Draytek Vigor2800 Series User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. Vigor2800 Series
  6. User manual

Draytek Vigor2800 Series User Manual

Adsl2/2+ security router
Hide thumbs Also See for Vigor2800 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
Vigor2800 Series
ADSL2/2+ Security Router
User's Guide
Version: 2.1
Date: 2005/12/19
Copyright 2005 All rights reserved.
This publication contains information that is protected by copyright. No part may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright
holders. The scope of delivery and other details are subject to change without prior notice.
Microsoft is a registered trademark of Microsoft Corp.
Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp.
Apple and Mac OS are registered trademarks of Apple Computer Inc.
Other products may be trademarks or registered trademarks of their respective manufacturers.

Advertisement

Table of Contents
loading

Related Manuals for Draytek Vigor2800 Series

Summary of Contents for Draytek Vigor2800 Series

  • Page 1 Vigor2800 Series ADSL2/2+ Security Router User’s Guide Version: 2.1 Date: 2005/12/19 Copyright 2005 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.
  • Page 2 Vigor2800 Series User’s Guide...

  • Page 3: Table Of Contents

    Preface .......................1 1.1 LED Indicators and Connectors ..................1 1.1.1 For Vigor2800 ......................2 1.1.2 For Vigor2800G......................3 1.1.3 For Vigor2800V ......................4 1.1.4 For Vigor2800VG ......................5 1.2 Hardware Installation......................6 Configuring Basic Settings ................7 2.1 Changing Password ......................7 2.2 Quick Start Wizard......................
  • Page 4 3.10.8 Firmware Upgrade (TFTP)..................109 3.11 Diagnostics........................110 3.11.1 WAN Connection.....................110 3.11.2 Dial-out Triggerred ....................111 3.11.3 Routing Table......................111 3.11.4 ARP Cache Table....................112 3.11.5 DHCP Table......................112 3.11.6 NAT Sessions Table....................113 3.11.7 ADSL Spectrum Analysis..................114 Application and Examples ................115 Vigor2800 Series User’s Guide...
  • Page 5 5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not....143 5.3 Pinging the Router from Your Computer................146 5.4 Checking If the ISP Settings are OK or Not..............148 5.5 Backing to Factory Default Setting If Necessary...............149 5.6 Contacting Your Dealer....................150 Vigor2800 Series User’s Guide...

  • Page 7: Preface

    12Mbps (ADSL2) or 24Mbps (ADSL2+), the Vigor2800V/VG provides exceptional bandwidth for Internet access. To secure your network, the Vigor2800 series provides an advanced firewall with advanced features, such as NAT with multi VPN pass-through, Stateful Packet Inspection (SPI) to offer network reliability by detecting and prohibiting malicious penetrating packets, user-configurable web filtering for parental control against network abuse etc.

  • Page 8: For Vigor2800

    Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Vigor2800 Series User’s Guide...

  • Page 9: For Vigor2800G

    Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Vigor2800 Series User’s Guide...

  • Page 10: For Vigor2800V

    Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Vigor2800 Series User’s Guide...

  • Page 11: For Vigor2800Vg

    Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Vigor2800 Series User’s Guide...

  • Page 12: Hardware Installation

    (For the detailed information of LED status, please refer to section 1.1.) Caution: Each of the FXS ports can be connected to an analog phone only. Do not connect the FXS ports to the telephone wall jack. This connection might damage your router. Vigor2800 Series User’s Guide...

  • Page 13: Configuring Basic Settings

    Please type default values (both username and password are Null) on the window for the first time accessing and click OK for next screen. Now, the Main Screen will pop up. Vigor2800 Series User’s Guide...
  • Page 14 New Password and retype it on the field of Retype New Password. Then click OK to continue. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. Vigor2800 Series User’s Guide...

  • Page 15: Quick Start Wizard

    It is used for transferring data to client computers. Stands for Virtual Channel Identifier. It is a 16-bit field inside ATM cell’s header that indicates the cell’s next destination as it Vigor2800 Series User’s Guide...

  • Page 16: Pppoe/Pppoa

    If your ISP provides you the PPPoE or PPPoA connection, please select PPPoE or PPPoA for this router. The following page will be shown: ISP Name Assign a specific name for ISP requirement. User Name Assign a specific valid user name provided by the ISP. Vigor2800 Series User’s Guide...

  • Page 17: Bridged Ip

    Click Next for viewing summary of such connection. Click Finish. The online status of this protocol will be shown as below. Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. Vigor2800 Series User’s Guide...
  • Page 18 After finishing the settings in this page, click Next to see the following page. Click Finish. The online status of this protocol will be shown as below. Vigor2800 Series User’s Guide...

  • Page 19: Routed Ip

    Click 1483 Routed IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. The online status of this protocol will be shown as below. Vigor2800 Series User’s Guide...

  • Page 20: Online Status

    If you select PPPoE or PPPoA as the protocol, you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page. Online status for PPPoA/PPPoE Online status for Bridge Vigor2800 Series User’s Guide...

  • Page 21: Saving Configuration

    Loop Att. Displays the value of subscribed Loop Attenuation. Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Vigor2800 Series User’s Guide...
  • Page 22 Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2800 Series User’s Guide...

  • Page 23: Advanced Web Configuration

    Then a session will be created. Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. Vigor2800 Series User’s Guide...

  • Page 24: Pppoe/Pppoa

    VCI - Type in the value provided by ISP. Encapsulating Type - Drop down the list to choose the type provided by ISP. Protocol - Drop down the list to choose the one provided by ISP. Vigor2800 Series User’s Guide...
  • Page 25 WAN interface, please use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. By checking the checkbox Join NAT IP Pool, data from NAT hosts Vigor2800 Series User’s Guide...

  • Page 26: Mpoa

    MPoA is a specification that enables ATM services to be integrated with existing LANs, which use either Ethernet, token-ring or TCP/IP protocols. The goal of MPoA is to allow different LANs to send packets to each other via an ATM backbone. Vigor2800 Series User’s Guide...
  • Page 27 WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Vigor2800 Series User’s Guide...

  • Page 28: Multi-Pvcs

    IP address for necessity in the future. After finishing all the settings here, please click OK to activate them. This router allows you to create multi-PVCs for different data transferring for using. Simply go to Internet Access and select Multi-PVC Setup page. Vigor2800 Series User’s Guide...

  • Page 29: Lan

    IP address to private IP address to forward the right packets to the right host and vice versa. Besides, Vigor router has a built-in DHCP server that assigns private IP address to each local host. See the following diagram for a briefly understanding. Vigor2800 Series User’s Guide...
  • Page 30 When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method. You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP. Vigor2800 Series User’s Guide...

  • Page 31: General Setup

    For IP Routing Usage Click Enable to invoke this function. The default setting is Disable. IP Address Type in secondary IP address for connecting to a subnet. (Default: 192.168.2.1/ 24) Subnet Mask An address code that determines the size of the network. (Default: 255.255.255.0/ 24) Vigor2800 Series User’s Guide...
  • Page 32 IP settings to any local user configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network. Vigor2800 Series User’s Guide...

  • Page 33: Static Route

    DNS query packet to the external DNS server by establishing a WAN (e.g. DSL/Cable) connection. There are two common scenarios of LAN settings that stated in Chapter 4. For the configuration examples, please refer to that chapter to get more information for your necessity. Vigor2800 Series User’s Guide...
  • Page 34 Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2. Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Vigor2800 Series User’s Guide...
  • Page 35 192.168.1.2. Click OK. Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.2. Vigor2800 Series User’s Guide...
  • Page 36 Go to LAN page and click Static Route to open the web page. Select the index number of the one that you want to delete. Select Inactive/Disable from the drop-down menu, and then click the OK button to delete the route. Vigor2800 Series User’s Guide...

  • Page 37: Vlan/Rate Control

    To add or remove a VLAN, please refer to the following example. If, VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4. Vigor2800 Series User’s Guide...

  • Page 38: Nat

    Enhance security of the internal network by obscuring the IP address. There are many attacks aiming victims based on the IP address. Since the attacker cannot be aware of any private IP addresses, the NAT function can protect the internal network. Vigor2800 Series User’s Guide...

  • Page 39: Port Redirection

    The port redirection can only apply to incoming traffic. To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 10 port-mapping entries for the internal hosts. Vigor2800 Series User’s Guide...
  • Page 40 80 to avoid conflict, such as 8080. This can be set in the System Maintenance >>Management Setup. You then will access the admin screen of by suffixing the IP address with 8080, e.g., http://192.168.1.1:8080 instead of port 80. Vigor2800 Series User’s Guide...

  • Page 41: Dmz Host

    LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc. Vigor2800 Series User’s Guide...
  • Page 42 LAN network. Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. Vigor2800 Series User’s Guide...

  • Page 43: Open Ports

    Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Vigor2800 Series User’s Guide...
  • Page 44 Specify the transport layer protocol. It could be TCP, UDP, or ----- (none) for selection. Start Port Specify the starting port number of the service offered by the local host. End Port Specify the ending port number of the service offered by the local host. Vigor2800 Series User’s Guide...

  • Page 45: Firewall

    The users on the LAN are provided with secured protection by the following firewall facilities: User-configurable IP filter (Call Filter/ Data Filter). Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection URL Content Filter Vigor2800 Series User’s Guide...
  • Page 46 The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection. Vigor2800 Series User’s Guide...
  • Page 47 For example, an ActiveX control object is usually used for providing interactive web feature. If malicious code hides inside, it may occupy user’s system. Vigor2800 Series User’s Guide...

  • Page 48: General Setup

    Log Flag settings, Enable Stateful packet inspection, Apply IP filter to VPN incoming packets, Drop non-http connection on TCP port 80, and Accept incoming fragmented UDP packets. Click Firewall and click General Setup to open the general setup page. Vigor2800 Series User’s Guide...

  • Page 49: Filter Setup

    To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule. Check Active to enable the rule. Vigor2800 Series User’s Guide...
  • Page 50 Pass or Block Specifies the action to be taken when packets match the rule. Block Immediately - Packets matching the rule will be dropped immediately. Pass Immediately - Packets matching the rule will be passed immediately. Vigor2800 Series User’s Guide...
  • Page 51 Don’t care -No action will be taken towards fragmented packets. Unfragmented -Apply the rule to unfragmented packets. Fragmented - Apply the rule to fragmented packets. Too Short - Apply the rule only to packets that are too short to contain a complete header. Vigor2800 Series User’s Guide...

  • Page 52: Im Blocking

    You will see a list of common IM (such as MSN, Yahoo, ICQ/AQL) applications. Check Enable IM Blocking and select the one(s) that you want to block. To block selected IM applications during specific periods, enter the number of the scheduler predefined in Applications>>Call Schedule. Vigor2800 Series User’s Guide...

  • Page 53: P2P Blocking

    Disallow – Forbid the client to access into the application through the specified protocol. Disallow upload – Forbid the client to access into the application through the specified protocol for downloading. Yet uploading is allowed. Vigor2800 Series User’s Guide...

  • Page 54: Dos Defense

    Port Scan attacks the Vigor router by sending lots of packets to Enable PortScan detection many ports in an attempt to find ignorant services would respond. Check the box to activate the Port Scan detection. Whenever Vigor2800 Series User’s Guide...
  • Page 55 Block ICMP Fragment Check the box to activate the Block ICMP fragment function. Any ICMP packets with more fragment bit set are dropped. Block Land Check the box to enforce the Vigor router to defense the Land attacks. The Land attack combines the SYN attack technology with Vigor2800 Series User’s Guide...

  • Page 56: Url Content Filter

    URL such as “www.sex.com” or “sex.com”. Also the Vigor router will discard any request that tries to retrieve the malicious code. Click Firewall and click URL Content Filter to open the setup page. Vigor2800 Series User’s Guide...
  • Page 57 The reason for this is to prevent someone dodges the URL Access Control. You must clear your browser cache first so that the URL content filtering facility operates properly on a web page that you visited before. Vigor2800 Series User’s Guide...

  • Page 58: Web Content Filter

    ACT, in front of the appropriate entry. Time Schedule Specify what time should perform the URL content filtering facility. Click Firewall and click Web Content Filter to open the setup page. For this section, please refer to Web Content Filter user’s guide. Vigor2800 Series User’s Guide...

  • Page 59: Applications

    DDNS service providers such as www.dyndns.org, www.no-ip.com, www.dtdns.com, www.changeip.com, www.dynamic- nameserver.com. You should visit their websites to register your own domain name for the router. Enable the Function and Add a Dynamic DNS Account Vigor2800 Series User’s Guide...
  • Page 60 Select the service provider for the DDNS account. Service Type Select a service type (Dynamic, Custom, Static). Domain Name Type in a domain name that you applied previously. Login Name Type in the login name that you set for applying domain. Vigor2800 Series User’s Guide...

  • Page 61: Schedule

    You can set up to 15 schedules. Then you can apply them to your Internet Access or VPN and Remote Access >> LAN-to-LAN settings. To add a schedule, please click any index, say Index No. 1. The detailed settings of the call schedule with index 1 are shown below. Vigor2800 Series User’s Guide...
  • Page 62 9:00 to 18:00 for whole week. Other time the Internet access connection should be disconnected (Force Down). Office Hour: (Force On) Mon - Sun 9:00 am 6:00 pm Make sure the PPPoE connection and Time Setup is working properly. Vigor2800 Series User’s Guide...

  • Page 63: Radius

    The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Re-type Shared Secret Re-type the Shared Secret for confirmation. Vigor2800 Series User’s Guide...

  • Page 64: Upnp

    NAT router. The application will also learn the external IP address and configure port mappings on the router. Subsequently, such a facility forwards packets from the external ports of the router to the internal ports used by the application. Vigor2800 Series User’s Guide...

  • Page 65: Quality Of Service

    If there’s no defined priority to specify which packets should be discarded (or in another term “dropped”) from an overflowing queue, packets of sensitive applications mentioned above might be the ones to drop off. How this will affect application performance? Vigor2800 Series User’s Guide...
  • Page 66 The following QoS policies will be defined in the form of ratio of upstream/downstream speed. We will also provide application QoS requirement as reference to help you accomplish this task. The setting values will vary depending on the network condition. Click on Application >>QoS Control. The following screen will appear. Vigor2800 Series User’s Guide...
  • Page 67 Limited_bandwidth Ratio The ratio typed here is used to limit the total bandwidth of UDP application. Basic button Click this button to open basic configuration for each index number. Vigor2800 Series User’s Guide...
  • Page 68 DestEdit - allows you to edit destination address information. If you click one of the buttons, you will see the following dialog. From the Address Type drop-down list, please choose one of the selections as the address type. And type in start IP and end Vigor2800 Series User’s Guide...
  • Page 69 QoS control. It can also be edited. Simply click Add/Edd/Delete button to access into the following page. You can add a new service name for your necessity. Also, you can Edit/Delete to change the one that you added before. Vigor2800 Series User’s Guide...

  • Page 70: Vpn And Remote Access

    LAN, you should disable the VPN service of Vigor Router to allow VPN tunnel pass through, as well as the appropriate NAT settings, such as DMZ or open port. This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Vigor2800 Series User’s Guide...
  • Page 71 IP address from the local private network. For example, if the local private network is 192.168.1.0/255.255.255.0, you could choose 192.168.1.200 as the Start IP Address. But, you have to notice that the first two Vigor2800 Series User’s Guide...

  • Page 72: Ipsec General Setup

    (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key -Currently only support Pre-Shared Key authentication. Pre-Shared Key- Specify a key for IKE authentication Re-type Pre-Shared Key-Confirm the pre-shared key. Vigor2800 Series User’s Guide...

  • Page 73: Ipsec Peer Identity

    Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2800 Series User’s Guide...

  • Page 74: Remote User Profiles

    IPSec) and corresponding security methods, etc. The router provides 32 access accounts for dial-in users. Besides, you can extend the user accounts to the RADIUS server through the built-in RADIUS client function. The following figure shows the summary table. Vigor2800 Series User’s Guide...
  • Page 75 Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2800 Series User’s Guide...
  • Page 76 Must -Specify the IPSec policy to be definitely applied on the L2TP connection. Specify Remote Node Check the checkbox-You can specify the IP address of the remote dial-in user or peer ID (used in IKE aggressive mode). Uncheck the checkbox-This means the connection type you Vigor2800 Series User’s Guide...

  • Page 77: Lan To Lan Profiles

    Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including specified connection direction (dial-in or dial-out), connection peer ID, connection type (VPN including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. Vigor2800 Series User’s Guide...
  • Page 78 4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation. Vigor2800 Series User’s Guide...
  • Page 79 Enter the IP address of the remote host that located at the other-end of the VPN tunnel. Enable PING to Keep Alive is used to handle abnormal IPSec VPN connection disruption. It will help to provide the state of a VPN connection for router’s judgment of redial. Vigor2800 Series User’s Guide...
  • Page 80 IPSec Policy. Medium Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active. High (ESP-Encapsulating Security Payload)- means payload (data) will be encrypted and authenticated. Select from below: Vigor2800 Series User’s Guide...
  • Page 81 The default value is 3600 seconds. You may specify a value in between 600 and 86400 seconds. Perfect Forward Secret (PFS)-The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2. The Vigor2800 Series User’s Guide...
  • Page 82 Password of remote dial-in user below. This feature is useful for i model only. PPTP Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below. Vigor2800 Series User’s Guide...
  • Page 83 Data Encryption Standard (DES), Triple DES (3DES), and AES. Callback Function The callback function provides a callback service only for the ISDN dial-in user (this feature is useful for i model only). The Vigor2800 Series User’s Guide...

  • Page 84: Vpn Connection Management

    IP address. You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Vigor2800 Series User’s Guide...
  • Page 85 Dial Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dail information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status. Vigor2800 Series User’s Guide...

  • Page 86: Certificate Management

    Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Below shows the menu items for Certificate Management. Generate Click this button to open Generate Certificate Request window. Vigor2800 Series User’s Guide...

  • Page 87: Trusted Ca Certificate

    To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window. Then click Import to use the pre-saved file. Vigor2800 Series User’s Guide...

  • Page 88: Voip

    URL so some may call it “SIP URL”. SIP supports peer-to-peer direct calling and also calling via a SIP proxy server (a role similar to the gatekeeper in H.323 networks), while the MGCP protocol uses client-server architecture, the calling scenario being very similar to the current PSTN network. Vigor2800 Series User’s Guide...
  • Page 89 QoS Assurance assists to assign high priority to voice traffic via Internet. You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic. Vigor2800 Series User’s Guide...

  • Page 90: Dialplan

    “speed-dial” Phone Number.There are total 60 index entries in the DialPlan for you to store all your friends and family members’ SIP addresses. Click any index number to display the dial plan setup page. Vigor2800 Series User’s Guide...
  • Page 91 It is used to help user having a quick and easy way to dial out through VoIP interface. Enable Check this box to invoke this setting. Prefix Number The phone number set here is used to add, strip, or replace the OP number. Vigor2800 Series User’s Guide...

  • Page 92: Sip Accounts

    SIP Address as in Account Name@ Domain name As Vigor VoIP Router is turned on, it will first register with Registrar using AuthorizationUser@Domain/Realm. After that, your call will be bypassed by SIP Proxy to the destination using AccountName@Domain/Realm as identity. Vigor2800 Series User’s Guide...
  • Page 93 The default value is 150sec. It is useful for a Nortel server NAT Traversal Support. Status Show the status for the corresponding SIP account. R means such account is registered on SIP server successfully. – means the account is failed to register on SIP server. Vigor2800 Series User’s Guide...
  • Page 94 Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar. If this setting value is the same as Account Name, it is not necessary for you to check the box and set any value in this field. Vigor2800 Series User’s Guide...
  • Page 95 Ring Port Set VoIP 1 or VoIP 2 as the default ring port. Ring Pattern Choose a ring tone type for the VoIP phone call. Below shows successful SIP accounts for your reference. Vigor2800 Series User’s Guide...

  • Page 96: Phone Settings

    RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Click the number 1 or 2 link under Index column, you can access into the following page for configuring Phone settings. Vigor2800 Series User’s Guide...
  • Page 97 Click hook flash to pick up the waiting phone call. Call Transfer Check this box to invoke this function. Click hook flash to initiate another phone call. When the phone call connection Vigor2800 Series User’s Guide...
  • Page 98 There are six groups of SIP accounts that you can set. Use the drop down list to choose the profile name of the account as the default one. Play dial tone only when Check this box to invoke the function. account registered Vigor2800 Series User’s Guide...

  • Page 99: Status

    Total number of transmitted voice packets during this connection session. Rx Pkts Total number of received voice packets during this connection session. Rx Losts Total number of lost packets during this connection session. Rx Jitter The jitter of received voice packets. Vigor2800 Series User’s Guide...

  • Page 100: Wlan

    Point (AP) connecting to lots of wireless clients or Stations (STA). All the STAs will share the same Internet connection via Vigor wireless router. The General Settings will set up the information of this wireless network, including its SSID as identification, located channel etc. Vigor2800 Series User’s Guide...
  • Page 101 No matter which security suite you select, they all will enhance the over-the-air data protection and /or privacy on your wireless network. The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same time. Example 1 Example 2 Vigor2800 Series User’s Guide...

  • Page 102: General Settings

    Below shows the menu items for Wireless LAN. By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Vigor2800 Series User’s Guide...
  • Page 103 It is the identification of the wireless LAN. SSID can be any text numbers or various special characters. Channel The channel of frequency of the wireless LAN. The default channel is 6. You may switch channel if the selected Vigor2800 Series User’s Guide...

  • Page 104: Security

    Check it to use Long Preamble if needed to communicate with this kind of devices. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Vigor2800 Series User’s Guide...
  • Page 105 0x, such as 0x4142434445464748494A4B4C4D). All wireless devices must support the same WEP encryption bit size and have the same key. Four keys can be entered here, but only one key can be selected at a time. Vigor2800 Series User’s Guide...

  • Page 106: Access Control

    - select to apply VPN to the connection of the wireless client of the MAC address. s - select to isolate the wireless connection of the wireless client of the MAC address from LAN. Add a new MAC address into the list. Vigor2800 Series User’s Guide...

  • Page 107: Station List

    There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Refresh Click this button to refresh the status of station list. Click this button to add current selected MAC address into Access Control. Vigor2800 Series User’s Guide...

  • Page 108: System Maintenance

    Display the subnet mask address of the LAN interface. DHCP Server Display the current status of DHCP server of the LAN interface. MAC Address Display the MAC address of the WAN Interface. IP Address Display the IP address of the WAN interface. Vigor2800 Series User’s Guide...

  • Page 109: Administrator Password

    When you click OK, the login window will appear. Please use the new password to access into the web configurator again. Follow the steps below to backup your configuration. Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. Vigor2800 Series User’s Guide...
  • Page 110 Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Vigor2800 Series User’s Guide...

  • Page 111: Syslog/Mail Alert

    Assign a port for the Syslog protocol. SMTP Server The IP address of the SMTP server. Mail To Assign a mail address for sending mails out. Return-Path Assign a path for receiving the mail from outside. Click OK to save these settings. Vigor2800 Series User’s Guide...
  • Page 112 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2800 Series User’s Guide...

  • Page 113: Time And Date

    Type the IP address of the time sever. Time Zone Select the time zone where the router is located. Select a time interval for updating from the NTP server. Automatically Update Interval Click OK to save these settings. Vigor2800 Series User’s Guide...

  • Page 114: Management Setup

    Check it to enable this function. Get Community Set the name for getting community by typing a proper character. The default setting is public. Set Community Set community by typing a proper name. The default setting is private. Vigor2800 Series User’s Guide...

  • Page 115: Reboot System

    Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.

  • Page 116: Diagnostics

    If the connection is idle, it will show “---”. WAN IP Address The WAN IP address for the active connection. Dial PPPoE or PPPoA Click it to force the router to establish a PPPoE or PPPoA connection. Vigor2800 Series User’s Guide...

  • Page 117: Dial-Out Triggerred

    Click Diagnostics and click Dial-out Trigger to open the web page. Refresh Click it to reload the page. Click Diagnostics and click Routing Table to open the web page. Refresh Click it to reload the page. Vigor2800 Series User’s Guide...

  • Page 118: Arp Cache Table

    The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click DHCP Table to open the web page. Refresh Click it to reload the page. Vigor2800 Series User’s Guide...

  • Page 119: Nat Sessions Table

    Click Diagnostics and click NAT Sessions Table to open the setup page. Refresh Click it to reload the page. Vigor2800 Series User’s Guide...

  • Page 120: Adsl Spectrum Analysis

    Click Diagnostics and click NAT Active Sessions Table to open the web page. Below shows two example diagrams for different type of Vigor router. sample 1 sample 2 Refresh Click it to reload the page. Vigor2800 Series User’s Guide...

  • Page 121: Create A Lan-To-Lan Connection Between Remote Office And Headquarter

    Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. Then, For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. Vigor2800 Series User’s Guide...
  • Page 122 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2800 Series User’s Guide...
  • Page 123 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2800 Series User’s Guide...
  • Page 124 Router B via the VPN connection. Settings in Router B in the remote office: Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. Vigor2800 Series User’s Guide...
  • Page 125 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2800 Series User’s Guide...
  • Page 126 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2800 Series User’s Guide...
  • Page 127 Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2800 Series User’s Guide...

  • Page 128: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter

    PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2800 Series User’s Guide...
  • Page 129 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2800 Series User’s Guide...
  • Page 130 After successful installation, for the first time user, you should click on the Step 0. Configure button. Reboot the host. In Step 2. Connect to VPN Server, click Insert button to add a new entry. If an IPSec-based service is selected as shown below, Vigor2800 Series User’s Guide...
  • Page 131 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2800 Series User’s Guide...

  • Page 132: Qos Setting Example

    Enter the Class Name of Index 1. In this index, she will set reserve bandwidth for Email using protocol POP3 and SMTP. Click Basic button on the right. Select POP3 and SMTP on the left column and add to right column. Click OK to exit. Vigor2800 Series User’s Guide...
  • Page 133 And click Advanced button on the right. Click edit to open a new window. First, check the ACT box. Then click SrcEdit to set a worker’s subnet address. Click DestEdit to set headquarter’s subnet address. Leave other fields and click OK. Vigor2800 Series User’s Guide...

  • Page 134: Lan - Created By Using Nat

    DHCP server is enabled so it assigns every local NATed host an IP address of 192.168.1.x starting from 192.168.1.10. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Vigor2800 Series User’s Guide...
  • Page 135 To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Vigor2800 Series User’s Guide...
  • Page 136 Vigor2800 Series User’s Guide...

  • Page 137: Calling Scenario For Voip Function

    Display Name: David Account Name: 4321 Authentication ID: unchecked Password: **** Expiry Time: (use default value) David calls John CODEC/RTP/DTMF --- He picks up the phone and dials 2222# (DialPlan Phone (Use default value) Number for John) Vigor2800 Series User’s Guide...
  • Page 138 Expiry Time: (use default value) CODEC/RTP/DTMF--- David calls John (Use default value) He picks up the phone and dials 2222# (DialPlan Phone Number for John) Or, He picks up the phone and dials 1234# (John’s Account Name) Vigor2800 Series User’s Guide...

  • Page 139: Peer-To-Peer Calling

    SIP Accounts Settings --- Profile Name: Arnor Register via: None SIP Port: 5060(default) Domain/Realm: (blank) Proxy: (blank) Act as outbound proxy: unchecked Display Name: Paulin Account Name: 4321 Authentication ID: unchecked Password: (blank) Expiry Time: (use default value) Vigor2800 Series User’s Guide...

  • Page 140: Upgrade Firmware For Your Router

    4. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 5. Go to www.draytek.com to find out the newly update firmware for your router. 6. Access into Support Center >> Downloads. Find out the model name of the router and click the firmware link.
  • Page 141 You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need. Vigor2800 Series User’s Guide...

  • Page 142: Request A Certificate From A Ca Server On Windows Ca Server

    14. Click Send. 15. Now the firmware update is finished. Vigor2800 Series User’s Guide...
  • Page 143 You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Vigor2800 Series User’s Guide...
  • Page 144 PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base Vigor2800 Series User’s Guide...

  • Page 145: Request A Ca Certificate And Set As Trusted On Windows Ca Server

    (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2800 Series User’s Guide...
  • Page 146 Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below illustration. You may review the detail information of the certificate by clicking View button. Vigor2800 Series User’s Guide...
  • Page 147 Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2800 Series User’s Guide...
  • Page 148 Vigor2800 Series User’s Guide...

  • Page 149: Trouble Shooting

    Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. Vigor2800 Series User’s Guide...
  • Page 150 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2800 Series User’s Guide...
  • Page 151 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2800 Series User’s Guide...

  • Page 152: Pinging The Router From Your Computer

    Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. It the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2800 Series User’s Guide...
  • Page 153 Vigor2800 Series User’s Guide...

  • Page 154: Checking If The Isp Settings Are Ok Or Not

    Click Internet Access group and then check whether the ISP settings are set correctly. Check if the Enable option is selected. Check if Username and Password are entered with correct values that you got from your ISP. Vigor2800 Series User’s Guide...

  • Page 155: Backing To Factory Default Setting If Necessary

    Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click OK. After few seconds, the router will return all the settings to the factory settings. Vigor2800 Series User’s Guide...

  • Page 156: Contacting Your Dealer

    After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor2800 Series User’s Guide...
  • Page 157 Vigor2800 Series User’s Guide...

This manual is also suitable for:

Vigor2800vVigor2800vgVigor2800g

Table of Contents