Page 2 Vigor2920 Series Dual-WAN Security Router User’s Guide Version: 3.1 Firmware Version: V3.6.7 (For future update, please visit DrayTek website) Date: May 6, 2014 Vigor2920 Series User’s Guide...
Page 3 Web registration is preferred. You can register your Vigor router via Owner http://www.DrayTek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be regularly Updates upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.
Page 4: Regulatory Information
Product: Vigor2920 Series Router DrayTek Corp. declares that Vigor2920 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class B and EN55024/Class B.
Page 5: Table Of Contents
2.7 Registering Vigor Router....................56 TUTORIALS AND APPLICATIONS .............61 3.1 How to configure settings for IPv6 Service ..............61 3.2 How to Send a Notification to Specified Phone Number via SMS Service in WAN Disconnection........................71 Vigor2920 Series User’s Guide...
Page 6 3.4 How to configure Multi-Subnet for Vigor Router............. 78 3.5 How to Customize Your Login Page ................85 3.6 How to use SmartMonitor with Vigor2920 series ............87 3.7 Create a LAN-to-LAN Connection Between Remote Office and Headquarter ....88 3.8 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter .
Page 7 4.12.1 Local Certificate ........................315 4.12.2 Trusted CA Certificate ......................318 4.12.3 Certificate Backup....................... 319 4.13 VoIP ........................... 319 4.13.1 DialPlan ..........................321 4.13.2 SIP Accounts ........................331 4.13.3 Phone Settings ........................335 4.13.4 Status..........................341 Vigor2920 Series User’s Guide...
Page 8 4.17.9 Ping Diagnosis........................400 4.17.10 Trace Route ........................401 4.17.11 Syslog Explorer......................... 402 4.17.12 TSPC Status ........................404 4.18 External Devices ......................405 TROUBLE SHOOTING................407 5.1 Checking If the Hardware Status Is OK or Not............. 407 Vigor2920 Series User’s Guide viii...
Page 9 5.4 Checking If the ISP Settings are OK or Not ..............412 5.5 Problems for 3G Network Connection................412 5.6 Backing to Factory Default Setting If Necessary ............413 5.7 Contacting Your Dealer....................414 APPENDIX I: VLAN APPLICATIONS ON VIGOR ROUTER ..........415 APPENDIX II: RELEASE NOTE ..................423 Vigor2920 Series User’s Guide...
Page 11: Introduction
Vigor2920 series is a broadband router. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DS, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 2 VPN tunnels.
Page 12: Web Configuration Buttons Explanation
Add new settings for specified item. Edit the settings for the selected item. Delete the selected item with the corresponding settings. Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed explanation. Vigor2920 Series User’s Guide...
Page 13: Led Indicators And Connectors
The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
Page 14 Then the router will restart with the factory default configuration. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...
Page 15: For Vigor2920N
The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
Page 16 Then the router will restart with the factory default configuration. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...
Page 17: For Vigor2920Vn
The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
Page 18 Connecter for analog phone(s). Line Connector for PSTN life line. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for Mobile HDD, 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...
Page 19: For Vigor2920V
Left LED The port is connected. 1/2/3/4 (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
Page 20 Phone 1/2 Connecters for analog phone(s). GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for Mobile HDD, 3G Modem or printer. Connecter for a power adapter. ON/OFF Power Switch. Vigor2920 Series User’s Guide...
Page 21: Hardware Installation
Power on the device by pressing down the power switch on the rear panel. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. (For the detailed information of LED status, please refer to section 1.1.) Vigor2920 Series User’s Guide...
Page 22: Printer Installation
You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows 7. For installation on other Windows systems, please visit www.DrayTek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
Page 23 A dialog will appear. Click Add a local printer and click Next. In this dialog, choose Create a new port. In the field of Type of port, use the drop down list to select Standard TCP/IP Port. Then, click Next. Vigor2920 Series User’s Guide...
Page 24 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Hostname or IP Address and type 192.168.1.1 as the Port name. Then, click Next. Click Standard and choose Generic Network Card. Vigor2920 Series User’s Guide...
Page 25 Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next. Type a name for the chosen printer. Click Next. Vigor2920 Series User’s Guide...
Page 26 10. Choose Do not share this printer and click Next. 11. Then, in the following dialog, click Finish. Vigor2920 Series User’s Guide...
Page 27 12. The new printer has been added and displayed under Printers and Faxes. Click the new printer icon and click Printer server properties. 13. Edit the property of the new printer you have added by clicking Configure Port. Vigor2920 Series User’s Guide...
Page 28 14. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name. The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router. Vigor2920 Series User’s Guide...
Page 29: Accessing Web User Interface
If you do not know whether your printer is supported or not, please visit www.DrayTek.com to find out the printer list. Open Support > FAQ/Application Notes; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.
Page 30: Changing Password
Now, the Main Screen will appear. Note: The home page will change slightly in accordance with the type of the router you have. Go to System Maintenance page and choose Administrator Password. Vigor2920 Series User’s Guide...
Page 31: Online Status
Now, the password has been changed. Next time, use the new password to access the Web user interface for this router. Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. Vigor2920 Series User’s Guide...
Page 32 GW IP - Displays the IP address of the default gateway. TX Packets - Displays the total transmitted packets at the WAN interface. TX Rate - Displays the speed of transmitted octets at the WAN interface. Vigor2920 Series User’s Guide...
Page 33 Note: The words in green mean that the WAN connection of that interface is ready for accessing Internet; the words in red mean that the WAN connection of that interface is not ready for accessing Internet. Vigor2920 Series User’s Guide...
Page 34: Virtual Wan
Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2920 Series User’s Guide...
Page 35: Quick Setup
WAN1/2 (based on the physical hardware connection); if 3G USB modem is used, please choose WAN3. Choose Auto negotiation as the physical type for your router. Then click Next for next step. Vigor2920 Series User’s Guide...
Page 36: For Wan1/Wan2 (Ethernet)
PPPoE is used for most of modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode. If your ISP provides you the PPPoE connection, please select PPPoE for this router. Vigor2920 Series User’s Guide...
Page 37 Service Name Type the description of the specific network service. (Optional) User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Confirm Password Retype the password. Vigor2920 Series User’s Guide...
Page 38 Please manually Type the Username/Password provided by your ISP. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2920 Series User’s Guide...
Page 39 Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Click PPTP/L2TP as the Internet Access Type. Then click Next to continue. Vigor2920 Series User’s Guide...
Page 40 Click it to give up the quick start wizard. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2920 Series User’s Guide...
Page 41 Subnet Mask Type the subnet mask. Gateway Type the IP address of gateway. Primary DNS Type in the primary IP address for the router. Secondary DNS Type in secondary IP address for necessity in the future. Vigor2920 Series User’s Guide...
Page 42 After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2920 Series User’s Guide...
Page 43 Available settings are explained as follows: Item Description Host Name Type the name of the host. Some Cable service providers specify a specific MAC address for access authentication. In such cases you need to Type the MAC address. Vigor2920 Series User’s Guide...
Page 44 After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. 5. Now, you can enjoy surfing on the Internet. Vigor2920 Series User’s Guide...
Page 45: For Wan3 (Usb)
SIM Pin code –Type PIN code of the SIM card that will be (PPP mode) used to access Internet. The maximum length of the pin code you can set is 15 characters. Modem Initial String – Such value is used to initialize USB Vigor2920 Series User’s Guide...
Page 46 Then, click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2920 Series User’s Guide...
Page 47: Service Activation Wizard
Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com. For using Web Content Filter Profile, please refer to later section Web Content Filter Profile for detailed information.
Page 48 When you finish the selection, please click Next. Commtouch is the web content filter based on Commtouch operated in the worldwide. There is a 30-day trial period. After trial, you can purchase DrayTek's prepared Commtouch GlobalView WCF package from retailing outlets.
Page 49 Later, if you need to extend the license valid time for the same service, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next. Vigor2920 Series User’s Guide...
Page 50 Vigor2920 Series User’s Guide...
Page 51: Vpn Client Wizard
Route Mode/NAT Mode – If the remote network only allows you to dial in with single IP, please choose this mode, otherwise please choose Route Mode. Please choose a There are 32 VPN profiles for users to set. LAN-to-LAN Profile Vigor2920 Series User’s Guide...
Page 52 In this page, you have to select suitable VPN type for the VPN client profile. There are six types provided here. Different type will lead to different configuration page. After making the choices for the client profile, please click Next. You will see different configurations based on the selection(s) you made. Vigor2920 Series User’s Guide...
Page 53  When you choose PPTP (None Encryption) or PPTP (Encryption), you will see the following graphic:  When you choose IPSec, you will see the following graphic: Vigor2920 Series User’s Guide...
Page 54 When you choose L2TP over IPSec (Nice to Have) or L2TP over IPSec (Must), you will see the following graphic: Available settings are explained as follows: Item Description Profile Name Type a name for such profile. The length of the file is limited to 10 characters. Vigor2920 Series User’s Guide...
Page 55 By default, this option is active. High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Vigor2920 Series User’s Guide...
Page 56 Click this radio button to set another profile of VPN Server Server Wizard through VPN Server Wizard. Setup View more detailed Click this radio button to access VPN and Remote configuration Access>>LAN to LAN for viewing detailed configuration. Vigor2920 Series User’s Guide...
Page 57: Vpn Server Wizard
VPN connection. Please choose a This item is available when you choose Site to Site VPN LAN-to-LAN Profile (LAN-to-LAN) as VPN server mode. There are 32 VPN profiles for users to set. Vigor2920 Series User’s Guide...
Page 58 Here we take the example of choosing Remote-Dial-in User as the VPN Server Mode. Check the Allowed Dial-in Type for the VPN server profile After making the choices for the server profile, please click Next. You will see different configurations based on the selection (dial-in type) you made. Vigor2920 Series User’s Guide...
Page 59  When you check PPTP, you will see the following graphic:  When you check PPTP/IPSec/L2TP (three types) or PPTP/IPSec (two types) or L2TP with Policy (Nice to Have/Must), you will see the following graphic: Vigor2920 Series User’s Guide...
Page 60 Please type one LAN IP address (according to the real location of the remote host) for building VPN connection. Remote Network Please type the network mask (according to the real location of Mask the remote host) for building VPN connection. Vigor2920 Series User’s Guide...
Page 61 View more detailed Access>>LAN to LAN for viewing detailed configuration. configuration If there is no problem, you can click one of the radio buttons listed on the page and click Finish to execute the next action. Vigor2920 Series User’s Guide...
Page 62: Wireless Wizard
Type the SSID name of this router. The default name is defined with DrayTek. Mode At present, the router can connect to 11n Only, 11g Only, Mixed (11b+11g), Mixed (11a+11n), Mixed (11g+11n), and Mixed (11b+11g+11n) stations simultaneously. Simply choose Mix (11b+11g+11n) mode. Vigor2920 Series User’s Guide...
Page 63 (guest) accessing into Internet but not being allowed to share the LAN network and VPN connection. Available settings are explained as follows: Item Description Enable/Disable Click it to enable or disable settings in this page. Name Type the SSID name of this router. (SSID2) Vigor2920 Series User’s Guide...
Page 64 Exit the wireless wizard without saving any changes. 4. After typing the required information, click Next. 5. The following page will display the configuration summary for wireless setting. Click Finish to complete the wireless settings configuration. Vigor2920 Series User’s Guide...
Page 65: Voip Wizard
Use the same Account as phone 1 – If you don’t need to configure Phone 2 settings, simply check this box. Next Click it to get into the next setting page. Click it to give up the quick start wizard. Cancel Vigor2920 Series User’s Guide...
Page 66: Registering Vigor Router
Please follow the steps below to finish the router registration. Please login the web configuration interface of Vigor router by typing “admin/admin” as User Name / Password. Click Support Area>>Production Registration from the home page. Vigor2920 Series User’s Guide...
Page 67 The following page will be displayed after you logging in MyVigor. From this page, please click Add or Product Registration. Note: Below the field of Your Device List, all the Vigor routers that you have registered to MyVigor website will be displayed in sequence. Vigor2920 Series User’s Guide...
Page 68 When the following page appears, please type in Nickname (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit. Vigor2920 Series User’s Guide...
Page 69 When the following page appears, your router information has been added to the database. Click OK to leave this web page and return to My Information web page. Take a look at the page of My Information, the new added Vigor rotuer is listed under Your Device List. Vigor2920 Series User’s Guide...
Page 70 This page is left blank. Vigor2920 Series User’s Guide...
Page 71: Tutorials And Applications
Access into the web user interface of Vigor2920. Open WAN>> Internet Access. Choose one of the WAN interfaces (e.g., WAN2 in this case) as the one supporting IPv6 service. Then, choose PPPoE as the Access Mode and click Details Page. Vigor2920 Series User’s Guide...
Page 72 Different connection types will bring out different configuration page. Refer to the following:  PPP – Dual Stack application Choose PPP to access into the setting page for IPv6 service. It is not necessary for you to configure anything. Vigor2920 Series User’s Guide...
Page 73 Click OK and open Online Status. If the connection is successful, you will get the IP address for IPv4 and IPv6 at the same time. Vigor2920 Series User’s Guide...
Page 74 (In the following figure, the TSPC information is obtained from http://gogo6.com/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 75 (In the following figure, the AICCU information is obtained from https://www.sixxs.net/main/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 76  DHCPv6 Client Choose DHCPv6 Client. Click one of the identity associations and type the IAID number. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 77  Static IPv6 Choose Static IPv6. Type IPv6 address, Prefix Length and Gateway Address. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 78 In the field of HCPv6 Server Configuration, when DHCPv6 service is enabled, you can assign available IPv6 address for the client manually. Note: When both mechanisms are enabled, the client can determine which mechanism to be used (e.g., the default mechanism for Windows7 is RADVD). Vigor2920 Series User’s Guide...
Page 79 IPv4 IP and IPv6 IP services. Its IPv6 address is seen with a format of 2001:200:dff:fff1:216:3eff:feb1:44d7. After getting the above message, it means the IPv6 service has been activated successfully. Vigor2920 Series User’s Guide...
Page 80 If not, only a steady turtle will be seen. If you can see a turtle dancing on the screen, that means IPv6 service is ready for you to access and utilize. Vigor2920 Series User’s Guide...
Page 81: How To Send A Notification To Specified Phone Number Via Sms Service In Wan Disconnection
Choose any index number (e.g., Index 1 in this case) to configure the SMS Provider setting. In the following page, type the username and password and set the quota that the router can send the message out. Vigor2920 Series User’s Guide...
Page 82 Choose any index number (e.g., Index 1 in this case) to configure conditions for sending the SMS. In the following page, type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper. Vigor2920 Series User’s Guide...
Page 83 Click OK to save the settings. Later, if one of the WAN connections fails in your router, the system will send out SMS to the phone number specified. If the router has only one WAN interface, the system will send out SMS to the phone number while reconnecting the WAN interface successfully. Vigor2920 Series User’s Guide...
Page 84 URL string of the SMS provider and type the username and password. After clicking OK, the new added SMS provider will be added and will be available for you to specify for sending SMS out. Vigor2920 Series User’s Guide...
Page 85: How Can I Get The Files From Usb Storage Device Connecting To Vigor Router
Plug the USB device to the USB port on the router. Make sure Disk Connected appears on the Connection Status as the figure shown below: Open USB Application >> USB General Settings to check the general settings. Click Vigor2920 Series User’s Guide...
Page 86 "user1" and assign authorities “Read”, “Write” and “List” to it. Click OK to save the configuration. Make sure the FTP service is running properly. Please open a browser and type ftp://192.168.1.1. Use the account "user1" to login. Vigor2920 Series User’s Guide...
Page 87 Now, users in LAN of Vigor2920 can access into the USB storage device by typing ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management. Vigor2920 Series User’s Guide...
Page 88: How To Configure Multi-Subnet For Vigor Router
VLAN Configuration. For VLAN0 setting, check P1 and set LAN1 as the Subnet. For VLAN1 setting, check P2 and set LAN2 as the Subnet. For VLAN2 setting, check P3 and P4, and set LAN3 as the Subnet. Vigor2920 Series User’s Guide...
Page 89 The equipment connecting to Vigor2920 LAN Port 3 and Port 4 (LAN3) can get the IP address of 192.168.3.0/24 For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2920 Series User’s Guide...
Page 90 To make any two of VLAN groups linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2920 Series User’s Guide...
Page 91 (8) for VID setting. Then check P4 and set LAN2 as the Subnet. To activate the function of VLAN Tag for VLAN2 setting, check the box of Enable and type the value (9) for VID setting. Then check P4 and set LAN3 as the Subnet. Vigor2920 Series User’s Guide...
Page 92 In the page of LAN >> General Setup, check the Status box of LAN2, LAN3 and LAN4 and enable the function of DHCP. For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2920 Series User’s Guide...
Page 93 Port 23 is set with Trunk in this example and will transfer the packets with VLAN Tag information. That is, packets with VID 7, 8, 9 and 10 will be transferred to Vigor2920 by Port 23 and VID information will be retained. Vigor2920 Series User’s Guide...
Page 94 To make any two of VLAN groups of Tag Based VLAN linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2920 Series User’s Guide...
Page 95: How To Customize Your Login Page
Open User Management>>General Setup. Set User-Based as the Mode and click OK to save teh settings. Open User Management>>User Profile to create a new user profle. Click any link (e.g., #3) to access into the following page. Type a User Name and a Password. Then, click OK. Vigor2920 Series User’s Guide...
Page 96 “Just for Carrie” is displayed as a heading on the login dialog box. After typing the username and password (defined in User Management>>User Profile), click Login. You can access into Internet or access into the Landing Page if configured in User Management>>General Setup. Vigor2920 Series User’s Guide...
Page 97: How To Use Smartmonitor With Vigor2920 Series
SmartMonitor to the monitor port of Vigor router, then all the traffic in other LAN port will forward to the monitor port. But, there is no hardware monitor port for Vigor2920 series. Therefore we need to configure mirror port setting in the web user interface of Vigor2920 for using SmartMonitor.
Page 98: Create A Lan-To-Lan Connection Between Remote Office And Headquarter
For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
Page 99 Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. Vigor2920 Series User’s Guide...
Page 100 Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Vigor2920 Series User’s Guide...
Page 101 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2920 Series User’s Guide...
Page 102 PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
Page 103 Set Dial-Out Settings as shown below to dial to connect to Router A aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2920 Series User’s Guide...
Page 104 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2920 Series User’s Guide...
Page 105 Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2920 Series User’s Guide...
Page 106: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter
PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
Page 107 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2920 Series User’s Guide...
Page 108 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.DrayTek.com download center. Install as instructed.
Page 109 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2920 Series User’s Guide...
Page 110: Qos Setting Example
Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in the restroom. Go to Bandwidth Management>>Quality of Service. Vigor2920 Series User’s Guide...
Page 111 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. Return to previous page. Type the Name of Index Class 1 by clicking Edit link. Type the name “E-mail” for Class 1. Vigor2920 Series User’s Guide...
Page 112 POP3 and SMTP. Return to previous page. Type the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserved bandwidth for HTTPS. And click OK. Click Setup link for WAN. Vigor2920 Series User’s Guide...
Page 113 Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. 10. Click Edit to open a new window. 11. Click Edit to open the following window. Check the ACT box, first. Vigor2920 Series User’s Guide...
Page 114 12. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK. Vigor2920 Series User’s Guide...
Page 115: Request A Certificate From A Ca Server On Windows Ca Server
Go to Certificate Management and choose Local Certificate. Vigor2920 Series User’s Guide...
Page 116 Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Vigor2920 Series User’s Guide...
Page 117 IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. Vigor2920 Series User’s Guide...
Page 118 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2920 Series User’s Guide...
Page 119: Request A Ca Certificate And Set As Trusted On Windows Ca Server
Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2920 Series User’s Guide...
Page 120 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2920 Series User’s Guide...
Page 121: Creating An Account For Myvigor
The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Web Content Filter) to filtering the web pages for the sake of protecting your system. In general, Service Activation Wizard can activate WCF service for the router by using simple steps.
Page 122 2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. Check to confirm that you accept the Agreement and click Accept. Vigor2920 Series User’s Guide...
Page 123 5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue. Vigor2920 Series User’s Guide...
Page 124 8. Check to see the confirmation email with the title of Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2920 Series User’s Guide...
Page 125: Creating An Account Via Myvigor Web Site
11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
Page 126 2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue. Vigor2920 Series User’s Guide...
Page 127 6. Check to see the confirmation email with the title of Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2920 Series User’s Guide...
Page 128 UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. Vigor2920 Series User’s Guide...
Page 129: Advanced Web Configuration
IP addresses are publicly registered with the Network Information Centre (NIC). Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP/IP local area networks (LANs), such as host PCs under the Vigor2920 Series User’s Guide...
Page 130 Users can use four LAN ports on the router to access Internet. Also, they can access Internet via 802.11n wireless function of Vigor2920/Vn, and enjoy the powerful firewall, bandwidth management, VPN features of Vigor2920n/Vn series. Vigor2920 Series User’s Guide...
Page 131: General Setup
Besides, 3G/4G USB Modem in WAN3 also can be used as backup device. Therefore, when WAN1/WAN2 is not available, the router will use 3.5G for supporting automatically. The supported 3G USB Modem will be listed on Draytek web site. Please visit www.draytek.com for more detailed information.
Page 132 Active Mode Display whether such WAN interface is connected and allows to access into Internet always, or such WAN interface will be treated as backup WAN interface. Note: In default, each WAN port is enabled. Vigor2920 Series User’s Guide...
Page 133 Enable – Enable the function of VLAN with tag. The router will add specific VLAN number to all packets on the WAN while sending them out. Please type the tag value and specify the priority for the packets sending by WAN1. Vigor2920 Series User’s Guide...
Page 134 WAN interface disconnects. When all of selected WAN disconnect – Such backup WAN will be activated only when all master WAN interfaces disconnect. After finished the above settings, click OK to save the settings. Vigor2920 Series User’s Guide...
Page 135 If you choose Backup as the Active Mode, Backup WAN will be changed into Backup Type. You have to specify which role the WAN interface should play if you want to backup multiple WANs. However, ignore this setting if you want to backup a single WAN. Vigor2920 Series User’s Guide...
Page 136: Internet Access
For the router supports multi-WAN function, the users can set different WAN settings (for WAN1/WAN2/WAN3) for Internet Access. Due to different Physical Mode for WAN interfaces, the Access Mode for these connections also varies. Refer to the following figures Vigor2920 Series User’s Guide...
Page 137 When such function is enabled, the specified values for DHCP option will be seen in DHCP reply packets. Interface – Specify the WAN interface(s) that will be overwritten by such function. WAN5 ~ WAN7 can be located under WAN>>Multi-PVCs. Vigor2920 Series User’s Guide...
Page 138 Username – Type in the username provided by ISP in this field. Password – Type in the password provided by ISP in this field. Index (1-15) in Schedule Setup - You can type in four sets of Vigor2920 Series User’s Guide...
Page 139 WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Vigor2920 Series User’s Guide...
Page 140 Address or specify another MAC address by typing on the boxes of MAC Address for the router. Specify a MAC Address – Type the MAC address for the router manually. After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
Page 141 PING Interval - Type the interval for the system to execute the PING operation. Such function allows you to verify whether network WAN Connection connection is alive or not through ARP Detect or Ping Detect. Detection Vigor2920 Series User’s Guide...
Page 142 Router Name: Type in the router name provided by ISP. Domain Name: Type in the domain name that you have assigned. Specify an IP address – Click this radio button to specify some data if you want to use Static IP mode. Vigor2920 Series User’s Guide...
Page 143 DSL modem on the WAN interface. Disable – Click this radio button to close the connection through PPTP or L2TP. Server Address - Specify the IP address of the PPTP/L2TP Vigor2920 Series User’s Guide...
Page 144 WAN interface, please use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Fixed IP - Usually ISP dynamically assigns IP address to you Vigor2920 Series User’s Guide...
Page 145 3G/4G USB Modem (PPP Enable / Disable - Click Enable for activating this function. If you click Disable, this function will be closed mode) and all the settings that you adjusted in this page will be Vigor2920 Series User’s Guide...
Page 146 IP address in this field for pinging. TTL (Time to Live) – Displays value for your reference. TTL value is set by telnet command. After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
Page 147 Such function allows you to verify whether network WAN Connection connection is alive or not through ARP Detect or Ping Detect. Detection Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection. Vigor2920 Series User’s Guide...
Page 148 TTL (Time to Live) – Displays value for your reference. TTL value is set by telnet command. It lists all of the modems supported by such router. Modem Support List After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
Page 149 PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix. No need to type any other information for PPP mode. Below shows an example for successful IPv6 connection based on PPPoE mode. Vigor2920 Series User’s Guide...
Page 150 After getting the IPv6 prefix and starting router advertisement daemon (RADVD), the PC behind this router can directly connect to IPv6 the Internet. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 151 Type the address for the tunnel broker IP, FQDN or an optional port number. Subnet Prefix Type the subnet prefix address getting from service provider After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 152 IAID Type a number as IAID. After finishing all the settings here, please click OK to save the configuration. – – This type allows you to setup static IPv6 address for WAN interface. Vigor2920 Series User’s Guide...
Page 153 Type the static IPv6 address for IPv4 tunnel with the value for prefix length. Type the static IPv6 address for LAN routing with the value LAN Routed Prefix for prefix length. Tunnel TTL Type the number for the data lifetime in tunnel. Vigor2920 Series User’s Guide...
Page 154 Auto 6rd – Retrieve 6rd prefix automatically from 6rd service provider. The IPv4 WAN must be set as "DHCP". Static 6rd - Set 6rd options manually. IPv4 Border Relay Type the IPv4 addresses of the 6rd Border Relay for a given 6rd domain. Vigor2920 Series User’s Guide...
Page 155 Type the IPv6 prefix length for the 6rd IPv6 prefix in number of bits. After finished the above settings, click OK to save the settings. Below shows an example for successful IPv6 connection based on 6rd mode. Vigor2920 Series User’s Guide...
Page 156: Multi-Vlan
They are provided for router-borne application such as TR-069. The settings must be applied and obtained from your ISP. For your special request, please contact with your ISP and then click WAN link of Channel 5, 6 or 7 to configure your router. Vigor2920 Series User’s Guide...
Page 157 PVC in the page of Application>>IGMP. For other settings, refer to Details Page for PPPoE in WAN1. General page lets you set the first channel. As to set the third channel, please click the Bridge tab to open Bridge configuration page. Vigor2920 Series User’s Guide...
Page 158 LAN port(s). Click Clear to remove all the configurations in this page if you do not satisfy it. When you finish the configuration, please click OK to save and exit this page. Vigor2920 Series User’s Guide...
Page 159: Lan
IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2920 Series User’s Guide...
Page 160 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2920 Series User’s Guide...
Page 161: General Setup
Force router to use “DNS Force Vigor router to use DNS servers configured in server IP address” LAN1/LAN2/LAN3/LAN4 instead of DNS servers given settings as specified in … by the Internet Access server (PPPoE, PPTP, L2TP or DHCP server). Vigor2920 Series User’s Guide...
Page 162 Enable Server - Let the router assign IP address to every host in the LAN. Disable Server –If your LAN has another DHCP server, please click it to disable the DHCP server of this device. However, If you LAN does not have any DHCP server, you Vigor2920 Series User’s Guide...
Page 163 If both DNS Primary IP and Secondary IP Address fields are left empty, the router will assign the DNS server IP obtained from ISP (which can be found in Online Status page) to LAN DHCP clients. Vigor2920 Series User’s Guide...
Page 164 Enable – Click it to enable RADVD server. The router advertisement daemon (radvd) sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 Vigor2920 Series User’s Guide...
Page 165 Delete – Click it to remove an existed entry. Current IPv6 Address Display current used IPv6 addresses. Table Details Page for LAN2 to LAN4 will be available only when VLAN settings for LAN2 to LAN4 are configured and activated. Vigor2920 Series User’s Guide...
Page 166 IP for say 5 minutes, the server still "reserves" 1 day for that client. Because a DHCP server only has a limited number of IPs to lease to its DHCP clients, soon enough all the Vigor2920 Series User’s Guide...
Page 167 Force router to use address for DNS- Force Vigor router to use DNS servers in this page instead of DNS servers given by the Internet Access server (PPPoE, PPTP, L2TP or DHCP server). After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 168 Vigor Router’s, you can let Relay Agent help you to redirect the DHCP request to the specified location. Start IP Address - Type a value of the IP address pool for the DHCP server to start with when issuing IP addresses. If Vigor2920 Series User’s Guide...
Page 169: Static Route
Both protocols bring different web pages. Each item is explained as follows: Item Description Set to Factory Default Clear all of the settings and return to factory default settings. Viewing Routing Table Displays the routing table for your reference. Vigor2920 Series User’s Guide...
Page 170 Set to Factory Default Clear all of the settings and return to factory default settings. Viewing IPv6 Routing Displays the routing table for your reference. Table Click any underline of index number to get the following page. Vigor2920 Series User’s Guide...
Page 171 Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2. Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Vigor2920 Series User’s Guide...
Page 172 Click the LAN - Static Route and click on the Index Number 1. Check the Enable box. Please add a static route as shown below, which regulates all packets destined to 192.168.10.0 will be forwarded to 192.168.1.2. Click OK. Vigor2920 Series User’s Guide...
Page 173 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2920 Series User’s Guide...
Page 174: Vlan
P1 – P4 – Check the LAN port(s) to be grouped under the selected VLAN. Wireless LAN SSID1 – SSID4 – Check the SSID box (es) for the wireless clients to be grouped under the selected VLAN. Vigor2920 Series User’s Guide...
Page 175 All the wire network clients are categorized to group VLAN0 in subnet 192.168.1.0/24 (LAN1). All the wireless network clients are categorized to group VLAN1 in subnet 192.168.2.0/24 (LAN2). Open LAN>>VLAN Configuration. Check the boxes according to the statement in step 1 and Step 2. Vigor2920 Series User’s Guide...
Page 176 (isolated) or common (able to communicate with each other). This is ideal for departmental or multi-occupancy applications. Note: As for the VLAN applications, refer to “Appendix I: VLAN Application on Vigor Router” for more detailed information. Vigor2920 Series User’s Guide...
Page 177: Bind Ip To Mac
Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below Select All Click this link to select all the items in the ARP table. Sort Reorder the table based on the IP address. Vigor2920 Series User’s Guide...
Page 178: Lan Port Mirror
VLAN at the same time. Third, it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port. Last, it is more convenient and easy to configure in user’s interface. Available settings are explained as follows: Item Description Vigor2920 Series User’s Guide...
Page 179: Wired 802.1X
Check the box to enable LAN 802.1x function. 802.1x ports After enabling the function, simply specify the LAN port(s) to apply such function. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 180: Web Portal Setup
Display the applied interfaced of the profile. Preview Open a preview window according to the configured settings. To configure the profile, click any index number link to open the following page. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 181: Load-Balance /Route Policy
"policies" are defined first. Then, if there comes a packet that matches any one of the "policies", it will be directed to the specified interface. Available settings are explained as follows: Item Description Index Click the number of index to access into the configuration web page. Vigor2920 Series User’s Guide...
Page 182 Src IP Start - Type the source IP start for the specified WAN interface. Src IP End - Type the source IP end for the specified WAN interface. If this field is blank, it means that all the Vigor2920 Series User’s Guide...
Page 183 Available settings are explained as follows: Item Description Force NAT /Force It determines which mechanism that the router will use to Routing forward the packet to WAN. 5. After choosing the mechanism, click Next to get the summary page for reference. Vigor2920 Series User’s Guide...
Page 184 6. If there is no error, click Finish to complete wizard setting. To use Advance Mode, do the following steps: 1. Click the Advance Mode radio button. 2. Click Index 1 to access into the following page. Vigor2920 Series User’s Guide...
Page 185 Auto Failover To The Other WAN – Check this button to lead the data passing through other WAN automatically when the selected WAN interface is down. Packet Forwarding to WAN via – Choose Force NAT or Force Routing. Vigor2920 Series User’s Guide...
Page 186: Nat
IP address/domain name are recognized by all users. Since the server is actually located inside the LAN, the network well protected by NAT of the router, and identified by its private IP address/port, the goal of Port Redirection function is to Vigor2920 Series User’s Guide...
Page 187 Display the number of the profile. Service Name Display the description of the specific network service. WAN Interface Display the WAN IP address used by the profile. Protocol Display the transport layer protocol (TCP or UDP). Vigor2920 Series User’s Guide...
Page 188 IP and Port of the internal host. If you choose Range as the port redirection mode, you will see two boxes on this field. Simply type the required number on the first box. The second one will be assigned automatically later. Vigor2920 Series User’s Guide...
Page 189 80 to avoid conflict, such as 8080. This can be set in the System Maintenance >>Management Setup. You then will access the admin screen of by suffixing the IP address with 8080, e.g., http://192.168.1.1:8080 instead of port 80. Vigor2920 Series User’s Guide...
Page 190: Dmz Host
Click DMZ Host to open the following page: Available settings are explained as follows: Item Description Choose Private IP or Active True IP first. Active True IP selection is available for WAN1 only. Vigor2920 Series User’s Guide...
Page 191 WAN1 only. See the following figure. See the following figure. If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface, you will find them in Aux. WAN IP for your selection. Vigor2920 Series User’s Guide...
Page 192 When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 193: Open Ports
Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 20 port ranges for diverse services. Vigor2920 Series User’s Guide...
Page 194 Specify the starting port number of the service offered by the local host. End Port Specify the ending port number of the service offered by the local host. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 195: Port Triggering
Display the port of the triggering packets. Incoming Protocol Display the protocol for the incoming data of such triggering profile. Incoming Port Display the port for the incoming data of such triggering profile. Status Display if the rule is active or de-active. Vigor2920 Series User’s Guide...
Page 196 Type the port or port range for such trigger profile. Incoming Protocol When the triggering packets received, it is expected the incoming packets will use the selected protocol. Select the protocol (TCP, UDP or TCP/UDP) for the incoming data of such triggering profile. Vigor2920 Series User’s Guide...
Page 197 Type the port or port range for the incoming packets. Incoming Port After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 198: Firewall
It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor2920 Series User’s Guide...
Page 199 4. Port Scan attack 12. Tear drop attack 5. IP options 13. Ping of Death attack 6. Land attack 14. ICMP fragment 7. Smurf attack 15. Unassigned Numbers 8. Trace route Below shows the menu items for Firewall. Vigor2920 Series User’s Guide...
Page 200: General Setup
Enable Strict Security For the sake of security, the router will execute strict security Firewall checking for data transmission. Such feature is enabled in default. All the packets, while transmitting through Vigor router, will be filtered by firewall. Vigor2920 Series User’s Guide...
Page 201 Such page allows you to choose filtering profiles including QoS, Load-Balance policy, WCF, APP Enforcement, URL Content Filter for data transmission via Vigor router. Available settings are explained as follows: Item Description Filter Select Pass or Block for the packets that do not match with the filter rules. Vigor2920 Series User’s Guide...
Page 202 Syslog/Mail Alert for more detailed information. URL Content Filter Select one of the URL Content Filter profile settings (created in CSM>> URL Content Filter) for applying with this router. Please set at least one profile for choosing in CSM>> URL Vigor2920 Series User’s Guide...
Page 203 Please use the drop-down list to choose a codepage. If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Vigor2920 Series User’s Guide...
Page 204: Filter Setup
To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule. Check Active to enable the rule. Vigor2920 Series User’s Guide...
Page 205 Set the link to the next filter set to be executed after the current filter run. Do not make a loop with many filter sets. To edit Filter Rule, click the Filter Rule index button to Type the Filter Rule setup page. Vigor2920 Series User’s Guide...
Page 206 ON configured and specified above. Direction Set the direction of packet flow. It is for Data Filter only. For the Call Filter, this setting is not available since Call Filter is only applied to outgoing traffic. Vigor2920 Series User’s Guide...
Page 207 From the IP Group drop down list, choose the one that you want to apply. Or use the IP Object drop down list to choose the object that you want. Service Type Click Edit to access into the following dialog to choose a suitable service type. Vigor2920 Series User’s Guide...
Page 208 Too Short - Apply the rule only to packets that are too short to contain a complete header. Filter Specifies the action to be taken when packets match the rule. Block Immediately - Packets matching the rule will be dropped immediately. Vigor2920 Series User’s Guide...
Page 209 [Create New] from the drop down list in this page to create a new profile. All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here. For detailed information, refer to the section of Vigor2920 Series User’s Guide...
Page 210 Please use the drop-down list to choose a codepage. If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Vigor2920 Series User’s Guide...
Page 211 TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web page. The default setting is Enabled.
Page 212 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2920 Series User’s Guide...
Page 213: Dos Defense
Check the box to activate the UDP flood defense function. Once defense detecting the Threshold of the UDP packets from the Internet has exceeded the defined value, the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout. Vigor2920 Series User’s Guide...
Page 214 Any broadcast UDP packets received from the Internet is blocked. Activating the DoS/DDoS defense functionality might block some legal packets. For example, when you activate the fraggle attack defense, all broadcast UDP packets coming from the Vigor2920 Series User’s Guide...
Page 215 All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor2920 Series User’s Guide...
Page 216: User Management
Note: If Transparency Mode is selected in Firewall>>General Setup, User Management cannot be used any more. Please uncheck Transparency Mode first if you want to utilize user management to handle users in LAN, WAN or WLAN. Vigor2920 Series User’s Guide...
Page 217: General Setup
On – The IP address of the user accessing into Vigor tracking window router/Internet will be displayed on the tracking window. Web Authentication Choose HTTP or HTTPS as the protocol used by users to log into the web page. Vigor2920 Series User’s Guide...
Page 218: User Profile
To set the user profile, please click any index number link to open the following page. Notice that profile 1 (admin) and profile 2 (System Reservation) are factory default settings. Profile 2 is reserved for future use. Click any index number to open the following configuration page: Vigor2920 Series User’s Guide...
Page 219 Type the password again for confirmation. If the user is idle over the limitation of the timer, the network Idle Timeout connection will be stopped for such user. By default, the Idle Timeout is set to 10 minutes. Vigor2920 Series User’s Guide...
Page 220 Syslog. Please choose any one of the log items to take down relational records for the user(s). Pop Browser Tracking If such function is enabled, a pop up window will be displayed Vigor2920 Series User’s Guide...
Page 221 Landing Page When a user tries to access into the web user interface of Vigor2920 series with the user name and password specified in this profile, he/she will be lead into the web page configured in Landing Page field in User Management>>General Setup.
Page 222 Default Time Quota – Type the value for the time manually. Default Data Quota – Type the value for the data manually. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 223: User Group
3, 4, 5 and so on. Selected User Objects Click button to add the selected user objects in this box. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 224: User Online Status
Idle Time Display the idle timeout setting for such profile. Action Block - can prevent specified user accessing into Internet. Unblock – the user will be blocked. Logout – the user will be logged out forcefully. Vigor2920 Series User’s Guide...
Page 225: Objects Settings
Description Set to Factory Default Clear all profiles. Display the profile number that you can configure. Index Name Display the name of the object profile. To set a new profile, please do the steps listed below: Vigor2920 Series User’s Guide...
Page 226 Determine the address type for the IP address. Select Single Address if this object contains one IP address only. Select Range Address if this object contains several IPs within a range. Select Subnet Address if this object contains one subnet for IP Vigor2920 Series User’s Guide...
Page 227 Invert Selection If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 228: Ip Group
Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
Page 229 Objects Selected IP Objects Click >> button to add the selected IP objects in this box. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 230: Ipv6 Object
Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2920 Series User’s Guide...
Page 231 Invert Selection If it is checked, all the IPv6 addresses except the ones listed above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 232: Ipv6 Group
Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2920 Series User’s Guide...
Page 233 Selected IPv6 Objects Click >> button to add the selected IPv6 objects in this box. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 234: Service Type Object
Display the profile number that you can configure. Name Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
Page 235 (>) – the port number greater than this value is available. (<) – the port number less than this value is available for this profile. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 236: Service Type Group
Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Group column for configuration in details. Vigor2920 Series User’s Guide...
Page 237 Objects Setting>>Service Type Object will be shown in this box. Selected Service Click >> button to add the selected IP objects in this box. Type Objects After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 238: Keyword Object
Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2920 Series User’s Guide...
Page 239 Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 240: Keyword Group
Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
Page 241 Selected Keyword Click button to add the selected Keyword objects in Objects this box. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 242: File Extension Object
Display the profile number that you can configure. Name Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Profile column for configuration in details. Vigor2920 Series User’s Guide...
Page 243 Type a name for this profile. Type a name for such profile and check all the items of file extension that will be processed in the router. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 244 Display the service provider which offers SMS service. To set a new profile, please do the steps listed below: 1. Click the SMS Provider tab, and click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
Page 245 SMS text message on the standard route. Sending Interval To avoid quota being exhausted soon, type time interval for sending the SMS. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 246 Display the name of this profile. It cannot be modified. Service Provider Type the website of the service provider. Type the URL string in the box under the filed of Service Provider. You have to contact your SMS provider to obtain the exact URL string. Vigor2920 Series User’s Guide...
Page 247: Sms/Mail Service Object
Item Description Set to Factory Default Clear all of the settings and return to factory default settings. Index Display the profile number that you can configure. Profile Name Display the name for such mail server profile. Vigor2920 Series User’s Guide...
Page 248 Check the box to enable the function. Username – Type a name for authentication. Password – Type a password for authentication. Sending Interval Define the interval for the system to send the SMS out. Vigor2920 Series User’s Guide...
Page 249: Notification Object
Display the name for such mail server profile. To set a new profile, please do the steps listed below: 1. Open Object Setting>>Notification Object, and click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
Page 250 Display the types that will be monitored. Status Display the status for the category. You can check the box you want to be monitored. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 251: Csm Profile
Vigor router will then decide whether to allow access to this site according to the categories you have selected. Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Vigor2920 Series User’s Guide...
Page 252: App Enforcement Profile
There are four tabs IM, P2P, Protocol and Misc displayed on this page. Each tab will bring out different items that you can choose to disallow people using. Below shows the items which are categorized under IM. Vigor2920 Series User’s Guide...
Page 253 After finishing all the settings here, please click OK to save the configuration. The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow. Vigor2920 Series User’s Guide...
Page 254 The items categorized under P2P ----- Below shows the items which are categorized under IM. The items categorized under Protocol. Vigor2920 Series User’s Guide...
Page 255 The items categorized under OTHERS ----- Vigor2920 Series User’s Guide...
Page 256: Url Content Filter Profile
Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Profile Display the number of the profile which allows you to click to set different policy. Name Display the name of the URL Content Filter Profile. Vigor2920 Series User’s Guide...
Page 257 URL Access Control and Web Feature below, such function can determine the priority for the actions executed. For this one, the router will process the packages with the conditions set below for Vigor2920 Series User’s Guide...
Page 258 In addition, the maximal length of each frame is 32-character long. After specifying keywords, the Vigor router will decline the connection request to the website whose URL Vigor2920 Series User’s Guide...
Page 259 File Extension Profile – Choose one of the profiles that you configured in Object Setting>> File Extension Objects previously for passing or blocking the file downloading. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 260: Web Content Filter Profile
Note: If you have used Service Activation Wizard to activate WCF service, you can skip this section. WCF adopts the mechanism developed and offered by certain service provider (e.g., DrayTek). No matter activating WCF feature or getting a new license for web content filter, you have to click Activate to satisfy your request.
Page 261 It is recommended for you to use the default setting, auto-selected. Such server is powered by Commtouch. Find more Click it to open http://myvigor.draytek.com for searching another qualified and suitable server. Set to Factory Default Click this link to retrieve the factory settings.
Page 262 If you have and activate another web content filter license, the items will be changed simultaneously. All of the configuration made for web content filter will be deleted automatically. Therefore, please backup your data before you change the web content filter license. Vigor2920 Series User’s Guide...
Page 263: Dns Filter
WCF to help with categorizing HTTPS URL's. Note: For DNS filter must use the WCF service profile to filter the packets, therefore WCF license must be activated first. Otherwise, DNS filter does not have any effect on packets. Vigor2920 Series User’s Guide...
Page 264 Set the filtering conditions. Specify one of the WCF profiles as Service. Choose the WCF profiles to apply DNS filter. Set the time for DNS query. Cache Time (hour) Enable Block Page Check the box to enable such function. Vigor2920 Series User’s Guide...
Page 265: Appe Support List
After finishing all the settings, please click OK to save the configuration. This page offers the software versions for each applications managed by APP Enforcement Profiles by Vigor router. Click the IM/P2P/PROTOCOL/OTHERS tab to open the information page for different APP type. Vigor2920 Series User’s Guide...
Page 266: Bandwidth Management
In the Bandwidth Management menu, click Sessions Limit to open the web page. To activate the function of limit session, simply click Enable and set the default session limit. Available settings are explained as follows: Item Description Vigor2920 Series User’s Guide...
Page 267 All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 268: Bandwidth Limit
Disable - Click this button to close the function of limit bandwidth. Default TX limit - Define the default speed of the upstream for each computer in LAN. Default RX limit - Define the default speed of the Vigor2920 Series User’s Guide...
Page 269 All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 270: Quality Of Service
The core routers in the backbone will do the same checking before executing treatments in order to ensure service-level consistency throughout the whole QoS-enabled network. Vigor2920 Series User’s Guide...
Page 271 Index – Display the class number that you can edit. Class Rule Name – Display the name of the class. Rule – Allow to configure detailed settings for the selected Class. Service Type – Allow to configure detailed settings for the Vigor2920 Series User’s Guide...
Page 272 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Vigor2920 Series User’s Guide...
Page 273 This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth. Outbound TCP ACK The difference in bandwidth between download and upload are great in ADSL2+ environment. For the download speed might Vigor2920 Series User’s Guide...
Page 274 Display the name of such class. Name Tag packets as Check the box to tag the packets with the header selected in the drop down list for this class. Display the number of the rules defined for such rule. Vigor2920 Series User’s Guide...
Page 275 It allows you to edit source address information. Address Type – Determine the address type for the source address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and Vigor2920 Series User’s Guide...
Page 276 Edit to open the rule edit page for modification. To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. Vigor2920 Series User’s Guide...
Page 277 For example, in the following illustration, the VoIP packets in LAN go into Vigor router without any header. However, when they go forward to the Server on ISP through Vigor router, all of the packets are tagged with AF (configured in Bandwidth >>QoS>>Class) automatically. Vigor2920 Series User’s Guide...
Page 278: App Qos
APP QoS employs the function of APP Enforcement to detect several types of software in application layer. By combining the function of QoS, Vigor router can perform the bandwidth management for the application of VoIP, Streaming, IM, P2P and so on. Open Bandwidth Management>>APP QoS to display the following page. Vigor2920 Series User’s Guide...
Page 279 VoIP packets will be the first to be sent out and P2P packets will be the last to be sent out. Enable (for Application) There are four applications (VoIP, Streaming, IM, Tunneling, Remote Control, Web HD and P2P) which can be specified with different QoS Class. Vigor2920 Series User’s Guide...
Page 280: Applications
Assume you have a registered domain name from the DDNS provider, say hostname.dyndns.org, and an account with username: test and password: test. In the DDNS setup menu, check Enable Dynamic DNS Setup. Available settings are explained as follows: Item Description Vigor2920 Series User’s Guide...
Page 281 WAN Interface WAN1/WAN2/WAN3 First - While connecting, the router will use WAN1/WAN2/WAN3 as the first channel for such account. If WAN1/WAN2/WAN3 fails, the router will use another WAN interface instead. WAN1/WAN2/WAN3 Only - While connecting, the Vigor2920 Series User’s Guide...
Page 282 Delete a Dynamic DNS Account In the DDNS setup menu, click the Index number you want to delete and then push Clear All button to delete the account. Vigor2920 Series User’s Guide...
Page 283: Lan Dns
Open Application>>LAN DNS to get the following page: Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles and recover to factory settings. Enable Check the box to enable such profile. Vigor2920 Series User’s Guide...
Page 284 Only responds….. - Disable it to apply this profile to all of the LAN subnets. Or enable it to apply such profile to the PCs on the same subnet. Delete – Click it to remove the existed IP address displayed on the IP Address List. Vigor2920 Series User’s Guide...
Page 285: Schedule
Click OK button to save the settings. Note: For the detailed information about LAN DNS application, refer to DrayTek website, http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5242&Itemid=293 &lang=en. The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only...
Page 286 Force Down -Force the connection to be always down. Enable Dial-On-Demand -Specify the connection to be dial-on-demand and the value of idle timeout should be specified in Idle Timeout field. Disable Dial-On-Demand -Specify the connection to be up Vigor2920 Series User’s Guide...
Page 287 Assign these two profiles to the PPPoE Internet access profile. Now, the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre-defined in the schedule profiles. Vigor2920 Series User’s Guide...
Page 288: Radius
LDAP to search or list the directory object, inquire or manage the active directory. This page allows you to enable the function and specify general settings for LDAP server. Vigor2920 Series User’s Guide...
Page 289 Check the box to use the port number specified for SSL. Type this setting if Regular Mode is selected as Bind Type. Regular DN Regular Password Specify a password if Regular Mode is selected as Bind Type. Vigor2920 Series User’s Guide...
Page 290 After finished the above settings, click OK button to save the settings. You can configure eight AD/LDAP profiles. These profiles would be used with User Management for different purposes in management. Vigor2920 Series User’s Guide...
Page 291: Upnp
DMZ. UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice, video and messaging features. Vigor2920 Series User’s Guide...
Page 292 NAT router. The application will also learn the external IP address and configure port mappings on the router. Subsequently, such a facility forwards packets from the external ports of the router to the internal ports used by the application. Vigor2920 Series User’s Guide...
Page 293 Non-privileged users can control some router functions, including removing and adding port mappings. The UPnP function dynamically adds port mappings on behalf of some UPnP-aware applications. When the applications terminate abnormally, these mappings may not be removed. Vigor2920 Series User’s Guide...
Page 294: Igmp
P1 to P4 It indicates the LAN port used for the multicast group. Refresh Click this link to renew the working multicast group status. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 295: Wake On Lan
MAC Address Type any one of the MAC address of the bound PCs. Click this button to wake up the selected IP. See the following Wake Up figure. The result will be shown on the box. Vigor2920 Series User’s Guide...
Page 296: Sms/Mail Alert Service
SMS. Schedule Type the schedule number that the SMS will be sent out. You can click the Schedule(1-15) link to define the schedule. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 297 Schedule (1-15) Type the schedule number that the notification will be sent out. You can click the Schedule(1-15) link to define the schedule. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 298: Vpn And Remote Access
NAT settings, such as DMZ or open port. After finishing all the settings here, please click OK to save the configuration. This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Vigor2920 Series User’s Guide...
Page 299 The Mutual Authentication function is mainly used to communicate with other routers or clients who need (PAP) bi-directional authentication in order to provide stronger security, for example, Cisco routers. So you should enable this function when your peer router requires mutual authentication. Vigor2920 Series User’s Guide...
Page 300: Ipsec General Setup
AH it receives. Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality and protection with optional authentication and replay detection service. Vigor2920 Series User’s Guide...
Page 301 High (ESP) - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 302: Ipsec Peer Identity
Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2920 Series User’s Guide...
Page 303 The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 304: Remote Dial-In User
Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2920 Series User’s Guide...
Page 305 Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection.  Must -Specify the IPSec policy to be definitely applied on the L2TP connection. Vigor2920 Series User’s Guide...
Page 306 IPSec Policy when you specify the IP address of the remote node. The only exception is Digital Signature (X.509) can be set when you select IPSec tunnel either with or without specify the IP address of the remote node. Vigor2920 Series User’s Guide...
Page 307 Local ID - Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 308: Lan To Lan
Click to clear all indexes. View All – Click it to show all of profiles. Trunk - Click it to show the profile which VPN tunnel is up. Name Indicate the name of the LAN-to-LAN profile. The symbol ??? Vigor2920 Series User’s Guide...
Page 309 LAN-to-LAN connection. Enable this profile - Check here to activate this profile. VPN Dial-Out Through - Use the drop down menu to choose a proper WAN interface for this profile. This setting is useful for dial-out only. Vigor2920 Series User’s Guide...
Page 310  Dial-In- responder only. Always On-Check to enable router always keep VPN connection. Idle Timeout: The default value is 300 seconds. If the connection has been idled over the value, the router will drop the connection. Vigor2920 Series User’s Guide...
Page 311 PAP/CHAP is the most common selection due to wild compatibility. VJ compression - This field is applicable when you select PPTP or L2TP with or without IPSec policy above. VJ Compression is used for TCP/IP protocol header Vigor2920 Series User’s Guide...
Page 312 AES with Authentication-Use AES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. Advanced - Specify mode, proposal and key life of each IKE phase, Gateway, etc. The window of advance setup is shown as below: Vigor2920 Series User’s Guide...
Page 313 2. The default value is inactive this function. Local ID-In Aggressive mode, Local ID is on behalf of the IP address while identity authenticating with remote VPN server. The length of the ID is limited to 47 characters. Vigor2920 Series User’s Guide...
Page 314 Otherwise, the dial-in VPN connection becomes one pure L2TP connection.  Must - Specify the IPSec policy to be definitely applied on the L2TP connection. Specify Remote VPN Gateway - You can specify the IP Vigor2920 Series User’s Guide...
Page 315 Enable IPSec Dial-Out function GRE over IPSec: Check Settings this box to verify data and transmit data in encryption with GRE over IPSec packet after configuring IPSec Dial-Out setting. Both ends must match for each other by setting same Vigor2920 Series User’s Guide...
Page 316 More - Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you find there are several subnets behind the remote VPN router. Vigor2920 Series User’s Guide...
Page 317 VPN tunnel. Note that this setting is available only for one WAN interface is enabled. It is not available when both WAN interfaces are enabled. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 318: Vpn Trunk Management
Before setting VPN TRUNK backup profile, please configure at least two sets of LAN to LAN profiles (with fully configured dial-out settings) first, otherwise you will not have selections for grouping Member1 and Member2. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 319 LAN-to-LAN) for you to choose for grouping under certain VPN TRUNK-VPN Backup/Load Balance mechanism profile.  No - Index number of LAN-to-LAN dial-out profile.  Name - Profile name of LAN-to-LAN dial-out profile.  Connection Type - Connection type of LAN-to-LAN dial-out profile. Vigor2920 Series User’s Guide...
Page 320 Member2. For such reason, LAN-to-LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed. If you delete the VPN TRUNK – VPN Backup mechanism profile, the selected LAN-to-LAN profiles will be released and expressed in black. Vigor2920 Series User’s Guide...
Page 321 Peer GRE IP. See the following graphic for an example. Later, on peer side (as VPN Client): please type 192.168.50.100 in the field of My GRE IP and type IP address of the server (192.168.50.200) in the field of Peer GRE IP. Vigor2920 Series User’s Guide...
Page 322 Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. Detail Information This field will display detailed information for Environment Recovers Detection. Vigor2920 Series User’s Guide...
Page 323: Connection Management
VPN backup function. Backup Mode - This filed displays the profile name saved in VPN TRUNK Management (with Index number and VPN Server IP address). The VPN connection built by Backup Mode supports VPN backup function. Vigor2920 Series User’s Guide...
Page 324 Tx Rate – Display the transmission rate for data through such VPN tunnel. Rx Pkts – Display the receiving packets passing through such VPN channel. Rx Rate – Display the receiving rate for data through such VPN tunnel. Vigor2920 Series User’s Guide...
Page 325: Certificate Management
Generate again. Import Click this button to import a saved file as the certification information. Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request. Vigor2920 Series User’s Guide...
Page 326 Then click GENERATE again. Note: Please be noted that “Common Name” must be configured with rotuer’s WAN IP or domain name. After clicking GENERATE, the generated information will be displayed on the window below: Vigor2920 Series User’s Guide...
Page 327 CA server and enter the page of certificate request, copy the information into it and submit a request. A new certificate will be issued to you by the CA server. You can save it. Vigor2920 Series User’s Guide...
Page 328: Trusted Ca Certificate
For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2920 Series User’s Guide...
Page 329: Certificate Backup
The more bandwidth a codec uses the better the voice quality, however the codec used must be appropriate for your Internet bandwidth. Usually there will be two types of calling scenario, as illustrated below: Vigor2920 Series User’s Guide...
Page 330 QoS Assurance assists to assign high priority to voice traffic via Internet. You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic. Vigor2920 Series User’s Guide...
Page 331: Dialplan
Note: If the incoming or outgoing calls do not match any entry on the phonebook, the router will try to make the call "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2920 Series User’s Guide...
Page 332 The speed-dial number of this index. This can be any number you choose, using digits 0-9 and * . Display Name The name entered here is to remind the user whose number it SIP URL Enter your friend’s SIP Address. Vigor2920 Series User’s Guide...
Page 333 "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2920 Series User’s Guide...
Page 334 VoIP interface. Take the above picture (Prefix Table Setup web page) as an example, the prefix number of 03 will be replaced by 8863. For example: dial number of “031111111” will be changed to “88631111111” and sent to SIP server. Vigor2920 Series User’s Guide...
Page 335 Move UP /Move Down Click the link to move the selected entry up or down. Call barring is used to block phone calls coming from the one that is not welcomed. Each item is explained as follows: Vigor2920 Series User’s Guide...
Page 336 Call Direction Determine the direction for the phone call, IN – incoming call, OUT-outgoing call, IN & OUT – both incoming and outgoing calls. Barring Type Determine the type of the VoIP phone call, URI/URL or number. Vigor2920 Series User’s Guide...
Page 337 SIP accounts. Such control also can be done based on preconfigured schedules. For Block IP Address – this function can block incoming calls (through Phone port) coming from IP address. Such control also can be done based on preconfigured schedules. Vigor2920 Series User’s Guide...
Page 338 Please dial number typed in this field to call back to that one. Last Call Return [Out] Dial the number typed in this field to call the previous outgoing phone call again. Vigor2920 Series User’s Guide...
Page 339 IP address. Block IP Calls [Deact] Dial the number typed in this field to release this function. Block Last Calls [Act] Dial the number typed in this field to block the last incoming phone call. Vigor2920 Series User’s Guide...
Page 340 PSTN number for dialing without passing through Internet. Please type the number in the field of phone number for PSTN relay. Then, check the Enable box to make the PSTN number available for dial whenever you need. Vigor2920 Series User’s Guide...
Page 341: Sip Accounts
Display the domain name or IP address of the SIP proxy Proxy server. Account Name Display the account name of SIP address before @. Codec Display the codec type for the account. Ring Port Specify which port will ring when receiving a phone call. Set Vigor2920 Series User’s Guide...
Page 342 Item Description Profile Name Assign a name for this profile for identifying. You can type similar name with the domain. For example, if the domain name is draytel.org, then you might set draytel-1 in this field. Vigor2920 Series User’s Guide...
Page 343 If the router (e.g., broadband router) you use connects to internet by other device, you have to set this function for your necessity. None – Disable this function. Stun – Choose this option if there is Stun server provided for Vigor2920 Series User’s Guide...
Page 344 If your upstream speed is only 64Kbps, do not use G.711 codec. It is better for you to have at least 256Kbps upstream if you would like to use G.711. Single Codec – If the box is checked, only the selected Codec will be applied. Vigor2920 Series User’s Guide...
Page 345: Phone Settings
Tone - Display the tone settings that configured in the advanced settings page of Phone Index. Gain - Display the volume gain settings for Mic/Speaker that configured in the advanced settings page of Phone Index. Vigor2920 Series User’s Guide...
Page 346 Dynamic RTP Port End - Specifies the end port for RTP stream. The default value is 15000. RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Vigor2920 Series User’s Guide...
Page 347 Check this box to invoke this function. A notice sound will Call Waiting appear to tell the user new phone call is waiting for your response. Click hook flash to pick up the waiting phone call. Vigor2920 Series User’s Guide...
Page 348 Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2920 Series User’s Guide...
Page 349  InBand - Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone.  OutBand - Choose this one then the Vigor will capture Vigor2920 Series User’s Guide...
Page 350 DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Payload Type (rfc2833) - Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Vigor2920 Series User’s Guide...
Page 351: Status
WAIT_ANS - Indicates that a connection is launched and waiting for remote user’s answer. ALERTING - Indicates that a call is coming. ACTIVE-Indicates that the VoIP connection is launched. Codec Indicates the voice codec employed by present channel. Vigor2920 Series User’s Guide...
Page 352: Wireless Lan
Point (AP) connecting to lots of wireless clients or Stations (STA). All the STAs will share the same Internet connection via Vigor wireless router. The General Settings will set up the information of this wireless network, including its SSID as identification, located channel etc. Vigor2920 Series User’s Guide...
Page 353 LAN from wired LAN for either quarantine or limit access reasons. To isolate means neither of the parties can access each other. To elaborate an example for business use, you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of Vigor2920 Series User’s Guide...
Page 354: General Setup
SSID and the wireless channel. Please refer to the following figure for more information. Available settings are explained as follows: Item Description Enable Wireless LAN Check the box to enable wireless function. Mode At present, the router can connect to 11b Only, 11n Only, 11g Vigor2920 Series User’s Guide...
Page 355 Means the identification of the wireless LAN. SSID can be any text numbers or various special characters. The default SSID is "DrayTek”. We suggest you to change it. Isolate VPN – Check this box to make the wireless clients (stations) with different VPN not accessing for each other.
Page 356: Security
Internet through such router, please input the default PSK value for connection. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Vigor2920 Series User’s Guide...
Page 357 012345678(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). Type - Select from Mixed (WPA+WPA2) or WPA2 only. Pre-Shared Key (PSK) - Either 8~63 ASCII characters, such as 012345678..(or 64 Hexadecimal digits leading by 0x, such Vigor2920 Series User’s Guide...
Page 358: Access Control
MAC addresses to control their access rights. Available settings are explained as follows: Item Description Enable Mac Address Select to enable the MAC Address filter for wireless LAN Filter identified with SSID 1 to 4 respectively. All the clients Vigor2920 Series User’s Guide...
Page 359: Wps
Start PBC button or using PIN Code.  On the side of Vigor 2920 series which served as an AP, press WPS button once on the front panel of the router or click Start PBC on web configuration interface. On the side Vigor2920 Series User’s Guide...
Page 360 For WPS is supported in WPA-PSK or WPA2-PSK mode, if you do not choose such mode in Wireless LAN>>Security, you will see the following message box. Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Below shows Wireless LAN>>WPS web page. Vigor2920 Series User’s Guide...
Page 361 Start PIN button. The WPS LED on the router will blink fast when WPS is in progress. It will return to normal condition after two minutes. (You need to setup WPS within two minutes) Vigor2920 Series User’s Guide...
Page 362: Wds
To meet the above requirement, two WDS modes are implemented in Vigor router. One is Bridge, the other is Repeater. Below shows the function of WDS-bridge interface: The application for the WDS-Repeater mode is depicted as below: Vigor2920 Series User’s Guide...
Page 363 Bridge 2 through WDS links. However, hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2. Click WDS from Wireless LAN menu. The following page will be shown. Vigor2920 Series User’s Guide...
Page 364 Click Enable to make this router serving as an access point; click Disable to cancel this function. It allows user to send “hello” message to peers. Yet, it is valid Status only when the peer also supports this function. Vigor2920 Series User’s Guide...
Page 365: Advanced Setting
56 bit sync field instead of long preamble with 128 bit sync field. However, some original 11b wireless network devices only support long preamble. Click Enable to use Long Preamble if needed to communicate with this kind of devices. Vigor2920 Series User’s Guide...
Page 366 Vigor N61 wireless utility window, choose Enable for TxBURST on the tab of Option). Note: * means the real transmission rate depends on the environment of the network. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 367: Wmm Configuration
1 to 15. Be aware that CWMax value must be greater than CWMin or equals to CWMin value. Both values will influence the time delay for WMM accessing categories. The difference between AC_VI and AC_VO categories must be Vigor2920 Series User’s Guide...
Page 368: Ap Discovery
This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found. Please click Scan to discover all the connected APs. Vigor2920 Series User’s Guide...
Page 369 AP’s MAC address on the bottom of the page and click Bridge or Repeater. Next, click Add to. Later, the MAC address of the AP will be added to Bridge or Repeater field of WDS settings page. Vigor2920 Series User’s Guide...
Page 370: Station List
WLAN station and click Add to Access Control below. Available settings are explained as follows: Item Description Refresh Click this button to refresh the status of station list. Click this button to add current typed MAC address into Access Control. Vigor2920 Series User’s Guide...
Page 371: Bandwidth Management
Download Limit - Default value is 30,000 kbps. Each wireless station can have the bandwidth for uploading without exceeding the values typed here. After finished the above settings, click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 372: Usb Application
Simultaneous FTP Connections - This field is used to specify the quantity of the FTP sessions. The router allows up to 6 FTP sessions connecting to USB storage disk at one time. Default Charset - At present, Vigor router supports three Vigor2920 Series User’s Guide...
Page 373: Usb User Management
Before adding or modifying settings in this page, please insert a USB storage disk first. Otherwise, an error message will appear to warn you. Each item is explained as follows: Item Description Index Display the number link of the profile. Vigor2920 Series User’s Guide...
Page 374 Confirm Password Home Folder It determines the folder for the client to access into. The user can Type a directory name in this field. Then, after clicking OK, the router will create the specific/new folder in Vigor2920 Series User’s Guide...
Page 375: File Explorer
Before you click OK, you have to insert a USB storage disk into the USB interface of the Vigor router. Otherwise, you cannot save the configuration. File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router. Vigor2920 Series User’s Guide...
Page 376: Usb Disk Status
FTP server. Display the username that user uses to login to the FTP server. Username When you insert USB storage disk into the Vigor router, the system will start to find out such device within several seconds. Vigor2920 Series User’s Guide...
Page 377: Modem Support List
System Status, HTTPS Encryption Setup, TR-069, Administrator Password, User Password, Login Page Greeting, Configuration Backup, Syslog/Mail Alert, Time and Date, SNMP, Management, Reboot System, Firmware Upgrade and Activation. Below shows the menu items for System Maintenance. Vigor2920 Series User’s Guide...
Page 378: System Status
- Display the subnet mask address of the LAN interface. DHCP Server - Display the current status of DHCP server of the LAN interface - Display the assigned IP address of the primary DNS. Wireless LAN MAC Address Vigor2920 Series User’s Guide...
Page 379: Https Encryption Setup
- Display the VoIP profile for the phone port. In/Out - Display the number of incoming /outgoing phone call. The encryption methods configured in this page would influence the access of HTTP web site and the encryption algorithm used by SSL Tunnel. Vigor2920 Series User’s Guide...
Page 380: Tr-069
Please refer to Auto Configuration Server user’s manual for detailed information. CPE Client Such information is useful for Auto Configuration Server. Enable/Disable – Allow/Deny the CPE Client to connect with Auto Configuration Server. Port – Sometimes, port conflict might be occurred. To solve Vigor2920 Series User’s Guide...
Page 381: Administrator Password
Gateway. Please type a number as the maximum period. A value of “-1” indicates that no maximum period is specified. This page allows you to set new password. Vigor2920 Series User’s Guide...
Page 382 Local User List – It displays the username of the local user. User Name – Give a user name for the local user. Password – Type the password for the local user. Confirm Password – Type the password again for confirmation. Vigor2920 Series User’s Guide...
Page 383 LDAP Profile Setup. LDAP Profile Setup – It allows you to create a new LDAP profile. When you click OK, the login window will appear. Please use the new password to access into the web user interface again. Vigor2920 Series User’s Guide...
Page 384: User Password
Below shows an example for accessing into User Operation with User Password. 1. Open System Maintenance>>User Password. 2. Check the box of Enable User Mode for simple web configuration to enable user mode operation. Type a new password in the field of New Password and click OK. Vigor2920 Series User’s Guide...
Page 385 5. The following window will be open to ask for username and password. Type the new user password in the filed of Password and click Login. 6. The main screen with User Mode will be shown as follows. Vigor2920 Series User’s Guide...
Page 386: Login
At that moment, the background of the web page is blank and no heading will be displayed on the Login window. This page allows you to specify background message and the heading on the Login window if you have such requirement. Vigor2920 Series User’s Guide...
Page 387: Configuration Backup
Enable Check this box to enable the login customization function. Login Page Title Type a brief description (e.g., Welcome to DrayTek) which will be shown on the heading of the login dialog. Welcome Message and Type words or sentences here. It will be displayed for bulletin message.
Page 388 The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Vigor2920 Series User’s Guide...
Page 389: Syslog/Mail Alert
SysLog function is provided for users to monitor router. There is no bother to directly get into the Web user interface of the router or borrow debug equipments. Available parameters are explained as follows: Item Description SysLog Access Setup Enable - Check Enable to activate function of syslog. Vigor2920 Series User’s Guide...
Page 390 For viewing the Syslog, please do the following: Just set your monitor PC’s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD. After installation, click on the Router Tools>>Syslog from program menu. Vigor2920 Series User’s Guide...
Page 391 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2920 Series User’s Guide...
Page 392: Time And Date
Enable Daylight Saving Check the box to enable the daylight saving. Such feature is available for certain area. Select a time interval for updating from the NTP server. Automatically Update Interval Click OK to save these settings. Vigor2920 Series User’s Guide...
Page 393: Snmp
DES) and authentication method (support MD5 and SHA) for the management needs. Available settings are explained as follows: Item Description Enable SNMP Agent Check it to enable this function. Get Community Set the name for getting community by typing a proper character. The default setting is public. Vigor2920 Series User’s Guide...
Page 394 Choose one of the encryption methods listed below as the authentication algorithm. Auth Password Type a password for authentication. Privacy Algorithm Choose one of the methods listed below as the privacy algorithm. Privacy Password Type a password for privacy. Click OK to save these settings. Vigor2920 Series User’s Guide...
Page 395 The management pages for IPv4 and IPv6 protocols are different. Available parameters are explained as follows: Item Description Type in the router name provided by ISP. Router Name Default: Disable The web user interface will not log out if it is enabled. Auto-Logout Vigor2920 Series User’s Guide...
Page 396: Management
Telnet and HTTP servers. External Device Control No respond to External Device – Check the box to make Vigor2912 not being detected by other router and not being displayed as an external device. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 397 You could specify that the system administrator can only login from a specific host or network defined in the list. A maximum of three IPs/subnet masks is allowed. IPv6 Address /Prefix Length- Indicate the IP address(es) allowed to login to the router. Vigor2920 Series User’s Guide...
Page 398: Reboot System
Note: When the system pops up Reboot System web page after you configure web settings, please click Reboot Now to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2920 Series User’s Guide...
Page 399: Firmware Upgrade
You have to visit DrayTek website periodically to check if there is any new released firmware offered for your Vigor router to have newest features. If yes, download the file into your computer first. Next, access into web interface of this router and open System Maintenance>> Firmware Upgrade.
Page 400: Activation
The Activate link brings you accessing into www.vigorpro.com to finish the activation of the account and the router. Authentication Message As for authentication information of web filter, the process of authenticating will be displayed on this field for your reference. Vigor2920 Series User’s Guide...
Page 401: Diagnostics
Below shows the successful activation of Web Content Filter: Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. Vigor2920 Series User’s Guide...
Page 402: Dial-Out Triggering
(e.g., PPPoE) is triggered by a package sending from the source IP address. Each item is explained as follows: Item Description Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. Vigor2920 Series User’s Guide...
Page 403: Routing Table
Click Diagnostics and click Routing Table to open the web page. Each item is explained as follows: Item Description Refresh Click it to reload the page. Vigor2920 Series User’s Guide...
Page 404: Arp Cache Table
IPv6 address. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click IPv6 Neighbour Table to open the web page. Each item is explained as follows: Item Description Refresh Click it to reload the page. Vigor2920 Series User’s Guide...
Page 405: Dhcp Table
DHCP assigned IP address for it. Leased Time It displays the leased time of the specified PC. HOST ID It displays the host ID name of the specified PC. Refresh Click it to reload the page. Vigor2920 Series User’s Guide...
Page 406: Nat Sessions Table
It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host. It displays the representing number for different interface. Interface Refresh Click it to reload the page. Vigor2920 Series User’s Guide...
Page 407: Data Flow Monitor
Description Enable Data Flow Check this box to enable this function. Monitor Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically. Vigor2920 Series User’s Guide...
Page 408 Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General Setup. If you do not specify any rate at that page, here will display Auto for instead. Vigor2920 Series User’s Guide...
Page 409: Traffic Graph
WAN1/WAN2/WAN3 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2920 Series User’s Guide...
Page 410: Ping Diagnosis
IPV4 /IPV6 Choose the protocol for such function. Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically. Vigor2920 Series User’s Guide...
Page 411: Trace Route
Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run. The result of route trace will be shown on the screen. Vigor2920 Series User’s Guide...
Page 412: Syslog Explorer
Available parameters are explained as follows: Item Description Enable Web Syslog Check this box to enable the function of Web Syslog. Use the drop down list to specify a type of Syslog to be Syslog Type displayed. Vigor2920 Series User’s Guide...
Page 413 This page displays the syslog recorded on the USB storage disk. Available parameters are explained as follows: Item Description Time Display the time of the event occurred. Display the type of the record. Log Type Message Display the information for each event. Vigor2920 Series User’s Guide...
Page 414: Tspc Status
If TSPC has configured properly, the router will display the following page when the user connects to tunnel broker successfully. Available settings are explained as follows: Item Description Refresh Click this link to refresh this page manually. Vigor2920 Series User’s Guide...
Page 415: External Devices
You can change the device name if required or remove the information for off-line device whenever you want. When you finished the configuration, click OK to save it. Note: Only DrayTek products can be detected by this function. Vigor2920 Series User’s Guide...
Page 416 This page is left blank. Vigor2920 Series User’s Guide...
Page 417: Trouble Shooting
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2920 Series User’s Guide...
Page 418 Open All Programs>>Getting Started>>Control Panel. Click Network and Sharing Center. In the following window, click Change adapter settings. Icons of network connection will be shown on the window. Right-click on Local Area Connection and click on Properties. Vigor2920 Series User’s Guide...
Page 419 Select Internet Protocol Version 4 (TCP/IP) and then click Properties. Select Obtain an IP address automatically and Obtain DNS server address automatically. Finally, click OK. Vigor2920 Series User’s Guide...
Page 420: Pinging The Router From Your Computer
Please follow the steps below to ping the router correctly. Open the Command Prompt window (from Start menu> Run). Type command (for Windows 95/98/ME) or cmd (for Windows NT/ 2000/XP/Vista). The DOS command dialog will appear. Vigor2920 Series User’s Guide...
Page 421 Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2920 Series User’s Guide...
Page 422: Checking If The Isp Settings Are Ok Or Not
PIN code and try again. If it still fails, it might be the compliance problem of system. Please open DrayTek Syslog Tool to capture the connection information (WAN Log) and send the page (similar to the following graphic) to the service center of DrayTek.
Page 423: Backing To Factory Default Setting If Necessary
Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click Reboot Now. After few seconds, the router will return all the settings to the factory settings. Vigor2920 Series User’s Guide...
Page 424: Contacting Your Dealer
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@DrayTek.com. Vigor2920 Series User’s Guide...
Page 425: Appendix I: Vlan Applications On Vigor Router
VLAN helps you to solve these situations, and DrayTek’s products support bellow two popular types: It uses a matrix table of the physical ports to define the traffics how to exchange between each port, and the traffics will be isolated from the ports are not being ticked in the same line.
Page 426 P1 and P2 are doing NAT flow to access to the internet, but P3 and P4 will forward the packets between WAN and LAN ports directly. So far, there are two kinds of open system on Vigor router. One is DrayOS, which is DrayTek owned, and another is Linux-like which customized by DrayTek from OpenWRT. Here...
Page 427 DrayOS system is going to be introduced to you because it is the most stable and superfast booting system in DrayTek products. If the UI style of yours is different from the following. It may not DrayOS system with new web style or maybe the Linux-like model.
Page 428  Multi Subnet (VLAN of LAN) Vigor2920 Series User’s Guide...
Page 429 The benefit of Port-based is able to extend the wired ports by installing a cheaper dumb switch as many as you need, but Tag-based offers you a flexible and well-managed network. The networks are isolated, secured and reduce the broadcasting storm effectively in each of networks with VLAN.  Guest Network Vigor2920 Series User’s Guide...
Page 430 However, a switch support VLAN function is need if VLAN Tag enabled.  Triple Play (Multi-WAN) NAT mode with VLAN Vigor2920 Series User’s Guide...
Page 431 Following settings, the set-top box (STB) is able to attach with any LAN port. Video streaming which your ISP provided will be played on your monitor. Vigor2920 Series User’s Guide...
Page 432 Set-top box (STB) or the other kinds of media devices are able to attach with Port4 or Port5 of LAN. Those devices that attached with Port4 or Port5 are able to access the services network directly which your ISP provided. Vigor2920 Series User’s Guide...
Page 433: Appendix Ii: Release Note
Corrected: Load Balance/Route Policy cleaned all sessions when the dropped down WAN reconnected.  Corrected: DDNS could not work when updating to freedns.afraid.org  Corrected: Could not add DHPC option 66/15.  Corrected: Router showed wrong Syslog messages when a VPN LAN to LAN tunnel dropped. Vigor2920 Series User’s Guide...
Page 434 Corrected: VigorACS SI couldn't show Network information when DNS Filter was enabled for Vigor2920.  Corrected: Some error on External Device Status page.  Corrected: Remove Mhaha, getMessenger, IMUnitive, Wablet from WebIM on CSM>>APP Enforcement Profile. Vigor2920 Series User’s Guide...

This manual is also suitable for:

Vigor2920n Vigor2920v Vigor2920vn

Draytek Vigor2920 Series User Manual

Quick Links

Related Manuals for Draytek Vigor2920 Series

Summary of Contents for Draytek Vigor2920 Series