Page 1 Vigor2820 Series ADSL2/2+ Security Firewall User’s Guide Version: 2.1 Date: 2008/10/13...
Page 2: Copyright Information
Web registration is preferred. You can register your Vigor router via Owner http://www.draytek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be regularly Updates upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.
Page 3: European Community Declarations
Product: Vigor2820 Series Router DrayTek Corp. declares that Vigor2820 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class B and EN55024/Class B.
Page 4: Table Of Contents
3.2.2 General Setup......................... 59 3.2.3 Static Route ........................61 3.2.4 VLAN..........................64 3.2.5 Bind IP to MAC ....................... 65 3.3 NAT ............................66 3.3.1 Port Redirection ......................66 3.3.2 DMZ Host........................69 3.3.3 Open Ports........................72 Vigor2820 Series User’s Guide...
Page 5 3.10.3 Certificate Backup....................... 148 3.11 VoIP ........................... 148 3.11.1 DialPlan ........................149 3.11.2 SIP Accounts ......................158 3.11.3 Phone Settings ......................162 3.11.4 Status.......................... 179 3.12 ISDN..........................180 3.12.1 Basic Concept......................180 3.12.2 General Settings ......................180 Vigor2820 Series User’s Guide...
Page 6 4.6 Upgrade Firmware for Your Router ..................245 4.7 Request a certificate from a CA server on Windows CA Server ......... 247 4.8 Request a CA Certificate and Set as Trusted on Windows CA Server ....... 251 Vigor2820 Series User’s Guide...
Page 7 5.4 Checking If the ISP Settings are OK or Not ................ 257 5.5 Problems for 3G Network Connection ................260 5.6 Backing to Factory Default Setting If Necessary ..............260 5.7 Contacting Your Dealer ....................... 261 Vigor2820 Series User’s Guide...
Page 9: Preface
Vigor2820 series is an ADSL and broadband router with WAN interface. It provides policy-based load-balance, fail-over and BOD (Bandwidth on Demand), also it integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DS, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 32 VPN tunnels.
Page 10: Led Indicators And Connectors
VoIP>>Phone Setting for detailed information). Warning: When the orange LED lights (means ISDN NT mode), the ISDN port can be used to connect phone only. Wrong ISDN connection might cause severe damage on your device. Vigor2820 Series User’s Guide...
Page 11: For Vigor2820
The port is disconnected with 10Mbps. Left LED The port is connected. WAN 2 (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 100Mbps. (Green) The port is disconnected with 10Mbps. Vigor2820 Series User’s Guide...
Page 12 Connecters for local networked devices. Connecter for accessing the Internet through ADSL2/2+. WAN 2 Connecter for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2820 Series User’s Guide...
Page 13: For Vigor2820N
The port is disconnected with 10Mbps. Left LED The port is connected. WAN 2 (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 100Mbps. (Green) The port is disconnected with 10Mbps. Vigor2820 Series User’s Guide...
Page 14 Connecters for local networked devices. Connecter for accessing the Internet through ADSL2/2+. WAN 2 Connecter for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2820 Series User’s Guide...
Page 15: For Vigor2820Vn
The port is disconnected with 10Mbps. Left LED The port is connected. WAN 2 (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 100Mbps. (Green) The port is disconnected with 10Mbps. Vigor2820 Series User’s Guide...
Page 16 Connecters for local networked devices. Connecter for accessing the Internet through ADSL2/2+. WAN 2 Connecter for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2820 Series User’s Guide...
Page 17: For Vigor2820Vs
It will be off if there is nothing connected. Blinking In ISDN NT (ISDN S0 intern) mode, it means an ISDN phone is off-hook or a phone call comes. In ISDN TE mode, it means data, fax or voice (phone call) is transmitting. Vigor2820 Series User’s Guide...
Page 18 Connecters for local networked devices. Connecter for accessing the Internet through ADSL2/2+. WAN 2 Connecter for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2820 Series User’s Guide...
Page 19: For Vigor2820Vsn
It will be off if there is nothing connected. Blinking In ISDN NT (ISDN S0 intern) mode, it means an ISDN phone is off-hook or a phone call comes. In ISDN TE mode, it means data, fax or voice (phone call) is transmitting. Vigor2820 Series User’s Guide...
Page 20 Connecters for local networked devices. Connecter for accessing the Internet through ADSL2/2+. WAN 2 Connecter for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2820 Series User’s Guide...
Page 21: Hardware Installation
Power on the device by pressing down the power switch on the rear panel. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. (For the detailed information of LED status, please refer to section 1.2.) Vigor2820 Series User’s Guide...
Page 22: Isdn Phone Adapter Installation
Yet, if the user configures ISDN / Phone S0 as TE Mode in VoIP>> Phone Settings, the green LED will light on to indicate ISDN-TE is selected. Then, the port is specified for ISDN line only. Refer to the following figure for reference. Vigor2820 Series User’s Guide...
Page 23: Printer Installation
You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE, please visit www.draytek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
Page 24 Open File->Add a New Computer. A welcome dialog will appear. Please click Next. Click Local printer attached to this computer and click Next. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next. Vigor2820 Series User’s Guide...
Page 25 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. Click Standard and choose Generic Network Card. Then, in the following dialog, click Finish. Vigor2820 Series User’s Guide...
Page 26 10. For the final stage, you need to go back to Control Panel-> Printers and edit the property of the new printer you have added. 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and UPR name. Vigor2820 Series User’s Guide...
Page 27 Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.draytek.com to find out the printer list. Open Support Center->FAQ; find out the link of Printer Server FAQ; finally click the link of “What types of printers are compatible with Vigor router?”.
Page 28 This page is left blank. Vigor2820 Series User’s Guide...
Page 29: Configuring Basic Settings
Please type default values (both username and password are Null) on the window for the first time accessing and click OK for next screen. Now, the Main Screen will pop up. Vigor2820 Series User’s Guide...
Page 30 Enter the login password (the default is blank) on the field of Old Password. Type New Password. Then click OK to continue. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. Vigor2820 Series User’s Guide...
Page 31: Quick Start Wizard
On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step. Vigor2820 Series User’s Guide...
Page 32: Pppoe/Pppoa
Ethernet can share a common connection. PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode. Vigor2820 Series User’s Guide...
Page 33 Assign a valid password provided by the ISP. Confirm Password Retype the password. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2820 Series User’s Guide...
Page 34: 1483 Bridged Ip
Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2820 Series User’s Guide...
Page 35: 1483 Routed Ip
After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2820 Series User’s Guide...
Page 36: Online Status
If you select PPPoE/PPPoA as the protocol, you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page. Online status for PPPoE (WAN2) Online status for PPTP (for WAN2) Vigor2820 Series User’s Guide...
Page 37 Online status for Static IP (for WAN1) Online status for DHCP (WAN1) Vigor2820 Series User’s Guide...
Page 38 ISDN Status Channel Active Conn. Displays the active connection status for each channel. TX Pkts Displays the total transmitted packets at the ISDN interface. TX Rate Displays the speed of transmitted octets at the ISDN interface. Vigor2820 Series User’s Guide...
Page 39: Saving Configuration
Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2820 Series User’s Guide...
Page 40 This page is left blank. Vigor2820 Series User’s Guide...
Page 41: Advanced Web Configuration
Then a session will be created. Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. Vigor2820 Series User’s Guide...
Page 42: Network Connection By 3G Usb Modem
Besides, 3G USB Modem in WAN2 also can be used as backup device. Therefore, when WAN1 is not available, the router will use 3.5G for supporting automatically. The supported 3G USB Modem will be listed on Draytek web site. Please visit www.draytek.com for more detailed information.
Page 43 WAN2. You can enable PPP as the access mode and complete further configuration. Physical Type This setting is available for WAN2 only. You can change the physical type for WAN2 or choose Auto negotiation for Vigor2820 Series User’s Guide...
Page 44 15 seconds. WAN1 Download speed exceed XX kbps– It means the connection for WAN2 will be activated when WAN1 Download speed exceed certain value that you set in this box for 15 seconds. Vigor2820 Series User’s Guide...
Page 45: Internet Access
WAN2 supports PPPoE, Static or Dynamic IP and PPTP. According to physical connection of your router, please choose suitable WAN interface link to set detailed information. To use PPPoE/PPPoA as the accessing protocol of the Internet, select PPPoE/PPPoA mode. The following web page will appear. Vigor2820 Series User’s Guide...
Page 46 Protocol - Drop down the list to choose the one provided by ISP. If you have already used Quick Start Wizard to set the protocol, then it is not necessary for you to change any settings in this group. Modulation – 是做什麼用的? Vigor2820 Series User’s Guide...
Page 47 In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function. WAN IP Alias - If you have multiple public IP addresses and Vigor2820 Series User’s Guide...
Page 48 Ethernet, token-ring or TCP/IP protocols. The goal of MPoA is to allow different LANs to send packets to each other via an ATM backbone. To use MPoA as the accessing protocol of the Internet, select MPoA mode. The following web page will appear. Vigor2820 Series User’s Guide...
Page 49 This setting is available for the routers supporting ISDN function Setup only. Before utilizing the ISDN dial backup feature, you must create a dial backup profile first. Please click ISDN > Dialing to a Single ISP to create the backup profile. Vigor2820 Series User’s Guide...
Page 50 IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Notice that this setting is available for WAN1 only. Type the additional WAN IP address and check the Vigor2820 Series User’s Guide...
Page 51 IP address for necessity in the future. After finishing all the settings here, please click OK to activate them. To use PPPoE as the accessing protocol of the Internet, select PPPoE mode. The following web page will appear. Vigor2820 Series User’s Guide...
Page 52 WAN detection. Ping IP – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging. TTL (Time to Live) – Displays value for your reference. TTL Vigor2820 Series User’s Guide...
Page 53 MAC address by typing on the boxes of MAC Address for the router. Specify a MAC Address – Type the MAC address for the router manually. After finishing all the settings here, please click OK to activate them. Vigor2820 Series User’s Guide...
Page 54 ARP Detect or Ping Detect. Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection. Ping IP – If you choose Ping Detect as detection mode, you have Vigor2820 Series User’s Guide...
Page 55 Static IP mode. IP Address: Type the IP address. Subnet Mask: Type the subnet mask. Gateway IP Address: Type the gateway IP address. Default MAC Address: Click this radio button to use default MAC Vigor2820 Series User’s Guide...
Page 56 This setting is available for the routers supporting ISDN function Setup only. Before utilizing the ISDN dial backup feature, you must create a dial backup profile first. Please click ISDN > Dialing to a Single ISP to create the backup profile. Vigor2820 Series User’s Guide...
Page 57 Obtain an IP address automatically – Click this button to obtain Settings the IP address automatically. Specify an IP address – Click this radio button to specify some data. IP Address – Type the IP address. Subnet Mask – Type the subnet mask. Vigor2820 Series User’s Guide...
Page 58: Multi-Pvcs
This router allows you to create multi-PVCs for different data transferring for using. Simply go to Internet Access and select Multi-PVC Setup page. The system allows you to set up to eight channels which are ready for choosing as the first PVC line that will be used as multi-PVCs. Vigor2820 Series User’s Guide...
Page 59 Select a proper QoS type for the channel. Protocol Select a proper protocol for this channel. Encapsulation Choose a proper type for this channel. The types will be different according to the protocol setting that you choose. Vigor2820 Series User’s Guide...
Page 60 ISP and then click WAN link of Channel 3, 4 or 5 to configure your router. Such configuration is applied to upstream packets. Such information will be provided by ISP. Please contact with your ISP for detailed information. Vigor2820 Series User’s Guide...
Page 61 IPTV). It can divide the packets from remote control and from video stream into different PVC. In general, the protocol used by remote control is IGMP. Normal – It means that the PVC can accept all packets except Vigor2820 Series User’s Guide...
Page 62: Load-Balance Policy
Index Click the number of index to access into the load-balance policy configuration web page. Enable Check this box to enable this policy. Protocol Use the drop-down menu to change the protocol for the WAN interface. Vigor2820 Series User’s Guide...
Page 63 Type the source IP start for the specified WAN interface. Src IP End Type the source IP end for the specified WAN interface. If this field is blank, it means that all the source IPs inside the LAN will be passed through the WAN interface. Vigor2820 Series User’s Guide...
Page 64 Type the destination port start for the destination IP. Dest Port End Type the destination port end for the destination IP. If this field is blank, it means that all the destination ports will be passed through the WAN interface. Vigor2820 Series User’s Guide...
Page 65: Lan
IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2820 Series User’s Guide...
Page 66 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2820 Series User’s Guide...
Page 67: General Setup
Type in secondary IP address for connecting to a subnet. (Default: 192.168.2.1/ 24) Subnet Mask An address code that determines the size of the network. (Default: 255.255.255.0/ 24) DHCP Server You can configure the router to serve as a DHCP server for the 2nd subnet. Vigor2820 Series User’s Guide...
Page 68 Gateway IP Address - Enter a value of the gateway IP address for the DHCP server. The value is usually as same as the 1st IP address of the router, which means the router is the default gateway. Vigor2820 Series User’s Guide...
Page 69: Static Route
There are two common scenarios of LAN settings that stated in Chapter 4. For the configuration examples, please refer to that chapter to get more information for your necessity. Go to LAN to open setting page and choose Static Route. Vigor2820 Series User’s Guide...
Page 70 Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Go to LAN page and click General Setup, select 1st Subnet as the RIP Protocol Control. Then click the OK button. Vigor2820 Series User’s Guide...
Page 71 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2820 Series User’s Guide...
Page 72: Vlan
P3 and P4. After checking the box to enable VLAN function, you will check the table according to the needs as shown below. To remove VLAN, uncheck the needed box and click OK to save the results. Vigor2820 Series User’s Guide...
Page 73: Bind Ip To Mac
It is used to refresh the ARP table. When there is one new PC added to the LAN, you can click this link to obtain the newly ARP table information. IP Bind List It displays a list for the IP bind to MAC information. Vigor2820 Series User’s Guide...
Page 74: Nat
IP address/domain name are recognized by all users. Since the server is actually located inside the LAN, the network well protected by NAT of the router, and identified by its private IP address/port, the goal of Port Redirection function Vigor2820 Series User’s Guide...
Page 75 To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 20 port-mapping entries for the internal hosts. Press any number under Index to access into next page for configuring port redirection. Vigor2820 Series User’s Guide...
Page 76 For example, the built-in web configurator in the router is with default port 80, which may conflict with the web server in the local network, http://192.168.1.13:80. Therefore, you need to change the router’s http port to any one other than the default port 80 to avoid Vigor2820 Series User’s Guide...
Page 77: Dmz Host
LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc. Vigor2820 Series User’s Guide...
Page 78 Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host. Vigor2820 Series User’s Guide...
Page 79 When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. Vigor2820 Series User’s Guide...
Page 80: Open Ports
Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Vigor2820 Series User’s Guide...
Page 81 Specify the transport layer protocol. It could be TCP, UDP, or ----- (none) for selection. Start Port Specify the starting port number of the service offered by the local host. End Port Specify the ending port number of the service offered by the local host. Vigor2820 Series User’s Guide...
Page 82: Firewall
It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor2820 Series User’s Guide...
Page 83 4. Port Scan attack 12. Tear drop attack 5. IP options 13. Ping of Death attack 6. Land attack 14. ICMP fragment 7. Smurf attack 15. Unknown protocol 8. Trace route Below shows the menu items for Firewall. Vigor2820 Series User’s Guide...
Page 84: General Setup
Log box. It will be sent to Syslog server. Please refer to section 3.14.5 Syslog/Mail Alert for more detailed information. Web Content Filter Select one of the Web Content Filter Profile settings (created in CSM>> Web Content Filter Profile) for applying with this router. Vigor2820 Series User’s Guide...
Page 85 Syslog For troubleshooting needs you can specify the filter log and/or CSM log here by checking the box. The log will be displayed on Draytek Syslog window. Advance Setting Click Edit to open the following window. However, it is strongly recommended to use the default settings here.
Page 86: Filter Setup
Use Up or Down link to move the order of the filter rules. Next Filter Set Set the link to the next filter set to be executed after the current filter run. Do not make a loop with many filter sets. Vigor2820 Series User’s Guide...
Page 87 Data Filter only. For the Call Filter, this setting is not available since Call Filter is only applied to outgoing traffic. Source/Destination IP Click Edit to access into the following dialog to choose the source/destination IP or IP ranges. Vigor2820 Series User’s Guide...
Page 88 Click Edit to access into the following dialog to choose a suitable service type. To set the service type manually, please choose User defined as the Service Type and type them in this dialog. In addition, if you Vigor2820 Series User’s Guide...
Page 89 Select one of the URL Content Filter profile settings (created in CSM>> URL Content Filter) for applying with this router. Please set at least one profile for choosing in CSM>> URL Content Filter web page first. For troubleshooting needs, you can specify to Vigor2820 Series User’s Guide...
Page 90 SysLog For troubleshooting needs you can specify the filter log and/or CSM log here. Check the corresponding box to enable the log function. Then, the filter log and/or CSM log will be shown on Draytek Syslog window. Advance Setting Click Edit to open the following window. However, it is strongly recommended to use the default settings here.
Page 91 Session timeout–Setting timeout for sessions can make the best utilization of network resources. However, Queue timeout is configured for TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. Vigor2820 Series User’s Guide...
Page 92 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2820 Series User’s Guide...
Page 93: Dos Defense
Enable PortScan Port Scan attacks the Vigor router by sending lots of packets to detection many ports in an attempt to find ignorant services would respond. Check the box to activate the Port Scan detection. Whenever Vigor2820 Series User’s Guide...
Page 94 Block ICMP Fragment Check the box to activate the Block ICMP fragment function. Any ICMP packets with more fragment bit set are dropped. Block Unknown Check the box to activate the Block Unknown Protocol function. Protocol Individual IP packet has a protocol field in the datagram header to Vigor2820 Series User’s Guide...
Page 95: Objects Settings
Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). Vigor2820 Series User’s Guide...
Page 96: Ip Object
You can set up to 192 sets of IP Objects with different conditions. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Name Type a name for this profile. Maximum 15 characters are allowed. Vigor2820 Series User’s Guide...
Page 97 Type the subnet mask if the Subnet Address type is selected. Invert Selection If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. Below is an example of IP objects settings. Vigor2820 Series User’s Guide...
Page 98: Ip Group
Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box. Selected IP Objects Click >> button to add the selected IP objects in this box. Vigor2820 Series User’s Guide...
Page 99: Service Type Object
Specify the protocol(s) which this profile will apply to. Source/Destination Port Source Port and the Destination Port column are available for TCP/UDP protocol. It can be ignored for other protocols. The filter rule will filter out any port number. Vigor2820 Series User’s Guide...
Page 100: Service Type Group
Below is an example of service type objects settings. This page allows you to bind several service types into one group. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2820 Series User’s Guide...
Page 101: Keyword Object
You can set 200 keyword object profiles for choosing as black /white list in CSM >>URL Web Content Filter Profile. Set to Factory Default Clear all profiles. Click the number under Index column for setting in detail. Vigor2820 Series User’s Guide...
Page 102: Keyword Group
This page allows you to bind several keyword objects into one group. The keyword groups set here will be chosen as black /white list in CSM >>URL Web Content Filter Profile. Set to Factory Default Clear all profiles. Click the number under Index column for setting in detail. Vigor2820 Series User’s Guide...
Page 103: File Extension Object
Profile 1 with name of “default” is the default profile, some files with the file extensions specified in this profile will be ignored and not be scanned by Vigor router. Set to Factory Default Clear all profiles. Click the number under Profile column for configuration in details. Vigor2820 Series User’s Guide...
Page 104 Profile Name Type a name for this profile. Type a name for such profile and check all the items of file extension that will be processed in the router. Finally, click OK to save this profile. Vigor2820 Series User’s Guide...
Page 105: Im Object
(es) and then click OK. Later, in the CSM>>IM/P2P Filter Profile page, you can use IM Object drop down list to choose the proper profile configured here as the standard for the host(s) to follow. Vigor2820 Series User’s Guide...
Page 106 Profile Name Type a name for this profile. Type a name for such profile and check all the items that not allowed to be used in the host. Finally, click OK to save this profile. Vigor2820 Series User’s Guide...
Page 107: P2P Object
(es) and then click OK. Later, in the CSM>>IM/P2P Filter Profile page, you can use P2P Object drop down list to choose the proper profile configured here as the standard for the host(s) to follow. Vigor2820 Series User’s Guide...
Page 108: Misc Object
Simple check the box (es) and then click OK. Later, in the CSM>>IM/P2P Filter Profile page, you can use Misc Object drop down list to choose the proper profile configured here as the standard for the host(s) to follow. Vigor2820 Series User’s Guide...
Page 109: Csm
It is similar situation for corporation towards peer-to-peer applications since file-sharing can be convenient but insecure at the same time. To address these needs, we provide CSM functionality. Vigor2820 Series User’s Guide...
Page 110: Im/P2P Filter Profile
Note: The priority of URL Content Filter is higher than Web Content Filter. You can define policy profiles for different policy of IM (Instant Messenger)/P2P (Peer to Peer) application. Such profile will be used in Firewall>>General Setup and Firewall>>Filter Setup pages. Vigor2820 Series User’s Guide...
Page 111: Url Content Filter
URL Content Filter work better than traditional firewall in the field of filtering? Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP/IP headers only. Vigor2820 Series User’s Guide...
Page 112 Click CSM and click URL Content Filter Profile to open the profile setting page. You can set eight profiles as URL content filter. Simply click the index number under Profile to open the following web page. Profile Name Type the name for such profile. Vigor2820 Series User’s Guide...
Page 113 Action – This setting is available only when Either : URL Access Control First or Either : Web Feature First is selected. Pass - Allow accessing into the corresponding webpage with the keywords listed on the box below. Vigor2820 Series User’s Guide...
Page 114 Pass - Allow accessing into the corresponding webpage with the keywords listed on the box below. Block - Restrict accessing into the corresponding webpage with the keywords listed on the box below. Vigor2820 Series User’s Guide...
Page 115: Web Content Filter
Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Click CSM and click Web Content Filter Profile to open the profile setting page. Vigor2820 Series User’s Guide...
Page 116 Action Pass - allow accessing into the corresponding webpage with the categories listed on the box below. Block - restrict accessing into the corresponding webpage with the categories listed on the box below. Vigor2820 Series User’s Guide...
Page 117: Bandwidth Management
To solve the problem, you can use limit session to limit the session procession for specified Hosts. In the Bandwidth Management menu, click Sessions Limit to open the web page. Vigor2820 Series User’s Guide...
Page 118 You can type in four sets of time schedule for your request. All the schedules can be set previously in Application – Setup Schedule web page and you can use the number that you have set in that web page. Vigor2820 Series User’s Guide...
Page 119: Bandwidth Limit
Define the limitation for the speed of the downstream. If you do not set the limit in this field, the system will use the default speed for the specific limitation you set for each index. Add the specific speed limitation onto the list above. Vigor2820 Series User’s Guide...
Page 120: Quality Of Service
The core routers in the backbone will do the same checking before executing treatments in order to ensure service-level consistency throughout the whole QoS-enabled network. Vigor2820 Series User’s Guide...
Page 121 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Vigor2820 Series User’s Guide...
Page 122 Display an online statistics for quality of service for your reference. This link will be seen only if you click OK in WAN1/WAN2 General Setup web page and click Setup again (for WAN1/WAN2) on the Bandwidth Vigor2820 Series User’s Guide...
Page 123 Edit link of that one. After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. Vigor2820 Series User’s Guide...
Page 124 By the way, you can set up to 20 rules for one Class. If you want to edit an existed rule, please select the radio button of that one and click Edit to open the rule edit page for modification. Vigor2820 Series User’s Guide...
Page 125 To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. Vigor2820 Series User’s Guide...
Page 126 Range as the type. By the way, you can set up to 40 service types. If you want to edit/delete an existed service type, please select the radio button of that one and click Edit/Edit for modification. Vigor2820 Series User’s Guide...
Page 127: Applications
Clear all profiles and recover to factory settings. Enable Dynamic DNS Setup Check this box to enable DDNS function. Index Click the number below Index to access into the setting page of DDNS setup to set account(s). Vigor2820 Series User’s Guide...
Page 128 Click OK button to activate the settings. You will see your setting has been saved. The Wildcard and Backup MX features are not supported for all Dynamic DNS providers. You could get more detailed information from their websites. Disable the Function and Clear all Dynamic DNS Accounts Vigor2820 Series User’s Guide...
Page 129: Schedule
You can set up to 15 schedules. Then you can apply them to your Internet Access or VPN and Remote Access >> LAN-to-LAN settings. To add a schedule, please click any index, say Index No. 1. The detailed settings of the call schedule with index 1 are shown below. Vigor2820 Series User’s Guide...
Page 130 On) from 9:00 to 18:00 for whole week. Other time the Internet access connection should be disconnected (Force Down). Office Hour: (Force On) Mon - Sun 9:00 am 6:00 pm Make sure the PPPoE connection and Time Setup is working properly. Vigor2820 Series User’s Guide...
Page 131: Radius
The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Confirm Shared Secret Re-type the Shared Secret for confirmation. Vigor2820 Series User’s Guide...
Page 132: Upnp
NAT router. The application will also learn the external IP address and configure port mappings on the router. Subsequently, such a facility forwards packets from the external ports of the router to the internal ports used by the application. Vigor2820 Series User’s Guide...
Page 133: Igmp
IGMP is the abbreviation of Internet Group Management Protocol. It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups. For invoking IGMP Snooping function, you have to check the Enable IGMP Proxy box first for activating the IGMP proxy function. Vigor2820 Series User’s Guide...
Page 134: Wake On Lan
Wake by Two types provide for you to wake up the binded IP. If you choose Wake by MAC Address, you have to type the correct MAC address of the host in MAC Address boxes. If you Vigor2820 Series User’s Guide...
Page 135 MAC Address Type any one of the MAC address of the binded PCs. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box. Vigor2820 Series User’s Guide...
Page 136: Vpn And Remote Access
NAT settings, such as DMZ or open port. The Vigor router will not accept the ISDN dial-in connection if the box of Enable ISDN Dial-in is not checked. This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Vigor2820 Series User’s Guide...
Page 137 IP address from the local private network. For example, if the local private network is 192.168.1.0/255.255.255.0, you could choose 192.168.1.200 as the Start IP Address. But, you have to notice that the first Vigor2820 Series User’s Guide...
Page 138: Ipsec General Setup
IKE Authentication Method This usually applies to those are remote dial-in user or node (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key -Currently only support Pre-Shared Key authentication. Pre-Shared Key- Specify a key for IKE authentication Vigor2820 Series User’s Guide...
Page 139: Ipsec Peer Identity
Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2820 Series User’s Guide...
Page 140 Click to check the specific fields of digital signature to accept the peer with matching value. The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). Vigor2820 Series User’s Guide...
Page 141: Remote Dial-In User
Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2820 Series User’s Guide...
Page 142 L2TP connection. Specify Remote Node Check the checkbox-You can specify the IP address of the remote dial-in user, ISDN number or peer ID (used in IKE aggressive mode). Uncheck the checkbox-This means the connection type you Vigor2820 Series User’s Guide...
Page 143 Once the callback budget has been exhausted, the callback mechanism will be disabled automatically. Callback Budget (Unit: minutes)- Specify the time budget for the dial-in user. The budget will be decreased automatically per callback connection. Vigor2820 Series User’s Guide...
Page 144: Lan To Lan
4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation. Vigor2820 Series User’s Guide...
Page 145 WAN1 First - While connecting, the router will use WAN1 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead. WAN1 Only - While connecting, the router will use WAN1 Vigor2820 Series User’s Guide...
Page 146 None: Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection. Nice to Have: Apply the IPSec policy first, if it is applicable Vigor2820 Series User’s Guide...
Page 147 AES with Authentication-Use AES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. Advanced Specify mode, proposal and key life of each IKE phase, Gateway etc. The window of advance setup is shown as below: Vigor2820 Series User’s Guide...
Page 148 Provide ISDN Number to Remote-In the case that the remote peer requires the Vigor router to callback, the local ISDN number will be provided to the remote peer. Check here to allow the Vigor router to send the ISDN number to Vigor2820 Series User’s Guide...
Page 149 None - Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection. Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection Vigor2820 Series User’s Guide...
Page 150 Callback number-The option is for extra security. Once enabled, the router will ONLY call back to the specified Callback Number. Callback budget- By default, the callback function has limitation of callback period. Once the callback budget is Vigor2820 Series User’s Guide...
Page 151 Be aware that this setting is available only for one WAN interface is enabled. It is not available when both WAN interfaces are enabled. You have to disable one WAN interface (WAN 1 or WAN 2) on WAN >> General Setup for enabling such setting. Vigor2820 Series User’s Guide...
Page 152: Connection Management
Tool and clicking Dial button. Dial Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dial information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status. Vigor2820 Series User’s Guide...
Page 153: Certificate Management
Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Below shows the menu items for Certificate Management. Generate Click this button to open Generate Certificate Request window. Vigor2820 Series User’s Guide...
Page 154 Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request. After clicking Generate, the generated information will be displayed on the window below: Vigor2820 Series User’s Guide...
Page 155: Trusted Ca Certificate
For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2820 Series User’s Guide...
Page 156: Certificate Backup
Internet bandwidth. Usually there will be two types of calling scenario, as illustrated below: Calling via SIP Servers First, the Vigor V models of yours will have to register to a SIP Registrar by sending Vigor2820 Series User’s Guide...
Page 157: Dialplan
This page allows you to set phone book and digit map for the VoIP function. Click the Phone Book and Digit Map links on the page to access into next pages for dialplan settings. Vigor2820 Series User’s Guide...
Page 158 SIP addresses. Loop through and Backup Phone Number will be displayed if you are using Vigor 2820V for setting the phone book. Click any index number to display the dial plan setup page. Vigor2820 Series User’s Guide...
Page 159 SIP Registrar servers. If caller and callee do not use the same SIP server, sometimes, the VoIP phone call connection may not succeed. By using the specified dial out account, the successful connection can be assured. Vigor2820 Series User’s Guide...
Page 160 For the convenience of user, this page allows users to edit prefix number for the SIP account with adding number, stripping number or replacing number. It is used to help user having a quick and easy way to dial out through VoIP interface. Vigor2820 Series User’s Guide...
Page 161 VoIP interface. Take the above picture (Prefix Table Setup web page) as an example, the prefix number of 03 will be replaced by 8863. For example: dial number of “031111111” will be changed to “88631111111” and sent to Vigor2820 Series User’s Guide...
Page 162 SIP accounts. Please set up one SIP account first to make this interface available. Call barring is used to block phone calls coming from the one that is not welcomed. Click any index number to display the dial plan setup page. Vigor2820 Series User’s Guide...
Page 163 For Block Anonymous – this function can block the incoming calls without caller ID on the interface (Phone port) specified in the following window. Such control also can be done based on preconfigured schedules. Vigor2820 Series User’s Guide...
Page 164 This page allows you to process incoming or outgoing phone calls by regional. Default values (common used in most areas) will be shown on this web page. You can change the number based on the region that the router is placed. Vigor2820 Series User’s Guide...
Page 165 Dial the number typed in this field to make your phone number (ID) not displayed on the display panel of remote end. Hide caller ID [Deact] Dial the number typed in this field to release this function. Vigor2820 Series User’s Guide...
Page 166: Sip Accounts
Account Name or user name, SIP Registrar, Proxy, and Domain name. (The last three might be the same in some case). Then you can tell your folks your SIP Address as in Account Name@ Domain name Vigor2820 Series User’s Guide...
Page 167 AuthorizationUser@Domain/Realm. After that, your call will be bypassed by SIP Proxy to the destination using AccountName@Domain/Realm as identity. Index Click this link to access into next page for setting SIP account. Profile Display the profile name of the account. Vigor2820 Series User’s Guide...
Page 168 If you want to make VoIP call without register personal information, please choose None and check the box to achieve the goal. Some SIP server allows user to use VoIP function without registering. For such server, please check the box of Vigor2820 Series User’s Guide...
Page 169 Ring Port Set Phone, ISDN1-S0 or ISDN-TE as the default ring port for this SIP account. If you choose Phone or ISDN1-S0, the ISDN2-TE selection will be dimmed, vice versa. There are ten Vigor2820 Series User’s Guide...
Page 170: Phone Settings
Choose a ring tone type for the VoIP phone call. This page allows user to set phone settings for Phone 1 and Phone 2 respectively. However, it changes slightly according to different model you have. For Vigor2820V/Vigor2820Vn models, you will see the following page: Vigor2820 Series User’s Guide...
Page 171 Default SIP Account – “draytel_1” is the default SIP account. You can click the number below the Index field to change SIP account for each phone port. DTMF Relay – Display DTMF mode that configured in the advanced settings page of Phone Index. Vigor2820 Series User’s Guide...
Page 172 RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Click the number link for Phone port, you can access into the following page for configuring Phone settings. Vigor2820 Series User’s Guide...
Page 173 Index (1-15) in Schedule - Enter the index of schedule profiles to control the DND mode according to the preconfigured schedules. Refer to section 3.8.2 Schedule for detailed configuration. Index (1-60) in Phone Book - Enter the index of phone book Vigor2820 Series User’s Guide...
Page 174 You can set SIP accounts (up to six groups) on SIP Account page. Use the drop down list to choose one of the profile names for the accounts as the default one for this phone setting. Vigor2820 Series User’s Guide...
Page 175 Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2820 Series User’s Guide...
Page 176 DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Payload Type (rfc2833) - Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Vigor2820 Series User’s Guide...
Page 177 SIP URL by the time out. SIP URL – Type in the SIP URL (e.g., aaa@draytel.org or abc@iptel.org) as the site for call forwarded. Vigor2820 Series User’s Guide...
Page 178 20 ms voice information. Voice Active Detector - This function can detect if the voice on both sides is active or not. If not, the router will do something to save the bandwidth for other using. Click On to Vigor2820 Series User’s Guide...
Page 179 Or you can adjust tone settings manually if you choose User Defined. TOn1, TOff1, TOn2 and TOff2 mean the cadence of the tone pattern. TOn1 and TOn2 represent sound-on; TOff1 and TOff2 represent the sound-off. Vigor2820 Series User’s Guide...
Page 180 If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Also, you can specify each field for your necessity. It is Vigor2820 Series User’s Guide...
Page 181 30 – 39) with any number you desire. For example, type 50 in the box of MSN 30. Later you will find MSN 30 has been replaced with MSN50 in all related pages. See the following figures for examples (pages of VoIP>>SIP Accounts and VoIP>>Phone Settings). Vigor2820 Series User’s Guide...
Page 182 Please use the drop down list to choose the one you want. If you choose ISDN2-S0, please refer to Detailed Settings for Phone1, Phone2, ISDN1-S0 for the configuration. However, if you choose ISDN-TE and click the number link for that port, you will see the following page. Vigor2820 Series User’s Guide...
Page 183 Index (1-15) in Schedule - Enter the index of schedule profiles to control the DND mode according to the preconfigured schedules. Refer to section 3.8.2 Schedule for detailed configuration. Index (1-60) in Phone Book - Enter the index of phone book Vigor2820 Series User’s Guide...
Page 184 ISDN line. Loop Through to Phone Port – Choose this radio button to make all the calls controlled by traditional PSTN phone. It will tack effect only if MSN mapping ring port is not Vigor2820 Series User’s Guide...
Page 185 Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2820 Series User’s Guide...
Page 186 DTMF tone. SIP INFO: Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Vigor2820 Series User’s Guide...
Page 187: Status
Status It shows the VoIP connection status. IDLE - Indicates that the VoIP function is idle. HANG_UP - Indicates that the connection is not established (busy tone). CONNECTING - Indicates that the user is calling out. Vigor2820 Series User’s Guide...
Page 188: Isdn
ISDN means integrated services digital network that is an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires. Below shows the menu items for ISDN. This web page allows you to enable ISDN function. Vigor2820 Series User’s Guide...
Page 189 MSN numbers. Note that MSN service must be acquired from your local telecom operators. By default, MSN function is disabled. If you leave the fields blank, all incoming calls will be accepted without number matching. Vigor2820 Series User’s Guide...
Page 190 Usually the router will send "Own Number" to the remote side. However Own number will restrict the router displaying only one number on remote side. Vigor2820 series can connect up to 6 phones at the same time. Therefore, if CLIP is selected, the external MSN numbers that you setup will be displayed to remote side.
Page 191: Dial To Single/Dual Isps
If you use ISDN1-S0 without MSN Setup to dial an outgoing call: remote user will see the number 5972720 because Phone CLIP is checked. Select Dialing to a Single ISP if you access the Internet via a single ISP. Vigor2820 Series User’s Guide...
Page 192: Call Control
Idle Timeout - Idle timeout means the router will be disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. Vigor2820 Series User’s Guide...
Page 193 Idle Timeout - Idle timeout means the router will be disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. Vigor2820 Series User’s Guide...
Page 194 After entering the necessary settings and clicking OK, you will see Goto ISDN Diagnostic link appears on the bottom of the webpage. To have an ISDN connection, please click Goto ISDN Diagnostic. The following page will be displayed on your screen. Vigor2820 Series User’s Guide...
Page 195 Accordingly, a teleworker can access the remote network to retrieve resources. Of course, a fixed IP address is required for WAN connection and some internal network resource has to be exposed for remote users, such as FTP, WWW. Vigor2820 Series User’s Guide...
Page 196 TCP Header Compression - VJ Compression: It is used for TCP/IP protocol header compression. Normally it is set to Yes to improve bandwidth utilization. Idle Timeout - Because our IDSN link type is Dial On Demand, the connection will be initiated only when needed. Vigor2820 Series User’s Guide...
Page 197: Wireless Lan
Access Point (AP) connecting to lots of wireless clients or Stations (STA). All the STAs will share the same Internet connection via Vigor wireless router. The General Settings will set up the information of this wireless network, including its SSID as identification, located channel etc. Vigor2820 Series User’s Guide...
Page 198 MAC addresses to isolate users’ access from wired LAN. Manage Wireless Stations - Station List will display all the station in your wireless network and the status of their connection. Below shows the menu items for Wireless LAN. Vigor2820 Series User’s Guide...
Page 199: General Setup
By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Enable Wireless LAN Check the box to enable wireless function. Vigor2820 Series User’s Guide...
Page 200 Means the channel of frequency of the wireless LAN. The default channel is 6. You may switch channel if the selected channel is under serious interference. If you have no idea of choosing the frequency, please select Auto to let system determine for you. Vigor2820 Series User’s Guide...
Page 201 Enable for TxBURST on the tab of Option). Rate Control It controls the data transmission rate through wireless connection. Upload – Check Enable and type the transmitting rate for data upload. Default value is 30,000 kbps. Vigor2820 Series User’s Guide...
Page 202: Security
WEP/802.1x Only - Accepts only WEP clients and the encryption key is obtained dynamically from RADIUS server with 802.1X protocol. WPA/802.1x Only- Accepts only WPA clients and the encryption key is obtained dynamically from RADIUS server with 802.1X protocol. Vigor2820 Series User’s Guide...
Page 203: Access Control
MAC address that has been configured can access the wireless LAN interface. By clicking the Access Control, a new web page will appear, as depicted below, so that you could edit the clients' MAC addresses to control their access rights. Vigor2820 Series User’s Guide...
Page 204: Wps
Clear All Clean all entries in the MAC address list. WPS (Wi-Fi Protected Setup) provides easy procedure to make network connection between wireless station and wireless access point (vigor router) with the encryption of WPA and WPA2. Vigor2820 Series User’s Guide...
Page 205 Start PBC button of network card. If you want to use PIN code, you have to know the PIN code specified in wireless client. Then provide the PIN code of the wireless client you wish to connect to the vigor router. Vigor2820 Series User’s Guide...
Page 206 Start PIN button. The WLAN LED on the router will blink fast when WPS is in progress. It will return to normal condition after two minutes. (You need to setup WPS within two minutes) Vigor2820 Series User’s Guide...
Page 207: Wds
AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts. In other words, only Repeater mode can do WDS-to-WDS packet forwarding. Vigor2820 Series User’s Guide...
Page 208 Click WDS from Wireless LAN menu. The following page will be shown. Mode Choose the mode for WDS setting. Disable mode will not invoke any WDS setting. Bridge mode is designed to fulfill the first type of application. Repeater mode is for the second one. Vigor2820 Series User’s Guide...
Page 209: Advanced Setting
Green Field – to get the highest throughput, please choose such mode. Such mode can make the data transmission happening between 11n systems only. In addition, it does not have protection mechanism to avoid the conflict with neighboring devices of 802.11a/b/g. Vigor2820 Series User’s Guide...
Page 210: Wmm Configuration
Enable radio button. APSD Capable The default setting is Disable. Aifsn It controls how long the client waits for each data transmission. Please specify the value ranging from 1 to 15. Such parameter Vigor2820 Series User’s Guide...
Page 211: Ap Discovery
This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found. Please click Scan to discover all the connected APs. Vigor2820 Series User’s Guide...
Page 212: Station List
Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Vigor2820 Series User’s Guide...
Page 213 Refresh Click this button to refresh the status of station list. Click this button to add current selected MAC address into Access Control. Vigor2820 Series User’s Guide...
Page 214: System Maintenance
Display the model name of the router. Firmware Version Display the firmware version of the router. Build Date/Time Display the date and time of the current firmware build. ADSL Firmware Version Display the ADSL firmware version. LAN------- Vigor2820 Series User’s Guide...
Page 215: 207
WLAN miniPCi. SSID Display the SSID of the router. This device supports TR-069 standard. It is very convenient for an administrator to manage a Auto Configuration Server, e.g., TR-069 device through an VigorACS. Vigor2820 Series User’s Guide...
Page 216: Administrator Password
The default setting is Enable. Please set interval time or schedule time for the router to send notification to CPE. Or click Disable to close the mechanism of notification. This page allows you to set new password. Vigor2820 Series User’s Guide...
Page 217: Configuration Backup
Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. Vigor2820 Series User’s Guide...
Page 218 The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Vigor2820 Series User’s Guide...
Page 219: Syslog/Mail Alert
Enable syslog message Check the box listed on this web page to send the corresponding message of firewall, VPN, User Access, Call, WAN, Router/DSL information to Syslog. Enable (Alert Setup…) Check “Enable” to activate function of mail alert. Vigor2820 Series User’s Guide...
Page 220 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2820 Series User’s Guide...
Page 221: Time And Date
Type the IP address of the time server. Time Zone Select the time zone where the router is located. Automatically Update Interval Select a time interval for updating from the NTP server. Click OK to save these settings. Vigor2820 Series User’s Guide...
Page 222: Management
Check to specify user-defined port numbers for the Telnet, HTTP and FTP servers. Enable SNMP Agent Check it to enable this function. Get Community Set the name for getting community by typing a proper character. The default setting is public. Vigor2820 Series User’s Guide...
Page 223: Reboot System
Note: When the system pops up Reboot System web page after you configure web settings, please click OK to reboot your router for ensuring normal operation and preventing unexpect errors of the router in the future. Vigor2820 Series User’s Guide...
Page 224: Firmware Upgrade
Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.
Page 225: Diagnostics
(e.g., ISDN, PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address. Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. Vigor2820 Series User’s Guide...
Page 226: Routing Table
Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Click it to reload the page. Clear Click it to clear the whole table. Vigor2820 Series User’s Guide...
Page 227: Dhcp Table
Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port It indicates the source IP address and port of local PC. #Pseudo Port It indicates the temporary port of the router used for NAT. Vigor2820 Series User’s Guide...
Page 228: Ping Diagnosis
Type in the IP address of the Host/IP that you want to ping. Click this button to start the ping work. The result will be displayed on the screen. Clear Click this link to remove the result on the window. Vigor2820 Series User’s Guide...
Page 229: Data Flow Monitor
RX rate (kbps) Display the receiving speed of the monitored device. Sessions Display the session number that you specified in Limit Session web page. Action Block - can prevent specified PC accessing into Internet within 5 minutes. Vigor2820 Series User’s Guide...
Page 230: Traffic Graph
The remaining time will be shown on the session column. Click Diagnostics and click Traffic Graph to pen the web page. Choose WAN1 Bandwidth/WAN2 Bandwidth, Sessions, daily or weekly for viewing different traffic graph. Click Refresh to renew the graph at any time. Vigor2820 Series User’s Guide...
Page 231: Trace Route
Choose a protocol (ICMP or UDP) for such route. Host/IP Address It indicates the IP address of the host. Click this button to start route tracing work. Clear Click this link to remove the result on the window. Vigor2820 Series User’s Guide...
Page 232 This page is left blank. Vigor2820 Series User’s Guide...
Page 233: Application And Examples
Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. Then, For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. Vigor2820 Series User’s Guide...
Page 234 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2820 Series User’s Guide...
Page 235 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2820 Series User’s Guide...
Page 236 A can direct the packets destined to the remote network to Router B via the VPN connection. Settings in Router B in the remote office: Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. Vigor2820 Series User’s Guide...
Page 237 VPN connection. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Vigor2820 Series User’s Guide...
Page 238 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2820 Series User’s Guide...
Page 239 Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2820 Series User’s Guide...
Page 240: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter
PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2820 Series User’s Guide...
Page 241 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2820 Series User’s Guide...
Page 242 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed.
Page 243 Username, Password, and encryption method. The User Name and Password should be consistent with the one set up in the VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN Vigor2820 Series User’s Guide...
Page 244: Qos Setting Example
Meanwhile, children may chat on Skype in the restroom. Go to Bandwidth Management>>Quality of Service. Click Setup link of WAN 1. Make sure the QoS Control on the left corner is checked. And select BOTH in Direction. Vigor2820 Series User’s Guide...
Page 245 Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the name “E-mail” for Class 1. For this index, the user will set reserved bandwidth (e.g., 25%) for E-mail using protocol POP3 and SMTP. Vigor2820 Series User’s Guide...
Page 246 If the worker has connected to the headquarter using host to host VPN tunnel. (Please refer to Chapter 3 VPN for detail instruction), he may set up an index for it. Enter the Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. Vigor2820 Series User’s Guide...
Page 247 Click Edit to open the following window. Check the ACT box, first. 10. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK. Vigor2820 Series User’s Guide...
Page 248: Lan - Created By Using Nat
You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. Vigor2820 Series User’s Guide...
Page 249: Calling Scenario For Voip Function
You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Example 1: Both John and David have SIP Addresses from different service providers. John’s SIP URL: 1234@draytel.org, David’s SIP URL: 4321@iptel.org Vigor2820 Series User’s Guide...
Page 250 Display Name: David Account Name: 4321 Authentication ID: unchecked Password: **** Expiry Time: (use default value) CODEC/RTP/DTMF --- (Use default value) David calls John He picks up the phone and dials 2222# (DialPlan Phone Number for John) Vigor2820 Series User’s Guide...
Page 251 Expiry Time: (use default value) CODEC/RTP/DTMF--- (Use default value) David calls John He picks up the phone and dials 2222# (DialPlan Phone Number for John) Or, He picks up the phone and dials 1234# (John’s Account Name) Vigor2820 Series User’s Guide...
Page 252: Peer-To-Peer Calling
Display Name: Paulin Account Name: 4321 Authentication ID: unchecked Password: (blank) Expiry Time: (use default value) CODEC/RTP/DTMF--- Paulin calls Arnor (Use default value) He picks up the phone and dials 2222# (DialPlan Phone Number for John) Vigor2820 Series User’s Guide...
Page 253: Upgrade Firmware For Your Router
4. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 5. Go to www.draytek.com to find out the newly update firmware for your router. 6. Access into Support Center >> Downloads. Find out the model name of the router and click the firmware link.
Page 254 You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need. Vigor2820 Series User’s Guide...
Page 255: Request A Certificate From A Ca Server On Windows Ca Server
14. Click Send. 15. Now the firmware update is finished. Vigor2820 Series User’s Guide...
Page 256 You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Vigor2820 Series User’s Guide...
Page 257 Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Vigor2820 Series User’s Guide...
Page 258 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2820 Series User’s Guide...
Page 259: Request A Ca Certificate And Set As Trusted On Windows Ca Server
Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2820 Series User’s Guide...
Page 260 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2820 Series User’s Guide...
Page 261: Trouble Shooting
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2820 Series User’s Guide...
Page 262 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2820 Series User’s Guide...
Page 263 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2820 Series User’s Guide...
Page 264: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. It the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2820 Series User’s Guide...
Page 265: Checking If The Isp Settings Are Ok Or Not
Click WAN1 or WAN2 link to review the settings that you configured previously. Check if the Enable option is selected. Check if Username and Password are entered with correct values that you got from your ISP. Vigor2820 Series User’s Guide...
Page 266 Check if the Enable option is selected. Check if DSL Modem Settings is set appropriately. Check if IP Address, Subnet Mask and Gateway are set correctly (must identify with the values from your ISP) if you choose Specify an IP address. Vigor2820 Series User’s Guide...
Page 267 ISP. Check if the Enable option for PPTP Link is selected. Check if PPTP Server, Username, Password and WAN IP address are set correctly (must identify with the values from your ISP). Vigor2820 Series User’s Guide...
Page 268: Problems For 3G Network Connection
Please open DrayTek Syslog Tool to capture the connection information (WAN Log) and send the page (similar to the following graphic) to the service center of DrayTek. Please connect your Notebook with 3G USB Modem to test the connection speed to verify if the problem is caused by Vigor2820.
Page 269: Contacting Your Dealer
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor2820 Series User’s Guide...

Draytek Vigor2820 Series User Manual

Preface

Configuring Basic Settings

Advanced Web Configuration

Application and Examples

Trouble Shooting

Quick Links

Need help?

Questions and answers

Related Manuals for Draytek Vigor2820 Series

Summary of Contents for Draytek Vigor2820 Series

Table of Contents