Page 2 Vigor2850 Series User’s Guide...
Page 3 Vigor2850 Series VDSL2 Security Firewall User’s Guide Version: 2.0 Firmware Version: V3.6.2_RC1 Date: 12/03/2012 Vigor2850 Series User’s Guide...
Page 4: Copyright Information
Web registration is preferred. You can register your Vigor router via Be a Registered http://www.DrayTek.com. Owner Due to the continuous evolution of DrayTek technology, all routers will be regularly Firmware & Tools upgraded. Please consult the DrayTek web site for more information on newest Updates firmware, tools and documents.
Page 5: Regulatory Information
Product: Vigor2850 Series Router DrayTek Corp. declares that Vigor2850 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class B and EN55024/Class B.
Page 6 Vigor2850 Series User’s Guide...
Page 7: Table Of Contents
3.1 WAN ............................47 3.1.1 Basics of Internet Protocol (IP) Network................. 47 3.1.2 General Setup......................... 49 3.1.3 Internet Access ....................... 55 3.1.4 Multi-PVCs........................77 3.1.5 Multi-VLAN........................81 3.1.6 Load-Balance Policy ....................... 84 3.2 LAN ............................86 Vigor2850 Series User’s Guide...
Page 8 3.9.4 LDAP /Active Directory Setup..................185 3.9.5 UPnP..........................186 3.9.6 IGMP..........................188 3.9.7 Wake on LAN........................ 189 3.9.8 Short Message Service....................190 3.10 VPN and Remote Access....................192 3.10.1 VPN Client Wizard ...................... 192 3.10.2 VPN Server Wizard..................... 198 viii Vigor2850 Series User’s Guide...
Page 9 3.16.5 Login Customization ....................296 3.16.6 Configuration Backup ....................297 3.16.7 Syslog/Mail Alert ......................299 3.16.8 Time and Date ......................302 3.16.9 Management....................... 303 3.16.10 Reboot System ......................305 3.16.11 Firmware Upgrade ....................306 3.16.12 Activation ........................307 Vigor2850 Series User’s Guide...
Page 10 5.4 Checking If the ISP Settings are OK or Not ................ 375 5.5 Problems for 3G Network Connection ................375 5.6 Backing to Factory Default Setting If Necessary ..............376 5.7 Contacting Your Dealer ....................... 377 Vigor2850 Series User’s Guide...
Page 11: Preface
Vigor2850 series is a VDSL2 router. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DES, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 32 VPN tunnels.
Page 12: Led Indicators And Connectors
The port is connected with 10/100Mbps. Left LED The port is connected. GigaLAN (Green) The port is disconnected. 4/WAN (Giga) Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps. Vigor2850 Series User’s Guide...
Page 13 Connecters for local network devices. 4/WAN Connecter for local network devices or remote network devices. VDSL/ADSL Connecter for accessing the Internet. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2850 Series User’s Guide...
Page 14: For Vigor2850N
The port is connected with 10/100Mbps. Left LED The port is connected. GigaLAN 4/WAN (Green) The port is disconnected. (Giga) Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps. Vigor2850 Series User’s Guide...
Page 15 Connecters for local network devices. 4/WAN Connecter for local network devices or remote network devices. VDSL/ADSL Connecter for accessing the Internet. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2850 Series User’s Guide...
Page 16: For Vigor2850Vn
The port is connected with 10/100Mbps. Left LED The port is connected. GigaLAN 4/WAN (Green) The port is disconnected. (Giga) Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps. Vigor2850 Series User’s Guide...
Page 17 Connecters for local network devices. 4/WAN Connecter for local network devices or remote network devices. VDSL/ADSL Connecter for accessing the Internet. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2850 Series User’s Guide...
Page 18: For Vigor2850I
The port is connected with 10/100Mbps Left LED The port is connected. GigaLAN 4/WAN (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps Vigor2850 Series User’s Guide...
Page 19 4/WAN Connecter for local network devices or modem for accessing Internet. VDSL/ADSL Connecter for accessing the Internet. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2850 Series User’s Guide...
Page 20: Hardware Installation
Power on the device by pressing down the power switch on the rear panel. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. (For the hardware connection, we take “Vn” model as an example.) Vigor2850 Series User’s Guide...
Page 21: Printer Installation
You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE/Vista, please visit www.DrayTek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
Page 22 Click Local printer attached to this computer and click Next. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next. Vigor2850 Series User’s Guide...
Page 23 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. Click Standard and choose Generic Network Card. Then, in the following dialog, click Finish. Vigor2850 Series User’s Guide...
Page 24 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name. Vigor2850 Series User’s Guide...
Page 25 Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.draytek.com to find out the printer list. Open Support >FAQ; find out the link of Printer Server and click it.
Page 26 This page is left blank. Vigor2850 Series User’s Guide...
Page 27: Basic Settings
Please type “admin/admin” as the Username/Password and click Login. Notice: If you fail to access to the web configuration, please go to “Trouble Shooting” for detecting and solving your problem. Vigor2850 Series User’s Guide...
Page 28 The web page can be logged out according to the chosen condition. The default setting is Auto Logout, which means the web configuration system will logout after 5 minutes without any operation. Change the setting for your necessity. Vigor2850 Series User’s Guide...
Page 29: Changing Password
Enter the login password (the default is “admin”) on the field of Old Password. Type New Password. Then click OK to continue. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. Vigor2850 Series User’s Guide...
Page 30: Quick Start Wizard
WAN1; if Ethernet interface is used, please choose WAN2; if 3G USB modem is used, please choose WAN3. Then click Next for next step. WAN1, WAN2 and WAN3 will bring up different configuration page. Refer to the following for detailed information. Vigor2850 Series User’s Guide...
Page 31: For Wan1 (Adsl/Vdsl)
Choose WAN1 as WAN Interface and click the Next button; you will get the following page. Available settings are explained as follows: Item Description There are two modes offered for you to choose for WAN1 Protocol Vigor2850 Series User’s Guide...
Page 32 Click it to give up the quick start wizard. Cancel After finished the above settings, simply click Next. Available settings are explained as follows: Item Description Assign a specific valid user name provided by the ISP. User Name Vigor2850 Series User’s Guide...
Page 33 Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2850 Series User’s Guide...
Page 34 Click Yes to enable Fixed IP feature. Fixed IP Type the IP address if Fixed IP is enabled. IP Address Type the subnet mask. Subnet Mask Type in the primary IP address for the router. Primary DNS Vigor2850 Series User’s Guide...
Page 35 Then click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2850 Series User’s Guide...
Page 36: For Wan2 (Ethernet)
ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step. Choose WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Vigor2850 Series User’s Guide...
Page 37 Click it to get into the next setting page. Next Click it to give up the quick start wizard. Cancel Please manually enter the Username/Password provided by your ISP. Click Next for viewing summary of such connection. Vigor2850 Series User’s Guide...
Page 38 Choose WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Click PPTP/L2TP as the Internet Access Type. Then click Next to continue. Vigor2850 Series User’s Guide...
Page 39 Please type in the IP address/mask/gateway information originally provided by your ISP. Then click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2850 Series User’s Guide...
Page 40 Choose WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Click Static IP as the Internet Access type. Simply click Next to continue. Available settings are explained as follows: Vigor2850 Series User’s Guide...
Page 41 Please type in the IP address information originally provided by your ISP. Then click Next for next step. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2850 Series User’s Guide...
Page 42 Type the name of the host. Host Name Some Cable service providers specify a specific MAC address for access authentication. In such cases you need to enter the MAC address. Click it to return to previous setting page. Back Vigor2850 Series User’s Guide...
Page 43 After finished the settings above, click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2850 Series User’s Guide...
Page 44: For Wan3 (Usb)
Then, click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2850 Series User’s Guide...
Page 45: Service Activation Wizard
Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com. For using Web Content Filter Profile, please refer to later section Web Content Filter Profile for detailed information.
Page 46 When you finish the selection, please click Next. Commtouch is the web content filter based on Commtouch operated in the worldwide. There is a 30-day trial period. After trial, you can purchase DrayTek's prepared Commtouch GlobalView WCF package from retailing outlets.
Page 47 Later, if you need to extend the license valid time for the same service, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next. Vigor2850 Series User’s Guide...
Page 48: Online Status
Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. Vigor2850 Series User’s Guide...
Page 49 RX Bytes - Displays the speed of received octets at the LAN interface. Enable – No in red means such interface is available but WAN IPv6 Status not enabled. Yes in green means such interface is enabled. No in red means such interface is not available. Vigor2850 Series User’s Guide...
Page 50: Virtual Wan
Internet. Such page displays the virtual WAN connection information. Virtual WAN are used by TR-069 management, VoIP service and so on. The field of Application will list the purpose of such WAN connection. Vigor2850 Series User’s Guide...
Page 51: Vdsl
Available settings are explained as follows: Item Description Check the profiles that the router will support. Each profile VDSL2 Profile can be used in different VDSL deployment architectures. The working profile will be decided by CO side. Vigor2850 Series User’s Guide...
Page 52: Vdsl Debug
Simply click the Generate button. The system will generate the log for connection procedure. Later, you can save the log by clicking Export and send the information to DrayTek service center. Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you.
Page 53: Registering Vigor Router
Please login the web configuration interface of Vigor router by typing “admin/admin” as User Name / Password. Click Support Area>>Production Registration from the home page. A Login page will be shown on the screen. Please type the account and password that you created previously. And click Login. Vigor2850 Series User’s Guide...
Page 54 (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit. When the following page appears, your router information has been added to the database. Vigor2850 Series User’s Guide...
Page 55 From the Device’s Service section, click the Trial. In the following page, check the box of “I have read and accept the above Agreement”. The system will find out the date for you to activate this version of service. Then, click Next. Vigor2850 Series User’s Guide...
Page 56 When this page appears, click Register. Wait for a moment until the following page appears. Click Close. Vigor2850 Series User’s Guide...
Page 57: Web Configuration
These are known as private IP addresses, and are listed in the following ranges: From 10.0.0.0 to 10.255.255.255 From 172.16.0.0 to 172.31.255.255 From 192.168.0.0 to 192.168.255.255 Vigor2850 Series User’s Guide...
Page 58 Besides, 3G USB Modem in WAN3 also can be used as backup device. Therefore, when WAN1 and WAN2 are not available, the router will use 3.5G for supporting automatically. The supported 3G USB Modem will be listed on DrayTek web site. Please visit www.draytek.com for more detailed information.
Page 59: General Setup
Auto Weigh to let the router reach the best load balance. Click the WAN interface link under Index to access into the Index WAN configuration page. V means such WAN interface is enabled and ready to be Enable used. Vigor2850 Series User’s Guide...
Page 60 Available settings are explained as follows: Item Description Choose Yes to invoke the settings for this WAN interface. Enable Choose No to disable the settings for this WAN interface. Type the description for such interface. Display Name Vigor2850 Series User’s Guide...
Page 61 Check the box to enable this function. When the network Send Mail Alert if line connection is off, the system will send a mail alert to notify drops out the administrator. Vigor2850 Series User’s Guide...
Page 62 Choose Yes to invoke the settings for this WAN interface. Enable Choose No to disable the settings for this WAN interface. Type the description for such WAN interface. Display Name Display the physical mode of such WAN interface. Physical Mode Vigor2850 Series User’s Guide...
Page 63 WAN interface disconnects. When all WAN disconnect – Such backup WAN will be activated only when all master WAN interfaces disconnect. To use 3G network connection through 3G USB Modem, please configure WAN3 interface. Vigor2850 Series User’s Guide...
Page 64 Check the box to enable this function. When the network Send Mail Alert if line connection is off, the system will send a mail alert to notify drops out the administrator. Choose Always On to make the WAN2 connection being Active Mode activated always. Vigor2850 Series User’s Guide...
Page 65: Internet Access
For the router supports multi-WAN function, the users can set different WAN settings (for WAN1/WAN2/WAN3) for Internet Access. Due to different Physical Mode for WAN interface, the Access Mode for these connections also varies. Refer to the following figures. Available settings are explained as follows: Vigor2850 Series User’s Guide...
Page 66 This button will open different web page (based on Physical IPv6 Mode) to setup IPv6 Internet Access Mode for WAN interface. If IPv6 service is active on this WAN interface, the color of “IPv6” will become green. Vigor2850 Series User’s Guide...
Page 67 Protocol - Drop down the list to choose the one (PPPoE or PPPoA) provided by ISP. If you have already used Quick Start Wizard to set the protocol, then it is not necessary for you to change any Vigor2850 Series User’s Guide...
Page 68 Password – Type in the password provided by ISP in this field. Separate Account for ADSL – In default, WAN1 supports VDSL/ADSL and uses the same PPPoE account and password for connection. If required, you can configure another account and password for ADSL connection by Vigor2850 Series User’s Guide...
Page 69 All the schedules can be set previously in Applications >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to activate them. Vigor2850 Series User’s Guide...
Page 70 Select M-PVCs Channel means no selection will be chosen. Encapsulating - Drop down the list to choose the type provided by ISP. VPI - Type in the value provided by ISP. VCI - Type in the value provided by ISP. Vigor2850 Series User’s Guide...
Page 71 TTL (Time to Live) – Displays value for your reference. TTL value is set by telnet command. Routing Information Protocol is abbreviated as RIP RIP Protocol （RFC1058）specifying how routers exchange routing tables information. Click Enable RIP for activating this Vigor2850 Series User’s Guide...
Page 72 Specify a MAC Address – Type in the MAC address for the router manually. Type in the primary IP address for the router. If necessary, DNS Server IP Address type in secondary IP address for necessity in the future. Vigor2850 Series User’s Guide...
Page 73 Index (1-15) in Schedule Setup - You can type in four sets of time schedule for your request. All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. Vigor2850 Series User’s Guide...
Page 74 PPP. If you want to connect to Internet all the time, you can check Always On. Idle Timeout – Set the timeout for breaking down the Internet after passing through the time without any action. Vigor2850 Series User’s Guide...
Page 75 If you have a public subnet, you could assign an IP address or many IP address to the WAN interface. To use Static or Dynamic IP as the accessing protocol of the internet, please click the Static or Dynamic IP tab. The following web page will be shown. Vigor2850 Series User’s Guide...
Page 76 We recommend you to enable this feature if you host a web server for your customers’ access. Normally, this function is designed for Dynamic IP Keep WAN Connection Vigor2850 Series User’s Guide...
Page 77 Router Name: Type in the router name provided by ISP. Domain Name: Type in the domain name that you have assigned. Specify an IP address – Click this radio button to specify some data if you want to use Static IP mode. Vigor2850 Series User’s Guide...
Page 78 DSL modem on the WAN interface. Enable L2TP - Click this radio button to enable a L2TP client to establish a tunnel to a DSL modem on the WAN interface. Vigor2850 Series User’s Guide...
Page 79 IP Address Assignment and would like to utilize them on the WAN interface, please Method(IPCP) use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Vigor2850 Series User’s Guide...
Page 80 Specify an IP address – Click this radio button to specify some data. IP Address – Type the IP address. Subnet Mask – Type the subnet mask. After finishing all the settings here, please click OK to activate them. Vigor2850 Series User’s Guide...
Page 81 3G band or do any special settings. Such value is used to dial through USB mode. Please use Modem Dial String the default value. If you have any question, please contact to your ISP. Vigor2850 Series User’s Guide...
Page 82 IPv6 prefix address (such as: 2001:B010:7300:200::/64) offered by the ISP. In addition, PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix. No need to type any other information for PPP mode. Vigor2850 Series User’s Guide...
Page 83 After getting the IPv6 prefix and starting router advertisement daemon (RADVD), the PC behind this router can directly connect to IPv6 the Internet. Vigor2850 Series User’s Guide...
Page 84 Type the password again to make the confirmation. Confirm Password Type the address for the tunnel broker IP, FQDN or an Tunnel Broker optional port number. – – Available settings are explained as follows: Item Description Vigor2850 Series User’s Guide...
Page 85 DHCPv6 client mode would use DHCPv6 protocol to obtain IPv6 address from server. Available settings are explained as follows: Item Description Choose Prefix Delegation or Non-temporary Address as Identify Association the identify association. Type a number as IAID. IAID Vigor2850 Series User’s Guide...
Page 86 Add – Click it to add a new entry. Delete – Click it to remove an existed entry. Display current interface IPv6 address. Current IPv6 Address Table IPv6 Gateway Address - Type your IPv6 gateway address Static IPv6 Gateway here. Configuration Vigor2850 Series User’s Guide...
Page 87: Multi-Pvcs
Internet Access. Type in the value provided by your ISP. Type in the value provided by your ISP. Select a proper QoS type for the channel. QoS Type Vigor2850 Series User’s Guide...
Page 88 The settings must be applied and obtained from your ISP. For your special request, please contact with your ISP and then click WAN link of Channel 5, 6 or 7 to configure your router. Available settings are explained as follows: Item Description Vigor2850 Series User’s Guide...
Page 89 Select a proper QoS type for the channel according to the QoS Type information that your ISP provides. It represents Peak Cell Rate. The default setting is “0”. It represents Sustainable Cell Rate. The value of SCR must be smaller than PCR. Vigor2850 Series User’s Guide...
Page 90 To identify the usage of PVC, check this box to invoke this Add Tag setting. And type the number for VLAN ID (number). To add the packet priority number for such VLAN. The Priority range is from 0 to 7. Vigor2850 Series User’s Guide...
Page 91: Multi-Vlan
To identify the usage of VLAN, check this box to invoke Add Tag this setting. And type the number for VLAN ID (number). To add the packet priority number for such VLAN. The Priority range is from 0 to 7. Vigor2850 Series User’s Guide...
Page 92 IPTV - It can be specified for IPTV only. If you choose IPTV, the configuration for this VLAN will be effective for IPTV data transmitting and receiving. For other settings, refer to Details Page for PPPoE in WAN1. Vigor2850 Series User’s Guide...
Page 93 Click Clear to remove all the configurations in this page if you do not satisfy it. When you finish the configuration, please click OK to save and exit this page. Or click Cancel to abort the configuration and exit this page. Vigor2850 Series User’s Guide...
Page 94: Load-Balance Policy
Displays the IP address for the start of the destination port. Dest Port Start Displays the IP address for the end of the destination port. Dest Port End Use Up or Down link to move the order of the policy. Move UP/Move Down Vigor2850 Series User’s Guide...
Page 95 Type the destination port start for the destination IP. Dest Port Start Type the destination port end for the destination IP. If this Dest Port End field is blank, it means that all the destination ports will be passed through the WAN interface. Vigor2850 Series User’s Guide...
Page 96: Lan
IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2850 Series User’s Guide...
Page 97 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2850 Series User’s Guide...
Page 98: General Setup
LAN will have different LAN configuration page. Each LAN must be configured in different subnet. IPv6 – Click it to access into the settings page of IPv6. Check the box to link two or more different subnets (LAN Inter-LAN Routing and LAN). Vigor2850 Series User’s Guide...
Page 99 Enable Server - Let the router assign IP address to every host in the LAN. Disable Server – Let you manually assign IP address to every host in the LAN. Enable Relay Agent –Specify which subnet that DHCP Vigor2850 Series User’s Guide...
Page 100 DNS server by establishing a WAN (e.g. DSL/Cable) connection. Force DNS manual setting - Force Vigor router to use DNS servers in this page instead of DNS servers given by the Internet Access server (PPPoE, PPTP, L2TP or DHCP server). Vigor2850 Series User’s Guide...
Page 101 It's used to control the lifetime of the prefix. The maximum value corresponds to 18.2 hours. A lifetime of 0 indicates that the router is not a default router and should not appear on the default router Vigor2850 Series User’s Guide...
Page 102 Prefix Length – Type the fixed value for prefix length. Add – Click it to add a new entry. Delete – Click it to remove an existed entry. Display current used IPv6 addresses. Current IPv6 Address Table Vigor2850 Series User’s Guide...
Page 103 IP address must be 192.168.1.2 or greater, but smaller than 192.168.1.254. IP Pool Counts - Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to. The default is 50 and the maximum is 253. Vigor2850 Series User’s Guide...
Page 104 (Default: 255.255.255.0/ 24) RIP Protocol Control – Disable - deactivate the RIP protocol. It will lead to a stoppage of the exchange of routing information between routers. (Default) Enable – activate the RIP protocol. Vigor2850 Series User’s Guide...
Page 105 Delete – Click it to delete the selected MAC address. Edit – Click it to edit the selected MAC address. Cancel – Click it to cancel the job of adding, deleting and editing. Vigor2850 Series User’s Guide...
Page 106: Static Route
Displays the destination address of the static route. Destination Address Displays the status of the static route. Status Clear all of the settings and return to factory default Set to Factory Default settings. Displays the routing table for your reference. Viewing Routing Table Vigor2850 Series User’s Guide...
Page 107 Clear all of the settings and return to factory default Set to Factory Default settings. Displays the routing table for your reference. Viewing IPv6 Routing Table Click any underline of index number to get the following page. Vigor2850 Series User’s Guide...
Page 108 Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2. Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Vigor2850 Series User’s Guide...
Page 109 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2850 Series User’s Guide...
Page 110: Vlan
P1 – P4 – Check the LAN port(s) to be grouped under the selected VLAN. SSID1 – SSID4 – Check the SSID box(es) for the wireless Wireless LAN clients to be grouped under the selected VLAN. Vigor2850 Series User’s Guide...
Page 111 P3 and P4. VLAN0 and VLAN1 are configured with different subnets. After checking the box to enable VLAN function, you will check the table according to the needs as shown below. To remove VLAN, uncheck the needed box and click OK to save the results. Vigor2850 Series User’s Guide...
Page 112: Bind Ip To Mac
Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below Click this link to select all the items in the ARP table. Select All Reorder the table based on the IP address. Sort Vigor2850 Series User’s Guide...
Page 113: Lan Port Mirror
VLAN at the same time. Third, it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port. Last, it is more convenient and easy to configure in user’s interface. Available settings are explained as follows: Vigor2850 Series User’s Guide...
Page 114: Nat
192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods. Below shows the menu items for NAT. Vigor2850 Series User’s Guide...
Page 115: Port Redirection
To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 20 port-mapping entries for the internal hosts. Press any number under Index to access into next page for configuring port redirection. Vigor2850 Series User’s Guide...
Page 116 IP address in the first box (as the starting point) and the fourth digits in the second box (as the end point). Specify the private port number of the service offered by Private Port the internal host. Vigor2850 Series User’s Guide...
Page 117: Dmz Host
LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc. Vigor2850 Series User’s Guide...
Page 118 Click DMZ Host to open the following page: DMZ Host for WAN2 and WAN3 is slightly different with WAN1. Active True IP selection is available for WAN1 only. See the following figure. Vigor2850 Series User’s Guide...
Page 119 Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. Vigor2850 Series User’s Guide...
Page 120: Open Ports
Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Vigor2850 Series User’s Guide...
Page 121: Address Mapping
IP 192.168.1.10 can use 86.123.123.2 as source IP when it sends packet out to Internet. You can use address mapping function to achieve this demand. Simply type 192.168.1.10 as the Private IP; and type 86.123.123.2 as the WAN IP. Vigor2850 Series User’s Guide...
Page 122 Click the index number link to open the configuration page. Available settings are explained as follows: Item Description Check to enable this entry. Enable Specify the transport layer protocol. It could be TCP, UDP, Protocol or ALL for selection. Vigor2850 Series User’s Guide...
Page 123: Port Triggering
LAN device; with Port Triggering function, the ports will be opened only when specific application triggers the specific ports, and then the needed ports will be opened automatically. Available settings are explained as follows: Item Description Display the text which memorizes the application of this Comment rule. Vigor2850 Series User’s Guide...
Page 124 Enable Choose the predefined service to apply for such trigger Service profile. Type the text to memorize the application of this rule. Comment Select the protocol (TCP, UDP or TCP/UDP) for such Triggering Protocol triggering profile. Vigor2850 Series User’s Guide...
Page 125: Firewall
It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor2850 Series User’s Guide...
Page 126 Vigor router will activate its defense mechanism to mitigate in a real-time manner. The below shows the attack types that DoS/DDoS defense function can detect: Vigor2850 Series User’s Guide...
Page 127: General Setup
Such page allows you to enable / disable Call Filter and Data Filter, determine general rule for filtering the incoming and outgoing data. Available settings are explained as follows: Item Description Check Enable to activate the Call Filter function. Assign a Call Filter start filter set for the Call Filter. Vigor2850 Series User’s Guide...
Page 128 Such page allows you to choose filtering profiles including QoS, Load-Balance policy, WCF, APP Enforcement, URL Content Filter, AI/AV, AS, for data transmission via Vigor router. Vigor2850 Series User’s Guide...
Page 129 Note: When there is no user profile or group profile existed, Create New User or Create New Group item will appear for you to click to create a new one. Vigor2850 Series User’s Guide...
Page 130 For troubleshooting needs, you can specify to record information for Web Content Filter by checking the Log box. It will be sent to Syslog server. Please refer to section Syslog/Mail Alert for more detailed information. Vigor2850 Series User’s Guide...
Page 131 (0~65535). The more the value is, the better the performance will be. However, if the network is not stable, small value will be proper. Session timeout – Setting timeout for sessions can make the best utilization of network resources. Vigor2850 Series User’s Guide...
Page 132: Filter Setup
Set the link to the next filter set to be executed after the Next Filter Set current filter run. Do not make a loop with many filter sets. To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Vigor2850 Series User’s Guide...
Page 133 Applications >> Schedule setup. The default setting of this field is blank and the function will always work. Check this box to clear the sessions when the above Clear sessions when schedule profiles are applied. schedule ON Vigor2850 Series User’s Guide...
Page 134 Group and Objects as the Address Type. From the IP Group drop down list, choose the one that you want to apply. Or use the IP Object drop down list to choose the object that you want. Vigor2850 Series User’s Guide...
Page 135 Don’t care -No action will be taken towards fragmented packets. Unfragmented -Apply the rule to unfragmented packets. Fragmented - Apply the rule to fragmented packets. Too Short - Apply the rule only to packets that are too short to contain a complete header. Vigor2850 Series User’s Guide...
Page 136 Note: When there is no user profile or group profile existed, Create New User or Create New Group item will appear for you to click to create a new one. Vigor2850 Series User’s Guide...
Page 137 For troubleshooting needs, you can specify to record information for Web Content Filter by checking the Log box. It will be sent to Syslog server. Please refer to section Syslog/Mail Alert for more detailed information. Vigor2850 Series User’s Guide...
Page 138 TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web Vigor2850 Series User’s Guide...
Page 139 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2850 Series User’s Guide...
Page 140: Dos Defense
Internet has exceeded the defined value, the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout. The default setting for threshold and timeout are 150 packets per second and 10 seconds, respectively. Vigor2850 Series User’s Guide...
Page 141 Any TCP packet with anomaly flag setting is dropped. Those scanning activities include no flag scan, FIN without ACK scan, SYN FINscan, Xmas scan and full Xmas scan. Check the box to activate the Block Tear Drop function. Block Tear Drop Vigor2850 Series User’s Guide...
Page 142 All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor2850 Series User’s Guide...
Page 143: User Management
Note: If Transparency Mode is selected in Firewall>>General Setup, User Management cannot be used any more. Please uncheck Transparency Mode first if you want to utilize user management to handle users in LAN, WAN or WLAN. Vigor2850 Series User’s Guide...
Page 144: General Setup
User-Based - If you choose such mode, the router will apply the filter rules configured in User Management>>User Profile to the users. Rule-Based –If you choose such mode, the router will apply the filter rules configured in Firewall>>General Setup and Filter Rule to the users. Vigor2850 Series User’s Guide...
Page 145: User Profile
To set the user profile, please click any index number link to open the following page. Notice that profile 1 (admin) and profile 2 (System Reservation) are factory default settings. Profile 2 is reserved for future use. Vigor2850 Series User’s Guide...
Page 146 Firewall can be adopted for such user profile. Create New Policy – If you choose such item, the following page will be popped up for you to define another filter rule as a new policy. Vigor2850 Series User’s Guide...
Page 147 URL (if requested by the user) will be guided automatically by the router. Alert Tool – If it is selected, the user can open Alert Tool and type the user name and password for authentication. A Vigor2850 Series User’s Guide...
Page 148: User Group
Next, the user can access Internet through any browser on Windows. Note that Alert Tool can be downloaded from DrayTek web site. Telnet – If it is selected, the user can use Telnet command to perform the authentication job.
Page 149: User Online Status
User defined profiles will be numbered with 3, 4, 5 and so Selected Keyword Objects Click button to add the selected user objects in this box. This page displays the user(s) connected to the router and refreshes the connection status in an interval of several seconds. Vigor2850 Series User’s Guide...
Page 150 Display the idle timeout setting for such profile. Idle Time Block - can prevent specified user accessing into Internet. Action Unblock – the user will be blocked. Logout – the user will be logged out forcefully. Vigor2850 Series User’s Guide...
Page 151: Objects Settings
IPs in the same department can be defined with an IP object (a range of IP address). You can set up to 192 sets of IP Objects with different conditions. Available settings are explained as follows: Item Description Clear all profiles. Set to Factory Default Vigor2850 Series User’s Guide...
Page 152 Select Range Address if this object contains several IPs within a range. Select Subnet Address if this object contains one subnet for IP address. Select Any Address if this object contains any IP address. Select Mac Address if this object contains Mac address. Vigor2850 Series User’s Guide...
Page 153: Ip Group
Below is an example of IP objects settings. This page allows you to bind several IP objects into one IP group. Available settings are explained as follows: Item Description Vigor2850 Series User’s Guide...
Page 154 All the available IP objects with the specified interface Available IP Objects chosen above will be shown in this box. Click >> button to add the selected IP objects in this box. Selected IP Objects Vigor2850 Series User’s Guide...
Page 155: Ipv6 Object
Clear all profiles. Set to Factory Default Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Type a name for this profile. Maximum 15 characters are Name allowed. Vigor2850 Series User’s Guide...
Page 156 Type the subnet mask if the Subnet Address type is Subnet Mask selected. If it is checked, all the IPv6 addresses except the ones listed Invert Selection above will be applied later while it is chosen. Vigor2850 Series User’s Guide...
Page 157: Ipv6 Group
This page allows you to bind several IPv6 objects into one IPv6 group. Available settings are explained as follows: Item Description Clear all profiles. Set to Factory Default Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Vigor2850 Series User’s Guide...
Page 158: Service Type Object
You can set up to 96 sets of Service Type Objects with different conditions. Available settings are explained as follows: Item Description Clear all profiles. Set to Factory Default Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Vigor2850 Series User’s Guide...
Page 159 (>) – the port number greater than this value is available. (<) – the port number less than this value is available for this profile. Below is an example of service type objects settings. Vigor2850 Series User’s Guide...
Page 160: Service Type Group
This page allows you to bind several service types into one group. Available settings are explained as follows: Item Description Clear all profiles. Set to Factory Default Vigor2850 Series User’s Guide...
Page 161: Keyword Object
Click >> button to add the selected IP objects in this box. Selected Service Type Objects You can set 200 keyword object profiles for choosing as black /white list in CSM >>URL Web Content Filter Profile. Vigor2850 Series User’s Guide...
Page 162 Type the content for such profile. For example, type Contents gambling as Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. Vigor2850 Series User’s Guide...
Page 163: Keyword Group
Available settings are explained as follows: Item Description Clear all profiles. Set to Factory Default Click the number under Index column for setting in detail. Available settings are explained as follows: Item Description Type a name for this group. Name Vigor2850 Series User’s Guide...
Page 164: File Extension Object
Filter. All the files with the extension names specified in these profiles will be processed according to the chosen action. Available settings are explained as follows: Item Description Clear all profiles. Set to Factory Default Click the number under Index column for setting in detail. Vigor2850 Series User’s Guide...
Page 165 Type a name for this profile. Profile Name Type a name for such profile and check all the items of file extension that will be processed in the router. Finally, click OK to save this profile. Vigor2850 Series User’s Guide...
Page 166: Csm Profile
Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Note: The priority of URL Content Filter is higher than Web Content Filter. Vigor2850 Series User’s Guide...
Page 167: App Enforcement Profile
Click the number under Index column for settings in detail. There are four tabs IM, P2P, Protocol and Misc displayed on this page. Each tab will bring out different items that you can choose to disallow people using. Vigor2850 Series User’s Guide...
Page 168 Uncheck all the selected boxes. Clear All The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow. Below shows the items which are categorized under IM. Vigor2850 Series User’s Guide...
Page 169 The items categorized under P2P ----- The items categorized under Misc ----- Vigor2850 Series User’s Guide...
Page 170: Url Content Filter Profile
Click CSM and click URL Content Filter Profile to open the profile setting page. You can set eight profiles as URL content filter. Simply click the index number under Profile to open the following web page. Vigor2850 Series User’s Guide...
Page 171 Control and Web Feature below, such function can determine the priority for the actions executed. For this one, the router will process the packages with the conditions set below for web feature first, then URL second. Vigor2850 Series User’s Guide...
Page 172 In addition, the maximal length of each frame is 32-character long. After specifying keywords, the Vigor router will decline the connection request to the website whose URL string matched to any user-defined keyword. It Vigor2850 Series User’s Guide...
Page 173 Upload – Check the box to block the file upload by way of web page. File Extension Profile – Choose one of the profiles that you configured in Object Setting>> File Extension Objects previously for passing or blocking the file downloading. Vigor2850 Series User’s Guide...
Page 174: Web Content Filter Profile
Note: If you have used Service Activation Wizard to activate WCF service, you can skip this section. WCF adopts the mechanism developed and offered by certain service provider (e.g., DrayTek). No matter activating WCF feature or getting a new license for web content filter, you have to click Activate to satisfy your request.
Page 175 It is recommended for you to use the default setting, Setup Test Server auto-selected. Click it to open http://myvigor.draytek.com for searching Find more another qualified and suitable server. Click this link to do the verification. Test a site to verify whether it is categorized Click this link to retrieve the factory settings.
Page 176 Block - restrict accessing into the corresponding webpage with the characters listed on Group/Object Selections. If the web pages do not match with the specified feature set here, they will be processed with the categories listed on the box below. Vigor2850 Series User’s Guide...
Page 177: Bandwidth Management
To solve the problem, you can use limit session to limit the session procession for specified Hosts. In the Bandwidth Management menu, click Sessions Limit to open the web page. Vigor2850 Series User’s Guide...
Page 178 Disable - Click this button to close the function of limit session. Default session limit - Defines the default session number used for each computer in LAN. Displays a list of specific limitations that you set on this Limitation List web page. Vigor2850 Series User’s Guide...
Page 179 Index (1-15) in Schedule Setup - You can type in four sets Time Schedule of time schedule for your request. All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. Vigor2850 Series User’s Guide...
Page 180: Bandwidth Limit
IP Routed Subnet – Check this box to apply the bandwidth limit to the second subnet specified in LAN>>General Setup. Disable - Click this button to close the function of limit bandwidth. Default TX limit - Define the default speed of the upstream Vigor2850 Series User’s Guide...
Page 181: Quality Of Service
One reason for QoS is that numerous TCP-based applications tend to continually increase their transmission rate and consume all available bandwidth, which is called TCP slow start. If Vigor2850 Series User’s Guide...
Page 182 SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort. In the Bandwidth Management menu, click Quality of Service to open the web page. Vigor2850 Series User’s Guide...
Page 183 WAN interface. As to class rule, simply click the Edit link to access into next for configuration. You can configure general setup for the WAN interface, edit the Class Rule, and edit the Service Type for the Class Rule for your request. Vigor2850 Series User’s Guide...
Page 184 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Available settings are explained as follows: Item Description Vigor2850 Series User’s Guide...
Page 185 Note: The rate of outbound/inbound must be smaller than the real bandwidth to ensure correct calculation of QoS. It is suggested to set the bandwidth value for inbound/outbound as 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. Vigor2850 Series User’s Guide...
Page 186 After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. For adding a new rule, click Add to open the following page. Available settings are explained as follows: Vigor2850 Series User’s Guide...
Page 187 By the way, you can set up to 20 rules for one Class. If you want to edit an existed rule, please select the radio button of that one and click Edit to open the rule edit page for modification. Vigor2850 Series User’s Guide...
Page 188 To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. Vigor2850 Series User’s Guide...
Page 189: Applications
Before you use the Dynamic DNS feature, you have to apply for free DDNS service to the DDNS service providers. The router provides up to three accounts from three different DDNS service providers. Basically, Vigor routers are compatible with the DDNS services supplied by Vigor2850 Series User’s Guide...
Page 190 Account, and choose correct Service Provider: dyndns.org, type the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block. The following two blocks should be typed your account Login Name: test and Password: test. Vigor2850 Series User’s Guide...
Page 191 Type in the password that you set for applying domain. Password The Wildcard and Backup MX (Mail Exchange) features Wildcard and are not supported for all Dynamic DNS providers. You Backup MX could get more detailed information from their websites. Vigor2850 Series User’s Guide...
Page 192: Schedule
Clear all profiles and recover to factory settings. Set to Factory Default Click the number below Index to access into the setting Index page of schedule. Display if this schedule setting is active or inactive. Status Vigor2850 Series User’s Guide...
Page 193 Specify the duration (or period) for the schedule. Idle Timeout How often -Specify how often the schedule will be applied Once -The schedule will be applied just once Weekdays -Specify which days in one week should perform the schedule. Vigor2850 Series User’s Guide...
Page 194: Radius
Check to enable RADIUS client feature. Enable Enter the IP address of RADIUS server Server IP Address The UDP port number that the RADIUS server is using. Destination Port The default value is 1812, based on RFC 2138. Vigor2850 Series User’s Guide...
Page 195: Ldap /Active Directory Setup
In general, such field shall be typed with “cn” or “uid”. It means “Base Distinguished Name”. Type or edit the Base Distinguished Name distinguished name used to look up entries on the LDAP server. Vigor2850 Series User’s Guide...
Page 196: Upnp
The screenshots below show examples of this facility. The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router. The application will also learn the external IP address Vigor2850 Series User’s Guide...
Page 197 Non-privileged users can control some router functions, including removing and adding port mappings. The UPnP function dynamically adds port mappings on behalf of some UPnP-aware applications. When the applications terminate abnormally, these mappings may not be removed. Vigor2850 Series User’s Guide...
Page 198: Igmp
Refresh This field displays the ID port for the multicast group. The Group ID available range for IGMP starts from 224.0.0.0 to 239.255.255.254. It indicates the LAN port used for the multicast group. P1 to P4 Vigor2850 Series User’s Guide...
Page 199: Wake On Lan
Type any one of the MAC address of the bound PCs. MAC Address Click this button to wake up the selected IP. See the Wake Up following figure. The result will be shown on the box. Vigor2850 Series User’s Guide...
Page 200: Short Message Service
Vigor router allows you to set up to 8 SMS profiles which will be sent out according to different conditions. Click any index number line to access into the web page for detailed configuration. Vigor2850 Series User’s Guide...
Page 201 For example, it is set with 60 (seconds). If WAN1 disconnects for three times within 60 seconds, the system will send the SMS notification just for once. Send one SMS to the user just for test. Send a test Message Vigor2850 Series User’s Guide...
Page 202: Vpn And Remote Access
Item Description Choose the client mode. LAN-to-LAN Client Route Mode/NAT Mode – If the remote network only Mode Selection allows you to dial in with single IP, please choose this mode, otherwise please choose Route Mode. Vigor2850 Series User’s Guide...
Page 203 There are 32 VPN profiles for users to set. Please choose a LAN-to-LAN Profile 2. When you finish the mode and profile selection, please click Next to open the following page. Vigor2850 Series User’s Guide...
Page 204 Next. You will see different configurations based on the selection(s) you made. When you choose PPTP (None Encryption) or PPTP (Encryption), you will see the following graphic: When you choose IPSec, you will see the following graphic: Vigor2850 Series User’s Guide...
Page 205 When you choose L2TP over IPSec (Nice to Have) or L2TP over IPSec (Must), you will see the following graphic: Available settings are explained as follows: Item Description Type a name for such profile. The length of the file is Profile Name limited to 10 characters. Vigor2850 Series User’s Guide...
Page 206 Please type one LAN IP address (according to the real Remote Network IP location of the remote host) for building VPN connection. Please type the network mask (according to the real location Remote Network of the remote host) for building VPN connection. Mask Vigor2850 Series User’s Guide...
Page 207 Click this radio button to set another profile of VPN Server Do another VPN through VPN Server Wizard. Server Wizard Setup Click this radio button to access VPN and Remote View more detailed Access>>LAN to LAN for viewing detailed configuration. configuration Vigor2850 Series User’s Guide...
Page 208: Vpn Server Wizard
Site to Site VPN – To set a LAN-to-LAN profile Selection automatically, please choose Site to Site VPN. Remote Dial-in User –You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via VPN connection. Vigor2850 Series User’s Guide...
Page 209 2. After making the choices for the server profile, please click Next. You will see different configurations based on the selection you made. Here we take the examples of choosing Remote-Dial-in User as the VPN Server Mode. Vigor2850 Series User’s Guide...
Page 210 When you check PPTP, you will see the following graphic: When you check PPTP/IPSec/L2TP (three types) or PPTP/IPSec (two types) or L2TP with Policy (Nice to Have/Must), you will see the following graphic: Vigor2850 Series User’s Guide...
Page 211 Please type one LAN IP address (according to the real Remote Network IP location of the remote host) for building VPN connection. Please type the network mask (according to the real location Remote Network of the remote host) for building VPN connection. Mask Vigor2850 Series User’s Guide...
Page 212: Remote Access Control
Enable the necessary VPN service as you need. If you intend to run a VPN server inside your LAN, you should disable the VPN service of Vigor Router to allow VPN tunnel pass through, as well as the appropriate NAT settings, such as DMZ or open port. Vigor2850 Series User’s Guide...
Page 213: Ppp General Setup
40-bit encryption scheme will be applied to encrypt the data. Maximum MPPE - This option indicates that the router will use the MPPE encryption scheme with maximum bits (128-bit) to encrypt the data. Vigor2850 Series User’s Guide...
Page 214: Ipsec General Setup
AH it receives. Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality and protection with optional authentication and replay detection service. Vigor2850 Series User’s Guide...
Page 215 By default, this option is active. High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Vigor2850 Series User’s Guide...
Page 216: Ipsec Peer Identity
Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2850 Series User’s Guide...
Page 217 Click to check the specific fields of digital signature to Accept Subject Name accept the peer with matching value. The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). Vigor2850 Series User’s Guide...
Page 218: Remote Dial-In User
Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2850 Series User’s Guide...
Page 219 L2TP alone or with IPSec. Select from below: None - Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection. Vigor2850 Series User’s Guide...
Page 220 Pre-Shared Key - Check the box of Pre-Shared Key to invoke this function and type in the required characters (1-63) as the pre-shared key. Digital Signature (X.509) – Check the box of Digital Signature to invoke this function and Select one predefined Vigor2850 Series User’s Guide...
Page 221 Once the callback budget is exhausted, the function will be disabled automatically. Callback Budget - Specify the time budget for the dial-in user. The budget will be decreased automatically per callback connection. The default value 0 means no limitation of callback period. Vigor2850 Series User’s Guide...
Page 222: Lan To Lan
4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation. Vigor2850 Series User’s Guide...
Page 223 WAN1 /WAN2 /WAN3 First - While connecting, the router will use WAN1 /WAN2 /WAN3 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead. Vigor2850 Series User’s Guide...
Page 224 VPN tunnel. Type of Server I am calling - PPTP - Build a PPTP VPN Dial-Out Settings connection to the server through the Internet. You should set the identity like User Name and Password below for the Vigor2850 Series User’s Guide...
Page 225 DES without Authentication -Use DES encryption algorithm and not apply any authentication scheme. DES with Authentication-Use DES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. 3DES without Authentication-Use triple DES encryption algorithm and not apply any authentication Vigor2850 Series User’s Guide...
Page 226 2. The default value is inactive this function. Local ID-In Aggressive mode, Local ID is on behalf of the IP address while identity authenticating with remote VPN server. The length of the ID is limited to Vigor2850 Series User’s Guide...
Page 227 Allowed Dial-In Type - Determine the dial-in connection Dial-In Settings with different types. PPTP - Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below. Vigor2850 Series User’s Guide...
Page 228 IPSec Security Method - This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node. Medium- Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active. Vigor2850 Series User’s Guide...
Page 229 The default value is 0.0.0.0, which means the Vigor router will get a remote Gateway PPP IP address from the remote router during the IPCP negotiation phase. If the PPP IP address is fixed by remote side, specify the fixed IP Vigor2850 Series User’s Guide...
Page 230: Vpn Trunk Management
It can assure the network connection not to be cut off due to network environment blocked by any reason. PN TRUNK-VPN Backup mechanism can judge abnormal situation for the environment of VPN server and correct it to complete the backup of VPN Tunnel in real-time. Vigor2850 Series User’s Guide...
Page 231 VPN Tunnels disconnected. Users do not need to reconnect with setting TCP/UDP Service Port again. The VPN Load Balance function can keep the transmission for internal data on tunnel stably Vigor2850 Series User’s Guide...
Page 232 Active - “Yes” means normal condition. ”No” means the state might be disabled or that profile currently is set with Dial-in mode (for call direction) in LAN-to-LAN. Type - Display the connection type for that profile, such as Vigor2850 Series User’s Guide...
Page 233 IPSec(MUST) and so on. Member2 - Display the dial-out profile selected from the Member2 drop down list below. Advanced – This button is only available when there is one or more profiles created in this page. Vigor2850 Series User’s Guide...
Page 234 LAN-to-LAN will be displayed in red. VPN TRUNK – VPN Load Balance mechanism profile will be locked. The profiles in LAN-to-LAN will be displayed in blue. Edit - Click this button to save the changes to the Status Vigor2850 Series User’s Guide...
Page 235 Take a look for LAN-to-LAN profiles. Index 1 is chosen as Member1; index 2 is chosen as Member2. For such reason, LAN-to-LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed. If you delete the VPN TRUNK – VPN Backup/Load Vigor2850 Series User’s Guide...
Page 236 Peer GRE IP. See the following graphic for an example. Later, on peer side (as VPN Client): please type 192.168.50.100 in the field of My GRE IP and type IP address of the server (192.168.50.200) in the field of Peer GRE IP. Vigor2850 Series User’s Guide...
Page 237 Auto Weighted should be 5.5. According to Speed Ratio allows user to adjust suitable rate manually. There are 100 groups of rate ratio for Member1:Member2 (range from 1:99 to Vigor2850 Series User’s Guide...
Page 238 TCP Service Port/UDP Service Port/ICMP/IGMP, such binding tunnel table can be established. This field will display detailed information for Binding Detail Information Tunnel Policy. Below shows a successful binding tunnel Vigor2850 Series User’s Guide...
Page 239 TRUNK backup profiles being activated alternatively. Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. This field will display detailed information for Environment Detail Information Vigor2850 Series User’s Guide...
Page 240: Connection Management
VPN Server IP address). The VPN connection built by Backup Mode supports VPN backup function. Dial - Click this button to execute dial out function. Refresh Seconds - Choose the time for refresh the dial information among 5, 10, and 30. Vigor2850 Series User’s Guide...
Page 241: Certificate Management
Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Below shows the menu items for Certificate Management. Available settings are explained as follows: Item Description Click this button to open Generate Certificate Request Generate window. Vigor2850 Series User’s Guide...
Page 242 Click this button to refresh the information listed below. Refresh Click this button to view the detailed settings for certificate View request. After clicking Generate, the generated information will be displayed on the window below: Vigor2850 Series User’s Guide...
Page 243: Trusted Ca Certificate
For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2850 Series User’s Guide...
Page 244: Certificate Backup
The more bandwidth a codec uses the better the voice quality, however the codec used must be appropriate for your Internet bandwidth. Usually there will be two types of calling scenario, as illustrated below: Vigor2850 Series User’s Guide...
Page 245 QoS Assurance assists to assign high priority to voice traffic via Internet. You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic. Vigor2850 Series User’s Guide...
Page 246: Dialplan
Note: If the incoming or outgoing calls do not match any entry on the phonebook, the router will try to make the call "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2850 Series User’s Guide...
Page 247 Available settings are explained as follows: Item Description Click this to enable this entry. Enable The speed-dial number of this index. This can be any Phone Number number you choose, using digits 0-9 and * . Vigor2850 Series User’s Guide...
Page 248 For the convenience of user, this page allows users to edit prefix number for the SIP account with adding number, stripping number or replacing number. It is used to help user having a quick and easy way to dial out through VoIP interface. Vigor2850 Series User’s Guide...
Page 249 7 and 9, that number can apply the prefix number settings here. Set the maximum length of the dial number for applying the Max Len prefix number settings. Choose the one that you want to enable the prefix number Route Vigor2850 Series User’s Guide...
Page 250 Call barring is used to block phone calls coming from the one that is not welcomed. Click any index number to display the dial plan setup page. Available settings are explained as follows: Item Description Check it to enable this entry. Enable Vigor2850 Series User’s Guide...
Page 251 For Block Unknown Domain – this function can block incoming calls (through Phone port) from unrecognized domain that is not specified in SIP accounts. Such control also can be done based on preconfigured schedules. Vigor2850 Series User’s Guide...
Page 252 Vigor2850 Series User’s Guide...
Page 253 You have finished an incoming phone call, however you Last Call Return [In] want to call back again for some reason. Please dial number typed in this field to call back to that one. Vigor2850 Series User’s Guide...
Page 254 IP address. Dial the number typed in this field to release this function. Block IP Calls [Deact] Dial the number typed in this field to block the last Block Last Calls [Act] incoming phone call. Vigor2850 Series User’s Guide...
Page 255: Sip Accounts
As Vigor VoIP Router is turned on, it will first register with Registrar using AuthorizationUser@Domain/Realm. After that, your call will be bypassed by SIP Proxy to the destination using AccountName@Domain/Realm as identity. Note: Selection items for Ring Port will differ according to the router you have. Vigor2850 Series User’s Guide...
Page 256 SIP server successfully. – means the account is failed to register on SIP server. Type in the IP address or domain of the STUN server. STUN Server Type in the gateway IP address. External IP Vigor2850 Series User’s Guide...
Page 257 Some SIP server allows user to use VoIP function without registering. For such server, please check the box of Call without Registration. Choosing Auto is recommended. The system will select a proper way for your VoIP call. Vigor2850 Series User’s Guide...
Page 258 Stun – Choose this option if there is Stun server provided for your router. Manual – Choose this option if you want to specify an external IP address as the NAT transversal support. Nortel – If the soft-switch that you use supports Nortel Vigor2850 Series User’s Guide...
Page 259 Single Codec – If the box is checked, only the selected Codec will be applied. The amount of data contained in a single packet. The Packet Size default value is 20 ms, which means the data packet will contain 20 ms voice information. Vigor2850 Series User’s Guide...
Page 260 This function can detect if the voice on both sides is active Voice Active Detector or not. If not, the router will do something to save the bandwidth for other using. Click On to invoke this function; click off to close the function. Vigor2850 Series User’s Guide...
Page 261: Phone Settings
Dynamic RTP Port End - Specifies the end port for RTP stream. The default value is 15000. RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Vigor2850 Series User’s Guide...
Page 262 Hotline for dialing automatically when you pick up the phone set. Check the box to enable the function. In the limited time Session Timer that you set in this field, if there is no response, the Vigor2850 Series User’s Guide...
Page 263 ID type automatically. Or you can adjust tone settings manually if you choose User Defined. TOn1, TOff1, TOn2 and TOff2 mean the cadence of the tone pattern. TOn1 and TOn2 represent sound-on; TOff1 and TOff2 represent the sound-off. Vigor2850 Series User’s Guide...
Page 264 If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2850 Series User’s Guide...
Page 265 DTMF Mode – There are four DTMF modes for you to DTMF choose. InBand - Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone. Vigor2850 Series User’s Guide...
Page 266: Status
From this page, you can find codec, connection and other important call status for each port. Available settings are explained as follows: Item Description Specify the interval of refresh time to obtain the latest VoIP Refresh Seconds calling information. The information will update immediately when the Refresh button is clicked. Vigor2850 Series User’s Guide...
Page 267: Isdn
Note: This function is used for “i” model. ISDN means integrated services digital network that is an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires. Below shows the menu items for ISDN. Vigor2850 Series User’s Guide...
Page 268: General Settings
Blocked MSN Numbers the router from dialing the specific MSN number. for the router MSN Numbers mean that the router is able to accept only MSN Numbers for the number-matched incoming calls. In addition, local ISDN Vigor2850 Series User’s Guide...
Page 269: Dial To A Single/Dual Isps
Internet access according to the preconfigured schedules. Refer to section Applications>>Schedule for detailed configuration. There are three link types provided here PPP/MP Setup Link Type – for different purpose. Link Disable disables the ISDN Vigor2850 Series User’s Guide...
Page 270 ISPs at the same time. This is mainly for those ISPs that do not support Multiple-Link PPP (ML-PPP). In such cases, dialing to two ISPs can increase the bandwidth utilization of the ISDN channels to 128kbps data speed. Vigor2850 Series User’s Guide...
Page 271 ISPs provide a dynamic IP address for the router when it connects to the ISP. If your ISP provides a fixed IP address, check Yes and enter the IP address in the field of Fixed IP Address. Vigor2850 Series User’s Guide...
Page 272 To have an ISDN connection, please click this link. Now, the system will guide you to click Dial ISDN. Wait for a moment after clicking the dial link. Then, a successful ISDN connection will be shown as the following. Vigor2850 Series User’s Guide...
Page 273: Call Control
Basic Setup (64Kbps/per channel), you can specify whether you would like to have single B channel, two B channels or BOD (Bandwidth on Demand). Four options are available: Link Disable, Dialup 64Kbps, Dialup 128Kbps, Dialup BOD. Vigor2850 Series User’s Guide...
Page 274: Wireless Lan
LAN cable or drilling holes everywhere. Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access. Vigor2850 Series User’s Guide...
Page 275 WPA (Wi-Fi Protected Access), the most dominating security mechanism in industry, is separated into two categories: WPA-personal or called WPA Pre-Share Key (WPA/PSK), and WPA-Enterprise or called WPA/802.1x. Vigor2850 Series User’s Guide...
Page 276: General Setup
Below shows the menu items for Wireless LAN. By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Vigor2850 Series User’s Guide...
Page 277 At present, the router can connect to 11n Only, 11g Only, Mode Mixed (11b+11g), Mixed (11a+11n), Mixed (11g+11n), and Mixed (11b+11g+11n) stations simultaneously. Simply choose Mixed (11b+11g+11n) mode. In which, 802.11b/g operates on 2.4G band, 802.11a operates on 5G band, and 802.11n operates on either 2.4G Vigor2850 Series User’s Guide...
Page 278 Means the identification of the wireless LAN. SSID can be SSID any text numbers or various special characters. The default SSID is "DrayTek”. We suggest you to change it. VPN – Check this box to make the wireless clients Isolate (stations) with different VPN not accessing for each other.
Page 279 It controls the data transmission rate through wireless Rate Control connection. Upload – Check Enable and type the transmitting rate for data upload. Default value is 30,000 kbps. Download – Type the transmitting rate for data download. Default value is 30,000 kbps. Vigor2850 Series User’s Guide...
Page 280: Security
Internet through such router, please input the default PSK value for connection. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WPA and WEP. Available settings are explained as follows: Item Description Vigor2850 Series User’s Guide...
Page 281 Pre-Shared Key (PSK) - Either 8~63 ASCII characters, such as 012345678..(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). 64-Bit - For 64 bits WEP key, either 5 ASCII characters, such as 12345 (or 10 hexadecimal digitals leading by 0x, Vigor2850 Series User’s Guide...
Page 282: Access Control
SSID and the MAC addresses applied to their lists. Available settings are explained as follows: Item Description Select to enable the MAC Address filter for wireless LAN Enable Mac Address identified with SSID 1 to 4 respectively. All the clients Filter Vigor2850 Series User’s Guide...
Page 283: Wps
He/she only needs to press a button on wireless client, and WPS will connect for client and router automatically. There are two methods to do network connection through WPS between AP and Stations: pressing the Start PBC button or using PIN Code. Vigor2850 Series User’s Guide...
Page 284 For WPS is supported in WPA-PSK or WPA2-PSK mode, if you do not choose such mode in Wireless LAN>>Security, you will see the following message box. Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Vigor2850 Series User’s Guide...
Page 285 Start PIN button. The WPS PinCode LED on the router will blink fast when WPS is in progress. It will return to normal condition after two minutes. (You need to setup WPS within two minutes) Vigor2850 Series User’s Guide...
Page 286: Wds
The application for the WDS-Repeater mode is depicted as below: The major difference between these two modes is that: while in Repeater mode, the packets received from one peer AP can be repeated to another peer AP through WDS links. Yet in Vigor2850 Series User’s Guide...
Page 287 Bridge 2 through WDS links. However, hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2. Click WDS from Wireless LAN menu. The following page will be shown. Available settings are explained as follows: Vigor2850 Series User’s Guide...
Page 288 Click Enable to make this router serving as an access point; Access Point Function click Disable to cancel this function. It allows user to send “hello” message to peers. Yet, it is Status valid only when the peer also supports this function. Vigor2850 Series User’s Guide...
Page 289: Advanced Setting
Aggregation MSDU can Aggregation MSDU sizes. It is used for improving MAC layer’s performance for some brand’s clients. The default setting is Enable. Vigor2850 Series User’s Guide...
Page 290: Wmm Configuration
1 to 15. Be aware that CWMax value must be greater than CWMin or equals to CWMin value. Both values will influence the time delay for WMM accessing categories. The difference between AC_VI and AC_VO Vigor2850 Series User’s Guide...
Page 291: Ap Discovery
This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found. Please click Scan to discover all the connected APs. Vigor2850 Series User’s Guide...
Page 292: Station List
Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Vigor2850 Series User’s Guide...
Page 293: Web Portal Log-In
Internet or the desired web page through this router. That is, a company which wants to have an advertisement for its products to the users, can specify the URL in this page to reach its goal. Vigor2850 Series User’s Guide...
Page 294: Usb Application
Vigor router and username/password created in USB Application>>USB User Management on the client software. Then, the client can use the FTP site (USB storage disk) or share the Samba service through Vigor router. Vigor2850 Series User’s Guide...
Page 295: Usb General Settings
Default Charset is for English based file name. Click Enable to invoke samba service via the router. Samba Service Settings LAN Only – Users coming from internet cannot connect to Access Mode the samba server of the router. Vigor2850 Series User’s Guide...
Page 296: Usb User Management
USB storage disk must type the same username and password configured in this page. Before adding or modifying settings in this page, please insert a USB storage disk first. Otherwise, an error message will appear to warn you. Vigor2850 Series User’s Guide...
Page 297 USB storage disk. Note: When write protect status for the USB storage disk is ON, you cannot type any new folder name in this field. Only “/” can be used in such case. Vigor2850 Series User’s Guide...
Page 298 Directory –Check the items (List, Create and Remove) for such profile. Before you click OK, you have to insert a USB storage disk into the USB interface of the Vigor router. Otherwise, you cannot save the configuration. Vigor2850 Series User’s Guide...
Page 299: File Explorer
Vigor router. If you want to remove the storage disk from USB port in router, please click Disconnect USB Disk first. And then, remove the USB storage disk later. Available settings are explained as follows: Vigor2850 Series User’s Guide...
Page 300: Syslog Explorer
Check this box to enable the function of Web Syslog. Enable Web Syslog Use the drop down list to specify a type of Syslog to be Syslog Type displayed. There are two modes for you to choose. Display Mode Vigor2850 Series User’s Guide...
Page 301 This page displays the syslog recorded on the USB storage disk. Available settings are explained as follows: Item Description Display the time of the event occurred. Time Display the type of the record. Log Type Display the information for each event. Message Vigor2850 Series User’s Guide...
Page 302: System Maintenance
Available settings are explained as follows: Item Description Display the model name of the router. Model Name Display the firmware version of the router. Firmware Version Display the date and time of the current firmware build. Build Date/Time Vigor2850 Series User’s Guide...
Page 303: 293
- Display the VoIP profile for the phone port. In/Out - Display the number of incoming /outgoing phone call. This device supports TR-069 standard. It is very convenient for an administrator to manage a Auto Configuration Server, e.g., TR-069 device through an VigorACS. Vigor2850 Series User’s Guide...
Page 304 The default setting is Enable. Please set interval time or Periodic Inform Settings schedule time for the router to send notification to CPE. Or click Disable to close the mechanism of notification. The default is Disable. If you click Enable, please type the STUN Settings Vigor2850 Series User’s Guide...
Page 305: Administrator Password
Type in new password in this field. New Password Type in the new password again. Confirm Password When you click OK, the login window will appear. Please use the new password to access into the web configurator again. Vigor2850 Series User’s Guide...
Page 306: User Password
Type in new password in this field. Password Type in the new password again. Confirm Password When you click OK, the login window will appear. Please use the new password to access into the web configurator again. Vigor2850 Series User’s Guide...
Page 307: Configuration Backup
Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. Vigor2850 Series User’s Guide...
Page 308 Click Browse button to choose the correct configuration file for uploading to the router. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. Vigor2850 Series User’s Guide...
Page 309: Syslog/Mail Alert
Mail Syslog – Check the box to recode the mail event on Syslog. Enable syslog message - Check the box listed on this web page to send the corresponding message of firewall, VPN, User Access, Call, WAN, Router/DSL information to Vigor2850 Series User’s Guide...
Page 310 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2850 Series User’s Guide...
Page 311 Vigor2850 Series User’s Guide...
Page 312: Time And Date
Check the box to enable the daylight saving. Such feature is Enable Daylight Saving available for certain area. Select a time interval for updating from the NTP server. Automatically Update Interval Click OK to save these settings. Vigor2850 Series User’s Guide...
Page 313: Management
A maximum of three IPs/subnet masks is allowed. List IP - Indicate an IP address allowed to login to the router. Subnet Mask - Represent a subnet mask allowed to login to the router. Vigor2850 Series User’s Guide...
Page 314 Enable PING from the Internet - Check the checkbox to enable all PING packets from the Internet. For security issue, this function is disabled by default. You could specify that the system administrator can only Access List Vigor2850 Series User’s Guide...
Page 315: Reboot System
Note: When the system pops up Reboot System web page after you configure web settings, please click Reboot Now to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2850 Series User’s Guide...
Page 316: Firmware Upgrade
Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com.
Page 317: Activation
The Activate link brings you accessing into Activate www.vigorpro.com to finish the activation of the account and the router. As for authentication information of web filter, the process Authentication Message of authenticating will be displayed on this field for your reference. Vigor2850 Series User’s Guide...
Page 318 Below shows the successful activation of Web Content Filter: Vigor2850 Series User’s Guide...
Page 319: Diagnostics
(e.g., PPPoE) is triggered by a package sending from the source IP address. Available settings are explained as follows: Item Description It shows the source IP address (local), destination IP Decoded Format (remote) address, the protocol and length of the package. Click it to reload the page. Refresh Vigor2850 Series User’s Guide...
Page 320: Routing Table
Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Vigor2850 Series User’s Guide...
Page 321: Ipv6 Neighbour Table
IPv6 address. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click IPv6 Neighbour Table to open the web page. Available settings are explained as follows: Item Description Click it to reload the page. Refresh Vigor2850 Series User’s Guide...
Page 322: Dhcp Table
DHCP assigned IP address for it. It displays the leased time of the specified PC. Leased Time It displays the host ID name of the specified PC. HOST ID Click it to reload the page. Refresh Vigor2850 Series User’s Guide...
Page 323: Nat Sessions Table
It indicates the temporary port of the router used for NAT. #Pseudo Port It indicates the destination IP address and port of remote Peer IP:Port host. It displays the representing number for different interface. Interface Click it to reload the page. Refresh Vigor2850 Series User’s Guide...
Page 324: Ping Diagnosis
Use the drop down list to choose the WAN interface that Ping through you want to ping through or choose Unspecified to be determined by the router automatically. Use the drop down list to choose the destination that you Ping to Vigor2850 Series User’s Guide...
Page 325: Data Flow Monitor
Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page. You can click IP Address, TX rate, RX rate or Session link for arranging the data display. Vigor2850 Series User’s Guide...
Page 326 Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General Setup. If you do not specify any rate at that page, here will display Auto for instead. Vigor2850 Series User’s Guide...
Page 327: Traffic Graph
WAN1/WAN2/WAN3Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2850 Series User’s Guide...
Page 328: Trace Route
Simply type the IP address of the host in the box and click Run. The result of route trace will be shown on the screen. Available settings are explained as follows: Item Description Click one of them to display corresponding information for IPv4 / IPv6 Vigor2850 Series User’s Guide...
Page 329 It indicates the IP address of the host. Host/IP Address It indicates the IPv6 address of the host. Trace Host/IP Address Click this button to start route tracing work. Click this link to remove the result on the window. Clear Vigor2850 Series User’s Guide...
Page 330: Web Firewall Syslog
Always record the new event – only the newest events will be recorded by the system. Display the time of the event occurred. Time Display the information for each event. Message Vigor2850 Series User’s Guide...
Page 331: Tspc Status
If TSPC has configured properly, the router will display the following page when the user connects to tunnel broker successfully. Available settings are explained as follows: Item Description Click this link to refresh this page manually. Refresh Vigor2850 Series User’s Guide...
Page 332: External Devices
This page allows you to enable or disable the function of detecting external devices. Available settings are explained as follows: Item Description Check this box to detect the external device automatically External Device Auto and display on this page. Discovery Vigor2850 Series User’s Guide...
Page 333: Application And Examples
TSPC, AICCU, DHCPv6 Client and Static IPv6. Access into the web configurator of Viogr2850. Open WAN>> Internet Access. Choose one of the WAN interfaces as the one supporting IPv6 service. Then, click the IPv6 button of the selected WAN. Vigor2850 Series User’s Guide...
Page 334 PPP – Dual Stack application, IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4. Access into the setting page for IPv6 service, it is not necessary for you to configure anything. Vigor2850 Series User’s Guide...
Page 335 Click OK and open Online Status. If the connection is successful, you will get the IP address for IPv4 and IPv6 at the same time. Vigor2850 Series User’s Guide...
Page 336 (In the following figure, the TSPC information is obtained from http://gogo6.com/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2850 Series User’s Guide...
Page 337 (In the following figure, the AICCU information is obtained from https://www.sixxs.net/main/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2850 Series User’s Guide...
Page 338 DHCPv6 Client Choose DHCPv6 Client. Click one of the identity associations and type the IAID number. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2850 Series User’s Guide...
Page 339 Static IPv6 Choose Static IPv6. Type IPv6 address, Prefix Length and Gateway Address. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2850 Series User’s Guide...
Page 340 In the field of HCPv6 Server Configuration, when DHCPv6 service is enabled, you can assign available IPv6 address for the client manually. Note: When both mechanisms are enabled, the client can determine which mechanism to be used (e.g., the default mechanism for Windows7 is RADVD). Vigor2850 Series User’s Guide...
Page 341 IPv4 IP and IPv6 IP services. Its IPv6 address is seen with a format of 2001:200:dff:fff1:216:3eff:feb1:44d7. After getting the above message, it means the IPv6 service has been activated successfully. Vigor2850 Series User’s Guide...
Page 342 If not, only a steady turtle will be seen. If you can see a turtle dancing on the screen, that means IPv6 service is ready for you to access and utilize. Vigor2850 Series User’s Guide...
Page 343: How Can I Get The Files From Usb Storage Device Connecting To Vigor Router
Setup a user account for the FTP service by using USB Application >>USB User Management. Click Enable to enable FTP/Samba User account. Here we add a new account "user1" and assign authorities “Read”, “Write” and “List” to it. Vigor2850 Series User’s Guide...
Page 344 Click OK to save the configuration. Make sure the FTP service is running properly. Please open a browser and type ftp://192.168.1.1. Use the account "user1" to login. Vigor2850 Series User’s Guide...
Page 345 Now, users in LAN of Vigor2710 can access into the USB storage device by typing ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management. Vigor2850 Series User’s Guide...
Page 346: Create A Lan-To-Lan Connection Between Remote Office And Headquarter
For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2850 Series User’s Guide...
Page 347 Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. Vigor2850 Series User’s Guide...
Page 348 Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Vigor2850 Series User’s Guide...
Page 349 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2850 Series User’s Guide...
Page 350 PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2850 Series User’s Guide...
Page 351 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2850 Series User’s Guide...
Page 352 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2850 Series User’s Guide...
Page 353 Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2850 Series User’s Guide...
Page 354: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter
PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2850 Series User’s Guide...
Page 355 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2850 Series User’s Guide...
Page 356 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.DrayTek.com download center. Install as instructed.
Page 357 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2850 Series User’s Guide...
Page 358: Qos Setting Example
HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in the restroom. Go to Bandwidth Management>>Quality of Service. Click Setup link of WAN(1/2/3). Make sure the QoS Control on the left corner is checked. And select BOTH in Direction. Vigor2850 Series User’s Guide...
Page 359 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the name “E-mail” for Class 1. Vigor2850 Series User’s Guide...
Page 360 POP3 and SMTP. Return to previous page. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserved bandwidth for HTTPS. And click OK. Click Setup link for WAN2. Vigor2850 Series User’s Guide...
Page 361 Chapter 3 VPN for detail instruction), he may set up an index for it. Enter the Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. 10. Click Edit to open a new window. Vigor2850 Series User’s Guide...
Page 362 11. Click Add to open the following window. Check the ACT box, first. 12. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK. Vigor2850 Series User’s Guide...
Page 363: Upgrade Firmware For Your Router
3. Access into Support >> Downloads. Please find out Utility menu and click it. 4. Click on the link of Router Tools to download the file. After downloading the files, please decompressed the file onto your host. Vigor2850 Series User’s Guide...
Page 364 You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need. Vigor2850 Series User’s Guide...
Page 365 The web page also can guide you to upgrade firmware. Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com.
Page 366: Request A Certificate From A Ca Server On Windows Ca Server
Go to Certificate Management and choose Local Certificate. Vigor2850 Series User’s Guide...
Page 367 Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Vigor2850 Series User’s Guide...
Page 368 IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. Vigor2850 Series User’s Guide...
Page 369 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2850 Series User’s Guide...
Page 370: Request A Ca Certificate And Set As Trusted On Windows Ca Server
Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2850 Series User’s Guide...
Page 371 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2850 Series User’s Guide...
Page 372: Creating An Account For Myvigor
The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Anti-Spam, Web Content Filter, Anti-Intrusion, and etc.) to filtering the web pages for the sake of protecting your system. To access into MyVigor for getting more information, please create an account for MyVigor.
Page 373 2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. Check to confirm that you accept the Agreement and click Accept. Vigor2850 Series User’s Guide...
Page 374 5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue. Vigor2850 Series User’s Guide...
Page 375 New Account Confirmation Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2850 Series User’s Guide...
Page 376: Creating An Account Via Myvigor Web Site
11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
Page 377 2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue. Vigor2850 Series User’s Guide...
Page 378 New Account Confirmation Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2850 Series User’s Guide...
Page 379 UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. Vigor2850 Series User’s Guide...
Page 380 This page is left blank. Vigor2850 Series User’s Guide...
Page 381: Trouble Shooting
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2850 Series User’s Guide...
Page 382 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2850 Series User’s Guide...
Page 383 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2850 Series User’s Guide...
Page 384: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2850 Series User’s Guide...
Page 385: Checking If The Isp Settings Are Ok Or Not
PIN code and try again. If it still fails, it might be the compliance problem of system. Please open DrayTek Syslog Tool to capture the connection information (WAN Log) and send the page (similar to the following graphic) to the service center of DrayTek.
Page 386: Backing To Factory Default Setting If Necessary
Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click Reboot Now. After few seconds, the router will return all the settings to the factory settings. Vigor2850 Series User’s Guide...
Page 387: Contacting Your Dealer
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@DrayTek.com. Vigor2850 Series User’s Guide...

This manual is also suitable for:

Vigor2850n Vigor2850vn Vigor2850i

Draytek Vigor2850 Series User Manual

Quick Links

Related Manuals for Draytek Vigor2850 Series

Summary of Contents for Draytek Vigor2850 Series