Draytek vigor2920 series User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. Vigor2920 Series
  6. User manual
Draytek vigor2920 series User Manual

Draytek vigor2920 series User Manual

Dual-wan security router
Hide thumbs Also See for vigor2920 series:
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the vigor2920 series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Draytek vigor2920 series

Summary of Contents for Draytek vigor2920 series

  • Page 2 Vigor2920 Series Dual-WAN Security Router User’s Guide Version: 3.0 Firmware Version: V3.6.3 (For future update, please visit DrayTek website) Date: 29/01/2013 Vigor2920 Series User’s Guide...

  • Page 3: Copyright Information

    Web registration is preferred. You can register your Vigor router via Be a Registered http://www.DrayTek.com. Owner Due to the continuous evolution of DrayTek technology, all routers will be regularly Firmware & Tools upgraded. Please consult the DrayTek web site for more information on newest Updates firmware, tools and documents.

  • Page 4: European Community Declarations

    Product: Vigor2920 Series Router DrayTek Corp. declares that Vigor2920 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class B and EN55024/Class B.

  • Page 5: Table Of Contents

    Disconnection........................51 3.3 How can I get the files from USB storage device connecting to Vigor router?....55 3.4 How to configure Multi-Subnet for Vigor Router............. 58 3.5 How to Customize Your Login Page ................65 Vigor2920 Series User’s Guide...
  • Page 6 3.6 How to use SmartMonitor with Vigor2920 series ............67 3.7 Create a LAN-to-LAN Connection Between Remote Office and Headquarter ....68 3.8 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter . 76 3.9 QoS Setting Example..................... 80 3.10 Request a certificate from a CA server on Windows CA Server ........
  • Page 7 4.12.2 SIP Accounts ........................301 4.12.3 Phone Settings ........................306 4.12.4 Status..........................312 4.13 Wireless LAN ......................313 4.13.1 Basic Concepts........................313 4.13.2 General Setup........................315 4.13.3 Security..........................319 4.13.4 Access Control........................321 4.13.5 WPS............................ 323 4.13.6 WDS............................ 326 Vigor2920 Series User’s Guide...
  • Page 8 5.3 Pinging the Router from Your Computer ..............380 5.4 Checking If the ISP Settings are OK or Not ..............381 5.5 Problems for 3G Network Connection................381 5.6 Backing to Factory Default Setting If Necessary ............382 Vigor2920 Series User’s Guide viii...
  • Page 9 5.7 Contacting Your Dealer....................383 Vigor2920 Series User’s Guide...

  • Page 11: Introduction

    Vigor2920 series is a broadband router. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DS, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 2 VPN tunnels.

  • Page 12: Web Configuration Buttons Explanation

    Add new settings for specified item. Edit the settings for the selected item. Delete the selected item with the corresponding settings. Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed explanation. Vigor2920 Series User’s Guide...

  • Page 13: Led Indicators And Connectors

    The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
  • Page 14 Then the router will restart with the factory default configuration. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...

  • Page 15: For Vigor2920N

    The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
  • Page 16 Then the router will restart with the factory default configuration. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...

  • Page 17: For Vigor2920Vn

    The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
  • Page 18 Connecter for analog phone(s). Line Connector for PSTN life line. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for Mobile HDD, 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...

  • Page 19: For Vigor2920V

    Left LED The port is connected. 1/2/3/4 (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
  • Page 20 Phone 1/2 Connecters for analog phone(s). GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for Mobile HDD, 3G Modem or printer. Connecter for a power adapter. ON/OFF Power Switch. Vigor2920 Series User’s Guide...

  • Page 21: Hardware Installation

    Power on the device by pressing down the power switch on the rear panel. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. (For the detailed information of LED status, please refer to section 1.1.) Vigor2920 Series User’s Guide...

  • Page 22: Printer Installation

    You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE/Vista, please visit www.DrayTek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
  • Page 23 Click Local printer attached to this computer and click Next. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next. Vigor2920 Series User’s Guide...
  • Page 24 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. Click Standard and choose Generic Network Card. Then, in the following dialog, click Finish. Vigor2920 Series User’s Guide...
  • Page 25 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name. Vigor2920 Series User’s Guide...
  • Page 26 If you do not know whether your printer is supported or not, please visit www.DrayTek.com to find out the printer list. Open Support > FAQ/Application Notes; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.

  • Page 27: Configuring Basic Settings

    The web page can be logged out according to the chosen condition. The default setting is Auto Logout, which means the web configuration system will logout after 5 minutes without any operation. Change the setting for your necessity. Vigor2920 Series User’s Guide...

  • Page 28: Changing Password

    Now, the Main Screen will appear. Note: The home page will change slightly in accordance with the type of the router you have. Go to System Maintenance page and choose Administrator Password. Vigor2920 Series User’s Guide...

  • Page 29: Quick Start Wizard

    If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. Vigor2920 Series User’s Guide...

  • Page 30: For Wan1/Wan2

    PPPoE is used for most of modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode. If your ISP provides you the PPPoE connection, please select PPPoE for this router. Vigor2920 Series User’s Guide...
  • Page 31 Assign a specific valid user name provided by the ISP. User Name Assign a valid password provided by the ISP. Password Retype the password. Confirm Password Click it to return to previous setting page. Back Click it to get into the next setting page. Next Vigor2920 Series User’s Guide...
  • Page 32 Please manually enter the Username/Password provided by your ISP. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2920 Series User’s Guide...
  • Page 33 Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Click PPTP/L2TP as the Internet Access Type. Then click Next to continue. Vigor2920 Series User’s Guide...
  • Page 34 Click it to give up the quick start wizard. Cancel Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2920 Series User’s Guide...
  • Page 35 Type the subnet mask. Subnet Mask Type the IP address of gateway. Gateway Type in the primary IP address for the router. Primary DNS Type in secondary IP address for necessity in the future. Secondary DNS Vigor2920 Series User’s Guide...
  • Page 36 Click DHCP as the protocol. Type in all the information that your ISP provides for this protocol. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Vigor2920 Series User’s Guide...
  • Page 37 Click it to return to previous setting page. Back Click it to get into th/e next setting page. Next Click it to give up the quick start wizard. Cancel After finishing the settings in this page, click Next to see the following page. Vigor2920 Series User’s Guide...

  • Page 38: For Wan3

    5. Now, you can enjoy surfing on the Internet. To use 3G USB modem for network connection, please choose WAN3. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Vigor2920 Series User’s Guide...

  • Page 39: Service Activation Wizard

    Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com. For using Web Content Filter Profile, please refer to later section Web Content Filter Profile for detailed information.
  • Page 40 When you finish the selection, please click Next. Commtouch is the web content filter based on Commtouch operated in the worldwide. There is a 30-day trial period. After trial, you can purchase DrayTek's prepared Commtouch GlobalView WCF package from retailing outlets.
  • Page 41 Note: The service will be activated and applied as the default rule configured in Firewall>>General Setup. Now, the web page will display the service that you have activated according to your selection(s). The valid time for the free trial of these services is 30-day. Vigor2920 Series User’s Guide...
  • Page 42 Later, if you need to extend the license valid time for the same service, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next. Vigor2920 Series User’s Guide...

  • Page 43: Voip Wizard

    Use the same Account as phone 1 – If you don’t need to configure Phone 2 settings, simply check this box. Click it to get into the next setting page. Next Click it to give up the quick start wizard. Cancel Vigor2920 Series User’s Guide...

  • Page 44: Online Status

    3. After finished the settings above, click Next for viewing summary of such connection. 4. Click Finish. A page of VoIP Wizard Setup OK!!! will appear. Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. Vigor2920 Series User’s Guide...
  • Page 45 GW IP - Displays the IP address of the default gateway. TX Packets - Displays the total transmitted packets at the WAN interface. TX Rate - Displays the speed of transmitted octets at the WAN interface. Vigor2920 Series User’s Guide...
  • Page 46 Note: The words in green mean that the WAN connection of that interface is ready for accessing Internet; the words in red mean that the WAN connection of that interface is not ready for accessing Internet. Vigor2920 Series User’s Guide...

  • Page 47: Virtual Wan

    Now it is the time to register your Vigor router to MyVigor website for getting more service. Please follow the steps below to finish the router registration. Please login the web configuration interface of Vigor router by typing “admin/admin” as User Name / Password. Vigor2920 Series User’s Guide...
  • Page 48 Click Support Area>>Production Registration from the home page. A Login page will be shown on the screen. Please type the account and password that you created previously. And click Login. Vigor2920 Series User’s Guide...
  • Page 49 When the following page appears, please type in Nickname (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit. Vigor2920 Series User’s Guide...
  • Page 50 When the following page appears, your router information has been added to the database. Click OK to leave this web page and return to My Information web page. Take a look at the page of My Information, the new added Vigor rotuer is listed under Your Device List. Vigor2920 Series User’s Guide...

  • Page 51: Tutorials And Applications

    Access into the web user interface of Vigor2920. Open WAN>> Internet Access. Choose one of the WAN interfaces (e.g., WAN2 in this case) as the one supporting IPv6 service. Then, choose PPPoE as the Access Mode and click Details Page. Vigor2920 Series User’s Guide...
  • Page 52 Different connection types will bring out different configuration page. Refer to the following: PPP – Dual Stack application Choose PPP to access into the setting page for IPv6 service. It is not necessary for you to configure anything. Vigor2920 Series User’s Guide...
  • Page 53 Click OK and open Online Status. If the connection is successful, you will get the IP address for IPv4 and IPv6 at the same time. Vigor2920 Series User’s Guide...
  • Page 54 (In the following figure, the TSPC information is obtained from http://gogo6.com/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
  • Page 55 (In the following figure, the AICCU information is obtained from https://www.sixxs.net/main/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
  • Page 56 DHCPv6 Client Choose DHCPv6 Client. Click one of the identity associations and type the IAID number. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
  • Page 57 Static IPv6 Choose Static IPv6. Type IPv6 address, Prefix Length and Gateway Address. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
  • Page 58 In the field of HCPv6 Server Configuration, when DHCPv6 service is enabled, you can assign available IPv6 address for the client manually. Note: When both mechanisms are enabled, the client can determine which mechanism to be used (e.g., the default mechanism for Windows7 is RADVD). Vigor2920 Series User’s Guide...
  • Page 59 IPv4 IP and IPv6 IP services. Its IPv6 address is seen with a format of 2001:200:dff:fff1:216:3eff:feb1:44d7. After getting the above message, it means the IPv6 service has been activated successfully. Vigor2920 Series User’s Guide...
  • Page 60 If not, only a steady turtle will be seen. If you can see a turtle dancing on the screen, that means IPv6 service is ready for you to access and utilize. Vigor2920 Series User’s Guide...

  • Page 61: How To Send A Notification To Specified Phone Number Via Sms Service In Wan Disconnection

    Choose any index number (e.g., Index 1 in this case) to configure the SMS Provider setting. In the following page, type the username and password and set the quota that the router can send the message out. Vigor2920 Series User’s Guide...
  • Page 62 Choose any index number (e.g., Index 1 in this case) to configure conditions for sending the SMS. In the following page, type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper. Vigor2920 Series User’s Guide...
  • Page 63 Click OK to save the settings. Later, if one of the WAN connections fails in your router, the system will send out SMS to the phone number specified. If the router has only one WAN interface, the system will send out SMS to the phone number while reconnecting the WAN interface successfully. Vigor2920 Series User’s Guide...
  • Page 64 URL string of the SMS provider and type the username and password. After clicking OK, the new added SMS provider will be added and will be available for you to specify for sending SMS out. Vigor2920 Series User’s Guide...

  • Page 65: How Can I Get The Files From Usb Storage Device Connecting To Vigor Router

    Plug the USB device to the USB port on the router. Make sure Disk Connected appears on the Connection Status as the figure shown below: Open USB Application >> USB General Settings to check the general settings. Click Vigor2920 Series User’s Guide...
  • Page 66 "user1" and assign authorities “Read”, “Write” and “List” to it. Click OK to save the configuration. Make sure the FTP service is running properly. Please open a browser and type ftp://192.168.1.1. Use the account "user1" to login. Vigor2920 Series User’s Guide...
  • Page 67 Now, users in LAN of Vigor2920 can access into the USB storage device by typing ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management. Vigor2920 Series User’s Guide...

  • Page 68: How To Configure Multi-Subnet For Vigor Router

    VLAN Configuration. For VLAN0 setting, check P1 and set LAN1 as the Subnet. For VLAN1 setting, check P2 and set LAN2 as the Subnet. For VLAN2 setting, check P3 and P4, and set LAN3 as the Subnet. Vigor2920 Series User’s Guide...
  • Page 69 The equipment connecting to Vigor2920 LAN Port 3 and Port 4 (LAN3) can get the IP address of 192.168.3.0/24 For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2920 Series User’s Guide...
  • Page 70 To make any two of VLAN groups linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2920 Series User’s Guide...
  • Page 71 (8) for VID setting. Then check P4 and set LAN2 as the Subnet. To activate the function of VLAN Tag for VLAN2 setting, check the box of Enable and type the value (9) for VID setting. Then check P4 and set LAN3 as the Subnet. Vigor2920 Series User’s Guide...
  • Page 72 In the page of LAN >> General Setup, check the Status box of LAN2, LAN3 and LAN4 and enable the function of DHCP. For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2920 Series User’s Guide...
  • Page 73 Port 23 is set with Trunk in this example and will transfer the packets with VLAN Tag information. That is, packets with VID 7, 8, 9 and 10 will be transferred to Vigor2920 by Port 23 and VID information will be retained. Vigor2920 Series User’s Guide...
  • Page 74 To make any two of VLAN groups of Tag Based VLAN linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2920 Series User’s Guide...

  • Page 75: How To Customize Your Login Page

    Open User Management>>General Setup. Set User-Based as the Mode and click OK to save teh settings. Open User Management>>User Profile to create a new user profle. Click any link (e.g., #3) to access into the following page. Type a User Name and a Password. Then, click OK. Vigor2920 Series User’s Guide...
  • Page 76 “Just for Carrie” is displayed as a heading on the login dialog box. After typing the username and password (defined in User Management>>User Profile), click Login. You can access into Internet or access into the Landing Page if configured in User Management>>General Setup. Vigor2920 Series User’s Guide...

  • Page 77: How To Use Smartmonitor With Vigor2920 Series

    SmartMonitor to the monitor port of Vigor router, then all the traffic in other LAN port will forward to the monitor port. But, there is no hardware monitor port for Vigor2920 series. Therefore we need to configure mirror port setting in the web user interface of Vigor2920 for using SmartMonitor.

  • Page 78: Create A Lan-To-Lan Connection Between Remote Office And Headquarter

    For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
  • Page 79 Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. Vigor2920 Series User’s Guide...
  • Page 80 Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Vigor2920 Series User’s Guide...
  • Page 81 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2920 Series User’s Guide...
  • Page 82 PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
  • Page 83 Set Dial-Out Settings as shown below to dial to connect to Router A aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2920 Series User’s Guide...
  • Page 84 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2920 Series User’s Guide...
  • Page 85 Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2920 Series User’s Guide...

  • Page 86: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter

    PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
  • Page 87 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2920 Series User’s Guide...
  • Page 88 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.DrayTek.com download center. Install as instructed.
  • Page 89 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2920 Series User’s Guide...

  • Page 90: Qos Setting Example

    Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in the restroom. Go to Bandwidth Management>>Quality of Service. Vigor2920 Series User’s Guide...
  • Page 91 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the name “E-mail” for Class 1. Vigor2920 Series User’s Guide...
  • Page 92 POP3 and SMTP. Return to previous page. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserved bandwidth for HTTPS. And click OK. Click Setup link for WAN. Vigor2920 Series User’s Guide...
  • Page 93 Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. 10. Click Edit to open a new window. 11. Click Edit to open the following window. Check the ACT box, first. Vigor2920 Series User’s Guide...
  • Page 94 12. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK. Vigor2920 Series User’s Guide...

  • Page 95: Request A Certificate From A Ca Server On Windows Ca Server

    Go to Certificate Management and choose Local Certificate. Vigor2920 Series User’s Guide...
  • Page 96 Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Vigor2920 Series User’s Guide...
  • Page 97 IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. Vigor2920 Series User’s Guide...
  • Page 98 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2920 Series User’s Guide...

  • Page 99: Request A Ca Certificate And Set As Trusted On Windows Ca Server

    Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2920 Series User’s Guide...
  • Page 100 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2920 Series User’s Guide...

  • Page 101: Creating An Account For Myvigor

    The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Web Content Filter) to filtering the web pages for the sake of protecting your system. In general, Service Activation Wizard can activate WCF service for the router by using simple steps.
  • Page 102 2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. Check to confirm that you accept the Agreement and click Accept. Vigor2920 Series User’s Guide...
  • Page 103 5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue. Vigor2920 Series User’s Guide...
  • Page 104 New Account Confirmation Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2920 Series User’s Guide...

  • Page 105: Creating An Account Via Myvigor Web Site

    11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
  • Page 106 2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue. Vigor2920 Series User’s Guide...
  • Page 107 New Account Confirmation Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2920 Series User’s Guide...
  • Page 108 UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. Vigor2920 Series User’s Guide...

  • Page 109: Advanced Web Configuration

    (NIC). Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP/IP local area networks (LANs), such as host PCs under the management of a router since they do not need to be accessed by the public. Hence, the NIC Vigor2920 Series User’s Guide...
  • Page 110 Users can use four LAN ports on the router to access Internet. Also, they can access Internet via 802.11n wireless function of Vigor2920/Vn, and enjoy the powerful firewall, bandwidth management, VPN features of Vigor2920n/Vn series. Vigor2920 Series User’s Guide...

  • Page 111: General Setup

    Besides, 3G USB Modem in WAN3 also can be used as backup device. Therefore, when WAN1/WAN2 is not available, the router will use 3.5G for supporting automatically. The supported 3G USB Modem will be listed on Draytek web site. Please visit www.draytek.com for more detailed information.
  • Page 112 Display whether such WAN interface is connected and allows Active Mode to access into Internet always, or such WAN interface will be treated as backup WAN interface. Note: In default, each WAN port is enabled. Vigor2920 Series User’s Guide...
  • Page 113 Please type the tag value and specify the priority for the packets sending by WAN1. Disable – Disable the function of VLAN with tag. Tag value – Type the value as the VLAN ID number. The Vigor2920 Series User’s Guide...
  • Page 114 WAN interface disconnects. When all WAN disconnect – Such backup WAN will be activated only when all master WAN interfaces disconnect. After finished the above settings, click OK to save the settings. Vigor2920 Series User’s Guide...
  • Page 115 Internet all the time. If you choose Backup as the Active Mode, you have to specify which WAN interface will be selected to backup multiple WANs. However, ignore this setting if you want to backup a single WAN. Vigor2920 Series User’s Guide...

  • Page 116: Internet Access

    For the router supports multi-WAN function, the users can set different WAN settings (for WAN1/WAN2/WAN3) for Internet Access. Due to different Physical Mode for WAN interfaces, the Access Mode for these connections also varies. Refer to the following figures Vigor2920 Series User’s Guide...
  • Page 117 If IPv6 service is active on this WAN interface, the color of “IPv6” will become green. To choose PPPoE as the accessing protocol of the internet, please select PPPoE from the Internet Access menu. The following web page will be shown. Vigor2920 Series User’s Guide...
  • Page 118 IP address whenever you request. In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function. Vigor2920 Series User’s Guide...
  • Page 119 Address or specify another MAC address by typing on the boxes of MAC Address for the router. Specify a MAC Address – Type the MAC address for the router manually. After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
  • Page 120 PING Interval - Enter the interval for the system to execute the PING operation. Such function allows you to verify whether network WAN Connection connection is alive or not through ARP Detect or Ping Detect. Vigor2920 Series User’s Guide...
  • Page 121 Router Name: Type in the router name provided by ISP. Domain Name: Type in the domain name that you have assigned. Specify an IP address – Click this radio button to specify some data if you want to use Static IP mode. Vigor2920 Series User’s Guide...
  • Page 122 Enable L2TP - Click this radio button to enable a L2TP client to establish a tunnel to a DSL modem on the WAN interface. Disable – Click this radio button to close the connection through PPTP or L2TP. Vigor2920 Series User’s Guide...
  • Page 123 WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Vigor2920 Series User’s Guide...
  • Page 124 After finishing all the settings here, please click OK to activate them. To use PPP (for 3G USB Modem) as the accessing protocol of the internet, please choose Internet Access from WAN menu. Then, select PPP mode for WAN3. The following web page will be shown. Vigor2920 Series User’s Guide...
  • Page 125 IP address in this field for pinging. TTL (Time to Live) – Displays value for your reference. TTL value is set by telnet command. After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
  • Page 126 It means Max Transmit Unit for packet. The default setting is 1380. Display the software version of LTE. LTE software version Display the firmware version of LTE. LTE hardware version After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
  • Page 127 PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix. No need to type any other information for PPP mode. Below shows an example for successful IPv6 connection based on PPPoE mode. Vigor2920 Series User’s Guide...
  • Page 128 After getting the IPv6 prefix and starting router advertisement daemon (RADVD), the PC behind this router can directly connect to IPv6 the Internet. Available settings are explained as follows: Vigor2920 Series User’s Guide...
  • Page 129 Type the password again to make the confirmation. Confirm Password Type the address for the tunnel broker IP, FQDN or an Tunnel Broker optional port number. Type the subnet prefix address getting from service Subnet Prefix provider Vigor2920 Series User’s Guide...
  • Page 130 Available settings are explained as follows: Item Description Choose Prefix Delegation or Non-temporary Address as Identify Association the identify association. Type a number as IAID. IAID – – This type allows you to setup static IPv6 address for WAN interface. Vigor2920 Series User’s Guide...

  • Page 131: Load-Balance Policy

    Note: Load-Balance Policy is running only when more than one WAN interface is activated. Each item is explained as follows: Item Description Click the number of index to access into the load-balance Index policy configuration web page. Check this box to enable this policy. Enable Vigor2920 Series User’s Guide...
  • Page 132 Choose the WAN interface (WAN1 / WAN2 / WAN3) for Binding WAN interface binding. Auto failover to other WAN – Check this button to lead the data passing through other WAN automatically when the selected WAN interface is failover. Vigor2920 Series User’s Guide...

  • Page 133: Multi-Vlan

    Available settings are explained as follows: Item Description Display the number of each channel. Channel Check this box to enable that channel. The channels that you Enable enabled here will be shown in the Multi-VLAN channel drop Vigor2920 Series User’s Guide...
  • Page 134 VoIP - It can be specified for VoIP only. If you choose VoIP, the configuration for this VLAN will be effective for VoIP data transmitting and receiving. IPTV - Packets from IGMP proxy will be sent out from such WAN interface. Therefore, the setting for IGMP shall be Vigor2920 Series User’s Guide...
  • Page 135 LAN port for channel 3 to 8. Click Clear to remove all the configurations in this page if you do not satisfy it. When you finish the configuration, please click OK to save and exit this page. Vigor2920 Series User’s Guide...

  • Page 136: Lan

    IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2920 Series User’s Guide...
  • Page 137 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2920 Series User’s Guide...

  • Page 138: General Setup

    Details Page - Click it to access into the setting page. Each LAN will have different LAN configuration page. Each LAN must be configured in different subnet. IPv6 – Click it to access into the settings page of IPv6. Vigor2920 Series User’s Guide...
  • Page 139 DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network. Enable Server - Let the router assign IP address to every host Vigor2920 Series User’s Guide...
  • Page 140 If you want to use the router as a DNS proxy server, you have to input router’s LAN IP into the Primary or Secondary DNS server IP fields manually. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
  • Page 141 It's used to control the lifetime of the prefix. The maximum value corresponds to 18.2 hours. A lifetime of 0 indicates that the router is not a default router and should not appear on the default router Vigor2920 Series User’s Guide...
  • Page 142 (Default: 255.255.255.0/ 24) DHCP stands for Dynamic Host Configuration Protocol. The DHCP Server router by factory default acts a DHCP server for your network Configuration so it automatically dispatch related IP settings to any local user Vigor2920 Series User’s Guide...
  • Page 143 DHCP server. The value is usually as same as the 1st IP address of the router, which means the router is the default gateway. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
  • Page 144 Delete – Click it to delete the selected MAC address. Edit – Click it to edit the selected MAC address. Cancel – Click it to cancel the job of adding, deleting and editing. Vigor2920 Series User’s Guide...

  • Page 145: Static Route

    The number (1 to 10) under Index allows you to open next Index page to set up static route. Displays the destination address of the static route. Destination Address Displays the status of the static route. Status Vigor2920 Series User’s Guide...
  • Page 146 Displays the routing table for your reference. Viewing IPv6 Routing Table Click any underline of index number to get the following page. Available settings are explained as follows: Item Description Click it to enable this profile. Enable Vigor2920 Series User’s Guide...
  • Page 147 Note: There are two reasons that we have to apply RIP Protocol Control on 1st Subnet. The first is that the LAN interface can exchange RIP packets with the neighboring routers via the 1st subnet (192.168.1.0/24). The second is that those Vigor2920 Series User’s Guide...
  • Page 148 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2920 Series User’s Guide...

  • Page 149: Vlan

    Disable – Disable the function of VLAN with tag. VID – Type the value as the VLAN ID number. The range is form 0 to 4095. Priority – Type the packet priority number for such VLAN. The range is from 0 to 7. Vigor2920 Series User’s Guide...

  • Page 150: Bind Ip To Mac

    ARP Table information for IP and MAC will be displayed in this field. Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below Vigor2920 Series User’s Guide...

  • Page 151: Lan Port Mirror

    VLAN at the same time. Third, it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port. Last, it is more convenient and easy to configure in user’s interface. Vigor2920 Series User’s Guide...

  • Page 152: Wired 802.1X

    Check the box to enable LAN 802.1x function. Enable After enabling the function, simply specify the LAN port(s) to 802.1x ports apply such function. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 153: Web Portal Setup

    Display the applied interfaced of the profile. Interface Open a preview window according to the configured settings. Preview To configure the profile, click any index number link to open the following page. Available settings are explained as follows: Vigor2920 Series User’s Guide...

  • Page 154: Nat

    192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods. Below shows the menu items for NAT. Vigor2920 Series User’s Guide...

  • Page 155: Port Redirection

    The port redirection can only apply to incoming traffic. To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 20 port-mapping entries for the internal hosts. Vigor2920 Series User’s Guide...
  • Page 156 Display the IP address of the internal host providing the Private IP service. Display if the profile is enabled (v) or not (x). Status Press any number under Index to access into next page for configuring port redirection. Vigor2920 Series User’s Guide...
  • Page 157 80 to avoid conflict, such as 8080. This can be set in the System Maintenance >>Management Setup. You then will access the admin screen of by suffixing the IP address with 8080, e.g., http://192.168.1.1:8080 instead of port 80. Vigor2920 Series User’s Guide...
  • Page 158 Vigor2920 Series User’s Guide...

  • Page 159: Dmz Host

    Click DMZ Host to open the following page: Available settings are explained as follows: Item Description Choose Private IP or Active True IP first. Active True IP selection is available for WAN1 only. Vigor2920 Series User’s Guide...
  • Page 160 WAN1 only. See the following figure. See the following figure. If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface, you will find them in Aux. WAN IP for your selection. Vigor2920 Series User’s Guide...
  • Page 161 When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 162: Open Ports

    Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 20 port ranges for diverse services. Vigor2920 Series User’s Guide...
  • Page 163 Specify the starting port number of the service offered by the Start Port local host. Specify the ending port number of the service offered by the End Port local host. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 164: Address Mapping

    Available settings are explained as follows: Item Description Indicate the relative number for the particular entry that you Index want to configure You should click the appropriate index number to edit or clear the corresponding entry. Vigor2920 Series User’s Guide...
  • Page 165 WAN side and have source address as configured in the WAN IP field. Select a value of subnet mask for private IP address. Subnet Mask After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 166: Port Triggering

    Triggering Port Display the protocol for the incoming data of such triggering Incoming Protocol profile. Display the port for the incoming data of such triggering Incoming Port profile. Display if the rule is active or de-active. Status Vigor2920 Series User’s Guide...
  • Page 167 Type the port or port range for such trigger profile. Triggering Port When the triggering packets received, it is expected the Incoming Protocol incoming packets will use the selected protocol. Select the protocol (TCP, UDP or TCP/UDP) for the incoming data of such triggering profile. Vigor2920 Series User’s Guide...
  • Page 168 Type the port or port range for the incoming packets. Incoming Port After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 169: Firewall

    It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor2920 Series User’s Guide...
  • Page 170 4. Port Scan attack 12. Tear drop attack 5. IP options 13. Ping of Death attack 6. Land attack 14. ICMP fragment 7. Smurf attack 15. Unknown protocol 8. Trace route Below shows the menu items for Firewall. Vigor2920 Series User’s Guide...

  • Page 171: General Setup

    Vigor router, will be filtered by firewall. If the firewall system (e.g., content filter server) does not make any response (pass or block) for these packets, then the router’s firewall will block the packets directly. Vigor2920 Series User’s Guide...
  • Page 172 The default setting is 60000. Choose one of the QoS rules to be applied as firewall rule. For Quality of Service detailed information of setting QoS, please refer to the related section later. Vigor2920 Series User’s Guide...
  • Page 173 Select one of the Web Content Filter profile settings (created Web Content Filter in CSM>> Web Content Filter) for applying with this router. Please set at least one profile for anti-virus in CSM>> Web Content Filter web page first. Or choose [Create New] from Vigor2920 Series User’s Guide...
  • Page 174 However, if the network is not stable, small value will be proper. Session timeout – Setting timeout for sessions can make the best utilization of network resources. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 175: Filter Setup

    Set the link to the next filter set to be executed after the current Next Filter Set filter run. Do not make a loop with many filter sets. To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Vigor2920 Series User’s Guide...
  • Page 176 ON Set the direction of packet flow. It is for Data Filter only. For Direction the Call Filter, this setting is not available since Call Filter is only applied to outgoing traffic. Vigor2920 Series User’s Guide...
  • Page 177 From the IP Group drop down list, choose the one that you want to apply. Or use the IP Object drop down list to choose the object that you want. Click Edit to access into the following dialog to choose a Service Type suitable service type. Vigor2920 Series User’s Guide...
  • Page 178 Too Short - Apply the rule only to packets that are too short to contain a complete header. Specifies the action to be taken when packets match the rule. Filter Block Immediately - Packets matching the rule will be dropped immediately. Vigor2920 Series User’s Guide...
  • Page 179 [Create New] from the drop down list in this page to create a new profile. All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here. For detailed information, refer to the section of Vigor2920 Series User’s Guide...
  • Page 180 Please use the drop-down list to choose a codepage. If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Vigor2920 Series User’s Guide...
  • Page 181 TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web page. The default setting is Enabled.
  • Page 182 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2920 Series User’s Guide...

  • Page 183: Dos Defense

    Threshold of the UDP packets from the Internet defense has exceeded the defined value, the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout. The default setting for threshold and timeout are 150 packets per Vigor2920 Series User’s Guide...
  • Page 184 Activating the DoS/DDoS defense functionality might block some legal packets. For example, when you activate the fraggle attack defense, all broadcast UDP packets coming from the Internet are blocked. Therefore, the RIP packets from the Vigor2920 Series User’s Guide...
  • Page 185 All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor2920 Series User’s Guide...

  • Page 186: User Management

    Note: Filter rules configured under Firewall usually are applied to the host (the one that the router installed) only. With user management, the rules can be applied to every user connected to the router with customized profiles. Vigor2920 Series User’s Guide...

  • Page 187: General Setup

    Rule-Based –If you choose such mode, the router will apply the filter rules configured in Firewall>>General Setup and Filter Rule to the users. Choose HTTP or HTTPS as the protocol used by users to log Web Authentication into the web page. Vigor2920 Series User’s Guide...
  • Page 188 Type the information to be displayed on the first web page Landing Page when the LAN user accessing into Internet via such router. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 189: User Profile

    To set the user profile, please click any index number link to open the following page. Notice that profile 1 (admin) and profile 2 (System Reservation) are factory default settings. Profile 2 is reserved for future use. Click any index number to open the following configuration page: Vigor2920 Series User’s Guide...
  • Page 190 Type the password again for confirmation. Confirm Password If the user is idle over the limitation of the timer, the network Idle Timeout connection will be stopped for such user. By default, the Idle Timeout is set to 10 minutes. Vigor2920 Series User’s Guide...
  • Page 191 Syslog. Please choose any one of the log items to take down relational records for the user(s). If such function is enabled, a pop up window will be displayed Pop Browser Tracking Vigor2920 Series User’s Guide...
  • Page 192 When a user tries to access into the web user interface of Landing Page Vigor2920 series with the user name and password specified in this profile, he/she will be lead into the web page configured in Landing Page field in User Management>>General Setup.

  • Page 193: User Group

    This page allows you to bind several user profiles into one group. These groups will be used in Firewall>>General Setup as part of filter rules. Please click any index number link to open the following page. Available settings are explained as follows: Vigor2920 Series User’s Guide...

  • Page 194: User Online Status

    Display the number of the data flow. Index Display the users which connect to Vigor router currently. You Active User can click the link under the username to open the user profile setting page for that user. Vigor2920 Series User’s Guide...
  • Page 195 Display the idle timeout setting for such profile. Idle Time Block - can prevent specified user accessing into Internet. Action Unblock – the user will be blocked. Logout – the user will be logged out forcefully. Vigor2920 Series User’s Guide...

  • Page 196: Objects Settings

    Description Clear all profiles. Set to Factory Default Display the profile number that you can configure. Index Display the name of the object profile. Name To set a new profile, please do the steps listed below: Vigor2920 Series User’s Guide...
  • Page 197 Address Type Select Single Address if this object contains one IP address only. Select Range Address if this object contains several IPs within a range. Select Subnet Address if this object contains one subnet for IP Vigor2920 Series User’s Guide...
  • Page 198 If it is checked, all the IP addresses except the ones listed Invert Selection above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 199: Ip Group

    Display the profile number that you can configure. Index Display the name of the group profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
  • Page 200 Objects Click >> button to add the selected IP objects in this box. Selected IP Objects After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 201: Ipv6 Object

    Display the name of the object profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2920 Series User’s Guide...
  • Page 202 If it is checked, all the IPv6 addresses except the ones listed Invert Selection above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 203: Ipv6 Group

    Display the name of the group profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2920 Series User’s Guide...
  • Page 204 Objects Selected IPv6 Objects Click >> button to add the selected IPv6 objects in this box. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 205: Service Type Object

    Display the profile number that you can configure. Index Display the name of the object profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
  • Page 206 (>) – the port number greater than this value is available. (<) – the port number less than this value is available for this profile. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 207: Service Type Group

    Display the profile number that you can configure. Index Display the name of the group profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Group column for configuration in details. Vigor2920 Series User’s Guide...
  • Page 208 Objects Setting>>Service Type Object will be shown in this Type Objects box. Click >> button to add the selected IP objects in this box. Selected Service Type Objects After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 209: Keyword Object

    Display the name of the object profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2920 Series User’s Guide...
  • Page 210 Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 211: Keyword Group

    Display the profile number that you can configure. Index Display the name of the group profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
  • Page 212 Selected Keyword Click button to add the selected Keyword objects in Objects this box. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 213: File Extension Object

    Display the profile number that you can configure. Index Display the name of the object profile. Name To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Profile column for configuration in details. Vigor2920 Series User’s Guide...
  • Page 214 Profile Name Type a name for such profile and check all the items of file extension that will be processed in the router. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 215: Sms/Mail Service Object

    Display the service provider which offers SMS service. SMS Provider To set a new profile, please do the steps listed below: 1. Click the SMS Provider tab, and click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
  • Page 216 SMS text message on the standard route. To avoid quota being exhausted soon, type time interval for Sending Interval sending the SMS. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
  • Page 217 Profile Name Type the website of the service provider. Service Provider Type the URL string in the box under the filed of Service Provider. You have to contact your SMS provider to obtain the exact URL string. Vigor2920 Series User’s Guide...
  • Page 218 Item Description Clear all of the settings and return to factory default Set to Factory Default settings. Display the profile number that you can configure. Index Display the name for such mail server profile. Profile Name Vigor2920 Series User’s Guide...
  • Page 219 Check the box to enable the function. Username – Type a name for authentication. Password – Type a password for authentication. Define the interval for the system to send the SMS out. Sending Interval Vigor2920 Series User’s Guide...

  • Page 220: Notification Object

    Display the name for such mail server profile. Profile Name To set a new profile, please do the steps listed below: 1. Open Object Setting>>Notification Object, and click the number (e.g., #1) under Index column for configuration in details. Vigor2920 Series User’s Guide...
  • Page 221 Display the types that will be monitored. Category Display the status for the category. You can check the box Status you want to be monitored. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 222: Csm Profile

    Vigor router will then decide whether to allow access to this site according to the categories you have selected. Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Vigor2920 Series User’s Guide...

  • Page 223: App Enforcement Profile

    There are four tabs IM, P2P, Protocol and Misc displayed on this page. Each tab will bring out different items that you can choose to disallow people using. Below shows the items which are categorized under IM. Vigor2920 Series User’s Guide...
  • Page 224 After finishing all the settings here, please click OK to save the configuration. The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow. Vigor2920 Series User’s Guide...
  • Page 225 The items categorized under P2P ----- The items categorized under Protocol. Vigor2920 Series User’s Guide...
  • Page 226 The items categorized under Misc ----- Vigor2920 Series User’s Guide...

  • Page 227: Url Content Filter Profile

    Each item is explained as follows: Item Description Clear all profiles. Set to Factory Default Display the number of the profile which allows you to click Profile to set different policy. Display the name of the URL Content Filter Profile. Name Vigor2920 Series User’s Guide...
  • Page 228 URL Access Control and Web Feature below, such function can determine the priority for the actions executed. For this one, the router will process the packages with the conditions set below for Vigor2920 Series User’s Guide...
  • Page 229 In addition, the maximal length of each frame is 32-character long. After specifying keywords, the Vigor router will decline the connection request to the website whose URL Vigor2920 Series User’s Guide...
  • Page 230 File Extension Profile – Choose one of the profiles that you configured in Object Setting>> File Extension Objects previously for passing or blocking the file downloading. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 231: Web Content Filter Profile

    Please refer to section of creating MyVigor account. WCF adopts the mechanism developed and offered by certain service provider (e.g., DrayTek). No matter activating WCF feature or getting a new license for web content filter, you have to click Activate to satisfy your request.
  • Page 232 It is recommended for you to use the default setting, Setup Test Server auto-selected. Such server is powered by Commtouch. Click it to open http://myvigor.draytek.com for searching Find more another qualified and suitable server. Click this link to retrieve the factory settings.
  • Page 233 Block - restrict accessing into the corresponding webpage with the characters listed on Group/Object Selections. If the web pages do not match with the specified feature set here, they will be processed with the categories listed on the box below. Vigor2920 Series User’s Guide...
  • Page 234 Block – Only the log about Block will be recorded in Syslog. All – All the actions (Pass and Block) will be recorded in Syslog. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 235: Bandwidth Management

    In the Bandwidth Management menu, click Sessions Limit to open the web page. To activate the function of limit session, simply click Enable and set the default session limit. Available settings are explained as follows: Item Description Vigor2920 Series User’s Guide...
  • Page 236 Application >> Setup Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 237: Bandwidth Limit

    Disable - Click this button to close the function of limit bandwidth. Default TX limit - Define the default speed of the upstream for each computer in LAN. Default RX limit - Define the default speed of the Vigor2920 Series User’s Guide...
  • Page 238 All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 239: Quality Of Service

    The core routers in the backbone will do the same checking before executing treatments in order to ensure service-level consistency throughout the whole QoS-enabled network. Vigor2920 Series User’s Guide...
  • Page 240 Index – Display the class number that you can edit. Class Rule Name – Display the name of the class. Rule – Allow to configure detailed settings for the selected Class. Service Type – Allow to configure detailed settings for the Vigor2920 Series User’s Guide...
  • Page 241 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Vigor2920 Series User’s Guide...
  • Page 242 Check this and set the limited bandwidth ratio on the right Enable UDP Bandwidth field. This is a protection of TCP application traffic since UDP Control application traffic such as streaming video will exhaust lots of Vigor2920 Series User’s Guide...
  • Page 243 Edit link of that one. After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. Vigor2920 Series User’s Guide...
  • Page 244 QoS control. It determines the service type of the data for processing with Service Type QoS control. It can also be edited. You can choose the predefined service type from the Service Type drop down list. Vigor2920 Series User’s Guide...
  • Page 245 Edit to open the rule edit page for modification. To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. Vigor2920 Series User’s Guide...
  • Page 246 For example, in the following illustration, the VoIP packets in LAN go into Vigor router without any header. However, when they go forward to the Server on ISP through Vigor router, all of the packets are tagged with AF (configured in Bandwidth >>QoS>>Class) automatically. Vigor2920 Series User’s Guide...
  • Page 247 Vigor2920 Series User’s Guide...

  • Page 248: Applications

    In the DDNS setup menu, check Enable Dynamic DNS Setup. Available settings are explained as follows: Item Description Clear all profiles and recover to factory settings. Set to Factory Default Vigor2920 Series User’s Guide...
  • Page 249 WAN1/WAN2/WAN3 as the first channel for such account. If WAN1/WAN2/WAN3 fails, the router will use another WAN interface instead. WAN1/WAN2/WAN3 Only - While connecting, the router will use WAN1/WAN2/WAN3 as the only channel Vigor2920 Series User’s Guide...
  • Page 250 Delete a Dynamic DNS Account In the DDNS setup menu, click the Index number you want to delete and then push Clear All button to delete the account. Vigor2920 Series User’s Guide...

  • Page 251: Schedule

    Status You can set up to 15 schedules. Then you can apply them to your Internet Access or VPN and Remote Access >> LAN-to-LAN settings. To add a schedule: Click any index, for example Index No.1. Vigor2920 Series User’s Guide...
  • Page 252 Idle Timeout How often -Specify how often the schedule will be applied Once -The schedule will be applied just once Weekdays -Specify which days in one week should perform the schedule. Click OK to save the settings. Vigor2920 Series User’s Guide...

  • Page 253: Radius

    Server IP Address The UDP port number that the RADIUS server is using. The Destination Port default value is 1812, based on RFC 2138. The RADIUS server and client share a secret that is used to Shared Secret Vigor2920 Series User’s Guide...

  • Page 254: Upnp

    The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility. Vigor2920 Series User’s Guide...
  • Page 255 Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches. Non-privileged users can control some router functions, including removing and adding port mappings. Vigor2920 Series User’s Guide...

  • Page 256: Igmp

    It indicates the LAN port used for the multicast group. P1 to P4 Click this link to renew the working multicast group status. Refresh After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 257: Wake On Lan

    Type any one of the MAC address of the bound PCs. MAC Address Click this button to wake up the selected IP. See the following Wake Up figure. The result will be shown on the box. Vigor2920 Series User’s Guide...

  • Page 258: Sms/Mail Alert Service

    SMS. Type the schedule number that the SMS will be sent out. Schedule You can click the Schedule(1-15) link to define the schedule. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
  • Page 259 Type the schedule number that the notification will be sent Schedule (1-15) out. You can click the Schedule(1-15) link to define the schedule. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 260: Vpn And Remote Access

    Item Description Choose the client mode. LAN-to-LAN Client Route Mode/NAT Mode – If the remote network only allows Mode Selection you to dial in with single IP, please choose this mode, otherwise please choose Route Mode. Vigor2920 Series User’s Guide...
  • Page 261 Item Description There are 32 VPN profiles for users to set. Please choose a LAN-to-LAN Profile When you finish the mode and profile selection, please click Next to open the following page. Vigor2920 Series User’s Guide...
  • Page 262 Next. You will see different configurations based on the selection(s) you made. When you choose PPTP (None Encryption) or PPTP (Encryption), you will see the following graphic: When you choose IPSec, you will see the following graphic: Vigor2920 Series User’s Guide...
  • Page 263 When you choose L2TP over IPSec (Nice to Have) or L2TP over IPSec (Must), you will see the following graphic: Available settings are explained as follows: Item Description Type a name for such profile. The length of the file is limited Profile Name to 10 characters. Vigor2920 Series User’s Guide...
  • Page 264 Triple DES (3DES), and AES. This field is used to authenticate for connection when you User Name select PPTP or L2TP with or without IPSec policy above. This field is used to authenticate for connection when you Password Vigor2920 Series User’s Guide...
  • Page 265 Click this radio button to set another profile of VPN Server Do another VPN through VPN Server Wizard. Server Wizard Setup Click this radio button to access VPN and Remote View more detailed Access>>LAN to LAN for viewing detailed configuration. configuration Vigor2920 Series User’s Guide...

  • Page 266: Vpn Server Wizard

    VPN connection. This item is available when you choose Site to Site VPN Please choose a (LAN-to-LAN) as VPN server mode. There are 32 VPN LAN-to-LAN Profile profiles for users to set. Vigor2920 Series User’s Guide...
  • Page 267 Here we take the example of choosing Remote-Dial-in User as the VPN Server Mode. Check the Allowed Dial-in Type for the VPN server profile After making the choices for the server profile, please click Next. You will see different configurations based on the selection (dial-in type) you made. Vigor2920 Series User’s Guide...
  • Page 268 When you check PPTP, you will see the following graphic: When you check PPTP/IPSec/L2TP (three types) or PPTP/IPSec (two types) or L2TP with Policy (Nice to Have/Must), you will see the following graphic: Vigor2920 Series User’s Guide...
  • Page 269 Please type one LAN IP address (according to the real location Remote Network IP of the remote host) for building VPN connection. Please type the network mask (according to the real location of Remote Network the remote host) for building VPN connection. Mask Vigor2920 Series User’s Guide...
  • Page 270 View more detailed Access>>LAN to LAN for viewing detailed configuration. configuration If there is no problem, you can click one of the radio buttons listed on the page and click Finish to execute the next action. Vigor2920 Series User’s Guide...

  • Page 271: Remote Access Control

    PAP or CHAP - Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first. If the dial-in user does not support this protocol, it will fall back to use the PAP protocol for authentication. Vigor2920 Series User’s Guide...

  • Page 272: Ipsec General Setup

    Eventually to set up a secure tunnel for IKE Phase 2. Phase 2: negotiation IPSec security methods including Authentication Header (AH) or Encapsulating Security Payload (ESP) for the following IKE exchange and mutual examination of the secure tunnel establishment. Vigor2920 Series User’s Guide...
  • Page 273 High (ESP) - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 274: Ipsec Peer Identity

    Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2920 Series User’s Guide...
  • Page 275 The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 276: Remote Dial-In User

    Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2920 Series User’s Guide...
  • Page 277 Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection. Must -Specify the IPSec policy to be definitely applied on the L2TP connection. Vigor2920 Series User’s Guide...
  • Page 278 IPSec Policy when you specify the IP address of the Method remote node. The only exception is Digital Signature (X.509) can be set when you select IPSec tunnel either with or without specify the IP address of the remote node. Vigor2920 Series User’s Guide...
  • Page 279 Local ID - Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 280: Lan To Lan

    Set to Factory Default All – Click it to show all of profiles. View Trunk - Click it to show the profile which VPN tunnel is up. Indicate the name of the LAN-to-LAN profile. The symbol ??? Name Vigor2920 Series User’s Guide...
  • Page 281 Description Profile Name – Specify a name for the profile of the Common Settings LAN-to-LAN connection. Enable this profile - Check here to activate this profile. VPN Dial-Out Through - Use the drop down menu to Vigor2920 Series User’s Guide...
  • Page 282 Idle Timeout: The default value is 300 seconds. If the connection has been idled over the value, the router will drop the connection. Enable PING to keep alive - This function is to help the router to determine the status of IPSec VPN connection, Vigor2920 Series User’s Guide...
  • Page 283 VJ compression - This field is applicable when you select PPTP or L2TP with or without IPSec policy above. VJ Compression is used for TCP/IP protocol header compression. Normally set to Yes to improve bandwidth utilization. Vigor2920 Series User’s Guide...
  • Page 284 AES with Authentication-Use AES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. Advanced - Specify mode, proposal and key life of each IKE phase, Gateway, etc. The window of advance setup is shown as below: Vigor2920 Series User’s Guide...
  • Page 285 2. The default value is inactive this function. Local ID-In Aggressive mode, Local ID is on behalf of the IP address while identity authenticating with remote VPN server. The length of the ID is limited to 47 characters. Vigor2920 Series User’s Guide...
  • Page 286 Otherwise, the dial-in VPN connection becomes one pure L2TP connection. Must - Specify the IPSec policy to be definitely applied on the L2TP connection. Specify Remote VPN Gateway - You can specify the IP Vigor2920 Series User’s Guide...
  • Page 287 Enable IPSec Dial-Out function GRE over IPSec: Check GRE over IPSec this box to verify data and transmit data in encryption with Settings GRE over IPSec packet after configuring IPSec Dial-Out setting. Both ends must match for each other by setting same Vigor2920 Series User’s Guide...
  • Page 288 More - Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you find there are several subnets behind the remote VPN router. Vigor2920 Series User’s Guide...
  • Page 289 VPN tunnel. Note that this setting is available only for one WAN interface is enabled. It is not available when both WAN interfaces are enabled. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...

  • Page 290: Vpn Trunk Management

    Before setting VPN TRUNK backup profile, please configure at least two sets of LAN to LAN profiles (with fully configured dial-out settings) first, otherwise you will not have selections for grouping Member1 and Member2. Available settings are explained as follows: Vigor2920 Series User’s Guide...
  • Page 291 LAN-to-LAN) for you to choose for grouping under certain VPN TRUNK-VPN Backup/Load Balance mechanism profile. No - Index number of LAN-to-LAN dial-out profile. Name - Profile name of LAN-to-LAN dial-out profile. Connection Type - Connection type of LAN-to-LAN dial-out profile. Vigor2920 Series User’s Guide...
  • Page 292 Member2. For such reason, LAN-to-LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed. If you delete the VPN TRUNK – VPN Backup mechanism profile, the selected LAN-to-LAN profiles will be released and expressed in black. Vigor2920 Series User’s Guide...
  • Page 293 Peer GRE IP. See the following graphic for an example. Later, on peer side (as VPN Client): please type 192.168.50.100 in the field of My GRE IP and type IP address of the server (192.168.50.200) in the field of Peer GRE IP. Vigor2920 Series User’s Guide...
  • Page 294 Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. This field will display detailed information for Environment Detail Information Recovers Detection. Vigor2920 Series User’s Guide...

  • Page 295: Connection Management

    VPN backup function. Backup Mode - This filed displays the profile name saved in VPN TRUNK Management (with Index number and VPN Server IP address). The VPN connection built by Backup Mode supports VPN backup function. Vigor2920 Series User’s Guide...
  • Page 296 Tx Rate – Display the transmission rate for data through such VPN tunnel. Rx Pkts – Display the receiving packets passing through such VPN channel. Rx Rate – Display the receiving rate for data through such VPN tunnel. Vigor2920 Series User’s Guide...

  • Page 297: Certificate Management

    Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Below shows the menu items for Certificate Management. Available settings are explained as follows: Item Description Click this button to open Generate Certificate Request Generate window. Vigor2920 Series User’s Guide...
  • Page 298 Click this button to refresh the information listed below. Refresh Click this button to view the detailed settings for certificate View request. After clicking Generate, the generated information will be displayed on the window below: Vigor2920 Series User’s Guide...

  • Page 299: Trusted Ca Certificate

    For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2920 Series User’s Guide...

  • Page 300: Certificate Backup

    The more bandwidth a codec uses the better the voice quality, however the codec used must be appropriate for your Internet bandwidth. Usually there will be two types of calling scenario, as illustrated below: Vigor2920 Series User’s Guide...
  • Page 301 QoS Assurance assists to assign high priority to voice traffic via Internet. You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic. Vigor2920 Series User’s Guide...

  • Page 302: Dialplan

    Note: If the incoming or outgoing calls do not match any entry on the phonebook, the router will try to make the call "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2920 Series User’s Guide...
  • Page 303 The speed-dial number of this index. This can be any number Phone Number you choose, using digits 0-9 and * . The name entered here is to remind the user whose number it Display Name Enter your friend’s SIP Address. SIP URL Vigor2920 Series User’s Guide...
  • Page 304 "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2920 Series User’s Guide...
  • Page 305 VoIP interface. Take the above picture (Prefix Table Setup web page) as an example, the prefix number of 03 will be replaced by 8863. For example: dial number of “031111111” will be changed to “88631111111” and sent to SIP server. Vigor2920 Series User’s Guide...
  • Page 306 Click the link to move the selected entry up or down. Move UP /Move Down Call barring is used to block phone calls coming from the one that is not welcomed. Each item is explained as follows: Vigor2920 Series User’s Guide...
  • Page 307 Determine the direction for the phone call, IN – incoming call, Call Direction OUT-outgoing call, IN & OUT – both incoming and outgoing calls. Determine the type of the VoIP phone call, URI/URL or Barring Type number. Vigor2920 Series User’s Guide...
  • Page 308 SIP accounts. Such control also can be done based on preconfigured schedules. For Block IP Address – this function can block incoming calls (through Phone port) coming from IP address. Such control also can be done based on preconfigured schedules. Vigor2920 Series User’s Guide...
  • Page 309 Please dial number typed in this field to call back to that one. Dial the number typed in this field to call the previous Last Call Return [Out] outgoing phone call again. Vigor2920 Series User’s Guide...
  • Page 310 IP address. Dial the number typed in this field to release this function. Block IP Calls [Deact] Dial the number typed in this field to block the last incoming Block Last Calls [Act] phone call. Vigor2920 Series User’s Guide...

  • Page 311: Sip Accounts

    As Vigor VoIP Router is turned on, it will first register with Registrar using AuthorizationUser@Domain/Realm. After that, your call will be bypassed by SIP Proxy to the destination using AccountName@Domain/Realm as identity. Note: Selection items for Ring Port will differ according to the router you have. Vigor2920 Series User’s Guide...
  • Page 312 By the way, ISDN-S0 can be used by mapping with MSN numbers. Show the status for the corresponding SIP account. R means Status such account is registered on SIP server successfully. – means the account is failed to register on SIP server. Vigor2920 Series User’s Guide...
  • Page 313 Some SIP server allows user to use VoIP function without registering. For such server, please check the box of Call without Registration. Choosing Auto is recommended. The system will select a proper way for your VoIP call. Vigor2920 Series User’s Guide...
  • Page 314 Manual – Choose this option if you want to specify an external IP address as the NAT transversal support. Nortel – If the soft-switch that you use supports Nortel solution, you can choose this option. Vigor2920 Series User’s Guide...
  • Page 315 Single Codec – If the box is checked, only the selected Codec will be applied. The amount of data contained in a single packet. The default Packet Size value is 20 ms, which means the data packet will contain 20 ms voice information. Vigor2920 Series User’s Guide...

  • Page 316: Phone Settings

    Phone Index. Default SIP Account – “draytel_1” is the default SIP account. You can click the number below the Index field to change SIP account for each phone port. Vigor2920 Series User’s Guide...
  • Page 317 Dynamic RTP Port End - Specifies the end port for RTP stream. The default value is 15000. RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Vigor2920 Series User’s Guide...
  • Page 318 Check this box to invoke this function. A notice sound will Call Waiting appear to tell the user new phone call is waiting for your response. Click hook flash to pick up the waiting phone call. Vigor2920 Series User’s Guide...
  • Page 319 Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2920 Series User’s Guide...
  • Page 320 DTMF choose. InBand - Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone. OutBand - Choose this one then the Vigor will capture Vigor2920 Series User’s Guide...
  • Page 321 DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Payload Type (rfc2833) - Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Vigor2920 Series User’s Guide...

  • Page 322: Status

    WAIT_ANS - Indicates that a connection is launched and waiting for remote user’s answer. ALERTING - Indicates that a call is coming. ACTIVE-Indicates that the VoIP connection is launched. Indicates the voice codec employed by present channel. Codec Vigor2920 Series User’s Guide...

  • Page 323: Wireless Lan

    Point (AP) connecting to lots of wireless clients or Stations (STA). All the STAs will share the same Internet connection via Vigor wireless router. The General Settings will set up the information of this wireless network, including its SSID as identification, located channel etc. Vigor2920 Series User’s Guide...
  • Page 324 LAN from wired LAN for either quarantine or limit access reasons. To isolate means neither of the parties can access each other. To elaborate an example for business use, you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of Vigor2920 Series User’s Guide...

  • Page 325: General Setup

    Below shows the menu items for Wireless LAN. By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Vigor2920 Series User’s Guide...
  • Page 326 Mixed (11b+11g), Mixed (11a+11n), Mixed (11g+11n), and Mixed (11b+11g+11n) stations simultaneously. Simply choose Mix (11b+11g+11n) mode. Set the wireless LAN to work at certain time interval only. Index(1-15) You may choose up to 4 schedules out of the 15 schedules Vigor2920 Series User’s Guide...
  • Page 327 Means the identification of the wireless LAN. SSID can be any SSID text numbers or various special characters. The default SSID is "DrayTek”. We suggest you to change it. VPN – Check this box to make the wireless clients (stations) Isolate with different VPN not accessing for each other.
  • Page 328 It controls the data transmission rate through wireless Rate Control connection. Upload – Check Enable and type the transmitting rate for data upload. Default value is 30,000 kbps. Download – Type the transmitting rate for data download. Default value is 30,000 kbps. Vigor2920 Series User’s Guide...

  • Page 329: Security

    Internet through such router, please input the default PSK value for connection. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Vigor2920 Series User’s Guide...
  • Page 330 012345678(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). Type - Select from Mixed (WPA+WPA2) or WPA2 only. Pre-Shared Key (PSK) - Either 8~63 ASCII characters, such as 012345678..(or 64 Hexadecimal digits leading by 0x, such Vigor2920 Series User’s Guide...

  • Page 331: Access Control

    MAC addresses to control their access rights. Available settings are explained as follows: Item Description Select to enable the MAC Address filter for wireless LAN Enable Mac Address identified with SSID 1 to 4 respectively. All the clients Filter Vigor2920 Series User’s Guide...
  • Page 332 Delete Edit the selected MAC address in the list. Edit Give up the access control set up. Cancel Click it to save the access control list. Clean all entries in the MAC address list. Clear All Vigor2920 Series User’s Guide...

  • Page 333: Wps

    On the side of Vigor 2920 series which served as an AP, press WPS button once on the front panel of the router or click Start PBC on web configuration interface. On the side of a station with network card installed, press Start PBC button of network card. Vigor2920 Series User’s Guide...
  • Page 334 Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Below shows Wireless LAN>>WPS web page. Available settings are explained as follows: Item Description Check this box to enable WPS setting. Enable WPS Vigor2920 Series User’s Guide...
  • Page 335 Start PIN button. The WPS LED on the PinCode router will blink fast when WPS is in progress. It will return to normal condition after two minutes. (You need to setup WPS within two minutes) Vigor2920 Series User’s Guide...

  • Page 336: Wds

    To meet the above requirement, two WDS modes are implemented in Vigor router. One is Bridge, the other is Repeater. Below shows the function of WDS-bridge interface: The application for the WDS-Repeater mode is depicted as below: Vigor2920 Series User’s Guide...
  • Page 337 Bridge 2 through WDS links. However, hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2. Click WDS from Wireless LAN menu. The following page will be shown. Vigor2920 Series User’s Guide...
  • Page 338 Type – There are some types for you to choose. WPA and Pre-shared Key WPA2 are used for WDS devices (e.g.2920n wireless router, you can set the encryption mode as WPA or WPA2 to establish your WDS system between AP and the router. Vigor2920 Series User’s Guide...
  • Page 339 Click Enable to make this router serving as an access point; Access Point Function click Disable to cancel this function. It allows user to send “hello” message to peers. Yet, it is valid Status only when the peer also supports this function. Vigor2920 Series User’s Guide...

  • Page 340: Advanced Setting

    (increasing the wireless performance) or long guard interval for data transmit based on the station capability. combine frames with different Aggregation MSDU can Aggregation MSDU sizes. It is used for improving MAC layer’s performance for some brand’s clients. The default setting is Enable. Vigor2920 Series User’s Guide...

  • Page 341: Wmm Configuration

    1 to 15. Be aware that CWMax value must be greater than CWMin or equals to CWMin value. Both values will influence the time delay for WMM accessing categories. The difference between AC_VI and AC_VO categories must be Vigor2920 Series User’s Guide...

  • Page 342: Ap Discovery

    This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found. Please click Scan to discover all the connected APs. Vigor2920 Series User’s Guide...
  • Page 343 AP’s MAC address on the bottom of the page and click Bridge or Repeater. Next, click Add to. Later, the MAC address of the AP will be added to Bridge or Repeater field of WDS settings page. Vigor2920 Series User’s Guide...

  • Page 344: Station List

    WLAN station and click Add to Access Control below. Available settings are explained as follows: Item Description Click this button to refresh the status of station list. Refresh Click this button to add current typed MAC address into Access Control. Vigor2920 Series User’s Guide...

  • Page 345: Usb Application

    Item Description Simultaneous FTP Connections - This field is used to General Settings specify the quantity of the FTP sessions. The router allows up to 6 FTP sessions connecting to USB storage disk at one time. Vigor2920 Series User’s Guide...

  • Page 346: Usb User Management

    Before adding or modifying settings in this page, please insert a USB storage disk first. Otherwise, an error message will appear to warn you. Each item is explained as follows: Item Description Display the number link of the profile. Index Vigor2920 Series User’s Guide...
  • Page 347 Confirm Password It determines the folder for the client to access into. Home Folder The user can enter a directory name in this field. Then, after clicking OK, the router will create the specific/new folder in Vigor2920 Series User’s Guide...

  • Page 348: File Explorer

    Before you click OK, you have to insert a USB storage disk into the USB interface of the Vigor router. Otherwise, you cannot save the configuration. File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router. Vigor2920 Series User’s Guide...

  • Page 349: Usb Disk Status

    FTP server. Display the username that user uses to login to the FTP server. Username When you insert USB storage disk into the Vigor router, the system will start to find out such device within several seconds. Vigor2920 Series User’s Guide...

  • Page 350: Syslog Explorer

    Always record the new event – only the newest events will be recorded by the system. Display the time of the event occurred. Time Display the information for each event. Message Vigor2920 Series User’s Guide...
  • Page 351 This page displays the syslog recorded on the USB storage disk. Each item is explained as follows: Item Description Display the time of the event occurred. Time Display the type of the record. Log Type Display the information for each event. Message Vigor2920 Series User’s Guide...

  • Page 352: System Maintenance

    WAN interface information. Also, you could get the current running firmware version or firmware related information from this presentation. Each item is explained as follows: Item Description Display the model name of the router. Model Name Vigor2920 Series User’s Guide...
  • Page 353 Link Local could only be used for direct IPv6 link. It can't be used for IPv6 internet. Internet Access Mode – Display the connection mode chosen for accessing into Internet. VoIP Profile - Display the VoIP profile for the phone port. In/Out Vigor2920 Series User’s Guide...

  • Page 354: Https Encryption Setup

    Available parameters are explained as follows: Item Description Choose this option to have high security. High If you have no idea of this setting, simply use the default Default setting as HTTPS encryption mode. Choose this option to have high performance. Vigor2920 Series User’s Guide...

  • Page 355: Tr-069

    Disable to close the mechanism of notification. The default is Disable. If you click Enable, please type the STUN Settings relational settings listed below: Server IP – Type the IP address of the STUN server. Vigor2920 Series User’s Guide...

  • Page 356: Administrator Password

    Type in new password in this field. New Password Type in the new password again. Confirm Password When you click OK, the login window will appear. Please use the new password to access into the web user interface again. Vigor2920 Series User’s Guide...

  • Page 357: User Password

    Below shows an example for accessing into User Operation with User Password. 1. Open System Maintenance>>User Password. 2. Check the box of Enable User Mode for simple web configuration to enable user mode operation. Type a new password in the field of New Password and click OK. Vigor2920 Series User’s Guide...
  • Page 358 5. The following window will be open to ask for username and password. Type the new user password in the filed of Password and click Login. 6. The main screen with User Mode will be shown as follows. Vigor2920 Series User’s Guide...

  • Page 359: Login

    At that moment, the background of the web page is blank and no heading will be displayed on the Login window. This page allows you to specify background message and the heading on the Login window if you have such requirement. Vigor2920 Series User’s Guide...

  • Page 360: Configuration Backup

    Description Check this box to enable the login customization function. Enable Type a brief description (e.g., Welcome to DrayTek) which Login Page Title will be shown on the heading of the login dialog. Type words or sentences here. It will be displayed for Welcome Message and bulletin message.
  • Page 361 The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Vigor2920 Series User’s Guide...

  • Page 362: Syslog/Mail Alert

    SysLog function is provided for users to monitor router. There is no bother to directly get into the Web user interface of the router or borrow debug equipments. Available parameters are explained as follows: Item Description Enable - Check Enable to activate function of syslog. SysLog Access Setup Vigor2920 Series User’s Guide...
  • Page 363 For viewing the Syslog, please do the following: Just set your monitor PC’s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD. After installation, click on the Router Tools>>Syslog from program menu. Vigor2920 Series User’s Guide...

  • Page 364: Time And Date

    Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. It allows you to specify where the time of the router should be inquired from. Available parameters are explained as follows: Item Description Vigor2920 Series User’s Guide...

  • Page 365: Snmp

    This page allows you to configure settings for SNMP and SNMPV3 services. The SNMPv3 is more secure than SNMP through the encryption method (support AES and DES) and authentication method (support MD5 and SHA) for the management needs. Available settings are explained as follows: Item Description Vigor2920 Series User’s Guide...
  • Page 366 Auth Algorithm authentication algorithm. Type a password for authentication. Auth Password Choose one of the methods listed below as the privacy Privacy Algorithm algorithm. Type a password for privacy. Privacy Password Click OK to save these settings. Vigor2920 Series User’s Guide...

  • Page 367: Management

    List IP - Indicate an IP address allowed to login to the router. Subnet Mask - Represent a subnet mask allowed to login to the router. User Defined Ports - Check to specify user-defined port Management Port Setup numbers for the Telnet, HTTP and FTP servers. Vigor2920 Series User’s Guide...
  • Page 368 You could specify that the system administrator can only Access List login from a specific host or network defined in the list. A maximum of three IPs/subnet masks is allowed. IPv6 Address /Prefix Length- Indicate the IP address(es) allowed to login to the router. Vigor2920 Series User’s Guide...

  • Page 369: Reboot System

    Note: When the system pops up Reboot System web page after you configure web settings, please click Reboot Now to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2920 Series User’s Guide...

  • Page 370: Firmware Upgrade

    You have to visit DrayTek website periodically to check if there is any new released firmware offered for your Vigor router to have newest features. If yes, download the file into your computer first. Next, access into web interface of this router and open System Maintenance>> Firmware Upgrade.

  • Page 371: Activation

    The Activate link brings you accessing into Activate www.vigorpro.com to finish the activation of the account and the router. As for authentication information of web filter, the process Authentication Message of authenticating will be displayed on this field for your reference. Vigor2920 Series User’s Guide...

  • Page 372: Diagnostics

    Below shows the successful activation of Web Content Filter: Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. Vigor2920 Series User’s Guide...

  • Page 373: Dial-Out Triggering

    (e.g., PPPoE) is triggered by a package sending from the source IP address. Each item is explained as follows: Item Description It shows the source IP address (local), destination IP (remote) Decoded Format address, the protocol and length of the package. Click it to reload the page. Refresh Vigor2920 Series User’s Guide...

  • Page 374: Routing Table

    Click Diagnostics and click Routing Table to open the web page. Each item is explained as follows: Item Description Click it to reload the page. Refresh Vigor2920 Series User’s Guide...

  • Page 375: Arp Cache Table

    IPv6 address. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click IPv6 Neighbour Table to open the web page. Each item is explained as follows: Item Description Click it to reload the page. Refresh Vigor2920 Series User’s Guide...

  • Page 376: Dhcp Table

    DHCP assigned IP address for it. It displays the leased time of the specified PC. Leased Time It displays the host ID name of the specified PC. HOST ID Click it to reload the page. Refresh Vigor2920 Series User’s Guide...

  • Page 377: Nat Sessions Table

    It indicates the temporary port of the router used for NAT. #Pseudo Port It indicates the destination IP address and port of remote host. Peer IP:Port It displays the representing number for different interface. Interface Click it to reload the page. Refresh Vigor2920 Series User’s Guide...

  • Page 378: Data Flow Monitor

    Description Check this box to enable this function. Enable Data Flow Monitor Use the drop down list to choose the time interval of Refresh Seconds refreshing data flow that will be done by the system automatically. Vigor2920 Series User’s Guide...
  • Page 379 Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General Setup. If you do not specify any rate at that page, here will display Auto for instead. Vigor2920 Series User’s Guide...

  • Page 380: Traffic Graph

    WAN1/WAN2/WAN3 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2920 Series User’s Guide...

  • Page 381: Ping Diagnosis

    Use the drop down list to choose the WAN interface that you Ping through want to ping through or choose Unspecified to be determined by the router automatically. Use the drop down list to choose the destination that you Ping to Vigor2920 Series User’s Guide...

  • Page 382: Trace Route

    Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run. The result of route trace will be shown on the screen. Vigor2920 Series User’s Guide...

  • Page 383: Syslog Explorer

    Available parameters are explained as follows: Item Description Check this box to enable the function of Web Syslog. Enable Web Syslog Use the drop down list to specify a type of Syslog to be Syslog Type displayed. Vigor2920 Series User’s Guide...
  • Page 384 This page displays the syslog recorded on the USB storage disk. Available parameters are explained as follows: Item Description Display the time of the event occurred. Time Display the type of the record. Log Type Display the information for each event. Message Vigor2920 Series User’s Guide...

  • Page 385: Tspc Status

    If TSPC has configured properly, the router will display the following page when the user connects to tunnel broker successfully. Available settings are explained as follows: Item Description Click this link to refresh this page manually. Refresh Vigor2920 Series User’s Guide...

  • Page 386: External Devices

    You can change the device name if required or remove the information for off-line device whenever you want. When you finished the configuration, click OK to save it. Note: Only DrayTek products can be detected by this function. Vigor2920 Series User’s Guide...

  • Page 387: Trouble Shooting

    Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2920 Series User’s Guide...
  • Page 388 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2920 Series User’s Guide...
  • Page 389 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2920 Series User’s Guide...

  • Page 390: Pinging The Router From Your Computer

    Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2920 Series User’s Guide...

  • Page 391: Checking If The Isp Settings Are Ok Or Not

    PIN code and try again. If it still fails, it might be the compliance problem of system. Please open DrayTek Syslog Tool to capture the connection information (WAN Log) and send the page (similar to the following graphic) to the service center of DrayTek.

  • Page 392: Backing To Factory Default Setting If Necessary

    Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click Reboot Now. After few seconds, the router will return all the settings to the factory settings. Vigor2920 Series User’s Guide...
  • Page 393 After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@DrayTek.com. Vigor2920 Series User’s Guide...

Table of Contents