, and click on an available profile. Vigor3910 Series User’s Guide...
Page 382 3. Enter the Service Provider details, and click OK to apply. 4. Go to Hotspot Web Portal >> Profile Setup, click on an available profile. 5. Enable the profile, give a comment, and choose “PIN Code Login”. Then click Next. Vigor3910 Series User’s Guide...
Page 383 6. Choose a login page design, customize the details, and click Next. 7. Edit the message on the login page, and click Next. 8. Edit the details for SMS settings, then click Next. Vigor3910 Series User’s Guide...
Page 384 9. Edit the landing page, choose the interfaces to which the SMS login should apply, and then click Finish. 10. Now, the hotspot settings are applied to the selected interfaces. You may click Preview to check how the login page looks. Vigor3910 Series User’s Guide...
Page 385 11. If the client connected to the selected interface of the router and try to open a webpage, they will be redirected to hotspot login page. If they do not have a password yet, they can click on the button to get a password. Vigor3910 Series User’s Guide...
Page 386  The client might not be able to access "portal.draytek.com" if this domain name is resolved by a DNS server on LAN. If so, set up LAN DNS to make sure the domain name will be resolved to the router's LAN IP.
Page 387 13. The number will get a message about the password. 14. Enter the password on the login page, and click Login. Vigor3910 Series User’s Guide...
Page 388 15. If the password is correct, the client will be redirected to the landing page, and after that, they will be able to surf the Internet. Vigor3910 Series User’s Guide...
Page 389: Part Vi Others
Define objects such as IP address, service type, keyword, file extension and others. These pre-defined objects can be applied in CSM. Vigor3910 Series User’s Guide...
Page 390: Objects Settings
Define objects such as IP address, service type, keyword, file extension and others. These pre-defined objects can be applied in CSM. Vigor3910 Series User’s Guide...
Page 391: Web User Interface
Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). You can set up to 192 sets of IP Objects with different conditions. Vigor3910 Series User’s Guide...
Page 392 Microsoft Excel and modify all the IP objects at the same time. Backup the current IP Objects with a CSV file – Click it to backup current IP objecsts as a CSV file. Such file can be Vigor3910 Series User’s Guide...
Page 393 Select Any Address if this object contains any IP address. Select Mac Address if this object contains Mac address. MAC Address Type the MAC address of the network card which will be controlled. Start IP Address Type the start IP address for Single Address type. Vigor3910 Series User’s Guide...
Page 394 If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Below is an example of IP objects settings. Vigor3910 Series User’s Guide...
Page 395: Vi-1-2 Ip Group
To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Vigor3910 Series User’s Guide...
Page 396: Vi-1-3 Ipv6 Object
You can set up to 64 sets of IPv6 Objects with different conditions. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. Vigor3910 Series User’s Guide...
Page 397 Invert Selection If it is checked, all the IPv6 addresses except the ones listed above will be applied later while it is chosen. After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 398: Vi-1-4 Ipv6 Group
Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor3910 Series User’s Guide...
Page 399: Vi-1-5 Service Type Object
You can set up to 96 sets of Service Type Objects with different conditions. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. Vigor3910 Series User’s Guide...
Page 400 (>) – the port number greater than this value is available. (<) – the port number less than this value is available for this profile. After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 401: Vi-1-6 Service Type Group
Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Group column for configuration in details. 2. The configuration page will be shown as follows: Vigor3910 Series User’s Guide...
Page 402 Objects Setting>>Service Type Object will be shown in this box. Selected Service Type Click >> button to add the selected IP objects in this box. Objects After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 403: Vi-1-7 Keyword Object
You can set 200 keyword object profiles for choosing as black /white list in CSM >>URL Web Content Filter Profile. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. Vigor3910 Series User’s Guide...
Page 404 Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. After finishing all the settings, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 405: Vi-1-8 Keyword Group
Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor3910 Series User’s Guide...
Page 406: Vi-1-9 File Extension Object
All the files with the extension names specified in these profiles will be processed according to the chosen action. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. Vigor3910 Series User’s Guide...
Page 407 Type a name for this profile. The maximum length of the name you can set is 7 characters. Type a name for such profile and check all the items of file extension that will be processed in the router. Finally, click OK to save this profile. Vigor3910 Series User’s Guide...
Page 408: Vi-1-10 Sms/Mail Service Object
Display the service provider which offers SMS service. To set a new profile, please do the steps listed below: 1. Click the SMS Provider tab, and click the number (e.g., #1) under Index column for configuration in details. Vigor3910 Series User’s Guide...
Page 409 Note that one credit equals to one SMS text message on the standard route. Sending Interval To avoid quota being exhausted soon, type time interval for sending the SMS. 3. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 410 Provider. You have to contact your SMS provider to obtain the exact URL string. Username Type a user name that the sender can use to register to selected SMS provider. The maximum length of the name you can set is 31 Vigor3910 Series User’s Guide...
Page 411 Each item is explained as follows: Item Description Set to Factory Default Clear all of the settings and return to factory default settings. Index Display the profile number that you can configure. Profile Display the name for such mail server profile. Vigor3910 Series User’s Guide...
Page 412 31 characters. Password – Type a password for authentication. The maximum length of the password you can set is 31 characters. Sending Interval Define the interval for the system to send the SMS out. Vigor3910 Series User’s Guide...
Page 413: Vi-1-11 Notification Object
You can set an object with different monitoring situation. To set a new profile, please do the steps listed below: 1. Open Object Setting>>Notification Object, and click the number (e.g., #1) under Index column for configuration in details. Vigor3910 Series User’s Guide...
Page 414 Central VPN Management is checked. Once such profile is enabled, Vigor router system will send out notification to the recipient via SMS. 3. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 415: Vi-1-12 String Object
Display the number link of the string profile. String Display the string defined. Clear Choose the string that you want to remove. Then click this check box to delete the selected string. Below shows an example to apply string object (in Route Policy): Vigor3910 Series User’s Guide...
Page 416: Vi-1-13 Country Object
(refer to the following figure for example). To set a new profile, please do the steps listed below: 1. Open Object Setting>>Country Object, and click the number (e.g., #1) under Index column for configuration in details. Vigor3910 Series User’s Guide...
Page 417 Check the box(es) for the country/countries to be blocked by Firewall. Note that one country profile can contain 1 up to 16 countries. 3. After finishing all the settings here, please click OK to save the configuration. Vigor3910 Series User’s Guide...
Page 418: Application Notes
Choose any index number (e.g., Index 1 in this case) to configure the SMS Provider setting. In the following page, type the username and password and set the quota that the router can send the message out. Vigor3910 Series User’s Guide...
Page 419 Choose any index number (e.g., Index 1 in this case) to configure conditions for sending the SMS. In the following page, type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper. Vigor3910 Series User’s Guide...
Page 420 Click OK to save the settings. Later, if one of the WAN connections fails in your router, the system will send out SMS to the phone number specified. If the router has only one WAN interface, the system will send out SMS to the phone number while reconnecting the WAN interface successfully. Vigor3910 Series User’s Guide...
Page 421 URL string of the SMS provider and type the username and password. After clicking OK, the new added SMS provider will be added and will be available for you to specify for sending SMS out. Vigor3910 Series User’s Guide...
Page 422 This page is left blank. Vigor3910 Series User’s Guide...
Page 423: Part Vii Troubleshooting
This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Vigor3910 Series User’s Guide...
Page 424: Vii-1Diagnostics
Backing to factory default setting if necessary.  If all above stages are done and the router still cannot run normally, it is the time for you to contact your dealer or DrayTek technical support for advanced help. Vigor3910 Series User’s Guide...
Page 425: Web User Interface
(e.g., PPPoE) is triggered by a package sending from the source IP address. Available settings are explained as follows: Item Description Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. Vigor3910 Series User’s Guide...
Page 426: Vii-1-2 Routing Table
Click Diagnostics and click Routing Table to open the web page. Available settings are explained as follows: Item Description Refresh Click it to reload the page. Vigor3910 Series User’s Guide...
Page 427: Vii-1-3 Arp Cache Table
Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Available settings are explained as follows: Item Description Refresh Click it to reload the page. Vigor3910 Series User’s Guide...
Page 428: Vii-1-4 Ipv6 Neighbour Table
This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click IPv6 Neighbour Table to open the web page. Available settings are explained as follows: Item Description Refresh Click it to reload the page. Vigor3910 Series User’s Guide...
Page 429: Vii-1-5 Dhcp Table
It displays the MAC address for the specified PC that DHCP assigned IP address for it. Leased Time It displays the leased time of the specified PC. HOST ID It displays the host ID name of the specified PC. Refresh Click it to reload the page. Vigor3910 Series User’s Guide...
Page 430: Vii-1-6 Nat Sessions Table
It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host. Interface It displays the representing number for different interface. Refresh Click it to reload the page. Vigor3910 Series User’s Guide...
Page 431: Vii-1-7 Dns Cache Table
Click OK to enable such function. It means when the TTL value of each DNS query reaches the threshold of the value specified here, the corresponding record will be deleted from router’s Cache automatically. Vigor3910 Series User’s Guide...
Page 432: Vii-1-8 Ping Diagnosis
Use the drop down list to choose the WAN interface that you want to ping through or choose Auto to be determined by the router automatically. Ping to Use the drop down list to choose the destination that you Vigor3910 Series User’s Guide...
Page 433 Type the IPv6 address that you want to ping. Click this button to start the ping work. The result will be displayed on the screen. Clear Click this link to remove the result on the window. Vigor3910 Series User’s Guide...
Page 434: Vii-1-9 Data Flow Monitor
Item Description Enable Data Flow Monitor Check this box to enable this function. Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system Vigor3910 Series User’s Guide...
Page 435 Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General Setup. If you do not specify any rate at that page, here will display Auto for instead. Vigor3910 Series User’s Guide...
Page 436: Vii-1-10 Traffic Graph
WAN1/WAN3/WAN5/WAN6/WAN7/WAN8 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor3910 Series User’s Guide...
Page 437: Vii-1-11 Trace Route
Available settings are explained as follows: Item Description IPv4 / IPv6 Click one of them to display corresponding information for it. Trace through Use the drop down list to choose the interface that you want to ping through. Vigor3910 Series User’s Guide...
Page 438: Vii-1-13 Syslog Explorer
Always record the new event – only the newest events will be recorded by the system. Time Display the time of the event occurred. Message Display the information for each event. Vigor3910 Series User’s Guide...
Page 439: Vii-1-14 Ipv6 Tspc Status
If TSPC has configured properly, the router will display the following page when the user connects to tunnel broker successfully. Available settings are explained as follows: Item Description Refresh Click this link to refresh this page manually. Vigor3910 Series User’s Guide...
Page 440: Vii-1-15 High Availability Status
All of the routers under the same DARP (DrayTek Address Resolution Protocol) group can be viewed in such page. However, only partial information of the router status will be displayed. Vigor routers with the following condtions will be treated as the same DARP group: ...
Page 441 Display the time period since the last time to get the newest status of other router (except the primary router). Cick the link of Status, Router Name, IPv4 or Details, the following page will be displayed on the screen. Vigor3910 Series User’s Guide...
Page 442: Vii-1-16 Authentication Information
Always record the new event – only the newest events  will be recorded by the system. Time Display the time the user authenticated by Vigor3910 series. Message Display authentication information done by Vigor3910 series. Vigor3910 Series User’s Guide...
Page 443: Vii-1-17 Dos Flood Table
Moreover, IP address detected and suspected to attack the network system can be blocked shortly by clicking the Block button shown on pages of SYN Flood, UDP Flood and ICMP Flood. Info The icon - - means there is something wrong (e.g., attacking the system) with that IP address. Vigor3910 Series User’s Guide...
Page 444: Vii-1-18 Route Policy Diagnosis
Dst IP – Type an IP address as the destination IP. Dst Port – Use the drop down list to specify the destination port. Analyze – Click it to perform the job of analyzing. The analyzed result will be shown on the page.. Vigor3910 Series User’s Guide...
Page 445 If required, click export analysis to export the result as a file. Note that the analysis was based on the current "load-balance/route policy" settings, we do not guarantee it will be 100% the same as the real case. Vigor3910 Series User’s Guide...
Page 446: Checking If The Hardware Status Is Ok Or Not
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “I-2 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor3910 Series User’s Guide...
Page 447: Checking If The Network Connection Settings On Your Computer Is Ok Or Not
Open All Programs>>Getting Started>>Control Panel. Click Network and Sharing Center. In the following window, click Change adapter settings. Icons of network connection will be shown on the window. Right-click on Local Area Connection and click on Properties. Vigor3910 Series User’s Guide...
Page 448 Select Internet Protocol Version 4 (TCP/IP) and then click Properties. Select Obtain an IP address automatically and Obtain DNS server address automatically. Finally, click OK. Vigor3910 Series User’s Guide...
Page 449 Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor3910 Series User’s Guide...
Page 450: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor3910 Series User’s Guide...
Page 451 Vigor3910 Series User’s Guide...
Page 452: Checking If The Isp Settings Are Ok Or Not
 If the problem of LEDs cannot be solved by the above measures, please contact with the nearest reseller, or send an e-mail to DrayTek FAE for technical support.  Check if the settings offered by ISP are configured well or not.
Page 453: Backing To Factory Default Setting If Necessary
Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click Reboot Now. After few seconds, the router will return all the settings to the factory settings. Vigor3910 Series User’s Guide...
Page 454: Contacting Draytek
If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@DrayTek.com. Vigor3910 Series User’s Guide...
Page 455: Part Viii Draytek Tools
Vigor3910 Series User’s Guide...
Page 456: Viii-1 Smartvpn Client
DrayTek has been the world-leading company to integrate VPN with Vigor SOHO routers to serve professionals and business customers with secure data transactions over Internet. The facilities of VPN let businesses are able to receive and send data over Internet with secure tunnels.
Page 457: Viii-1-2 How To Use Smartvpn Android App To Establish Ssl Vpn Tunnel
On VPN server, create a SSL user account. Please refer to “How to Set up SSL VPN” on www.draytek.com for detailed instructions. Download the APP from Google play, and run the APP. Click “+” to add a new profile. Vigor3910 Series User’s Guide...
Page 458 If you check “Use default gateway on remote network”, all the traffic of this smart device will be forwarded to the remote gateway. Tap the profile bar to establish SSL VPN tunnel. Enter Username and Password, then tap Dial. Vigor3910 Series User’s Guide...
Page 459 When the tunnel is up, the profile will turn green. Tap the bar again will disconnect the tunnel. Tap the pencil icon to edit or remove the profile. Vigor3910 Series User’s Guide...
Page 460 This page is left blank. Vigor3910 Series User’s Guide...
Page 461: Part Ix Telnet Commands
Vigor3910 Series User’s Guide...
Page 462: Accessing Telnet Of Vigor3910
If you have changed the default, enter the current IP address of the router. Next, type admin/admin for Account/Password. Then, type ?. You will see a list of valid/common commands depending on the router that your use. Vigor3910 Series User’s Guide...
Page 463 For users using previous Windows system (e.g., 2000/XP), simply click Start >> Run and type Telnet 192.168.1.1 in the Open box as below. Next, type admin/admin for Account/Password. And, type ? to get a list of valid/common commands. Vigor3910 Series User’s Guide...
Page 464 ACTION Specify the action of the application, 0 or 1. 0: Block. All of the applications meet the CSM rule will be blocked. 1: Pass. All of the applications meet the CSM rule will be passed. Vigor3910 Series User’s Guide...
Page 465 It is used to display the configuration status (enabled or disabled) for IM/P2P/Protocol/Other applications. csm appe config -v INDEX [-i|-p|-t|-m] Parameter Description INDEX Specify the index number of CSM profile, from 1 to 32. View the configuration status of IM group. View the configuration status of P2P group. Vigor3910 Series User’s Guide...
Page 466 It is used to set notification e-mail for APPE signature based on the settings configured in System Maintenance>>SysLog/Mail Alert Setup (in which, the box of APPE Signature is checkd under Enable E-Mail Alert). csm appe email [-e|-d|-s] Vigor3910 Series User’s Guide...
Page 467 1: It means Bundle: Block. 2: It means Either: URL Access Control First. 3: It means Either: Web Feature First. It means the log type of the profile. They are: P: Pass, B: Block, A: All, Vigor3910 Series User’s Guide...
Page 468 B: Block. The web access meets the URL Access Control will be blocked. P: Pass. The web access meets the URL Access Control will be passed. Prevent the web access from any IP address. E: Enable the function. The Internet access from any IP address will Vigor3910 Series User’s Guide...
Page 469 Profile Name:[game] Log:[none] Priority Select : [Bundle : Pass] [ ]Enable URL Access Control Action:[block] [v]Prevent web access from IP address. No Obj NO. Object Name --- -------- --------------------------------- No Grp NO. Group Name --- -------- --------------------------------- Vigor3910 Series User’s Guide...
Page 470 Log:[none] Priority Select : [Bundle : Pass] [ ]Enable URL Access Control Action:[block] [v] Prevent web access from IP address. No Obj NO. Object Name --- -------- --------------------------------- No Grp NO. Group Name --- -------- --------------------------------- Vigor3910 Series User’s Guide...
Page 471 P: Pass. The web access meets the web feature will be passed. Set the profile name. PROFILE_NAME Specify the name of the profile (less than 16 characters) It means the log type of the profile. They are: P: Pass, Vigor3910 Series User’s Guide...
Page 472 Transportation, Compromised, Dating & Personals, , Education, Finance, Government,Health & Medcine, News, Non-profits & NGOs, Personal Sites,Politics, Real Estate, Rligion, Restaurants & Dining,Shopping, Translators, General, Cults,Greetig cards, Image Sharing, Network Errors, Parked Domains, Private IP Addresses) Vigor3910 Series User’s Guide...
Page 473 N|P|B|A csm dnsf service WCF_PROFILE csm dnsf service_ucf UCF_PROFILE csm dnsf time CACHE_TIME csm dnsf blockpage show/on/off csm dnsf profile_show csm dnsf profile_edit INDEX csm dnsf profile_edit INDEX -n PROFILE_NAME csm dnsf profile_edit INDEX -l N|P|B|A Vigor3910 Series User’s Guide...
Page 474 1 to 24; 1 is one hour, 2 is two hours, and so on ...) for DNS filter. > csm dnsf service 2 dns service set up!!! >csm dnsf service 3 wcf profile 3 is empty..>csm dnsf cachetime 1 Vigor3910 Series User’s Guide...
Page 475 [value]: limit up to 64 characters -P [value] It means to type Password. [value]: limit up to 24 characters -C [value] It means to enable /disable Wildcards. [value]: 0: Disable, 1:Enable -B [value] It means to enable / disable Backup MX. Vigor3910 Series User’s Guide...
Page 476 It means to type User-Defined Auth Type. [value]: 0: basic 1: URL -N [value] It means to type User-Defined Connection Type. [value]: 0: Http 1: Https -O [value] It means to type User-Defined Server Response. [value]: limit up to 32 characters Vigor3910 Series User’s Guide...
Page 477 This command will update DDNS automatically. > ddns forceupdate Now updating DDNS ... Please check result by using command "ddns log" This command will return DDS with factory default settings. >ddns setdefault >Set to Factory Default. Vigor3910 Series User’s Guide...
Page 478 THRESHOLD It means the packet rate (packet/second) that a flooding attack will be detected. Set a value larger than 20. TIMEOUT It means the time (seconds) that a flooding attack will be blocked. Vigor3910 Series User’s Guide...
Page 479 Disable the defense function for a specific attack(s). >dos –A The Dos Defense system is Activated >dos –s synflood 50 10 Synflood is enabled! Threshold=50 <pke/sec> timeout=10 <pke/sec> Vigor3910 Series User’s Guide...
Page 480 IP address here for WAN port. -n <netmask> It means to assign netmask for WAN connection. You have to type 255.255.255.xxx (x is changeable) as the netmask for WAN port. -g <gateway> Assign gateway IP for such WAN connection. Vigor3910 Series User’s Guide...
Page 481 WAN1 Password set successful WAN1 PPP Authentication Type set to PAP/CHAP WAN1 Idle timeout set to always-on WAN1 Gateway IP set to 0.0.0.0 > internet -V WAN1 Internet Mode:PPPoE ISP Name: tcom Username: username Authentication: PAP/CHAP Vigor3910 Series User’s Guide...
Page 482 Specify an IP address. The system will set the one that you specified as the public subnet IP address. > ip pubaddr ? % ip addr <public subnet IP address> % Now: 192.168.0.1 > ip pubaddr 192.168.2.5 % Set public subnet IP address done !!! Vigor3910 Series User’s Guide...
Page 483 Specify a number of WAN interface. "0" means no WAN. Delete an existed WAN IP address. > ip lanalias 1 -a 192.168.1.56 > This command allows users to set/add a specified LAN IP your router. ip addr [IP address] Vigor3910 Series User’s Guide...
Page 484 /destination MAC address; arp setCacheLife allows users to configure the duration in which ARP caches can be stored on the system. If ip arp setCacheLife is set with “60”, it means you have an ARP cache at 0 second. Sixty seconds later without any ARP messages received, the Vigor3910 Series User’s Guide...
Page 485 -e [1 or 0] -w [wan unmber] -c [option number] -a [option value] ip dhcpc option -u [idx unmber] ip dhcpc release [wan number] ip dhcpc renew [wan number] ip dhcpc status Parameter Description option It is an optional setting for DHCP server. Vigor3910 Series User’s Guide...
Page 486 It means the WAN interface that the above IP address passes through. >ip ping 172.16.3.229 WAN1 Pinging 172.16.3.229 with 64 bytes of Data: Receive reply from 172.16.3.229, time=0ms Receive reply from 172.16.3.229, time=0ms Receive reply from 172.16.3.229, time=0ms Vigor3910 Series User’s Guide...
Page 487 Type the WAN or LAN IP address of the remote device. Port Type a port number (e.g., 23). Available settings: 0 ~65535. > ip telnet 172.17.3.252 23 > This command allows users to set the RIP (routing information protocol) of IP. Vigor3910 Series User’s Guide...
Page 488 > ip wanrip 5 -e 1 > ip wanrip ? Valid ex:ip wanrip <ifno> -e <0/1> <ifno> 1: WAN1,2: WAN2 3: PVC3,4: PVC4,5: PVC5 -e <0/1> 0: disable, 1: enable Now status: WAN[1] Rip Protocol disable Vigor3910 Series User’s Guide...
Page 489 > ip route status Codes: C - connected, S - static, R - RIP, * - default, ~ - private 192.168.9.0/ 255.255.255.0 is directly connected, DMZ 192.168.1.0/ 255.255.255.0 is directly connected, LAN1 172.16.2.0/ 255.255.255.0 via 172.16.2.4, WAN1 Vigor3910 Series User’s Guide...
Page 490 The default value is 125000 ms Current Setting is:130000 ms > ip igmp_proxy set % ip igmp_proxy [set|reset|wan|status], IGMP Proxy is ON > ip igmp_proxy status %% ip igmp_proxy [set|reset|wan|status], IGMP Proxy is ON %%% igmp_proxy WAN: 239.255.255.250 state=1 239.255.255.250 timer=0 Vigor3910 Series User’s Guide...
Page 491 IP session block works. ip session on ip session off ip session default [num] ip session defaultp2p [num] ip session status ip session show ip session timer [num] ip session [block/unblock][IP] Vigor3910 Series User’s Guide...
Page 492 Current default session number is 100 This command allows users to set maximum bandwidth limit number for the specified IP. ip bandwidth on ip bandwidth off ip bandwidth default [tx_rate][rx_rate] ip bandwidth status ip bandwidth show ip bandwidth [add/del] [IP1-IP2][tx][rx][shared] Vigor3910 Series User’s Guide...
Page 493 [IP][MAC][Comment] ip bindmac del [IP]/all Parameter Description Turn on IP bandmac policy. Even the IP is not in the policy table, it can still access into network. Turn off all the bindmac policy. Vigor3910 Series User’s Guide...
Page 494 [idx] show ip bgp neighbor show all ip bgp static [sidx][ip][<netmask] ip bgp static [sidx] delete ip bgp static show Parameter Description mode <0/1> It means to enable / disable BGP mode. 0: disable 1: enable Vigor3910 Series User’s Guide...
Page 495 <sidx>: Available profile number is between 1 and 16. static show It means to display setting information for exchanging the routing information with the local router. > ip bgp static 1 192.168.2.56 255.255.255.0 Set static network index: 1 Vigor3910 Series User’s Guide...
Page 496 IP addr: 192.168.2.56 Net mask: 255.255.255.0 > ip bgp static show BGP static networks: Index: 1, IP addr: 192.168.2.56, mask: 255.255.255.0 Vigor3910 Series User’s Guide...
Page 497 IP address. ip_range: Indicates a range of IP addresses. ip_subnet: Indicates the IP subnet. domain: Indicates the domain name. -3 [any/range] Specify the destination port mode. Range: Indicate a range of port number. Vigor3910 Series User’s Guide...
Page 498 It means to specify the interface for failover. Value: Avaialbe interfaces include, NO_FAILOVER, Default_WAN, Policy1 ~ Policy60 LAN1 ~ LAN8 IP_Routed_Subnet, DMZ_Subnet, WAN1 ~ WAN5, VPN_PROFILE_1 ~ VPN_PROFILE_100, WAN_1_IP_ALIAS_1 ~ WAN_4_IP_ALIAS_8 -b [value] It means “failback”. Vigor3910 Series User’s Guide...
Page 499 "policy 1" was inactive and there was no failover setting > ip policy_rt -i -1 -o add -1 range -s 192.168.1.10 -S 192.168.1.20 -2 ip_range –d 202.211.100.10 -D 202.211.100.20 -g 202.211.100.1 -I WAN2 Vigor3910 Series User’s Guide...
Page 500 % Profile: test % Domain Name: % -------- Address Mapping Table -------- % Not Set Address Mapping. > This command is used to set LAN DNS profile for conditional DNS forwarding. ip dnsforward [-<command> <parameter> | ... ] Vigor3910 Series User’s Guide...
Page 501 Set domain name. -p <profile name> Set profile name for LAN DNS. Reset the settings for selected profile. > ip dnsforward -i 1 -n ftp.drayTek.com % Configure Set1's DomainName:ftp.drayTek.com > ip dnsforward -i 1 -a 172.16.1.1 % Configure Set1's IP:172.16.1.1 >...
Page 502 0: the parameter related to the request will not be displayed. > ip6 dhcp req_opt WAN2 -S 1 > ip6 dhcp req_opt WAN2 -r 1 > ip6 dhcp req_opt WAN2 -a % Interface WAN2 is set to request following DHCPv6 options: sip name Vigor3910 Series User’s Guide...
Page 503 [-<command> <parameter>| ... ] Parameter Description server It means the dhcp server settings. [<command> The available commands with parameters are listed below. <parameter>|…] […] means that you can type in several commands in one line. Vigor3910 Series User’s Guide...
Page 504 WAN2 n=3: WAN3 n=X: WANx -M n M means to set Internet Access Mode (Mandatory) and n means different modes (represented by 0 – 5) n= 0: Offline, n=1: PPP, n=2: TSPC, n=3: AICCU, n=4: DHCPv6, Vigor3910 Series User’s Guide...
Page 505 -d [inet6_addr] [LAN|WAN1|WAN2] ip6 neigh -a [inet6_addr] [-N LAN|WAN1|WAN2] Parameter Description It means to add a neighbour. It means to delete a neighbour. It means to show neighbour status. inet6_addr Type an IPv6 address eth_addr Type submask address. Vigor3910 Series User’s Guide...
Page 506 Neighbour 2001:2222:3333::1111 successfully added! > ip6 neigh -a I/F ADDR STATE ------------------------------------------------------------------------- LAN FF02::1 33-33-00-00-00-01 CONNECTED WAN2 2001:5C0:1400:B::10B8 00-00-00-00-00-00 CONNECTED WAN2 2001:2222:3333::1111 00-00-00-00-00-00 CONNECTED WAN2 2001:2222:6666::1111 00-00-00-00-00-00 CONNECTED WAN2 :: 00-00-00-00-00-00 CONNECTED LAN :: NONE > Vigor3910 Series User’s Guide...
Page 507 It means the gateway of the router. LAN|WAN1|WAN2|iface# It means to specify LAN or WAN interface for such address. > ip6 route -s FE80::250:7FFF:FE12:500 16 FE80::250:7FFF:FE12:100 LAN Route FE80::250:7FFF:FE12:500/16 successfully added! > ip6 route -a LAN Vigor3910 Series User’s Guide...
Page 508 Receive reply from 2001:4860:4860::8888, time=330ms Receive reply from 2001:4860:4860::8888, time=330ms Receive reply from 2001:4860:4860::8888, time=330ms Receive reply from 2001:4860:4860::8888, time=330ms Receive reply from 2001:4860:4860::8888, time=330ms Packets: Sent = 5, Received = 5, Lost = 0 <% loss> > Vigor3910 Series User’s Guide...
Page 509 > ip6 tspc 2 Local Endpoint v4 Address : 111.243.177.223 Local Endpoint v6 Address : 2001:05c0:1400:000b:0000:0000:0000:10b9 Router DNS name : 8886666.broker.freenet6.net Remote Endpoint v4 Address :81.171.72.11 Remote Endpoint v6 Address : 2001:05c0:1400:000b:0000:0000:0000:10b8 Tspc Prefixlen : 56 Tunnel Broker: Amsterdam.freenet.net Vigor3910 Series User’s Guide...
Page 510 Description list It means to show the setting information of the access list. status It means to show the status of IPv6 management. It means to add an IPv6 address which can be used to execute Vigor3910 Series User’s Guide...
Page 511 It means the connection interface. 0=LAN1 1=WAN1 2=WAN2 > ip6 online 0 % LAN 1 online status : % Interface : UP % IPv6 DNS Server: :: Static % IPv6 DNS Server: :: Static % IPv6 DNS Server: :: Static Vigor3910 Series User’s Guide...
Page 512 > ip6 aiccu subnet add 2 2001:1111:0000::1111 64 > ip6 aiccu 2 Status: Connecting >ip6 aiccu subnet show 2 IPv6 WAN2 AICCU Subnet Prefix Config: 2001:1111::1111/64 > This command allows you to set IPv6 settings for NTP (Network Time Protocols) server. Vigor3910 Series User’s Guide...
Page 513 <server>= IPv6 Address -m n It means to set ipv6 LAN management. n=0:OFF n=1:SLAAC. Default is SLAAC n=2:DHCPv6 -o n It means to enable Other option(O-bit) flag. (O-bit is redundant when management is DHCPv6) n=0: Disable Vigor3910 Series User’s Guide...
Page 514 : ::/0 [ifno: 0, enable: 0] % Static IP(1) : ::/0 [ifno: 0, enable: 0] % Static IP(2) : ::/0 [ifno: 0, enable: 0] % Static IP(3) : ::/0 [ifno: 0, enable: 0] % DNS1 : 2001:4860:4860::8888 Vigor3910 Series User’s Guide...
Page 515 This command allows you to set IPv6 settings ip6 Bandwidth [on/off/default tx_rate rx_rate/status/show] ip6 Bandwidth [add/del] [IP1-IP2] [tx][rx][shared] Parameter Description It means to turn on bandwidth limit for each IP. It means to turn off bandwidth limit for each IP. Vigor3910 Series User’s Guide...
Page 516 It means to display all the information at one time. It means to clear a filter rule’s statistics. It means to clear IP filter’s gross statistics. > ipf view -V -c -d ipf: IP Filter: v3.3.1 (1824) Vigor3910 Series User’s Guide...
Page 517 It means to set the maximum count for session limitation. -F [VALUE] It means to configure the load-balance policy. -Q [VALUE] It means to set the QoS class. > ipf set -c 1 #set call filter start from set 1 Vigor3910 Series User’s Guide...
Page 518 Such word means Filter Rule, range from 1~7. [<command><parameter>|… The available commands with parameters are listed below. […] means that you can type in several commands in one line. It means to enable or disable the rule setting. 0- disable 1- enable Vigor3910 Series User’s Guide...
Page 519 – it means “user defined”. <protocol> – It means TCP(6),UDP(17), TCP/UDP(255). <source_port__value> – 1 – Port OP, range is 0-3. 0:= =, 1:!=, 2:>, 3:< 3 – Port range of the Start Port Number, range is Vigor3910 Series User’s Guide...
Page 520 17. ANSI/OEM(932)-Japanese Shift-JIS 18. ANSI/OEM(936)-Simplified Chinese GBK 19. ANSI/OEM(949)-Korean 20. ANSI/OEM(950)-Traditional Chinese Big5 -C <Windows Size> It means to set Window size and Session timeout (Minute). <Session_Timeout> <Windows Size> - Available settings range from 1 ~ 65535. Vigor3910 Series User’s Guide...
Page 521 Window size : 65535 Session timeout : 1440 DrayTek Banner : Enable ------------------------------------------------------------------ Strict Security Checking [ ]APP Enforcement This command is used to set and view flowtrack sessions. ipf flowtrack set [-re] ipf flowtrack view [-f] Vigor3910 Series User’s Guide...
Page 522 > ipf flowtrack set -e Curretn flow_enable=1 This command allows users to view log for WAN interface such as call log, IP filter log, flush log buffer, etc. log [-cfhiptwx?] [-F a| c | f | w] Vigor3910 Series User’s Guide...
Page 523 25:36:57.580 ---->DHCP (WAN-5) Len = 548XID = 0x7880fdd4 Client IP = 0.0.0.0 Your IP = 0.0.0.0 --- MORE --- ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page] This command is used to configure the LDAP profile. ldap user [INDEX][OPTION] Vigor3910 Series User’s Guide...
Page 524 Set the bind type as Simple(0),Anonymous(1), and Regular(2). ssl [0-1] Enable or disable LDAP function via SSL tunnel. 0 – Disable the function. 1 – Enable the function. IP <VALUE> Set IP address for LDAP server. Vigor3910 Series User’s Guide...
Page 525 Description enable [0-1] Disable (0)/enable(1) the TACACS+ server. IP <VALUE> Set the IP address of TACACS+ server. port <VALUE> Set the port number of TACACS+ server. shared_secret <VALUE> Set the Shared Secret value of TACACS+ Server. Vigor3910 Series User’s Guide...
Page 526 It means to type the number for FTP port. The default setting is > mngt ftpport 21 % Set FTP server port to 21 done. This command allows users to set HTTP port for management. mngt httpport [Http port] Vigor3910 Series User’s Guide...
Page 527 It means to type the number for telnet port. The default setting is > mngt telnetport 23 % Set Telnet server port to 23 done. This command allows users to set SSH port for management. mngt sshport [ssh port] Vigor3910 Series User’s Guide...
Page 528 All PING packets will be blocked from LAN PC to Internet. viewlog It means to display a log of ping action, including source MAC and source IP. clearlog It means to clear the log of ping action. > mngt noping off Vigor3910 Series User’s Guide...
Page 529 No Ping Packet Out is OFF!! Vigor3910 Series User’s Guide...
Page 530 Description status It means to display current setting for your reference. enable It means to allow the system administrators to login from the Internet. disable It means to deny the system administrators to login from the Vigor3910 Series User’s Guide...
Page 531 It means to flush all of the settings. It means to restore the factory default settings. It means to view current settings. It means to get the usage of such command. > mngt lanaccess -e 1 > mngt lanaccess -s FTP,TELNET Vigor3910 Series User’s Guide...
Page 532 This command allows you to specify that the system administrator can login from a specific host or network. A maximum of three IPs/subnet masks is allowed. mngt accesslist list mngt accesslist add [index][ip addr][mask] mngt accesslist remove [index] mngt accesslist flush Vigor3910 Series User’s Guide...
Page 533 It means to set the IPv4 address of the host that will receive the trap community. -T <seconds> It means to set the trap timeout <0~999>. It means to list SNMP setting. > mngt snmp -e 1 -g draytek -s DK -m 192.168.1.1 -t trapcom -n 10.20.3.40 Vigor3910 Series User’s Guide...
Page 534 -T 88 SNMP Agent Turn on!!! Get Community set to draytek Set Community set to DK Manager Host IP set to 192.168.1.1 Trap Community set to trapcom Notification Host IP set to 10.20.3.40 Trap Timeout set to 88 seconds This command allows you to configure brute force protect (BFP) for system management.
Page 535 % Set LAN2 subnet IP address done !!! This setting will take effect after rebooting. Please use "sys reboot" command to reboot the router. This command is used to configure net mask address for the specified LAN interface. Vigor3910 Series User’s Guide...
Page 536 Off: 0.0.0.0/0.0.0.0, PPP Start IP: 0.0.0.60 % DHCP server: Off % Dhcp Gateway: 0.0.0.0, Start IP: 0.0.0.10, Pool Count: 50 This command allows you to enable or disable DHCP server for the subnet. msubnet dhcps [2~50 [On/Off] Vigor3910 Series User’s Guide...
Page 537 This setting will take effect after rebooting. Please use "sys reboot" command to reboot the router. This command is used to configure an IP address as the gateway used for subnet. msubnet gateway [2~50] [Gateway IP] Vigor3910 Series User’s Guide...
Page 538 > msubnet ipcnt 2 15 This setting will take effect after rebooting. Please use "sys reboot" command to reboot the router. This command is used to establish a route between two LAN interfaces. msubnet talk [2~50] [2~50] [On/Off] Parameter Description Vigor3910 Series User’s Guide...
Page 539 It means LAN interface. 2=LAN2 3=LAN3 4=LAN4 5=LAN5 6=LAN6 ..Gateway IP Type an IP address as the starting IP address for a subnet. > msubnet startip 2 192.168.2.90 %Set LAN2 Dhcp Start IP done !!! Vigor3910 Series User’s Guide...
Page 540 % Now: LAN2 192.168.2.250; LAN3 192.168.3.200; LAN4 192.168.4.200; LAN5 192.168.5.200; LAN6 192.168.6.200 This command is used to specify the type for node which is required by DHCP option. msubnet nodetype [2~50][count] Parameter Description 2~50 It means LAN interface. 2=LAN2 3=LAN3 4=LAN4 5=LAN5 Vigor3910 Series User’s Guide...
Page 541 It means LAN interface. 2=LAN2 3=LAN3 4=LAN4 5=LAN5 6=LAN6 ..WINS IP Type the IP address as the WINS IP. > msubnet primWINS ? % msubnet primWINS <2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24 /25/26/27/28/29/30/31/32/33/34/35/36/37/38/39/40/41/42/43/44/45/46/ 47/48/49/50> <WINS IP> % Now: 3/44/45/46/47/48/49/50 0.0.0.0; 7/48/49/50 0.0.0.0; 0.0.0.0; Vigor3910 Series User’s Guide...
Page 542 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0 > msubnet primWINS 2 192.168.3.5 DrayTek> msubnet primWINS 2 192.168.3.5 % Set 3/44/45/46/47/48/49/50 Dhcp Primary WINS IP done !!! > msubnet primWINS ? % msubnet primWINS <2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24 /25/26/27/28/29/30/31/32/33/34/35/36/37/38/39/40/41/42/43/44/45/46/ 47/48/49/50>...
Page 543 % msubnet secWINS <2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/ 25/26/27/28/29/30/31/32/33/34/35/36/37/38/39/40/41/42/43/44/45/46/ 47/48/49/50> < WINS IP> % Now: 3/44/45/46/47/48/49/50 192.168.3.89; 7/48/49/50 0.0.0.0; 0.0.0.0; 0.0.0 .0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0.0; 0.0.0 Vigor3910 Series User’s Guide...
Page 544 DrayTek> msubnet tftp ? % msubnet tftp <2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/25/ 26/27/28/29/30/31/32/33/34/35/36/37/38/39/40/41/42/43/44/45/46/47/4 8/49/50> <TFTP server name> % Now: 3/44/45/46/47/48/49/50 7/48/49/50 DrayTek> msubnet tftp 2 publish % Set 3/44/45/46/47/48/49/50 TFTP Server Name done !!! > msubnet tftp ? DrayTek> msubnet tftp ? % msubnet tftp <2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23/24/25/ 26/27/28/29/30/31/32/33/34/35/36/37/38/39/40/41/42/43/44/45/46/47/4 8/49/50>...
Page 545 1 – 50 represent LAN1 to LAN50. Lease Time (sec.) Range from 1 to 259200. If no value specified here, Vigor router system will use the maximum value, 259200, as the leasetime. > DrayTek> msubnet leasetime ? % msubnet leasetime <1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21/22/23 /24/25/26/27/28/29/30/31/32/33/34/35/36/37/38/39/40/41/42/43/44/45/46/47/4 Vigor3910 Series User’s Guide...
Page 546 INVERT=0, means disableing the function. INVERT=1, means enabling the function. Example: object ip obj 3 -s 1 -a TYPE It means to set the address type and IP for the IP object profile. TYPE=0, means Mask TYPE=1, means Single Vigor3910 Series User’s Guide...
Page 547 -a IP_OBJ_INDEX It means to specify IP object profiles for the group profile. Example: :object ip grp 3 -a 1 2 3 4 5 The IP object profiles with index number 1,2,3,4 and 5 will be group Vigor3910 Series User’s Guide...
Page 548 [6:][0] [7:][0] > object ip grp 2 -i 1 > object ip grp 2 -a 1 2 IP Group Profile 2 Name :[First] Interface:[Lan] Included ip object index: [0:][1] [1:][2] [2:][0] [3:][0] [4:][0] [5:][0] [6:][0] [7:][0] Vigor3910 Series User’s Guide...
Page 549 Type an IP address (different with START_IP) as the end IP address. > object ip obj 1 -n marketing > object ip obj 1 -a 1 192.168.1.45 > object ip obj 1 -v IP Object Profile 1 Name :[marketing] Vigor3910 Series User’s Guide...
Page 550 The IP object profiles with index number 1,2,3,4 and 5 will be group under such profile. > object ip grp 2 -n First IP Group Profile 2 Name :[First] Interface:[Any] Included ip object index: [0:][0] [1:][0] [2:][0] [3:][0] [4:][0] [5:][0] [6:][0] Vigor3910 Series User’s Guide...
Page 551 PROTOCOL =255, means TCP/UDP Other values mean other protocols. Example: object service obj 8 -i 0 It means the check action for the port setting. 0=equal(=), when the starting port and ending port values are the Vigor3910 Series User’s Guide...
Page 552 It means the index number of the specified group profile. It means to view the information of the specified group profile. Example: object service grp 1 -v -n NAME It means to define a name for the service group. Vigor3910 Series User’s Guide...
Page 553 INDEX -n NAME object kw obj INDEX -a CONTENTS Parameter Description setdefault It means to return to default settings for all profiles. show PAGE It means to show the contents of the specified profile. Vigor3910 Series User’s Guide...
Page 554 It means to view the information of the specified file extension object profile. -n NAME It means to define a name for the file extension object profile. NAME: Type a name with less than 15 characters. It means to enable the specific CATEGORY or FILE_EXTENSION. Vigor3910 Series User’s Guide...
Page 555 [ ].ocx [ ].olb [ ].ole [ ].tlb [ ].viv [ ].vrm ------------------------------------------------------------------------- ------ Compression category: [ ].ace [ ].arj [ ].bzip2 [ ].bz2 [ ].cab [ ].gz [ ].gzip [ ].rar [ ].sit [ ].zip Vigor3910 Series User’s Guide...
Page 556 It means to define a password for the SMS object profile. Type a password that the sender can use to register to selected SMS provider. -q [Quota] Enter the number of the credit that you purchase from the service provider. Vigor3910 Series User’s Guide...
Page 557 -n [Profile Name] It means to define a name for the mail object profile. Profile Name: Type a name with less than 15 characters. -s [SMTP Server] It means to set the IP address of the mail server. Vigor3910 Series User’s Guide...
Page 558 INDEX -v object noti obj INDEX -n Profile Name object mail obj INDEX –e Category Status object mail obj INDEX –d Category Status Parameter Description show It means to show the contents for all of the profiles. Vigor3910 Series User’s Guide...
Page 559 [ ]Limit Reached CVM Alert [ ]CPE Offline [ ]CPE Config Backup Fail [v]CPE Config Restore Fail [ ]CPE Firmware Fpgrade Fail [ ]CPE VPN Profile Setup Fail High Availability [ ]Failover Occurred Config Sync Fail Router Unstable Vigor3910 Series User’s Guide...
Page 560 Sun, Mon, Tue, Wed, Thu, Fri, Sat If the [option] set Weekdays, then must select which days of Week. example: To select Sunday, Monday, Thursday, type > object schedule set 1 -h “1 Sun Mon Thu” Vigor3910 Series User’s Guide...
Page 561 It means the number of LAN port and WAN port. 11, 12, all AN… 10H It means the physical type for the specific port. AN: auto-negotiate. 100F: 100M Full Duplex. 100H: 100M Half Duplex. 10F: 10M Full Duplex. 10H: 10M Half Duplex. Vigor3910 Series User’s Guide...
Page 562 UDP Timeout : 300 sec. IGMP Timeout : 10 sec. TCP WWW Timeout: 60 sec. TCP SYN Timeout: 60 sec. This command allows you to view current status (interface and driver) of USB printer. prn status Vigor3910 Series User’s Guide...
Page 563 Set all to factory default (for all WANs). […] It means that you can type in several commands in one line. > qos setup -m 3 -i 9500 -o 8500 -r 3:20 -u 1 -p 50 -t 1 Vigor3910 Series User’s Guide...
Page 564 – It means Range address. Please specify the IP addresses, for example, “-l 172.16.3.9: 172.16.3.50.” addr1:subnet – It means the subnet address with start IP address. Please type the subnet and the IP address, for example, “-l 172.16.3.9:255.255.0.0”.0 Vigor3910 Series User’s Guide...
Page 565 Show the rule in the specified class. […] It means that you can type in several commands in one line. > qos class -c 2 -n draytek -a -m 1 -l 192.168.1.50:192.168.1.80 Following setting will set in the class2 class 2 name set to draytek...
Page 566 > qos type -a draytek -t 6 -p 510:1330 service name set to draytek service type set to 6:TCP Port type set to Range Service Port set to 510 ~ 1330 > This command can exit the telnet command screen.
Page 567 ******************************************************** No data entry. This command displays current status of NAT. > show nat Port Redirection Running Table: Index Protocol Public Port Private IP Private Port 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Vigor3910 Series User’s Guide...
Page 568 % Maximum Session Number: 10000 % Maximum Session Usage: 49 % Current Session Usage: 0 % Current Session Used(include waiting for free): 0 % WAN1 Current Session Usage: 0 This command displays current status of LAN and WAN connections. Vigor3910 Series User’s Guide...
Page 569 This command allows users to configure DHCP server for second subnet. srv dhcp public start [IP address] srv dhcp public cnt [IP counts] srv dhcp public status srv dhcp public add [MAC Addr XX-XX-XX-XX-XX-XX] srv dhcp public del [MAC Addr XX-XX-XX-XX-XX-XX/all/ALL] Vigor3910 Series User’s Guide...
Page 570 Note: The IP Routed Subnet DNS must be the same as NAT Subnet DNS). > srv dhcp dns1 168.95.1.1 % srv dhcp dns1 <DNS IP address> % Now: 168.95.1.1 (IP Routed Subnet dns same as NAT Subnet dns) Vigor3910 Series User’s Guide...
Page 571 Note: The IP Routed Subnet DNS must be the same as NAT Subnet DNS). > srv dhcp dns2 10.1.1.1 % srv dhcp dns2 <DNS IP address> % Now: 10.1.1.1 (IP Routed Subnet dns same as NAT Subnet dns) Vigor3910 Series User’s Guide...
Page 572 It means to display current gateway that you can use. Gateway IP It means to specify a gateway address used for DHCP server. > srv dhcp gateway 192.168.2.1 This setting will take effect after rebooting. Please use "sys reboot" command to reboot the router. Vigor3910 Series User’s Guide...
Page 573 1 or 2 specified here. > srv dhcp relay servip 192.168.1.46 > srv dhcp relay subnet 2 > srv dhcp relay servip ? % srv dhcp relay servip <server ip> % Now: 192.168.1.46 Vigor3910 Series User’s Guide...
Page 574 This command can display general information for the DHCP server, such as IP address, MAC address, leased time, host ID and so on. > srv dhcp status DHCP server: Relay Agent Default gateway: 192.168.1.1 Index IP Address MAC Address Leased Time HOST ID 192.168.1.113 00-05-5D-E4-D8-EE 17:20:08 A1000351 Vigor3910 Series User’s Guide...
Page 575 It means to specify a type for node. 1. B-node 2. P-node 4. M-node 8. H-node > srv dhcp nodetype 1 > srv dhcp nodetype ? %% srv dhcp nodetype <count> %% 1. B-node 2. P-node 4. M-node 8. H-node % Now: 1 Vigor3910 Series User’s Guide...
Page 576 It means to remove the IP address settings of second WINS server. > srv dhcp secWINS 192.168.1.180 > srv dhcp secWINS ? %% srv dhcp secWINS <WINS IP address> %% srv dhcp secWINS clear % Now: 192.168.1.180 Vigor3910 Series User’s Guide...
Page 577 -e [1 or 0] -c [option number] -v [option value] srv dhcp option -e [1 or 0] -c [option number] -a [option value] srv dhcp option -e [1 or 0] -c [option number] -x [option value] srv dhcp option -u [idx unmber] Vigor3910 Series User’s Guide...
Page 578 It means the index number of the option value. > srv dhcp option -e 1 -c 18 -v /path > srv dhcp option -l % state idx interface opt type data % enable 1 ALL LAN 18 ASCII /path Vigor3910 Series User’s Guide...
Page 579 The available commands with parameters are listed below. It means to enable IPSec ESP tunnel passthrough and IKE source port (500) preservation. It means to disable IPSec ESP tunnel passthrough and IKE source port (500) preservation. Vigor3910 Series User’s Guide...
Page 580 It means to return to factory settings for all the open ports profiles. > srv nat openport 1 1 -a 1 -c games -i 192.168.1.100 -w 1 -p TCP -s 23 -e 83 > srv nat openport -v Vigor3910 Series User’s Guide...
Page 581 It means to remove the selected port redirection setting. disable [idx] It means to inactivate the selected port redirection setting. enable [idx] It means to activate the selected port redirection setting. flush It means to clear all the port mapping settings. Vigor3910 Series User’s Guide...
Page 582 Protocol: 0 = Disable, 6 = TCP, 17 = UDP This command allows users to view NAT Port Redirection Running Table. > srv nat status NAT Port Redirection Running Table: Index Protocol Public Port Private IP Private Port 192.168.1.11 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Vigor3910 Series User’s Guide...
Page 583 This command is used to obtain the TX (transmitted) or RX (received) data for each connected switch. switch -i [switch idx_no] [option] Parameter Description switch idx_no It means the index number of the switch profile. option The available commands with parameters are listed below. traffic [on/off/status/tx/rx] Vigor3910 Series User’s Guide...
Page 584 This command is used to reset the switch table and reboot the router. switch clear [idx] Parameter Description It means the index number of each item shown on the table. The range is from 1 to 8. It means to clear all of the data. Vigor3910 Series User’s Guide...
Page 585 Username – Type a new name for local user. Password – Type a password for local user. delete [INDEX] Delete a local user account. view [INDEX] Show the user account/password detail information. > sys adminuser Local 1 Local User has enabled! Vigor3910 Series User’s Guide...
Page 586 It is used to disable/enable SSH service (0: disable, 1: enable). -p <enable> It is used to disable/enable printer service (0: disable, 1: enable). -6 <enable> It is used to disable/enable IPv6 (0: disable, 1: enable). > sys bonjour -s 1 > Vigor3910 Series User’s Guide...
Page 587 Parameter Description It means to turn on the FTP server of the system. It means to turn off the FTP server of the system. > sys ftpd on % sys ftpd turn on !!! Vigor3910 Series User’s Guide...
Page 588 Interface 4 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-02 Interface 5 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-03 Interface 6 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-04 Vigor3910 Series User’s Guide...
Page 589 Interface 8 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-06 Interface 9 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-07 --- MORE --- ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page] > Vigor3910 Series User’s Guide...
Page 590 Description ASCII string It means the password for administrator. The maximum character that you can set is 23. > sys passwd admin123 > This command allows users to restart the router immediately. > sys reboot > Vigor3910 Series User’s Guide...
Page 591 This command can turn on TFTP server for upgrading the firmware. > sys tftpd % TFTP server enabled !!! This command can display current country code and wireless region of this device. > sys cc Country Code : 0x 0 [International] Wireless Region Code: 0x30 > Vigor3910 Series User’s Guide...
Page 592 # of lost by siganture = 0 # of lost by list = 0 This command can turn on or turn off polling buffer for the router. sys pollbuf [on] sys pollbuf [off] Parameter Description It means to turn on pulling buffer. Vigor3910 Series User’s Guide...
Page 593 It means to inform parameters for tr069 with different event codes. [event code] includes: 0-"0 BOOTSTRAP", 1-"1 BOOT", 2-"2 PERIODIC", 3-"3 SCHEDULED", 4-"4 VALUE CHANGE", 5-"5 KICKED", 6-"6 CONNECTION REQUEST", 7-"7 TRANSFER COMPLETE", 8-"8 DIAGNOSTICS COMPLETE", Vigor3910 Series User’s Guide...
Page 594 This command can turn on/off SIP ALG (Application Layer Gateway) for traversal. sys sip_alg [1] sys sip_alg [0] Parameter Description It means to turn on SIP ALG. It means to turn off SIP ALG. > sys sip_alg ? Vigor3910 Series User’s Guide...
Page 595 It means to show device key. > sys license licifno License and Signature download interface setting: licifno [AUTO/WAN#] Ex: licifno wan1 Download interface is "auto-selected" now. This command is used to display current settings for sending test mail. Vigor3910 Series User’s Guide...
Page 596 PortMapProtocol >><NULL><< The tmpvirtual server index >>0<< PortMapLeaseDuration >>0<<, PortMapEnabled >>0<< PortMapProtocol >><NULL><< The tmpvirtual server index >>0<< PortMapLeaseDuration >>0<<, PortMapEnabled >>0<< 0<< --- MORE --- ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page] --- Vigor3910 Series User’s Guide...
Page 597 This command can show all UPnP services subscribed. > upnp on UPNP start. > upnp subscribe Vigor> upnp subscribe >>>> (1) serviceType urn:schemas-microsoft-com:service:OSInfo:1 ----- Subscribtion1 ------- sid = 7a2bbdd0-0047-4fc8-b870-4597b34da7fb eventKey =1, ToSendEventKey = 1 expireTime =6926 active =1 DeliveryURLs =<http://192.168.1.113:2869/upnp/eventing/twtnpnsiun> Vigor3910 Series User’s Guide...
Page 598 This command is used to specify WAN interface to apply UPnP. upnp wan [n] Parameter Description It means to specify WAN interface to apply UPnP. n=0, it means to auto-select WAN interface. n=1, WAN1 n=2, WAN2 ………. Vigor3910 Series User’s Guide...
Page 599 - MORE - ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page] - This command can make the router to be regarded as a modem but not a router. > vigbrg on %Enable Vigor Bridge Function! This command can disable vigor bridge function. Vigor3910 Series User’s Guide...
Page 600 > vigbrg off %Disable Vigor Bridge Function! This command can show whether the Vigor Bridge Function is enabled or disabled. > vigbrg status %Vigor Bridge Function is enable! %Wan1 management is disable! Vigor3910 Series User’s Guide...
Page 601 It means to turn on or off the PFS function. phase1 It means phase 1 of IKE. lifetime It means the lifetime value (in second) for phase 1 and phase 2. phase2 It means phase 2 of IKE. Vigor3910 Series User’s Guide...
Page 602 <secret> - Use the 32 digit-secret number generated by mOTP in the mobile phone (e.g., e759bb6f0e94c7ab4fe6) > vpn dinset 1 Dial-in profile index 1 Profile Name: ??? Status: Deactive Mobile OTP: Disabled Password: Idle Timeout: 300 sec Vigor3910 Series User’s Guide...
Page 603 5 – it means LAN51 6 – it means LAN6. > vpn subnet 1 2 > This command allows users to setup VPN for different types. Command of PPTP Dial-Out vpn setup <index> <name> pptp_out <ip> <usr> <pwd> <nip> <nmask> Vigor3910 Series User’s Guide...
Page 604 It means the name of the profile. <ip> It means the IP address allowed to dial in. <usr> <pwd> It means the user and the password required for the PPTP/L2TP connection. <key> It means the value of IPsec Pre-Shared Key. Vigor3910 Series User’s Guide...
Page 605 – WAN1 Only. w2f – WAN2 First. w2o – WAN2 Only. nnpkt It means the NetBios Naming Packet. on – Enable the function to pass the packet. off – Disable the function to block the packet. Vigor3910 Series User’s Guide...
Page 606 “ctype= l” means L2TP(IPSec Policy None). “ctype= l1” means L2TP(IPSec Policy Nice to Have). “ctype= l2” means L2TP(IPSec Policy Must). dialto It means Server IP/Host Name for VPN. (such as draytek.com or 123.45.67.89). ltype It means Link Type. “ltype=0” means “Disable”.
Page 607 Type “off” means any remote IP is allowed to dial in. peerid It means the peer ID for Remote VPN Gateway. Type “draytek” means the word is used as local ID. iname It means Dial-in Username. “iname=admin” means to set username as “admin”.
Page 608 % Add new route 192.168.5.0/24 to profile 1 This command allows users to view LAN to LAN VPN profiles. vpn list <index> all vpn list <index>com vpn list<index>out vpn list <index> in vpn list<index>net Parameter Description Vigor3910 Series User’s Guide...
Page 609 % Common Settings % Profile Name : ??? % Profile Status : Disable % Netbios Naming Packet : Pass % Call Direction : Both % Idle Timeout : 300 % PING to keep alive : off > Vigor3910 Series User’s Guide...
Page 610 Netbios Naming Packet inside the tunnel. > vpn NetBios set H2l 1 Pass % Remote Dial In Profile Index [1] : % NetBios Block/Pass: [PASS] This command allows users to configure the maximum segment size (MSS) for different TCP types. Vigor3910 Series User’s Guide...
Page 611 This command is used to display IKE memory status and leakage list. vpn ike -q > vpn ike -q IKE Memory Status and Leakage List # of free L-Buffer=95, minimum=94, leak=1 # of free M-Buffer=529, minimum=529 leak=3 Vigor3910 Series User’s Guide...
Page 612 > vpn pass2nd on % 2nd subnet is allowed to pass VPN tunnel! This command allows users to determine if the packets passing through by NAT or not when the VPN tunnel disconnects. vpn pass2nat [on] vpn pass2nat [off] Vigor3910 Series User’s Guide...
Page 613 This command allows users to adjust the size of MTU for WAN. wan mtu [value] wan mtu2 [value] Parameter Description value It means the number of MTU for PPP. The available range is from 1000 to 1500. Vigor3910 Series User’s Guide...
Page 614 This command allows you to disable wan connection. > wan enable WAN %WAN1 enabled. This command allows you to enable or disable the function of WAN forwarding. The packets are allowed to be transmitted between different WANs. Vigor3910 Series User’s Guide...
Page 615 TX Packets=0, TX Rate(Bps)=0, RX Packets=0, RX Rate(Bps)=0 This command, wan modem, allows you to configure 3G/4G USB Modem (PPP mode) of WAN5. wan modem [init/init2/dial/pin][string] wan modem paponly [on/off] wan modem backup_wait [value] wan modem pipe [Int][Din][Dout] Vigor3910 Series User’s Guide...
Page 616 Current Connect Stage: This command allows you to Ping a specified IP to detect the WAN connection (static IP or PPPoE mode). wan detect [wan1][on/off/always_on] wan detect [wan1]target [ip addr] wan detect [wan1]ttl [1-255] wan detect status Vigor3910 Series User’s Guide...
Page 617 It means to specify which WAN will be applied with load balance. It means to make WAN interface as the member of load balance. It means to cancel WAN interface as the member of load balance. Vigor3910 Series User’s Guide...
Page 618 PVC 7 will map to LAN port 2/3/4 in bridge mode; service type is Normal. No tag added. > > wan mvlan 7 on p2 p3 p4 PVC Bridge p1 p2 p3 p4 p5 p6 Service Type Priority Keep Tag ------------------------------------------------------------------ 7 ON 0 0 1 1 0 0 Normal 0(OFF) Vigor3910 Series User’s Guide...
Page 619 [#] tag [value] wan vlan wan [#] [enable|disable] wan vlan stat Parameter Description It means the number of WAN interface. 1: means WAN1 2: means WAN2. value It means the number to be tagged on packets. Vigor3910 Series User’s Guide...
Page 620 MTU size of the WAN interface. wan detect_mtu6 –w [number] –i [IPv6 address] –s [base_size] Parameter Description -w [number] Specify the WAN interface number: Type the number of WAN interface. 1: WAN1; 2:WAN2….and etc. Vigor3910 Series User’s Guide...
Page 621 - It means the WAN IP address. mask - It means the mask of the IP address. > wol fromWan on > wol fromWan_Setting 1 192.168.1.45 255.255.255.0 > The command is used to create new user account profiles. user set [-e|-d|-c|-l|-o|-a|-r|-b] Vigor3910 Series User’s Guide...
Page 622 Type the index number of the profile that you want to edit. Enable User profile function. Disable User profile function. It means to set a user name for a profile. e.g.,-n fortest It means to configure user password. Vigor3910 Series User’s Guide...
Page 623 It means to set account time quota. e.g., -q 200 It means to set account data quota. e.g., -r 1000 It means to set data quota unit (MB/GB). > user account admin -d 1 Enable the [admin] data quota limited Vigor3910 Series User’s Guide...
Page 624 Specify the Priority ID. 1-30: Setting range. -k <key> Specify the Authentication Key. Key: Max. 31 Characters. -u <1/0> Enable or disable the function of Update DDNS. 1: Enable. When a router changes HA status to primary, it will Vigor3910 Series User’s Guide...
Page 625 This command can be used to show the settings information about config sync and general setup. ha show –c ha show –g Parameter Description Show the settings of config sync. Show the settings of general setup. > ha show -g High Availability : Disable Redundancy Method : Active-Standby Group ID Vigor3910 Series User’s Guide...
Page 626 Authentication Key : draytek Virtual IP: (Max. 7 Virtual IPs) ! OFF Config Sync : Disable Config Sync Interval : 0 Day 0 Hour 15 Minute Cached Time : 0 (s) > ha status -m 0 Vigor3910 Series User’s Guide...
Page 627 [Local Router] DrayTek IPv4 : 192.168.1.1 Status State : Down Stable : ! No : ! All WANs Down - Eth Config Sync Status : Not Ready Cached Time : 0 (s) > Vigor3910 Series User’s Guide...

Draytek Vigor3910 Series User Manual

Part I Installation

Part II Connectivity

Part III VPN

Part IV Security

Part V Management

Part VI Others

Part VII Troubleshooting

Part VIII Draytek Tools

Part IX Telnet Commands

Quick Links

Related Manuals for Draytek Vigor3910 Series

Summary of Contents for Draytek Vigor3910 Series