Page 2 Vigor2830 Series User’s Guide...
Page 3 Vigor2830 Series ADSL2+ Security Firewall User’s Guide Version: 2.3 Firmware Version: V3.6.7 Date: May 6, 2014 Vigor2830 Series User’s Guide...
Page 4 Web registration is preferred. You can register your Vigor router via Owner http://www.DrayTek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be regularly Updates upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.
Page 5 Product: Vigor2830 Series Router DrayTek Corp. declares that Vigor2830 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class B and EN55024/Class B.
Page 6 Vigor2830 Series User’s Guide...
Page 7: Table Of Contents
3.1.1 Basics of Internet Protocol (IP) Network................. 63 3.1.2 General Setup......................... 65 3.1.3 Internet Access ....................... 71 3.1.4 Multi-PVCs........................98 3.2 LAN ............................. 103 3.2.1 Basics of LAN ....................... 103 3.2.2 General Setup....................... 105 3.2.3 Static Route ........................114 Vigor2830 Series User’s Guide...
Page 8 3.10 Applications ........................223 3.10.1 Dynamic DNS ......................223 3.10.2 LAN DNS ........................226 3.10.3 Schedule........................228 3.10.4 RADIUS ........................231 3.10.5 Active Directory/LDAP ....................232 3.10.6 UPnP........................... 235 3.10.7 IGMP........................... 237 3.10.8 Wake on LAN......................238 Vigor2830 Series User’s Guide viii...
Page 9 3.17.1 System Status......................335 3.17.2 TR-069 ........................337 3.17.3 Admin Setting ......................338 3.17.4 User Password ......................340 3.17.5 Login Page Greeting....................343 3.17.6 Configuration Backup ....................344 3.17.7 Syslog/Mail Alert ......................346 3.17.8 Time and Date ......................348 Vigor2830 Series User’s Guide...
Page 10 4.14 How to Implement the LDAP/AD Authentication for User Management?......430 4.15 How to Implement the LDAP/AD Authentication for VPN? ..........433 4.16 How to Setup Address Mapping..................436 4.17 How to setup Load Balance for Packets? ................. 440 Vigor2830 Series User’s Guide...
Page 11 5.4 Checking If the ISP Settings are OK or Not ................ 448 5.5 Problems for 3G Network Connection ................448 5.6 Backing to Factory Default Setting If Necessary ..............449 5.7 Contacting DrayTek......................450 Appendix I: VLAN Applications on Vigor Router ............451 Appendix II: Release Note.....................459 Vigor2830 Series User’s Guide...
Page 13: Introduction
Vigor2830 series is an ADSL2+ router. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DES, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 32 VPN tunnels.
Page 14: Led Indicators And Connectors
The port is connected. WAN 2 (Giga) (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2830 Series User’s Guide...
Page 15 Connecters for local networked devices. Connecter for accessing the Internet through ADSL2/2+. WAN2(Giga) Connecters for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2830 Series User’s Guide...
Page 16: For Vigor2830N/ Vigor2830N-Plus
The port is connected. WAN 2 (Giga) (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2830 Series User’s Guide...
Page 17 Connecters for local network devices. Connecter for accessing the Internet through ADSL2/2+. WAN2(Giga) Connecters for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2830 Series User’s Guide...
Page 18: For Vigor2830Vn/Vigor2830Vn-Plus
The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Left LED The port is connected. WAN2 (Giga) (Green) The port is disconnected. Blinking The data is transmitting. Vigor2830 Series User’s Guide...
Page 19 Connecters for local networked devices. Connecter for accessing the Internet through ADSL2/2+. WAN2(Giga) Connecters for remote networked devices. Connecter for a USB device (for 3G USB Modem or printer). Connecter for a power adapter. Power Switch. ON/OFF Vigor2830 Series User’s Guide...
Page 20: Hardware Installation
Power on the device by pressing down the power switch on the rear panel. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. (For the hardware connection, we take “Vn” model as an example.) Vigor2830 Series User’s Guide...
Page 21: Printer Installation
You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows 7. For installation on other Windows systems, please visit www.DrayTek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
Page 22 A dialog will appear. Click Add a local printer and click Next. In this dialog, choose Create a new port. In the field of Type of port, use the drop down list to select Standard TCP/IP Port. Then, click Next. Vigor2830 Series User’s Guide...
Page 23 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Hostname or IP Address and type 192.168.1.1 as the Port name. Then, click Next. Click Standard and choose Generic Network Card. Vigor2830 Series User’s Guide...
Page 24 Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next. Type a name for the chosen printer. Click Next. Vigor2830 Series User’s Guide...
Page 25 10. Choose Do not share this printer and click Next. 11. Then, in the following dialog, click Finish. Vigor2830 Series User’s Guide...
Page 26 12. The new printer has been added and displayed under Printers and Faxes. Click the new printer icon and click Printer server properties. 13. Edit the property of the new printer you have added by clicking Configure Port. Vigor2830 Series User’s Guide...
Page 27 14. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name. The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router. Vigor2830 Series User’s Guide...
Page 28: Accessing Web Page
If you do not know whether your printer is supported or not, please visit www.DrayTek.com to find out the printer list. Open Support >FAQ; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.
Page 29: Changing Password
Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. Please type “admin/admin” as the Username/Password and click Login. Go to System Maintenance page and choose Admin Setting. Vigor2830 Series User’s Guide...
Page 30 Enter the login password (the default is blank) on the field of Old Password. Type New Password. Then click OK to continue. Now, the password has been changed. Next time, use the new password to access the Web user interface for this router. Vigor2830 Series User’s Guide...
Page 31: Online Status
Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. Detailed explanation (for IPv4) is shown below: Vigor2830 Series User’s Guide...
Page 32 Enable – No in red means such interface is available but not enabled. Yes in green means such interface is enabled. No in red means such interface is not available. Mode - Displays the type of WAN connection (e.g., TSPC). Vigor2830 Series User’s Guide...
Page 33: Virtual Wan
Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2830 Series User’s Guide...
Page 34 This page is left blank. Vigor2830 Series User’s Guide...
Page 35: Quick Setup
On the next page as shown below, please select the WAN interface that you use. If DSL interface is used, please choose WAN1; if Ethernet interface is used, please choose WAN2; if 3G USB modem is used, please choose WAN3. Then click Next for next step. Vigor2830 Series User’s Guide...
Page 36: For Wan1 (Adsl)
All the users over the Ethernet can share a common connection. PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode. Vigor2830 Series User’s Guide...
Page 37 Type in secondary IP address for necessity in the future. Back Click it to return to previous setting page. Next Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. Vigor2830 Series User’s Guide...
Page 38 Click it to get into the next setting page. Next Cancel Click it to give up the quick start wizard. Please manually enter the Username/Password provided by your ISP. Then click Next for viewing summary of such connection. Vigor2830 Series User’s Guide...
Page 39 Now, you can enjoy surfing on the Internet. Choose WAN1 as WAN Interface and click the Next button; you will get the following page. Choose 1483 Bridged IP /1483 Routed IP as the protocol. Available settings are explained as follows: Item Description Vigor2830 Series User’s Guide...
Page 40 Then click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2830 Series User’s Guide...
Page 41: For Wan2 (Ethernet)
Ethernet can share a common connection. PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode. Vigor2830 Series User’s Guide...
Page 42 Type a valid password provided by the ISP. Password Confirm Password Retype the password. Back Click it to return to previous setting page. Next Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. Vigor2830 Series User’s Guide...
Page 43 Now, you can enjoy surfing on the Internet. Choose WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Vigor2830 Series User’s Guide...
Page 44 Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. Please type in the IP address/mask/gateway information originally provided by your ISP. Then click Next for viewing summary of such connection. Vigor2830 Series User’s Guide...
Page 45 Now, you can enjoy surfing on the Internet. Choose WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Vigor2830 Series User’s Guide...
Page 46 Type in secondary IP address for necessity in the future. Back Click it to return to previous setting page. Next Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. Vigor2830 Series User’s Guide...
Page 47 Please type in the IP address information originally provided by your ISP. Then click Next for next step. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2830 Series User’s Guide...
Page 48 Some Cable service providers specify a specific MAC address for access authentication. In such cases you need to enter the MAC address. Back Click it to return to previous setting page. Next Click it to get into the next setting page. Vigor2830 Series User’s Guide...
Page 49 After finished the settings above, click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2830 Series User’s Guide...
Page 50: For Wan3 (Usb)
Internet. The maximum length of the pin code you can set is 15 characters. Modem Initial String – Such value is used to initialize USB modem. Please use the default value. If you have any Vigor2830 Series User’s Guide...
Page 51 Then, click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2830 Series User’s Guide...
Page 52: Service Activation Wizard
Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com. For using Web Content Filter Profile, please refer to later section Web Content Filter Profile for detailed information.
Page 53 When you finish the selection, please click Next. Commtouch is the web content filter based on Commtouch operated in the worldwide. There is a 30-day trial period. After trial, you can purchase DrayTek's prepared Commtouch GlobalView WCF package from retailing outlets.
Page 54 Note: The service will be activated and applied as the default rule configured in Firewall>>General Setup. Now, the web page will display the service that you have activated according to your selection(s). The valid time for the free trial of these services is one month. Vigor2830 Series User’s Guide...
Page 55 Later, if you need to extend the license valid time for the same service, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next. Vigor2830 Series User’s Guide...
Page 56: Vpn Client Wizard
Route Mode/NAT Mode – If the remote network only allows you to dial in with single IP, please choose this mode, otherwise please choose Route Mode. Please choose a There are 32 VPN profiles for users to set. LAN-to-LAN Profile Vigor2830 Series User’s Guide...
Page 57 In this page, you have to select suitable VPN type for the VPN client profile. There are six types provided here. Different type will lead to different configuration page. After making the choices for the client profile, please click Next. You will see different configurations based on the selection(s) you made. Vigor2830 Series User’s Guide...
Page 58  When you choose PPTP (None Encryption) or PPTP (Encryption), you will see the following graphic:  When you choose IPSec, you will see the following graphic: Vigor2830 Series User’s Guide...
Page 59 When you choose L2TP over IPSec (Nice to Have) or L2TP over IPSec (Must), you will see the following graphic: Available settings are explained as follows: Item Description Profile Name Type a name for such profile. The length of the file is limited to 10 characters. Vigor2830 Series User’s Guide...
Page 60 By default, this option is active. High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Vigor2830 Series User’s Guide...
Page 61 Click this radio button to set another profile of VPN Server Server Wizard Setup through VPN Server Wizard. View more detailed Click this radio button to access VPN and Remote configuration Access>>LAN to LAN for viewing detailed configuration. Vigor2830 Series User’s Guide...
Page 62: Vpn Server Wizard
Site to Site VPN – To set a LAN-to-LAN profile automatically, please choose Site to Site VPN. Remote Dial-in User –You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via VPN connection. Vigor2830 Series User’s Guide...
Page 63 2. After making the choices for the server profile, please click Next. You will see different configurations based on the selection you made. Here we take the examples of choosing Remote-Dial-in User as the VPN Server Mode. Vigor2830 Series User’s Guide...
Page 64  When you check PPTP, you will see the following graphic:  When you check PPTP/IPSec/L2TP (three types) or PPTP/IPSec (two types) or L2TP with Policy (Nice to Have/Must), you will see the following graphic: Vigor2830 Series User’s Guide...
Page 65 Please type one LAN IP address (according to the real location of the remote host) for building VPN connection. Remote Network Please type the network mask (according to the real location Mask of the remote host) for building VPN connection. Vigor2830 Series User’s Guide...
Page 66 Click this radio button to set another profile of VPN Server Server Wizard Setup through VPN Server Wizard. View more detailed Click this radio button to access VPN and Remote configuration Access>>LAN to LAN for viewing detailed configuration. Vigor2830 Series User’s Guide...
Page 67: Wireless Wizard
Type the SSID name of this router. The default name is defined with DrayTek. Mode At present, the router can connect to 11n Only, 11g Only, Mixed (11b+11g), Mixed (11a+11n), Mixed (11g+11n), and Mixed (11b+11g+11n) stations simultaneously. Simply choose Mix (11b+11g+11n) mode. Vigor2830 Series User’s Guide...
Page 68 (guest) accessing into Internet but not being allowed to share the LAN network and VPN connection. Available settings are explained as follows: Item Description Enable/Disable Click it to enable or disable settings in this page. Name Type the SSID name of this router. (SSID2) Vigor2830 Series User’s Guide...
Page 69 Exit the wireless wizard without saving any changes. 4. After typing the required information, click Next. 5. The following page will display the configuration summary for wireless setting. Click Finish to complete the wireless settings configuration. Vigor2830 Series User’s Guide...
Page 70: Voip Wizard
Use the same Account as phone 1 – If you don’t need to configure Phone 2 settings, simply check this box. Next Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. Vigor2830 Series User’s Guide...
Page 71: Registering Vigor Router
Please follow the steps below to finish the router registration. Please login the web configuration interface of Vigor router by typing “admin/admin” as User Name / Password. Click Support Area>>Production Registration from the home page. Vigor2830 Series User’s Guide...
Page 72 And click Login. If not, please refer to section 4.13 Creating an Account for MyVigor. The following page will be displayed after you logging in MyVigor. From this page, please click Add or Product Registration. Vigor2830 Series User’s Guide...
Page 73 When the following page appears, your router information has been added to the database. Now, you have finished the product registration. After clicking OK, you will see the following page. Your router has been registered to myvigor website successfully. Vigor2830 Series User’s Guide...
Page 74 This page is left blank. Vigor2830 Series User’s Guide...
Page 75: Advanced Configuration
These are known as private IP addresses, and are listed in the following ranges: From 10.0.0.0 to 10.255.255.255 From 172.16.0.0 to 172.31.255.255 From 192.168.0.0 to 192.168.255.255 Vigor2830 Series User’s Guide...
Page 76 Besides, 3G/4G USB Modem in WAN3 also can be used as backup device. Therefore, when WAN1 and WAN2 are not available, the router will use 3.5G for supporting automatically. The supported 3G/4G USB Modem will be listed on DrayTek web site. Please visit www.draytek.com for more detailed information.
Page 77: General Setup
Auto Weigh to let the router reach the best load balance. Index Click the WAN interface link under Index to access into the WAN configuration page. Enable V means such WAN interface is enabled and ready to be used. Vigor2830 Series User’s Guide...
Page 78 In such WAN interface, no type can be selected. Physical Type Line Speed If your choose According to Line Speed as the Load Balance Mode, please type the line speed for downloading and uploading for such WAN interface. The unit is kbps. Vigor2830 Series User’s Guide...
Page 79 WAN will be activated when any master WAN interface disconnects. When all of selected WAN disconnect – Such backup WAN will be activated only when all master WAN interfaces disconnect. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 80 Please type the tag value and specify the priority for the packets sending by WAN1. Disable – Disable the function of VLAN with tag. Tag value – Type the value as the VLAN ID number. The Vigor2830 Series User’s Guide...
Page 81 WAN will be activated when any master WAN interface disconnects. When all of selected WAN disconnect – Such backup WAN will be activated only when all master WAN interfaces disconnect. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 82 Load Balance: Check this box to enable auto load balance function for such WAN interface. When the data traffic is large, the WAN interface with the function enabled will balance the data transmission automatically among all of the WAN interfaces in connection status. Vigor2830 Series User’s Guide...
Page 83: Internet Access
For the router supports multi-WAN function, the users can set different WAN settings (for WAN1/WAN2/WAN3) for Internet Access. Due to different Physical Mode for WAN interface, the Access Mode for these connections also varies. Refer to the following figures. Vigor2830 Series User’s Guide...
Page 84 If IPv6 service is active on this WAN interface, the color of “IPv6” will become green. Advanced This button allows you to configure DHCP client options. DHCP packets can be processed by adding option number and data information when such function is enabled and configured. Vigor2830 Series User’s Guide...
Page 85 WAN>>Interface Access will be overwritten. DataType – Choose the type (ASCII or Hex) for the data to be stored. Data – Type the content of the data to be processed by the function of DHCP option. Vigor2830 Series User’s Guide...
Page 86 VCI - Type in the value provided by ISP. Encapsulating Type - Drop down the list to choose the type provided by ISP. Protocol - Drop down the list to choose the one (PPPoE or PPPoA) provided by ISP. Vigor2830 Series User’s Guide...
Page 87 It means Max Transmit Unit for packet. The default setting is 1442. ISP Access Setup Enter your allocated username, password and authentication parameters according to the information provided by your ISP. Vigor2830 Series User’s Guide...
Page 88 All the schedules can be set previously in Applications >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to activate them. Vigor2830 Series User’s Guide...
Page 89 VCI - Type in the value provided by ISP. Encapsulating - Drop down the list to choose the type provided by ISP. Modulation –Default setting is Multimode. Choose the one that fits the requirement of your router. Vigor2830 Series User’s Guide...
Page 90 WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Notice that this setting is available for WAN1 only. Type the additional WAN IP address and check the Enable box. Then click OK to exit the dialog. Vigor2830 Series User’s Guide...
Page 91 Specify a MAC Address –Some Cable service providers specify a specific MAC address for access authentication. In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field. Vigor2830 Series User’s Guide...
Page 92 ARP Detect or Ping Detect. Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection. Ping IP – If you choose Ping Detect as detection mode, you Vigor2830 Series User’s Guide...
Page 93 Address or specify another MAC address by typing on the boxes of MAC Address for the router. Specify a MAC Address – Type the MAC address for the router manually. After finishing all the settings here, please click OK to activate them. Vigor2830 Series User’s Guide...
Page 94 PING to the IP - If you enable the PING function, please specify the IP address for the system to PING it for keeping alive. PING Interval - Enter the interval for the system to execute the PING operation. Vigor2830 Series User’s Guide...
Page 95 ISP.  Domain Name: Type in the domain name that you have assigned. DHCP Client Identifier for some ISP  Enable: Check the box to specify username and password as the DHCP client identifier for some Vigor2830 Series User’s Guide...
Page 96 To use PPTP/L2TP as the accessing protocol of the internet, please click the PPTP/L2TP tab. The following web page will be shown. Detailed explanation is shown below: Item Description PPTP/L2TP Enable PPTP- Click this radio button to enable a PPTP Vigor2830 Series User’s Guide...
Page 97 WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Fixed IP - Usually ISP dynamically assigns IP address to you each time you connect to it and request. In some case, Vigor2830 Series User’s Guide...
Page 98 Specify an IP address – Click this radio button to specify some data. IP Address – Type the IP address. Subnet Mask – Type the subnet mask. After finishing all the settings here, please click OK to activate them. Vigor2830 Series User’s Guide...
Page 99 Modem Dial String - Such value is used to dial through USB mode. Please use the default value. If you have any question, please contact to your ISP. PPP Username - Type the PPP username (optional). Vigor2830 Series User’s Guide...
Page 100 Available settings are explained as follows: Item Description 4G USB Modem (DHCP Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that mode) you adjusted in this page will be invalid. Vigor2830 Series User’s Guide...
Page 101 It lists all of the modems supported by such router. Modem Support List After finishing all the settings here, please click OK to save the configuration. – – When Offline is selected, the IPv6 connection will be disabled. – – Vigor2830 Series User’s Guide...
Page 102 TSPC would connect to tunnel broker and requests a tunnel according to the specifications inside the configuration file. It gets a public IPv6 IP address and an IPv6 prefix from the tunnel broker and then monitors the state of the tunnel in background. Vigor2830 Series User’s Guide...
Page 103 Type the password again to make the confirmation. Tunnel Broker Type the address for the tunnel broker IP, FQDN or an optional port number. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 104 Type the address for the tunnel broker IP, FQDN or an optional port number. Subnet Prefix Type the subnet prefix address getting from service provider After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 105 Available settings are explained as follows: Item Description Choose Prefix Delegation or Non-temporary Address as Identify Association the identify association. IAID Type a number as IAID. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 106 Current IPv6 Address Display current interface IPv6 address. Table Static IPv6 Gateway IPv6 Gateway Address - Type your IPv6 gateway address Configuration here. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 107 Type the static IPv6 address for LAN routing with the value for prefix length. Tunnel TTL Type the number for the data lifetime in tunnel. After finished the above settings, click OK to save the settings. Vigor2830 Series User’s Guide...
Page 108 Auto 6rd – Retrieve 6rd prefix automatically from 6rd service provider. The IPv4 WAN must be set as "DHCP". Static 6rd - Set 6rd options manually. IPv4 Border Relay Type the IPv4 addresses of the 6rd Border Relay for a given 6rd domain. Vigor2830 Series User’s Guide...
Page 109 Type the IPv6 prefix length for the 6rd IPv6 prefix in number of bits. After finished the above settings, click OK to save the settings. Below shows an example for successful IPv6 connection based on 6rd mode. Vigor2830 Series User’s Guide...
Page 110: Multi-Pvcs
Internet Access. Type in the value provided by your ISP. Type in the value provided by your ISP. Select a proper QoS type for the channel. QoS Type Protocol Select a proper protocol for this channel. Vigor2830 Series User’s Guide...
Page 111 WAN link for Channel 5, 6 and 7 are provided for router-borne application such as TR-069. The settings must be applied and obtained from your ISP. For your special request, please contact with your ISP and then click WAN link of Channel 5, 6 or 7 to configure your router. Vigor2830 Series User’s Guide...
Page 112 Such configuration is applied to upstream packets. Such information will be provided by ISP. Please contact with your ISP for detailed information. Available settings are explained as follows: Item Description QoS Type Select a proper QoS type for the channel according to the information that your ISP provides. Vigor2830 Series User’s Guide...
Page 113 Normal – It means that the PVC can accept all packets. IGMP –It means that such PVC can accept IGMP packets only. Such type just meets a specific environment on some ISPs. Data and IGMP packets will be transmitted and received with different PVC. Vigor2830 Series User’s Guide...
Page 114 And type the number for VLAN ID (number). Priority To add the packet priority number for such VLAN. The range is from 0 to 7. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 115: Lan
IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2830 Series User’s Guide...
Page 116 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2830 Series User’s Guide...
Page 117: General Setup
IPv6 – Click it to access into the settings page of IPv6. Advanced When the router receives the DHCP request from LAN client, the router will assign an IP with the DHCP packets adding option number and data information. Vigor2830 Series User’s Guide...
Page 118 After finishing all the settings here, please click OK to save the configuration. To configure LAN 1 ~ LAN 4, or IP Routed Subnet, simply click Details Page to open the settings page. LAN1 is the default configuration for basic host connection. Vigor2830 Series User’s Guide...
Page 119 DHCP server to start with when issuing IP addresses. If the 1st IP address of your router is 192.168.1.1, the starting IP address must be 192.168.1.2 or greater, but smaller than 192.168.1.254. IP Pool Counts - Enter the maximum number of PCs that Vigor2830 Series User’s Guide...
Page 120 DNS servers in this page instead of DNS servers given by the Internet Access server (PPPoE, PPTP, L2TP or DHCP server). After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 121 It's used to control the lifetime of the prefix. The maximum value corresponds to 18.2 hours. A lifetime of 0 indicates that the router is not a default router and should not appear on the default router Vigor2830 Series User’s Guide...
Page 122 For NAT Usage - Click this radio button to invoke NAT function. For Routing Usage - Click this radio button to invoke this function. IP Address - Type in private IP address for connecting to a local private network (Default: 192.168.1.1). Vigor2830 Series User’s Guide...
Page 123 IP address. Primary IP Address -You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server. If your ISP does not Vigor2830 Series User’s Guide...
Page 124 After finishing all the settings here, please click OK to save the configuration. Available settings are explained as follows: Item Description Enable/Disable - Click Enable to enable such Network Configuration configuration. Click Disable to disable such configuration. For Routing Usage - Click this radio button to invoke this Vigor2830 Series User’s Guide...
Page 125 Add – Type the MAC address in the boxes and click this button to add. Delete – Click it to delete the selected MAC address. Edit – Click it to edit the selected MAC address. Cancel – Click it to cancel the job of adding, deleting and Vigor2830 Series User’s Guide...
Page 126: Static Route
The number (1 to 10) under Index allows you to open next page to set up static route. Displays the destination address of the static route. Destination Address Status Displays the status of the static route. Vigor2830 Series User’s Guide...
Page 127 Destination Address Displays the destination address of the static route. Status Displays the status of the static route. Click any underline of index number to get the following page. Available settings are explained as follows: Item Description Vigor2830 Series User’s Guide...
Page 128 Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2. Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Vigor2830 Series User’s Guide...
Page 129 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2830 Series User’s Guide...
Page 130: Vlan (Multi-Subnet)
Enable Check this box to enable such function. P1 – P4 – Check the LAN port(s) to be grouped under the selected VLAN. SSID1 – SSID4 – Check the SSID box(es) for the wireless Wireless LAN Vigor2830 Series User’s Guide...
Page 131 Note: Leave one VLAN untagged at least to prevent from not connecting to Vigor router due to unexpected error. Vigor2830 series features a hugely flexible VLAN system. In its simplest form, each of the Gigabit LAN ports can be isolated from each other, for example to feed different companies or departments but keeping their local traffic completely separated.
Page 132 (isolated) or common (able to communicate with each other). This is ideal for departmental or multi-occupancy applications. Note: As for the VLAN applications, refer to “Appendix I: VLAN Application on Vigor Router” for more detailed information. Vigor2830 Series User’s Guide...
Page 133: Bind Ip To Mac
IP Bind List by clicking Add below Select All Click this link to select all the items in the ARP table. Reorder the table based on the IP address. Sort Refresh Refresh the ARP table listed below to obtain the newest Vigor2830 Series User’s Guide...
Page 134: Lan Port Mirror
Next, it is more convenient and easy to configure in user’s interface. Last, connect a PC with Smart Monitor installed to the mirror port of this router to capture monitored information. Vigor2830 Series User’s Guide...
Page 135: Wired 802.1X
Check the box to enable LAN 802.1x function. Enable 802.1x ports After enabling the function, simply specify the LAN port(s) to apply such function. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 136: Web Portal Setup
Display the number link which allows you to configure the profile. Status Display the content (Disable, URL Redirect or Message) of the profile. Interface Display the applied interfaced of the profile. Open a preview window according to the configured settings. Preview Vigor2830 Series User’s Guide...
Page 137 Check the box(es) representing different interfaces to be applied by such profile. The advantage is that each SSID (1/2/3/4) for wireless network can be applied with different web portal separately. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 138: Load-Balance /Route Policy
Displays the IP address for the start of the destination port. Dest Port End Displays the IP address for the end of the destination port. Move UP/Move Down Use Up or Down link to move the order of the policy. Vigor2830 Series User’s Guide...
Page 139 Dest IP End - Type the destination IP end for the specified WAN interface. If this field is blank, it means that all the destination IPs will be passed through the WAN interface. 3. Click Next to get the following page. Vigor2830 Series User’s Guide...
Page 140 Available settings are explained as follows: Item Description Force NAT /Force It determines which mechanism that the router will use to Routing forward the packet to WAN. 5. After choosing the mechanism, click Next to get the summary page for reference. Vigor2830 Series User’s Guide...
Page 141 To use Advance Mode, do the following steps: 1. Click the Advance Mode radio button. 2. Click Index 1 to access into the following page. Available settings are explained as follows: Item Description Enable Check this box to enable this policy. Vigor2830 Series User’s Guide...
Page 142 Auto Failover To The Other WAN – Check this button to lead the data passing through other WAN automatically when the selected WAN interface is down. Packet Forwarding to WAN via – Choose Force NAT or Force Routing. Vigor2830 Series User’s Guide...
Page 143: Nat
IP address/domain name are recognized by all users. Since the server is actually located inside the LAN, the network well protected by NAT of the router, and identified by its private IP address/port, the goal of Port Redirection function is to Vigor2830 Series User’s Guide...
Page 144 Each item is explained as follows: Item Description Index Display the number of the profile. Service Name Display the description of the specific network service. WAN Interface Display the WAN IP address used by the profile. Vigor2830 Series User’s Guide...
Page 145 Private IP and Port of the internal host. If you choose Range as the port redirection mode, you will see two boxes on this field. Simply type the required number on the first box. The second one will be assigned automatically later. Vigor2830 Series User’s Guide...
Page 146: Dmz Host
LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc. Vigor2830 Series User’s Guide...
Page 147 Enter the private IP address of the DMZ host, or click Choose PC to select one. Choose PC Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private Vigor2830 Series User’s Guide...
Page 148 WAN1 only. See the following figure. If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface, you will find them in Aux. WAN IP for your selection. Vigor2830 Series User’s Guide...
Page 149 When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 150: Open Ports
Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Vigor2830 Series User’s Guide...
Page 151 Specify the starting port number of the service offered by the local host. End Port Specify the ending port number of the service offered by the local host. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 152: Port Triggering
Display the protocol for the incoming data of such triggering profile. Incoming Port Display the port for the incoming data of such triggering profile. Status Display if the rule is active or de-active. Click the index number link to open the configuration page. Vigor2830 Series User’s Guide...
Page 153 Type the port or port range for such trigger profile. Incoming Protocol When the triggering packets received, it is expected the incoming packets will use the selected protocol. Select the protocol (TCP, UDP or TCP/UDP) for the incoming data of such triggering profile. Vigor2830 Series User’s Guide...
Page 154 Type the port or port range for the incoming packets. Incoming Port After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 155: Firewall
It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor2830 Series User’s Guide...
Page 156 4. Port Scan attack 12. Tear drop attack 5. IP options 13. Ping of Death attack 6. Land attack 14. ICMP fragment 7. Smurf attack 15. Unassigned Numbers 8. Trace route Below shows the menu items for Firewall. Vigor2830 Series User’s Guide...
Page 157: General Setup
“Accept large incoming fragmented UDP or ICMP Packets”. By checking this box, you can play these kinds of on-line games. If security concern is in higher priority, you cannot enable “Accept large incoming Vigor2830 Series User’s Guide...
Page 158 APP Enforcement, URL Content Filter, AI/AV, AS, for data transmission via Vigor router. Available settings are explained as follows: Item Description Filter Select Pass or Block for the packets that do not match with the filter rules. Vigor2830 Series User’s Guide...
Page 159 IM/P2P by checking the Log box. It will be sent to Syslog server. Please refer to section Syslog/Mail Alert for more detailed information. URL Content Filter Select one of the URL Content Filter profile settings (created in CSM>> URL Content Filter) for applying with Vigor2830 Series User’s Guide...
Page 160 If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Window size – It determines the size of TCP protocol Vigor2830 Series User’s Guide...
Page 161 However, if the network is not stable, small value will be proper. Session timeout – Setting timeout for sessions can make the best utilization of network resources. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 162: Filter Setup
Use Up or Down link to move the order of the filter rules. Next Filter Set Set the link to the next filter set to be executed after the current filter run. Do not make a loop with many filter sets. Vigor2830 Series User’s Guide...
Page 163 ON schedule profiles are applied. Set the direction of packet flow. It is for Data Filter only. Direction For the Call Filter, this setting is not available since Call Filter is only applied to outgoing traffic. Vigor2830 Series User’s Guide...
Page 164 From the IP Group drop down list, choose the one that you want to apply. Or use the IP Object drop down list to choose the object that you want. Service Type Click Edit to access into the following dialog to choose a suitable service type. Vigor2830 Series User’s Guide...
Page 165 Too Short - Apply the rule only to packets that are too short to contain a complete header. Specifies the action to be taken when packets match the rule. Filter Block Immediately - Packets matching the rule will be dropped immediately. Vigor2830 Series User’s Guide...
Page 166 If there is no profile for you to selelct, please choose [Create New] from the drop down list in this page to create a new profile. All the hosts in LAN must follow the standard configured in the APP Enforcement Vigor2830 Series User’s Guide...
Page 167 URL will be processed. Please use the drop-down list to choose a codepage. If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Vigor2830 Series User’s Guide...
Page 168 TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web page. The default setting is Enabled.
Page 169 Vigor2830 Series User’s Guide...
Page 170: Dos Defense
Internet has exceeded the defined value, the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout. The default setting for threshold and timeout are 2000 packets per second and 10 seconds, respectively. That Vigor2830 Series User’s Guide...
Page 171 Check the box to activate the Block fraggle Attack function. Any broadcast UDP packets received from the Internet is blocked. Activating the DoS/DDoS defense functionality might block some legal packets. For example, when you activate the fraggle attack defense, all broadcast UDP packets Vigor2830 Series User’s Guide...
Page 172 All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor2830 Series User’s Guide...
Page 173: User Management
Note: If Transparency Mode is selected in Firewall>>General Setup, User Management cannot be used any more. Please uncheck Transparency Mode first if you want to utilize user management to handle users in LAN, WAN or WLAN. Vigor2830 Series User’s Guide...
Page 174: General Setup
Web Authentication Choose the protocol for web authentication. Landing Page Type the information to be displayed on the first web page when the LAN user accessing into Internet via such router. Vigor2830 Series User’s Guide...
Page 175: User Profile
To set the user profile, please click any index number link to open the following page. Notice that profile 1 (admin) and profile 2 (System Reservation) are factory default settings. Profile 2 is reserved for future use. Vigor2830 Series User’s Guide...
Page 176 Firewall can be adopted for such user profile. Create New Policy – If you choose such item, the following page will be popped up for you to define another filter rule as a new policy. Vigor2830 Series User’s Guide...
Page 177 URL (if requested by the user) will be guided automatically by the router. Alert Tool – If it is selected, the user can open Alert Tool and type the user name and password for authentication. A Vigor2830 Series User’s Guide...
Page 178 Next, the user can access Internet through any browser on Windows. Note that Alert Tool can be downloaded from DrayTek web site. Telnet – If it is selected, the user can use Telnet command to perform the authentication job.
Page 179: User Group
This page allows you to bind several user profiles into one group. These groups will be used in Firewall>>General Setup as part of filter rules. Please click any index number link to open the following page. Vigor2830 Series User’s Guide...
Page 180 User defined profiles will be numbered with 3, 4, 5 and so Selected Keyword Objects Click button to add the selected user objects in this box. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 181: User Online Status
Idle Time Display the idle timeout setting for such profile. Action Block - can prevent specified user accessing into Internet. Unblock – the user will be blocked. Logout – the user will be logged out forcefully. Vigor2830 Series User’s Guide...
Page 182: Objects Settings
You can set up to 192 sets of IP Objects with different conditions. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. Vigor2830 Series User’s Guide...
Page 183 IP address. If you choose LAN/RT/VPN as the Interface here, and choose LAN/RT/VPN as the direction setting in Edit Filter Rule, then all the IP addresses specified with LAN/RT/VPN interface will be opened for you to choose in Edit Filter Rule page. Vigor2830 Series User’s Guide...
Page 184 Invert Selection If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 185: Ip Group
Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2830 Series User’s Guide...
Page 186 Selected IP Objects Click >> button to add the selected IP objects in this box. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 187: Ipv6 Object
Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2830 Series User’s Guide...
Page 188 If it is checked, all the IPv6 addresses except the ones listed Invert Selection above will be applied later while it is chosen. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 189: Ipv6 Group
Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2830 Series User’s Guide...
Page 190 Selected IPv6 Objects Click >> button to add the selected IPv6 objects in this box. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 191: Service Type Object
Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Vigor2830 Series User’s Guide...
Page 192 (>) – the port number greater than this value is available. (<) – the port number less than this value is available for this profile. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 193: Service Type Group
Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Group column for configuration in details. Vigor2830 Series User’s Guide...
Page 194 Objects Setting>>Service Type Object will be shown in this box. Selected Service Type Click >> button to add the selected IP objects in this box. Objects 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 195: Keyword Object
Display the profile number that you can configure. Name Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2830 Series User’s Guide...
Page 196 Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 197: Keyword Group
Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. Vigor2830 Series User’s Guide...
Page 198 Selected Keyword Click button to add the selected Keyword objects in Objects this box. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 199: File Extension Object
Display the profile number that you can configure. Name Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Profile column for configuration in details. Vigor2830 Series User’s Guide...
Page 200 3. Type a name for such profile and check all the items of file extension that will be processed in the router. 4. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 201: Sms/Mail Service Object
Display the service provider which offers SMS service. To set a new profile, please do the steps listed below: 1. Click the SMS Provider tab, and click the number (e.g., #1) under Index column for configuration in details. Vigor2830 Series User’s Guide...
Page 202 Note that one credit equals to one SMS text message on the standard route. Sending Interval To avoid quota being exhausted soon, type time interval for sending the SMS. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 203 Display the name of this profile. It cannot be modified. Service Provider Type the website of the service provider. Type the URL string in the box under the filed of Service Provider. You have to contact your SMS provider to obtain the exact URL string. Vigor2830 Series User’s Guide...
Page 204 Each item is explained as follows: Item Description Set to Factory Default Clear all of the settings and return to factory default settings. Index Display the profile number that you can configure. Profile Display the name for such mail server profile. Vigor2830 Series User’s Guide...
Page 205 Check the box to enable the function. Username – Type a name for authentication. Password – Type a password for authentication. Sending Interval Define the interval for the system to send the SMS out. Vigor2830 Series User’s Guide...
Page 206: Notification Object
You can set an object with different monitoring situation. To set a new profile, please do the steps listed below: 1. Open Object Setting>>Notification Object, and click the number (e.g., #1) under Index column for configuration in details. Vigor2830 Series User’s Guide...
Page 207 Display the types that will be monitored. Status Display the status for the category. You can check the box you want to be monitored. 3. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 208: Csm Profile
Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Note: The priority of URL Content Filter is higher than Web Content Filter. Vigor2830 Series User’s Guide...
Page 209: App Enforcement Profile
Click the number under Index column for settings in detail. There are four tabs IM, P2P, Protocol and Misc displayed on this page. Each tab will bring out different items that you can choose to disallow people using. Vigor2830 Series User’s Guide...
Page 210 Pass – Pass all the packets with the settings configured in this page. The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow. The items categorized under P2P ----- Vigor2830 Series User’s Guide...
Page 211 Below shows the items which are categorized under IM. The items categorized under OTHERS ----- Vigor2830 Series User’s Guide...
Page 212: Url Content Filter Profile
Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Profile Display the number of the profile which allows you to click to set different policy. Name Display the name of the URL Content Filter Profile. Vigor2830 Series User’s Guide...
Page 213 For this one, the router will process the packages with the conditions set below for URL first, then Web feature second. Either: Web Feature First –When all the packages matching with the conditions specified in URL Access Vigor2830 Series User’s Guide...
Page 214 Group/Object Selections – The Vigor router provides several frames for users to define keywords and each frame supports multiple keywords. The keyword could be a noun, a partial noun, or a complete URL string. Multiple Vigor2830 Series User’s Guide...
Page 215 Upload – Check the box to block the file upload by way of web page. File Extension Profile – Choose one of the profiles that you configured in Object Setting>> File Extension Objects previously for passing or blocking the file downloading. Vigor2830 Series User’s Guide...
Page 216: Web Content Filter Profile
Note: If you have used Service Activation Wizard to activate WCF service, you can skip this section. WCF adopts the mechanism developed and offered by certain service provider (e.g., DrayTek). No matter activating WCF feature or getting a new license for web content filter, you have to click Activate to satisfy your request.
Page 217 Setup Test Server It is recommended for you to use the default setting, auto-selected. Find more Click it to open http://myvigor.draytek.com for searching another qualified and suitable server. Set to Factory Default Click this link to retrieve the factory settings.
Page 218 If you have and activate another web content filter license, the items will be changed simultaneously. All of the configuration made for web content filter will be deleted automatically. Therefore, please backup your data before you change the web content filter license. Vigor2830 Series User’s Guide...
Page 219 Action Pass - allow accessing into the corresponding webpage with the categories listed on the box below. Block - restrict accessing into the corresponding webpage with the categories listed on the box below. Vigor2830 Series User’s Guide...
Page 220: Dns Filter
Otherwise, DNS filter does not have any effect on packets. Available settings are explained as follows: Item Description DNS Filter Check Enable to enable such feature. Syslog The filtering result can be recorded according to the setting selected for Syslog. Vigor2830 Series User’s Guide...
Page 221: Appe Support List
After finishing all the settings, please click OK to save the configuration. This page offers the software versions for each applications managed by APP Enforcement Profiles by Vigor router. Click the IM/P2P/PROTOCOL/OTHERS tab to open the information page for different APP type. Vigor2830 Series User’s Guide...
Page 222: Bandwidth Management
Hosts. In the Bandwidth Management menu, click Sessions Limit to open the web page. To activate the function of limit session, simply click Enable and set the default session limit. Vigor2830 Series User’s Guide...
Page 223 All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 224: Bandwidth Limit
Disable - Click this button to close the function of limit bandwidth. Default TX limit - Define the default speed of the upstream for each computer in LAN. Default RX limit - Define the default speed of the Vigor2830 Series User’s Guide...
Page 225 All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 226: Quality Of Service
The core routers in the backbone will do the same checking before executing treatments in order to ensure service-level consistency throughout the whole QoS-enabled network. Vigor2830 Series User’s Guide...
Page 227 Index – Display the class number that you can edit. Class Rule Name – Display the name of the class. Rule – Allow to configure detailed settings for the selected Class. Service Type – Allow to configure detailed settings for the service type. Vigor2830 Series User’s Guide...
Page 228 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Vigor2830 Series User’s Guide...
Page 229 Enable UDP Bandwidth Check this and set the limited bandwidth ratio on the right Control field. This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth. Vigor2830 Series User’s Guide...
Page 230 Edit link of that one. 2. After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. Vigor2830 Series User’s Guide...
Page 231 Local Address Click the Edit button to set the local IP address (on LAN) for the rule. Remote Address Click the Edit button to set the remote IP address (on LAN/WAN) for the rule. Vigor2830 Series User’s Guide...
Page 232 Edit to open the rule edit page for modification. 1. To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. Vigor2830 Series User’s Guide...
Page 233 Range, you have to type in the starting port number and the end porting number on the boxes below. Port Number – Type in the starting port number and the end porting number here if you choose Range as the type. Vigor2830 Series User’s Guide...
Page 234 For example, in the following illustration, the VoIP packets in LAN go into Vigor router without any header. However, when they go forward to the Server on ISP through Vigor router, all of the packets are tagged with AF (configured in Bandwidth >>QoS>>Class) automatically. Vigor2830 Series User’s Guide...
Page 235: Applications
In the DDNS setup menu, check Enable Dynamic DNS Setup. Available settings are explained as follows: Item Description Enable Dynamic Check this box to enable DDNS function. Vigor2830 Series User’s Guide...
Page 236 WAN1/WAN2/WAN3 as the first channel for such account. If WAN1/WAN2/WAN3 fails, the router will use another WAN interface instead. WAN1/WAN2/WAN3 Only - While connecting, the router will use WAN1/WAN2/WAN3 as the only channel for such account. Vigor2830 Series User’s Guide...
Page 237 Delete a Dynamic DNS Account In the DDNS setup menu, click the Index number you want to delete and then push Clear All button to delete the account. Vigor2830 Series User’s Guide...
Page 238: Lan Dns
FTP, Mail or Web server inside LAN, you can specify specific private IP address (es) to correspondent servers. Thus, even the remote PC is adopting public DNS as the DNS server, the LAN DNS resolution on Vigor2830 series will respond the specified private IP address.
Page 239 Only responds….. - Disable it to apply this profile to all of the LAN subnets. Or enable it to apply such profile to the PCs on the same subnet. Delete – Click it to remove the existed IP address displayed on the IP Address List. Vigor2830 Series User’s Guide...
Page 240: Schedule
Click OK button to save the settings. Note: For the detailed information about LAN DNS application, refer to DrayTek website, http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5242&Itemid=293 &lang=en. The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only...
Page 241 Check to enable the schedule. Setup Start Date Specify the starting date of the schedule. (yyyy-mm-dd) Start Time (hh:mm) Specify the starting time of the schedule. Specify the duration (or period) for the schedule. Duration Time (hh:mm) Vigor2830 Series User’s Guide...
Page 242 Assign these two profiles to the PPPoE Internet access profile. Now, the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre-defined in the schedule profiles. Vigor2830 Series User’s Guide...
Page 243: Radius
Both sides must be configured to use the same shared secret. Confirm Shared Secret Re-type the Shared Secret for confirmation. After finished the above settings, click OK button to save the settings. Vigor2830 Series User’s Guide...
Page 244: Active Directory/Ldap
There are three types of bind type supported. Simple Mode – Just simply do the bind authentication without any search action. Anonymous – Perform a search action first with Anonymous account then do the bind authentication. Vigor2830 Series User’s Guide...
Page 245 Specify a password if Regular Mode is selected as Bind Type. After finished the above settings, click OK button to save the settings. You can configure eight AD/LDAP profiles. These profiles would be used with User Management for different purposes in management. Vigor2830 Series User’s Guide...
Page 246 After finished the above settings, click OK to save and exit this page. A new profile will be created. For detailed information about LDAP application, refer to section 4.14 How to Implement the AD/LDAP Authentication for User Management? Vigor2830 Series User’s Guide...
Page 247: Upnp
The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility. Vigor2830 Series User’s Guide...
Page 248 Non-privileged users can control some router functions, including removing and adding port mappings. The UPnP function dynamically adds port mappings on behalf of some UPnP-aware applications. When the applications terminate abnormally, these mappings may not be removed. Vigor2830 Series User’s Guide...
Page 249: Igmp
This field displays the ID port for the multicast group. The available range for IGMP starts from 224.0.0.0 to 239.255.255.254. P1 to P4 It indicates the LAN port used for the multicast group. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 250: Wake On Lan
MAC Address Type any one of the MAC address of the bound PCs. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box. Vigor2830 Series User’s Guide...
Page 251: Sms/Mail Alert Service
Available settings are explained as follows: Item Description Index Check the box to enable such profile. SMS Provider Use the drop down list to choose SMS service provider. You can click SMS Provider link to define the SMS server. Vigor2830 Series User’s Guide...
Page 252 Use the drop down list to choose a message profile. The recipient will get the content stated in the message profile. You can click the Notify Profile link to define the content of the mail message. Vigor2830 Series User’s Guide...
Page 253: Vpn And Remote Access
Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link. Below shows the menu items for VPN and Remote Access. Vigor2830 Series User’s Guide...
Page 254: Remote Access Control
PAP protocol for authentication. Dial-In PPP Encryption Optional MPPE - This option represents that the MPPE (MPPE) encryption method will be optionally employed in the router for the remote dial-in user. If the remote dial-in user Vigor2830 Series User’s Guide...
Page 255 However, if there is no profile listed, simply click the link of PPTP LDAP Profile to create/add some new LDAP profiles you want. For detailed information about LDAP application, refer to section 4.14 How to Implement the AD/LDAP Authentication for User Management? Vigor2830 Series User’s Guide...
Page 256: Ipsec General Setup
This usually applies to those are remote dial-in user or node Method (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key -Currently only support Pre-Shared Key authentication. Pre-Shared Key- Specify a key for IKE authentication Vigor2830 Series User’s Guide...
Page 257 By default, this option is active. High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Vigor2830 Series User’s Guide...
Page 258: Ipsec Peer Identity
Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2830 Series User’s Guide...
Page 259 Click to check the specific fields of digital signature to accept the peer with matching value. The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). Vigor2830 Series User’s Guide...
Page 260: Remote Dial-In User
Active Check the box to enable the selected profile. Display the access state of the specific dial-in user. The Status symbol V and X represent the specific dial-in user to be active and inactive, respectively. Vigor2830 Series User’s Guide...
Page 261 Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection.  Must -Specify the IPSec policy to be definitely applied on the L2TP connection. Vigor2830 Series User’s Guide...
Page 262 IPSec tunnel either with or without specify the IP address of the remote node. Pre-Shared Key - Check the box of Pre-Shared Key to invoke this function and type in the required characters (1-63) as the Vigor2830 Series User’s Guide...
Page 263 Local ID (optional)- Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 264: Lan To Lan
Available settings are explained as follows: Item Description View All – Click it to display the LAN to LAN profiles. Trunk – Click it to display the Trunk profiles. Click to clear all indexes. Set to Factory Default Vigor2830 Series User’s Guide...
Page 265 Profile Name – Specify a name for the profile of the LAN-to-LAN connection. Enable this profile - Check here to activate this profile. VPN Dial-Out Through - Use the drop down menu to choose a proper WAN interface for this profile. This setting Vigor2830 Series User’s Guide...
Page 266  Dial-In- responder only. Always On-Check to enable router always keep VPN connection. Idle Timeout: The default value is 300 seconds. If the connection has been idled over the value, the router will drop the connection. Vigor2830 Series User’s Guide...
Page 267 PPTP or L2TP with or without IPSec policy above. PAP/CHAP/MS-CHAP/MS-CHAPv2 is the most common selection due to wild compatibility. VJ compression - This field is applicable when you select PPTP or L2TP with or without IPSec policy above. VJ Vigor2830 Series User’s Guide...
Page 268 AES with Authentication-Use AES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. Advanced - Specify mode, proposal and key life of each IKE phase, Gateway, etc. The window of advance setup is shown as below: Vigor2830 Series User’s Guide...
Page 269 2. The default value is inactive this function. Local ID-In Aggressive mode, Local ID is on behalf of the IP address while identity authenticating with remote VPN server. The length of the ID is limited to 47 characters. Vigor2830 Series User’s Guide...
Page 270 Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection.  Must - Specify the IPSec policy to be definitely applied Vigor2830 Series User’s Guide...
Page 271 Data Encryption Standard (DES), Triple DES (3DES), and AES. GRE over IPSec Enable IPSec Dial-Out function GRE over IPSec: Check Settings this box to verify data and transmit data in encryption with Vigor2830 Series User’s Guide...
Page 272 More - Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you find there are several subnets behind the remote VPN router. Vigor2830 Series User’s Guide...
Page 273 VPN tunnel. Note that this setting is available only for one WAN interface is enabled. It is not available when both WAN interfaces are enabled. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 274: Vpn Trunk Management
VPN tunnel is off-line. Before setting VPN TRUNK backup profile, please configure at least two sets of LAN-to-LAN profiles (with fully configured dial-out settings) first, otherwise you will not have selections for grouping Member1 and Member2. Vigor2830 Series User’s Guide...
Page 275 Member 1/Member2 - Display the selection for LAN-to-LAN dial-out profiles (configured in VPN and Remote Access >> LAN-to-LAN) for you to choose for grouping under certain VPN TRUNK-VPN Backup mechanism profile.  No - Index number of LAN-to-LAN dial-out profile. Vigor2830 Series User’s Guide...
Page 276 VPN Backup mechanism backup profile is similar to dial-out profile configured in LAN-to-LAN web page. VPN TRUNK – VPN Backup mechanism backup profile will process and handle everything unless it is off-line once it is activated. Vigor2830 Series User’s Guide...
Page 277 If the router will be used as the VPN Server (i.e., with virtual address 192.168.50.200). Please type 192.168.50.200 in the field of My GRE IP. Type IP address (192.168.50.100) of the client in the field of Peer GRE IP. See the following graphic for an example. Vigor2830 Series User’s Guide...
Page 278 TRUNK backup profiles being activated alternatively. Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. This field will display detailed information for Environment Detail Information Recovers Detection. Vigor2830 Series User’s Guide...
Page 279: Connection Management
Dial - Click this button to execute dial out function. Refresh Seconds - Choose the time for refresh the dial information among 5, 10, and 30. Refresh - Click this button to refresh the whole connection status. Vigor2830 Series User’s Guide...
Page 280: Certificate Management
Click this button to delete selected name with certification information. GENERATE Click this button to open Generate Certificate Signing Request window. Type in all the information that the window request such as certifcate name (used for identifying different Vigor2830 Series User’s Guide...
Page 281 Then click GENERATE again. Note: Please be noted that “Common Name” must be configured with rotuer’s WAN IP or domain name. After clicking GENERATE, the generated information will be displayed on the window below: Vigor2830 Series User’s Guide...
Page 282 “OK”. Upload PKCS12 It allows users to import the certificate whose extensions are Certificate usually .pfx or .p12. And these certificates usually need passwords. Note: PKCS12 is a standard for storing private keys and Vigor2830 Series User’s Guide...
Page 283 CA server and enter the page of certificate request, copy the information into it and submit a request. A new certificate will be issued to you by the CA server. You can save it. Vigor2830 Series User’s Guide...
Page 284: Trusted Ca Certificate
For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2830 Series User’s Guide...
Page 285: Certificate Backup
The more bandwidth a codec uses the better the voice quality, however the codec used must be appropriate for your Internet bandwidth. Usually there will be two types of calling scenario, as illustrated below: Vigor2830 Series User’s Guide...
Page 286 QoS Assurance assists to assign high priority to voice traffic via Internet. You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic. Vigor2830 Series User’s Guide...
Page 287: Dialplan
Note: If the incoming or outgoing calls do not match any entry on the phonebook, the router will try to make the call "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2830 Series User’s Guide...
Page 288 Available settings are explained as follows: Item Description Enable Click this to enable this entry. Phone Number The speed-dial number of this index. This can be any number you choose, using digits 0-9 and * . Vigor2830 Series User’s Guide...
Page 289 Note: If the incoming or outgoing calls do not match any entry on the phonebook, the router will try to make the call "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2830 Series User’s Guide...
Page 290 VoIP interface. Take the above picture (Prefix Table Setup web page) as an example, the prefix number of 03 will be replaced by 8863. For example: dial number of “031111111” will be changed to “88631111111” and sent to SIP server. Vigor2830 Series User’s Guide...
Page 291 Click the link to move the selected entry up or down. Call barring is used to block phone calls coming from the one that is not welcomed. Click any index number to display the dial plan setup page. Vigor2830 Series User’s Guide...
Page 292 Unknown Domain or Block IP Address. Simply click the relational links to open the web page. For Block Anonymous – this function can block the incoming calls without caller ID on the interface (Phone port) specified in the following window. Such control also can be done based on preconfigured schedules. Vigor2830 Series User’s Guide...
Page 293 SIP accounts. Such control also can be done based on preconfigured schedules. For Block IP Address – this function can block incoming calls (through Phone port) coming from IP address. Such control also can be done based on preconfigured schedules. Vigor2830 Series User’s Guide...
Page 294 Call Forward [No Dial the number typed in this field to forward all the Ans][Act] incoming calls to the specified place while there is no answer of the connected phone. Vigor2830 Series User’s Guide...
Page 295 PSTN number for dialing without passing through Internet. Please type the number in the field of phone number for PSTN relay. Then, check the Enable box to make the PSTN number available for dial whenever you need. Vigor2830 Series User’s Guide...
Page 296: Sip Accounts
Display the domain name or IP address of the SIP registrar server. Proxy Display the domain name or IP address of the SIP proxy server. Account Name Display the account name of SIP address before @. Vigor2830 Series User’s Guide...
Page 297 Assign a name for this profile for identifying. You can type similar name with the domain. For example, if the domain name is draytel.org, then you might set draytel-1 in this field. Register via If you want to make VoIP call without register personal Vigor2830 Series User’s Guide...
Page 298 Before the time expires, the router will send another register request to SIP Registrar again. NAT Traversal Support If the router (e.g., broadband router) you use connects to internet by other device, you have to set this function for your necessity. Vigor2830 Series User’s Guide...
Page 299 If your upstream speed is only 64Kbps, do not use G.711 codec. It is better for you to have at least 256Kbps upstream if you would like to use G.711. Vigor2830 Series User’s Guide...
Page 300: Phone Settings
This page allows user to set phone settings for Phone 1 and Phone 2 respectively. However, it changes slightly according to different model you have. Available settings are explained as follows: Vigor2830 Series User’s Guide...
Page 301 Dynamic RTP Port End - Specifies the end port for RTP stream. The default value is 15000. RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Vigor2830 Series User’s Guide...
Page 302 Index (1-60) in Phone Book - Enter the index of phone book profiles. Refer to section DialPlan – Phone Book for detailed configuration. CLIR (hide caller ID) Check this box to hide the caller ID on the display panel of the phone set. Vigor2830 Series User’s Guide...
Page 303 Select the proper region which you are located. The common settings of Caller ID Type, Dial tone, Ringing tone, Busy tone and Congestion tone will be shown automatically on the page. If you cannot find out a suitable Vigor2830 Series User’s Guide...
Page 304 The smaller the number is, the louder the tone is. It is recommended for you to use the default setting. DTMF DTMF Mode – There are four DTMF modes for you to choose. Vigor2830 Series User’s Guide...
Page 305: Status
From this page, you can find codec, connection and other important call status for each port. Available settings are explained as follows: Item Description Refresh Seconds Specify the interval of refresh time to obtain the latest VoIP calling information. The information will update immediately when the Refresh button is clicked. Vigor2830 Series User’s Guide...
Page 306 Accumulation for the times of in call. Out Calls Accumulation for the times of out call. Miss Calls Accumulation for the times of missing call. Speaker Gain The volume of present call. Display logs of VoIP calls. Vigor2830 Series User’s Guide...
Page 307: Wireless Lan
SSID as identification, located channel etc. Vigor router supports four SSID settings for wireless connections. Each SSID can be defined with different name and download/upload rate for selecting by stations connected to the router wirelessly. Vigor2830 Series User’s Guide...
Page 308 MAC addresses to isolate users’ access from wired LAN. Manage Wireless Stations - Station List will display all the station in your wireless network and the status of their connection. Below shows the menu items for Wireless LAN. Vigor2830 Series User’s Guide...
Page 309: General Setup
In which, 802.11b/g operates on 2.4G band, 802.11a operates on 5G band, and 802.11n operates on either 2.4G or 5G band. Channel Means the channel of frequency of the wireless LAN. The default channel is 6. You may switch channel if the selected Vigor2830 Series User’s Guide...
Page 310 SSID Means the identification of the wireless LAN. SSID can be any text numbers or various special characters. The default SSID is "DrayTek”. We suggest you to change it. Isolate VPN – Check this box to make the wireless clients (stations) with different VPN not accessing for each other.
Page 311: Security
Internet through such router, please input the default PSK value for connection. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WPA and WEP. Available settings are explained as follows: Vigor2830 Series User’s Guide...
Page 312 012345678(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). Type - Select from Mixed (WPA+WPA2) or WPA2 only. Pre-Shared Key (PSK) - Either 8~63 ASCII characters, such as 012345678..(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). Vigor2830 Series User’s Guide...
Page 313 The keys can be entered in ASCII or Hexadecimal. Check the key you wish to use. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 314: Access Control
SSIDs desired to insert this MAC address into their access control list. Attribute s: Isolate the station from LAN - select to isolate the wireless connection of the wireless client of the MAC address from LAN. Add a new MAC address into the list. Vigor2830 Series User’s Guide...
Page 315: Wps
On the side of Vigor 2830 series which served as an AP, press WPS button once on the front panel of the router or click Start PBC on web configuration interface. On the side of a station with network card installed, press Start PBC button of network card. Vigor2830 Series User’s Guide...
Page 316 For WPS is supported in WPA-PSK or WPA2-PSK mode, if you do not choose such mode in Wireless LAN>>Security, you will see the following message box. Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Vigor2830 Series User’s Guide...
Page 317 Start PIN button. The WPS LED on the router will blink fast when WPS is in progress. It will return to normal condition after two minutes. (You need to setup WPS within two minutes) Vigor2830 Series User’s Guide...
Page 318: Wds
AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts. In other words, only Repeater mode can do WDS-to-WDS packet forwarding. Vigor2830 Series User’s Guide...
Page 319 Bridge 3 through Bridge 2. Click WDS from Wireless LAN menu. The following page will be shown. Available settings are explained as follows: Item Description Mode Choose the mode for WDS setting. Disable mode will not Vigor2830 Series User’s Guide...
Page 320 Click Enable to make this router serving as an access point; click Disable to cancel this function. Status It allows user to send “hello” message to peers. Yet, it is valid only when the peer also supports this function. Vigor2830 Series User’s Guide...
Page 321: Advanced Setting
Click Enable to use Long Preamble if needed to communicate with this kind of devices. Packet-OVERDRIVE This feature can enhance the performance in data transmission about 40%* more (by checking Tx Burst). It Vigor2830 Series User’s Guide...
Page 322 Packet-OVERDRIVE (refer to the following picture of Vigor N61 wireless utility window, choose Enable for TxBURST on the tab of Option). Note: * means the real transmission rate depends on the environment of the network. Vigor2830 Series User’s Guide...
Page 323: Wmm Configuration
1 to 15. Be aware that CWMax value must be greater than CWMin or equals to CWMin value. Both values will influence the time delay for WMM accessing categories. The difference between AC_VI and AC_VO Vigor2830 Series User’s Guide...
Page 324: Ap Discovery
This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found. Please click Scan to discover all the connected APs. Vigor2830 Series User’s Guide...
Page 325 AP’s MAC address on the bottom of the page and click Bridge or Repeater. Next, click Add to. Later, the MAC address of the AP will be added to Bridge or Repeater field of WDS settings page. Vigor2830 Series User’s Guide...
Page 326: Station List
WLAN station and click Add to Access Control below. Available settings are explained as follows: Item Description Click this button to refresh the status of station list. Refresh Click this button to add current typed MAC address into Access Control. Vigor2830 Series User’s Guide...
Page 327: Bandwidth Management
Download Limit - Default value is 30,000 kbps. Each wireless station can have the bandwidth for uploading without exceeding the values typed here. After finished the above settings, click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 328: Ssl Vpn
Otherwise, choose Self-signed to use the router’s built-in default certificate. The default certificate can be used in SSL VPN server and HTTPS Web Proxy. Vigor2830 Series User’s Guide...
Page 329: Ssl Web Proxy
Display current status (active or inactive) of such profile. Click number link under Index filed to set detailed configuration. Available settings are explained as follows: Item Description Name Type name of the profile. The length of the name is limited to 15 characters. Vigor2830 Series User’s Guide...
Page 330: Ssl Application
Display the application name of the profile that you create. Host Address Display the IP address for VNC/RDP or SAMBA path. Service Display the type of the service selected, e.g., VNC/RDP/SAMBA. Active Display current status (active or inactive) of the selected profile. Vigor2830 Series User’s Guide...
Page 331 PC through VNC protocol. Remote Desktop Protocol (RDP) – It allows you to access and control a remote PC through RDP protocol. Samba Application – It allows you to access and control a Vigor2830 Series User’s Guide...
Page 332 If you choose RDP, you have to choose the screen size for such application. Samba Path If you choose Samba, you have to specify the path of the Samba service. 3. Enter the required information. 4. After finished the above settings, click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 333: User Account
With SSL VPN, Vigor2830 series let teleworkers have convenient and simple remote access to central site VPN. The teleworkers do not need to install any VPN software manually. From regular web browser, you can establish VPN connection back to your main office even in a guest network or web cafe.
Page 334 Must -Specify the IPSec policy to be definitely applied on the L2TP connection. SSL Tunnel - It allows the remote dial-in user to make an SSL VPN Tunnel connection through Internet, suitable for the application through network accessing (e.g., Vigor2830 Series User’s Guide...
Page 335 IPSec Policy when you specify the IP address of the remote node. The only exception is Digital Signature (X.509) can be set when you select IPSec tunnel either with or without specify the IP address of the remote node. Vigor2830 Series User’s Guide...
Page 336 Local ID - Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 337: User Group
Set to Factory Default Index Display the number of the client which connecting to FTP server. Name Display the name of the group profile. Click any index number link to open the following page for detailed configuration. Vigor2830 Series User’s Guide...
Page 338 If the above three options are enabled, the system will do the authentication based on them in sequence. After finishing all the settings here, please click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 339: Online User Status
If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access into DrayTek SSL VPN portal interface. Next, users can open SSL VPN>> Online Status to view logging status of SSL VPN.
Page 340: Usb Application
FTP sessions. The router allows up to 6 FTP sessions connecting to USB storage disk at one time. Default Charset - At present, Vigor router supports four types of character sets. Default Charset is for English based Vigor2830 Series User’s Guide...
Page 341: Usb User Management
USB storage disk must type the same username and password configured in this page. Before adding or modifying settings in this page, please insert a USB storage disk first. Otherwise, an error message will appear to warn you. Vigor2830 Series User’s Guide...
Page 342 USB storage disk. Note: When write protect status for the USB storage disk is ON, you cannot type any new folder name in this field. Only “/” can be used in such case. Vigor2830 Series User’s Guide...
Page 343 Directory –Check the items (List, Create and Remove) for such profile. Before you click OK, you have to insert a USB storage disk into the USB interface of the Vigor router. Otherwise, you cannot save the configuration. Vigor2830 Series User’s Guide...
Page 344: File Explorer
Click this icon to add a new folder. Create Current Path Display current folder. Upload Click this button to upload the selected file to the USB storage disk. The uploaded file in the USB diskette can be shared for other user through FTP. Vigor2830 Series User’s Guide...
Page 345: Usb Device Status
Username It displays the username that user uses to login to the FTP server. When you insert USB storage disk into the Vigor router, the system will start to find out such device within several seconds. Vigor2830 Series User’s Guide...
Page 346: Modem Support List
For the system setup, there are several items that you have to know the way of configuration: Status, TR-069, Admin Password, User Password, Login Page Greeting, Configuration Backup, Syslog/Mail Alert, Time and Date, SNMP, Management, Reboot System, Firmware Upgrade and Activation. Below shows the menu items for System Maintenance. Vigor2830 Series User’s Guide...
Page 347: System Status
Subnet Mask - Display the subnet mask address of the LAN interface. DHCP Server - Display the current status of DHCP server of the LAN interface - Display the assigned IP address of the primary DNS. Vigor2830 Series User’s Guide...
Page 348 - Display the IP address of the WAN interface. Default Gateway - Display the assigned IP address of the default gateway. VoIP Profile - Display the VoIP profile for the phone port. In/Out - Display the number of incoming /outgoing phone call. Vigor2830 Series User’s Guide...
Page 349: 337
Such information is useful for Auto Configuration Server. Enable/Disable – Allow/Deny the CPE Client to connect with Auto Configuration Server. Port – Sometimes, port conflict might be occurred. To solve such problem, you might change port number for CPE. Vigor2830 Series User’s Guide...
Page 350: Admin Setting
CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway. Please type a number as the maximum period. A value of “-1” indicates that no maximum period is specified. This page allows you to set new password. Vigor2830 Series User’s Guide...
Page 351 LDAP Profile Setup. LDAP Profile Setup – It allows you to create a new LDAP profile. When you click OK, the login window will appear. Please use the new password to access into the web user interface again. Vigor2830 Series User’s Guide...
Page 352: User Password
Below shows an example for accessing into User Operation with User Password. 1. Open System Maintenance>>User Password. 2. Check the box of Enable User Mode for simple web configuration to enable user mode operation. Type a new password in the field of New Password and click OK. Vigor2830 Series User’s Guide...
Page 353 3. The following screen will appear. Simply click OK. 4. Log out Vigor router Web user interface. 5. The following window will be open to ask for username and password. Type the new user password in the filed of Password and click Login. Vigor2830 Series User’s Guide...
Page 354 6. The main screen with User Mode will be shown as follows. Settings to be configured in User Mode will be less than settings in Admin Mode. Only basic configuration settings will be available in User Mode and can be configured as same as in Admin Mode. Vigor2830 Series User’s Guide...
Page 355: Login Page Title
Enable Check this box to enable the login customization function. Login Page Title Type a brief description (e.g., Welcome to DrayTek) which will be shown on the heading of the login dialog. Welcome Message and Type words or sentences here. It will be displayed for Bulletin bulletin message.
Page 356: Configuration Backup
Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. Vigor2830 Series User’s Guide...
Page 357 Click Browse button to choose the correct configuration file for uploading to the router. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. Vigor2830 Series User’s Guide...
Page 358: Syslog/Mail Alert
Mail Syslog – Check the box to recode the mail event on Syslog. Enable syslog message - Check the box listed on this web page to send the corresponding message of firewall, VPN, User Access, Call, WAN, Router/DSL information to Vigor2830 Series User’s Guide...
Page 359 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2830 Series User’s Guide...
Page 360: Time And Date
Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as router’s system time. Use Internet Time Select to inquire time information from Time Server on the Vigor2830 Series User’s Guide...
Page 361: Snmp
DES) and authentication method (support MD5 and SHA) for the management needs. Available settings are explained as follows: Item Description Enable SNMP Agent Check it to enable this function. Get Community Set the name for getting community by typing a proper Vigor2830 Series User’s Guide...
Page 362 Choose one of the encryption methods listed below as the authentication algorithm. Auth Password Type a password for authentication. Privacy Algorithm Choose one of the methods listed below as the privacy algorithm. Privacy Password Type a password for privacy. Vigor2830 Series User’s Guide...
Page 363: Management
Router Name Type in the router name provided by ISP. Default: Disable The web user interface will not log out if it is enabled. Auto-Logout Internet Access Control Allow management from the Internet - Enable the Vigor2830 Series User’s Guide...
Page 364 Telnet and HTTP servers. External Device Control No respond to External Device – Check the box to make Vigor2830 not being detected by other router and not being displayed as an external device. Available settings are explained as follows: Vigor2830 Series User’s Guide...
Page 365: Reboot System
Note: When the system pops up Reboot System web page after you configure web settings, please click OK to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2830 Series User’s Guide...
Page 366: Firmware Upgrade
Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com.
Page 367: Activation
The Activate link brings you accessing into www.vigorpro.com to finish the activation of the account and the router. Authentication Message As for authentication information of web filter, the process of authenticating will be displayed on this field for your reference. Vigor2830 Series User’s Guide...
Page 368 Below shows the successful activation of Web Content Filter: Vigor2830 Series User’s Guide...
Page 369: Diagnostics
(e.g., PPPoE) is triggered by a package sending from the source IP address. Available settings are explained as follows: Item Description Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Click it to reload the page. Refresh Vigor2830 Series User’s Guide...
Page 370: Routing Table
Click Diagnostics and click Routing Table to open the web page. Available settings are explained as follows: Item Description Refresh Click it to reload the page. Vigor2830 Series User’s Guide...
Page 371: Arp Cache Table
The table shows a mapping between an Ethernet hardware address (MAC Address) and an IPv6 address. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click IPv6 Neighbour Table to open the web page. Available settings are explained as follows: Vigor2830 Series User’s Guide...
Page 372: Dhcp Table
It displays the connection item number. IP Address It displays the IP address assigned by this router for specified PC. MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it. Vigor2830 Series User’s Guide...
Page 373: Nat Sessions Table
It indicates the temporary port of the router used for NAT. #Pseudo Port Peer IP:Port It indicates the destination IP address and port of remote host. Interface It displays the representing number for different interface. Refresh Click it to reload the page. Vigor2830 Series User’s Guide...
Page 374: Ping Diagnosis
IPV4 /IPV6 Choose the interface for such function. Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically. Vigor2830 Series User’s Guide...
Page 375: Data Flow Monitor
Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page. You can click IP Address, TX rate, RX rate or Session link for arranging the data display. Vigor2830 Series User’s Guide...
Page 376 Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General Setup. If you do not specify any rate at that page, here will display Auto for instead. Vigor2830 Series User’s Guide...
Page 377: Traffic Graph
WAN1/WAN2/WAN3Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2830 Series User’s Guide...
Page 378: Trace Route
Run. The result of route trace will be shown on the screen. Available settings are explained as follows: Item Description IPv4 / IPv6 Click one of them to display corresponding information for Trace through Use the drop down list to choose the interface that you want Vigor2830 Series User’s Guide...
Page 379: Syslog Explorer
Use the drop down list to specify a type of Syslog to be displayed. Refresh Click this link to refresh this page manually. Clear Click this link to clear information on this page. Display Mode There are two modes for you to choose. Vigor2830 Series User’s Guide...
Page 380 This page displays the syslog recorded on the USB storage disk. Available settings are explained as follows: Item Description Time Display the time of the event occurred. Log Type Display the type of the record. Message Display the information for each event. Vigor2830 Series User’s Guide...
Page 381: Ipv6 Tspc Status
This page allows you to enable or disable the function of detecting external devices. Available settings are explained as follows: Item Description External Device Auto Check this box to detect the external device automatically Discovery and display on this page. Vigor2830 Series User’s Guide...
Page 382 This page is left blank. Vigor2830 Series User’s Guide...
Page 383: Application And Examples
1. Log into the web user interface of Vigor router. 2. Open WAN>>Internet Access. Only PPPoE and MPoA 1483 Bridge can support PVC to PVC Binding feature, you have to choose PPPoE/PPoA as the Access Mode for WAN1. Vigor2830 Series User’s Guide...
Page 384 Click OK to save the settings. Open WAN>>Multi-PVCs. Click the General tab to check the box of Enable for the 5 WAN. Note: Only 5 WAN to 7 WAN can be used for PVC to PVC Binding. Vigor2830 Series User’s Guide...
Page 385 PVC Binding. Check the box of Add Tag and type 405 as the tag number. Click OK to save the settings. The PVC Binding and the Tag setting can also be seen in WAN>>Multi-PVCs>>PVC to PVC Binding/Add Tag page. Note: Channel 1 and Channel 2 are reserved for WAN1 service. Vigor2830 Series User’s Guide...
Page 386 11. Now, all the data from P1 transmitted to the remote PPPoE server via WAN1 and the data from P4 (IPTV) transmitted to the remote DHCP Server via WAN 5 are all processed by Channel 1. Vigor2830 Series User’s Guide...
Page 387: How To Configure Multi-Subnet In Vigor2830
VLAN Configuration. For VLAN0 setting, check P1 and set LAN1 as the Subnet. For VLAN1 setting, check P2 and set LAN2 as the Subnet. For VLAN2 setting, check P3 and P4, and set LAN3 as the Subnet. Vigor2830 Series User’s Guide...
Page 388 The equipment connecting to Vigor2830 LAN Port 3 and Port 4 (LAN3) can get the IP address of 192.168.5.0/24 For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2830 Series User’s Guide...
Page 389 To make any two of VLAN groups linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2830 Series User’s Guide...
Page 390 (8) for VID setting. Then check P4 and set LAN2 as the Subnet. To activate the function of VLAN Tag for VLAN2 setting, check the box of Enable and type the value (9) for VID setting. Then check P4 and set LAN3 as the Subnet. Vigor2830 Series User’s Guide...
Page 391 In the page of LAN >> General Setup, check the Status box of LAN2, LAN3 and LAN4 and enable the function of DHCP. For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2830 Series User’s Guide...
Page 392 Port 23 is set with Trunk in this example and will transfer the packets with VLAN Tag information. That is, packets with VID 7, 8, 9 and 10 will be transferred to Vigor2830 by Port 23 and VID information will be retained. Vigor2830 Series User’s Guide...
Page 393 To make any two of VLAN groups of Tag Based VLAN linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2830 Series User’s Guide...
Page 394: How Can I Use Ftp To Get The Files From Usb Storage Device Connecting To Vigor Router
Plug the USB device to the USB port on the router. Make sure Disk Connected appears on the Connection Status as the figure shown below: Then, please open USB Application >> USB General Settings to enable Samba service. Vigor2830 Series User’s Guide...
Page 395 Click OK to save the configuration. Make sure the FTP service is running properly. Please open a browser and type ftp://192.168.1.1. Use the account "user1" to login. When the following screen appears, it means the FTP service is running properly. Vigor2830 Series User’s Guide...
Page 396 Now, users in LAN of Vigor2830 can access into the USB storage device by typing ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management. Vigor2830 Series User’s Guide...
Page 397: How To Send A Notification To Specified Phone Number Via Sms Service In Wan Disconnection
3. Choose any index number (e.g., Index 1 in this case) to configure the SMS Provider setting. In the following page, type the username and password and set the quota that the router can send the message out. Vigor2830 Series User’s Guide...
Page 398 6. Choose any index number (e.g., Index 1 in this case) to configure conditions for sending the SMS. In the following page, type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper. Vigor2830 Series User’s Guide...
Page 399 9. Click OK to save the settings. Later, if one of the WAN connections fails in your router, the system will send out SMS to the phone number specified. If the router has only one WAN interface, the system will send out SMS to the phone number while reconnecting the WAN interface successfully. Vigor2830 Series User’s Guide...
Page 400 WAN for connection instead and send SMS to notify the user (destination number #123456789). However, if there is no available WAN for connection, the system will send SMS to inform the user after reconnecting WAN2 successfully. Vigor2830 Series User’s Guide...
Page 401: Web Portal Log-In Application For Wireless Client
Internet. The Internet surfers would have a glance at least on the dedicated web site and related contents. Vigor2830 Series User’s Guide...
Page 402 Check Enable Wireless LAN and set the SSID. Then click OK to save the settings. Open LAN>>Web Portal Setup. Click Redirect to URL and type the URL in the field below. User’s first HTTP request will be redirected to the URL defined here. (Here we take www.draytek.com for an example.) Vigor2830 Series User’s Guide...
Page 403 Try to open a new tab in the same browser (for IE 7.0/FireFox and above) or open a new web browser. The first connection session will be redirected to DrayTek Website (specified in step 2) automatically. Vigor2830 Series User’s Guide...
Page 404 However, if open another new tab again in the same browser, the browser will open default page based on the default setting. Vigor2830 Series User’s Guide...
Page 405: How To Customize Your Login Page
Login page can be customized to fit the request of the administrator. Open User Management>>General Setup. Set User-Based as the Mode and click OK to save teh settings. Open User Management>>User Profile to create a new user profle. Vigor2830 Series User’s Guide...
Page 406: Login Page Greeting
Open a new tab in the same browser (for IE 7.0/FireFox and above) or open a new web browser. Try to access into the web user interface (e.g., 192.168.1.1) of Vigor router. Please note “Just for Carrie” is displayed as a heading on the login dialog box. Vigor2830 Series User’s Guide...
Page 407 After typing the username and password (defined in User Management>>User Profile), click Login. You can access into Internet or access into the Landing Page if configured in User Management>>General Setup. Vigor2830 Series User’s Guide...
Page 408: Create A Lan-To-Lan Connection Between Remote Office And Headquarter
For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2830 Series User’s Guide...
Page 409 Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. Vigor2830 Series User’s Guide...
Page 410 Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Vigor2830 Series User’s Guide...
Page 411 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2830 Series User’s Guide...
Page 412 PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2830 Series User’s Guide...
Page 413 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2830 Series User’s Guide...
Page 414 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2830 Series User’s Guide...
Page 415 Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2830 Series User’s Guide...
Page 416: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter
PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2830 Series User’s Guide...
Page 417 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2830 Series User’s Guide...
Page 418 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.DrayTek.com download center. Install as instructed.
Page 419 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2830 Series User’s Guide...
Page 420: Qos Setting Example
HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in the restroom. Go to Bandwidth Management>>Quality of Service. Click Setup link of WAN(1/2/3). Make sure the QoS Control on the left corner is checked. And select BOTH in Direction. Vigor2830 Series User’s Guide...
Page 421 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the name “E-mail” for Class 1. Vigor2830 Series User’s Guide...
Page 422 POP3 and SMTP. Return to previous page. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserved bandwidth for HTTPS. And click OK. Click Setup link for WAN2. Vigor2830 Series User’s Guide...
Page 423 Chapter 3 VPN for detail instruction), he may set up an index for it. Enter the Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. 10. Click Edit to open a new window. Vigor2830 Series User’s Guide...
Page 424 11. Click Add to open the following window. Check the ACT box, first. 12. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK. Vigor2830 Series User’s Guide...
Page 425: Upgrade Firmware For Your Router
3. Access into Support >> Downloads. Please find out Utility menu and click it. 4. Click on the link of Router Tools to download the file. After downloading the files, please decompressed the file onto your host. Vigor2830 Series User’s Guide...
Page 426 You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need. Vigor2830 Series User’s Guide...
Page 427 The web page also can guide you to upgrade firmware. Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com.
Page 428: Request A Certificate From A Ca Server On Windows Ca Server
Go to Certificate Management and choose Local Certificate. Vigor2830 Series User’s Guide...
Page 429 Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Vigor2830 Series User’s Guide...
Page 430 IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. Vigor2830 Series User’s Guide...
Page 431 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2830 Series User’s Guide...
Page 432: Request A Ca Certificate And Set As Trusted On Windows Ca Server
Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2830 Series User’s Guide...
Page 433 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2830 Series User’s Guide...
Page 434: Creating An Account For Myvigor
The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Anti-Spam, Web Content Filter, Anti-Intrusion, and etc.) to filtering the web pages for the sake of protecting your system. To access into MyVigor for getting more information, please create an account for MyVigor.
Page 435 2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. Check to confirm that you accept the Agreement and click Accept. Vigor2830 Series User’s Guide...
Page 436 5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue. Vigor2830 Series User’s Guide...
Page 437 8. Check to see the confirmation email with the title of Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2830 Series User’s Guide...
Page 438: Creating An Account Via Myvigor Web Site
11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
Page 439 2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue. Vigor2830 Series User’s Guide...
Page 440 6. Check to see the confirmation email with the title of Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2830 Series User’s Guide...
Page 441 UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. Vigor2830 Series User’s Guide...
Page 442: How To Implement The Ldap/Ad Authentication For User Management
Create LDAP server profiles. Click the Active Directory /LDAP tab to open the profile web page and click any one of the index number link. If we have two groups “RD1” and “SHRD” on LDAP server, we can configure two LDAP server profiles with different Group Distinguished Name. Vigor2830 Series User’s Guide...
Page 443 Click OK to save the settings above. Vigor2830 Series User’s Guide...
Page 444 Check Enable this account; choose LDAP as External Server Authentication; and check the user profile you want. After finished above configurations, click OK to save the settings. Now, users belong to either “rd1” or “shrd” group can access Internet after inputting their credentials on LDAP server. Vigor2830 Series User’s Guide...
Page 445: How To Implement The Ldap/Ad Authentication For Vpn
Create LDAP server profiles. Click the Active Directory /LDAP tab to open the profile web page and click any one of the index number link. If we have two groups “RD1” and “SHRD” on LDAP server, we can configure two LDAP server profiles with different Group Distinguished Name. Vigor2830 Series User’s Guide...
Page 446 Click OK to save the settings above. Open User Management>>General Setup. Select User-Based as the Mode option. Vigor2830 Series User’s Guide...
Page 447 LDAP server. Choose PAP Only as Dial-In PPP Authentication. After finished above configurations, click OK to save the settings. Now, users belong to either “rd1” or “shrd” group can access Internet after inputting their credentials on LDAP server. Vigor2830 Series User’s Guide...
Page 448: How To Setup Address Mapping
We will take an example to introduce how to make use of this feature. Log into the web user interface of Vigor2830. Open WAN>>Internet Access. For WAN1, choose MPoA/Static or Dynamic IP as the Access Mode. Vigor2830 Series User’s Guide...
Page 449 WAN IP address as 202.211.100.10. Click the WAN IP Alias button to configure the other P address which is 202.211.100.11. Make sure Join IP NAT Pool is not checked. Click OK to save the settings. Vigor2830 Series User’s Guide...
Page 450 After finished configuration for WAN1, open Load-Balance/Route Policy. Click Index number 1 and 2 to configure the details. After finished the settings, click OK to save the settings respectively. Vigor2830 Series User’s Guide...
Page 451 Upon completing the above configuration, you have specified the outgoing IP address(es) for some specific computers. Now, you bind some specific computers to some WAN IP alias for outgoing traffic. Vigor2830 Series User’s Guide...
Page 452: How To Setup Load Balance For Packets
Internet. The PC in LAN1 can send the data to the remote PC through the specified WAN1. Access into web user interface of Vigor2830 series. Open Load-Balance/Route Policy. From the following web page, simply click index number #1.
Page 453 In the following page, check Enable; set Dest IP Start and Dest IP End with 203.65.1.35 and 203.65.1.35; choose WAN1 as the Interface; click default gateway; do not check Auto Failover To The Other WAN. After finished the above settings, click OK to save the configuration. Vigor2830 Series User’s Guide...
Page 454 Now, the packets sent to the remote PC (IP address: 203.65.1.35) will be forcefully to pass through WAN1. Vigor2830 Series User’s Guide...
Page 455: Trouble Shooting
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2830 Series User’s Guide...
Page 456 Open All Programs>>Getting Started>>Control Panel. Click Network and Sharing Center. In the following window, click Change adapter settings. Icons of network connection will be shown on the window. Right-click on Local Area Connection and click on Properties. Vigor2830 Series User’s Guide...
Page 457 Select Internet Protocol Version 4 (TCP/IP) and then click Properties. Select Obtain an IP address automatically and Obtain DNS server address automatically. Finally, click OK. Vigor2830 Series User’s Guide...
Page 458 Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2830 Series User’s Guide...
Page 459: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2830 Series User’s Guide...
Page 460: Checking If The Isp Settings Are Ok Or Not
PIN code and try again. If it still fails, it might be the compliance problem of system. Please open DrayTek Syslog Tool to capture the connection information (WAN Log) and send the page (similar to the following graphic) to the service center of DrayTek.
Page 461: Backing To Factory Default Setting If Necessary
Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click Reboot Now. After few seconds, the router will return all the settings to the factory settings. Vigor2830 Series User’s Guide...
Page 462: Contacting Draytek
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@DrayTek.com. Vigor2830 Series User’s Guide...
Page 463: Appendix I: Vlan Applications On Vigor Router
VLAN helps you to solve these situations, and DrayTek’s products support bellow two popular types: It uses a matrix table of the physical ports to define the traffics how to exchange between each port, and the traffics will be isolated from the ports are not being ticked in the same line.
Page 464 P1 and P2 are doing NAT flow to access to the internet, but P3 and P4 will forward the packets between WAN and LAN ports directly. So far, there are two kinds of open system on Vigor router. One is DrayOS, which is DrayTek owned, and another is Linux-like which customized by DrayTek from OpenWRT. Here...
Page 465 DrayOS system is going to be introduced to you because it is the most stable and superfast booting system in DrayTek products. If the UI style of yours is different from the following. It may not DrayOS system with new web style or maybe the Linux-like model.
Page 466  Multi Subnet (VLAN of LAN) Vigor2830 Series User’s Guide...
Page 467 The benefit of Port-based is able to extend the wired ports by installing a cheaper dumb switch as many as you need, but Tag-based offers you a flexible and well-managed network. The networks are isolated, secured and reduce the broadcasting storm effectively in each of networks with VLAN.  Guest Network Vigor2830 Series User’s Guide...
Page 468 However, a switch support VLAN function is need if VLAN Tag enabled.  Triple Play (Multi-WAN) NAT mode with VLAN Vigor2830 Series User’s Guide...
Page 469 Following settings, the set-top box (STB) is able to attach with any LAN port. Video streaming which your ISP provided will be played on your monitor. Vigor2830 Series User’s Guide...
Page 470 Set-top box (STB) or the other kinds of media devices are able to attach with Port4 or Port5 of LAN. Those devices that attached with Port4 or Port5 are able to access the services network directly which your ISP provided. Vigor2830 Series User’s Guide...
Page 471: Appendix Ii: Release Note
Corrected: Load Balance/Route Policy cleaned all sessions when the dropped down WAN reconnected.  Corrected: DDNS could not work when updating to freedns.afraid.org  Corrected: Could not add DHPC option 66/15.  Corrected: Router showed wrong Syslog messages when a VPN LAN to LAN tunnel dropped. Vigor2830 Series User’s Guide...
Page 472 Corrected: VigorACS SI couldn't show Network information when DNS Filter was enabled for Vigor2830.  Corrected: Some error on External Device Status page.  Corrected: Remove Mhaha, getMessenger, IMUnitive, Wablet from WebIM on CSM>>APP Enforcement Profile. Vigor2830 Series User’s Guide...

This manual is also suitable for:

Vigor2830n Vigor2830n-plus Vigor2830vn Vigor2830vn-plus

Draytek Vigor2830 Series User Manual

Quick Links

Related Manuals for Draytek Vigor2830 Series

Summary of Contents for Draytek Vigor2830 Series