Page 2 Vigor2920 Series Dual-WAN Security Router User’s Guide Version: 2.5 Firmware Version: V3.6.0 (For future update, contact DrayTek) Date: 24/08/2012 Vigor2920 Series User’s Guide...
Page 3: Copyright Information
Web registration is preferred. You can register your Vigor router via Be a Registered http://www.DrayTek.com. Owner Due to the continuous evolution of DrayTek technology, all routers will be regularly Firmware & Tools upgraded. Please consult the DrayTek web site for more information on newest Updates firmware, tools and documents.
Page 4: European Community Declarations
Product: Vigor2920 Series Router DrayTek Corp. declares that Vigor2920 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class B and EN55024/Class B.
Page 5: Table Of Contents
3.4 How to configure Multi-Subnet for Vigor Router ..............53 3.5 How to Customize Your Login Page ..................60 3.6 How to use SmartMonitor with Vigor2920 series ..............62 3.7 Create a LAN-to-LAN Connection Between Remote Office and Headquarter ..... 63 3.8 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter..
Page 6 4.6.5 Service Type Object ..................... 184 4.6.6 Service Type Group...................... 186 4.6.7 Keyword Object ......................188 4.6.8 Keyword Group......................189 4.6.9 File Extension Object....................190 4.7 CSM Profile ......................... 192 4.7.1 APP Enforcement Profile ....................193 Vigor2920 Series User’s Guide...
Page 7 4.13.10 Station List ........................ 312 4.13.11 Web Portal ........................ 313 4.14 USB Application ........................ 314 4.14.1 USB General Settings....................314 4.14.2 USB User Management....................315 4.14.3 File Explorer........................ 317 4.14.4 USB Disk Status ......................318 4.14.5 Syslog Explorer......................319 Vigor2920 Series User’s Guide...
Page 8 5.4 Checking If the ISP Settings are OK or Not ................ 359 5.5 Problems for 3G Network Connection ................359 5.6 Backing to Factory Default Setting If Necessary ..............360 5.7 Contacting Your Dealer ....................... 361 viii Vigor2920 Series User’s Guide...
Page 9: Introduction
Vigor2920 series is a broadband router. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DS, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 2 VPN tunnels.
Page 10: Led Indicators And Connectors
The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
Page 11 Then the router will restart with the factory default configuration. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...
Page 12: For Vigor2920N
The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
Page 13 Then the router will restart with the factory default configuration. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...
Page 14: For Vigor2920Vn
The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps when left LED is on. Vigor2920 Series User’s Guide...
Page 15 Connecter for analog phone(s). Line Connector for PSTN life line. GigaLAN (1-4) Connecters for local networked devices. WAN1/WAN2(Giga) Connecters for remote networked devices. Connecter for Mobile HDD, 3G Modem or printer. Connecter for a power adapter. Power Switch. ON/OFF Vigor2920 Series User’s Guide...
Page 16: Hardware Installation
Power on the device by pressing down the power switch on the rear panel. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking. (For the detailed information of LED status, please refer to section 1.1.) Vigor2920 Series User’s Guide...
Page 17: Printer Installation
You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE/Vista, please visit www.DrayTek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
Page 18 Click Local printer attached to this computer and click Next. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next. Vigor2920 Series User’s Guide...
Page 19 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. Click Standard and choose Generic Network Card. Then, in the following dialog, click Finish. Vigor2920 Series User’s Guide...
Page 20 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name. Vigor2920 Series User’s Guide...
Page 21 If you do not know whether your printer is supported or not, please visit www.DrayTek.com to find out the printer list. Open Support >FAQ; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.
Page 22 This page is left blank. Vigor2920 Series User’s Guide...
Page 23: Configuring Basic Settings
The web page can be logged out according to the chosen condition. The default setting is Auto Logout, which means the web configuration system will logout after 5 minutes without any operation. Change the setting for your necessity. Vigor2920 Series User’s Guide...
Page 24: Changing Password
Now, the Main Screen will appear. Note: The home page will change slightly in accordance with the type of the router you have. Go to System Maintenance page and choose Administrator Password. Vigor2920 Series User’s Guide...
Page 25: Quick Start Wizard
If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. Vigor2920 Series User’s Guide...
Page 26: For Wan1/Wan2
PPPoE is used for most of modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode. If your ISP provides you the PPPoE connection, please select PPPoE for this router. Vigor2920 Series User’s Guide...
Page 27 Assign a specific valid user name provided by the ISP. User Name Assign a valid password provided by the ISP. Password Retype the password. Confirm Password Click it to return to previous setting page. Back Click it to get into the next setting page. Next Vigor2920 Series User’s Guide...
Page 28 Please manually enter the Username/Password provided by your ISP. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2920 Series User’s Guide...
Page 29 Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Click PPTP/L2TP as the Internet Access Type. Then click Next to continue. Vigor2920 Series User’s Guide...
Page 30 Click it to give up the quick start wizard. Cancel Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2920 Series User’s Guide...
Page 31 Type the subnet mask. Subnet Mask Type the IP address of gateway. Gateway Type in the primary IP address for the router. Primary DNS Type in secondary IP address for necessity in the future. Secondary DNS Vigor2920 Series User’s Guide...
Page 32 Click DHCP as the protocol. Type in all the information that your ISP provides for this protocol. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Vigor2920 Series User’s Guide...
Page 33 Click it to return to previous setting page. Back Click it to get into th/e next setting page. Next Click it to give up the quick start wizard. Cancel After finishing the settings in this page, click Next to see the following page. Vigor2920 Series User’s Guide...
Page 34: For Wan3
5. Now, you can enjoy surfing on the Internet. To use 3G USB modem for network connection, please choose WAN3. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. Vigor2920 Series User’s Guide...
Page 35: Service Activation Wizard
Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com. For using Web Content Filter Profile, please refer to later section Web Content Filter Profile for detailed information.
Page 36 When you finish the selection, please click Next. Commtouch is the web content filter based on Commtouch operated in the worldwide. There is a 30-day trial period. After trial, you can purchase DrayTek's prepared Commtouch GlobalView WCF package from retailing outlets.
Page 37 Note: The service will be activated and applied as the default rule configured in Firewall>>General Setup. Now, the web page will display the service that you have activated according to your selection(s). The valid time for the free trial of these services is 30-day. Vigor2920 Series User’s Guide...
Page 38 Later, if you need to extend the license valid time for the same service, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next. Vigor2920 Series User’s Guide...
Page 39: Online Status
Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. Detailed explanation (for IPv4) is shown below: Vigor2920 Series User’s Guide...
Page 40 IP Address- Displays the IPv6 address of the LAN LAN Status interface.. TX Packets-Displays the total transmitted packets at the LAN interface. RX Packets-Displays the total received packets at the LAN interface. TX Bytes - Displays the total ransmitted octets at the LAN Vigor2920 Series User’s Guide...
Page 41: Virtual Wan
Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2920 Series User’s Guide...
Page 42: Registering Vigor Router
Please login the web configuration interface of Vigor router by typing “admin/admin” as User Name / Password. Click Support Area>>Production Registration from the home page. A Login page will be shown on the screen. Please type the account and password that you created previously. And click Login. Vigor2920 Series User’s Guide...
Page 43 When the following page appears, please type in Nickname (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit. Vigor2920 Series User’s Guide...
Page 44 When the following page appears, your router information has been added to the database. Click OK to leave this web page and return to My Information web page. Take a look at the page of My Information, the new added Vigor rotuer is listed under Your Device List. Vigor2920 Series User’s Guide...
Page 45: Tutorials And Applications
TSPC, AICCU, DHCPv6 Client and Static IPv6. Access into the web configurator of Vigor2920. Open WAN>> Internet Access. Choose one of the WAN interfaces as the one supporting IPv6 service. Then, click the IPv6 button of the selected WAN. Vigor2920 Series User’s Guide...
Page 46 PPP – Dual Stack application, IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4. Access into the setting page for IPv6 service, it is not necessary for you to configure anything. Vigor2920 Series User’s Guide...
Page 47 Click OK and open Online Status. If the connection is successful, you will get the IP address for IPv4 and IPv6 at the same time. Vigor2920 Series User’s Guide...
Page 48 (In the following figure, the TSPC information is obtained from http://gogo6.com/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 49 (In the following figure, the AICCU information is obtained from https://www.sixxs.net/main/ after applied for the service.) Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 50 DHCPv6 Client Choose DHCPv6 Client. Click one of the identity associations and type the IAID number. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 51 Static IPv6 Choose Static IPv6. Type IPv6 address, Prefix Length and Gateway Address. Click OK and open Online Status. If the connection is successful, the physical connection will be shows as follows: Vigor2920 Series User’s Guide...
Page 52 In the field of HCPv6 Server Configuration, when DHCPv6 service is enabled, you can assign available IPv6 address for the client manually. Note: When both mechanisms are enabled, the client can determine which mechanism to be used (e.g., the default mechanism for Windows7 is RADVD). Vigor2920 Series User’s Guide...
Page 53 IPv4 IP and IPv6 IP services. Its IPv6 address is seen with a format of 2001:200:dff:fff1:216:3eff:feb1:44d7. After getting the above message, it means the IPv6 service has been activated successfully. Vigor2920 Series User’s Guide...
Page 54 If not, only a steady turtle will be seen. If you can see a turtle dancing on the screen, that means IPv6 service is ready for you to access and utilize. Vigor2920 Series User’s Guide...
Page 55: How To Send Out Sms Via Vigor Router
Click Enable to enable SMS setup; type a name for identification as Profile Name; use the drop down list to choose the Service Provider that you apply for SMS; type the Username and Password that you apply for SMS; type the telephone number that you Vigor2920 Series User’s Guide...
Page 56 SMS notification just for once. The Send a test Message button allows you to send one SMS to the user just for test. 4. Now, a new SMS proifle has been created. 5. Go to WAN>>General Setup. In this case, choose the WAN2 link as an example. Vigor2920 Series User’s Guide...
Page 57 WAN for connection instead and send SMS to notify the user (destination number #123456789). However, if there is no available WAN for connection, the system will send SMS to inform the user after reconnecting WAN2 successfully. Vigor2920 Series User’s Guide...
Page 58: How Can I Get The Files From Usb Storage Device Connecting To Vigor Router
Plug the USB device to the USB port on the router. Make sure Disk Connected appears on the Connection Status as the figure shown below: Open USB Application >> USB General Settings to check the general settings. Click Vigor2920 Series User’s Guide...
Page 59 "user1" and assign authorities “Read”, “Write” and “List” to it. Click OK to save the configuration. Make sure the FTP service is running properly. Please open a browser and type ftp://192.168.1.1. Use the account "user1" to login. Vigor2920 Series User’s Guide...
Page 60 Now, users in LAN of Vigor2920 can access into the USB storage device by typing ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management. Vigor2920 Series User’s Guide...
Page 61: How To Configure Multi-Subnet For Vigor Router
VLAN Configuration. For VLAN0 setting, check P1 and set LAN1 as the Subnet. For VLAN1 setting, check P2 and set LAN2 as the Subnet. For VLAN2 setting, check P3 and P4, and set LAN3 as the Subnet. Vigor2920 Series User’s Guide...
Page 62 The equipment connecting to Vigor2920 LAN Port 3 and Port 4 (LAN3) can get the IP address of 192.168.3.0/24 For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2920 Series User’s Guide...
Page 63 To make any two of VLAN groups linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2920 Series User’s Guide...
Page 64 (8) for VID setting. Then check P4 and set LAN2 as the Subnet. To activate the function of VLAN Tag for VLAN2 setting, check the box of Enable and type the value (9) for VID setting. Then check P4 and set LAN3 as the Subnet. Vigor2920 Series User’s Guide...
Page 65 In the page of LAN >> General Setup, check the Status box of LAN2, LAN3 and LAN4 and enable the function of DHCP. For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure. Vigor2920 Series User’s Guide...
Page 66 Port 23 is set with Trunk in this example and will transfer the packets with VLAN Tag information. That is, packets with VID 7, 8, 9 and 10 will be transferred to Vigor2920 by Port 23 and VID information will be retained. Vigor2920 Series User’s Guide...
Page 67 To make any two of VLAN groups of Tag Based VLAN linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked. Vigor2920 Series User’s Guide...
Page 68: How To Customize Your Login Page
Open User Management>>General Setup. Set User-Based as the Mode and click OK to save teh settings. Open User Management>>User Profile to create a new user profle. Click any link (e.g., #3) to access into the following page. Type a User Name and a Password. Then, click OK. Vigor2920 Series User’s Guide...
Page 69 “Just for Carrie” is displayed as a heading on the login dialog box. After typing the username and password (defined in User Management>>User Profile), click Login. You can access into Internet or access into the Landing Page if configured in User Management>>General Setup. Vigor2920 Series User’s Guide...
Page 70: How To Use Smartmonitor With Vigor2920 Series
SmartMonitor to the monitor port of Vigor router, then all the traffic in other LAN port will forward to the monitor port. But, there is no hardware monitor port for Vigor2920 series. Therefore we need to configure mirror port setting in the web configurator of Vigor2920 for using SmartMonitor.
Page 71: Create A Lan-To-Lan Connection Between Remote Office And Headquarter
For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
Page 72 Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. Vigor2920 Series User’s Guide...
Page 73 Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Vigor2920 Series User’s Guide...
Page 74 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2920 Series User’s Guide...
Page 75 PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
Page 76 Set Dial-Out Settings as shown below to dial to connect to Router A aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2920 Series User’s Guide...
Page 77 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2920 Series User’s Guide...
Page 78 Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2920 Series User’s Guide...
Page 79: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter
PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2920 Series User’s Guide...
Page 80 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2920 Series User’s Guide...
Page 81 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.DrayTek.com download center. Install as instructed.
Page 82 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2920 Series User’s Guide...
Page 83: Qos Setting Example
Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in the restroom. Go to Bandwidth Management>>Quality of Service. Vigor2920 Series User’s Guide...
Page 84 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the name “E-mail” for Class 1. Vigor2920 Series User’s Guide...
Page 85 POP3 and SMTP. Return to previous page. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserved bandwidth for HTTPS. And click OK. Click Setup link for WAN. Vigor2920 Series User’s Guide...
Page 86 Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. 10. Click Edit to open a new window. 11. Click Edit to open the following window. Check the ACT box, first. Vigor2920 Series User’s Guide...
Page 87 12. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK. Vigor2920 Series User’s Guide...
Page 88: Request A Certificate From A Ca Server On Windows Ca Server
Go to Certificate Management and choose Local Certificate. Vigor2920 Series User’s Guide...
Page 89 Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Vigor2920 Series User’s Guide...
Page 90 IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. Vigor2920 Series User’s Guide...
Page 91 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2920 Series User’s Guide...
Page 92: Request A Ca Certificate And Set As Trusted On Windows Ca Server
Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2920 Series User’s Guide...
Page 93 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2920 Series User’s Guide...
Page 94: Creating An Account For Myvigor
The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Web Content Filter) to filtering the web pages for the sake of protecting your system. In general, Service Activation Wizard can activate WCF service for the router by using simple steps.
Page 95 2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. Check to confirm that you accept the Agreement and click Accept. Vigor2920 Series User’s Guide...
Page 96 5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue. Vigor2920 Series User’s Guide...
Page 97 New Account Confirmation Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2920 Series User’s Guide...
Page 98: Creating An Account Via Myvigor Web Site
11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
Page 99 2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue. Vigor2920 Series User’s Guide...
Page 100 New Account Confirmation Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. Vigor2920 Series User’s Guide...
Page 101 UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. Vigor2920 Series User’s Guide...
Page 102 This page is left blank. Vigor2920 Series User’s Guide...
Page 103: Advanced Web Configuration
Hence, the NIC has reserved certain addresses that will never be registered publicly. These are known as private IP addresses, and are listed in the following ranges: Vigor2920 Series User’s Guide...
Page 104 After connecting into the router, 3G USB Modem will be regarded as the third WAN port. However, the original Ethernet WAN1/WAN2 still can be used and Load-Balance can be done in the router. Besides, 3G USB Modem in WAN3 also can be used as backup device. Vigor2920 Series User’s Guide...
Page 105: General Setup
Therefore, when WAN1/WAN2 is not available, the router will use 3.5G for supporting automatically. The supported 3G USB Modem will be listed on Draytek web site. Please visit www.draytek.com for more detailed information. Due to the shortage of IPv4 address, more and more countries use IPv6 to solve the problem.
Page 106 Display whether such WAN interface is connected and allows Active Mode to access into Internet always, or such WAN interface will be treated as backup WAN interface. Note: In default, each WAN port is enabled. Vigor2920 Series User’s Guide...
Page 107 Enable – Enable the function of VLAN with tag. VLAN Tag insertion The router will add specific VLAN number to all packets on the WAN while sending them out. Please type the tag value and specify the priority for the packets Vigor2920 Series User’s Guide...
Page 108 When all WAN disconnect – Such backup WAN will be activated only when all master WAN interfaces disconnect. After finished the above settings, click OK to save the settings. To use 3G network connection through 3G USB Modem, please configure WAN3 interface. Vigor2920 Series User’s Guide...
Page 109 Active Mode specified. If you choose Always On as Active Mode, such interface will be used for access into Internet all the time. If you choose Backup as the Active Mode, you have to specify Vigor2920 Series User’s Guide...
Page 110: Internet Access
For the router supports multi-WAN function, the users can set different WAN settings (for WAN1/WAN2/WAN3) for Internet Access. Due to different Physical Mode for WAN interfaces, the Access Mode for these connections also varies. Refer to the following figures Vigor2920 Series User’s Guide...
Page 111 To choose PPPoE as the accessing protocol of the internet, please select PPPoE from the Internet Access menu. The following web page will be shown. Available settings are explained as follows: Item Description Click Enable for activating this function. If you click Disable, PPPoE Client Mode Vigor2920 Series User’s Guide...
Page 112 Fixed IP field. Please contact your ISP before you want to use this function. WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use Vigor2920 Series User’s Guide...
Page 113 IP address to the WAN interface. To use Static or Dynamic IP as the accessing protocol of the internet, please choose Static or Dynamic IP mode from Internet Access menu. The following web page will be shown. Vigor2920 Series User’s Guide...
Page 114 IP address in this field for pinging. TTL (Time to Live) – Displays value for your reference. TTL value is set by telnet command. It means Max Transmit Unit for packet. The default setting is 1442. Vigor2920 Series User’s Guide...
Page 115 Gateway IP Address: Type the gateway IP address. Default MAC Address: Click this radio button to use default MAC address for the router. Specify a MAC Address: Some Cable service providers specify a specific MAC address for access authentication. In Vigor2920 Series User’s Guide...
Page 116 Username -Type in the username provided by ISP in this field. ISP Access Setup Password -Type in the password provided by ISP in this field. Index (1-15) in Schedule Setup - You can type in four sets of Vigor2920 Series User’s Guide...
Page 117 In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function. Click Yes to use this function and type in a fixed IP address in the box. Vigor2920 Series User’s Guide...
Page 118 3G Modem this function will be closed and all the settings that you adjusted in this page will be invalid. Type PIN code of the SIM card that will be used to access SIM PIN code Internet. Vigor2920 Series User’s Guide...
Page 119 IP address in this field for pinging. TTL (Time to Live) – Displays value for your reference. TTL value is set by telnet command. After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
Page 120 It means Max Transmit Unit for packet. The default setting is 1380. Display the software version of LTE. LTE software version Display the firmware version of LTE. LTE hardware version After finishing all the settings here, please click OK to activate them. Vigor2920 Series User’s Guide...
Page 121 PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix. No need to type any other information for PPP mode. Below shows an example for successful IPv6 connection based on PPPoE mode. Vigor2920 Series User’s Guide...
Page 122 After getting the IPv6 prefix and starting router advertisement daemon (RADVD), the PC behind this router can directly connect to IPv6 the Internet. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 123 Type the password again to make the confirmation. Confirm Password Type the address for the tunnel broker IP, FQDN or an Tunnel Broker optional port number. Type the subnet prefix address getting from service Subnet Prefix provider Vigor2920 Series User’s Guide...
Page 124 Available settings are explained as follows: Item Description Choose Prefix Delegation or Non-temporary Address as Identify Association the identify association. Type a number as IAID. IAID – – This type allows you to setup static IPv6 address for WAN interface. Vigor2920 Series User’s Guide...
Page 125: Load-Balance Policy
Note: Load-Balance Policy is running only when more than one WAN interface is activated. Each item is explained as follows: Item Description Click the number of index to access into the load-balance Index policy configuration web page. Check this box to enable this policy. Enable Vigor2920 Series User’s Guide...
Page 126 Choose the WAN interface (WAN1 / WAN2 / WAN3) for Binding WAN interface binding. Auto failover to other WAN – Check this button to lead the data passing through other WAN automatically when the selected WAN interface is failover. Vigor2920 Series User’s Guide...
Page 127: Multi-Vlan
Available settings are explained as follows: Item Description Display the number of each channel. Channel Check this box to enable that channel. The channels that you Enable enabled here will be shown in the Multi-VLAN channel drop Vigor2920 Series User’s Guide...
Page 128 VoIP - It can be specified for VoIP only. If you choose VoIP, the configuration for this VLAN will be effective for VoIP data transmitting and receiving. IPTV - Packets from IGMP proxy will be sent out from such WAN interface. Therefore, the setting for IGMP shall be Vigor2920 Series User’s Guide...
Page 129 LAN port for channel 3 to 8. Click Clear to remove all the configurations in this page if you do not satisfy it. When you finish the configuration, please click OK to save and exit this page. Vigor2920 Series User’s Guide...
Page 130: Lan
IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2920 Series User’s Guide...
Page 131 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2920 Series User’s Guide...
Page 132: General Setup
Details Page - Click it to access into the setting page. Each LAN will have different LAN configuration page. Each LAN must be configured in different subnet. IPv6 – Click it to access into the settings page of IPv6. Vigor2920 Series User’s Guide...
Page 133 Disable Server –If your LAN has another DHCP server, please click it to disable the DHCP server of this device. However, If you LAN does not have any DHCP server, you can manually assign IP address to every host in the LAN. Vigor2920 Series User’s Guide...
Page 134 If you want to use the router as a DNS proxy server, you have to input router’s LAN IP into the Primary or Secondary DNS server IP fields manually. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 135 It's used to control the lifetime of the prefix. The maximum value corresponds to 18.2 hours. A lifetime of 0 indicates that the router is not a default router and should not appear on the default router Vigor2920 Series User’s Guide...
Page 136 (Default: 255.255.255.0/ 24) DHCP stands for Dynamic Host Configuration Protocol. The DHCP Server router by factory default acts a DHCP server for your network Configuration so it automatically dispatch related IP settings to any local user Vigor2920 Series User’s Guide...
Page 137 DHCP server. The value is usually as same as the 1st IP address of the router, which means the router is the default gateway. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 138 Add – Type the MAC address in the boxes and click this button to add. Delete – Click it to delete the selected MAC address. Edit – Click it to edit the selected MAC address. Vigor2920 Series User’s Guide...
Page 139: Static Route
Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2. Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Vigor2920 Series User’s Guide...
Page 140 192.168.10.0 will be forwarded to 192.168.1.2. Click OK. Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Vigor2920 Series User’s Guide...
Page 141 You can set up to 40 profiles for IPv6 static route. Click the IPv6 tab to open the following page: Each item is explained as follows: Item Description The number (1 to 40) under Index allows you to open next Index page to set up static route. Vigor2920 Series User’s Guide...
Page 142 Type the gateway address for this entry. Gateway IPv6 Address Use the drop down list to specify an interface for this static Network Interface route. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 143: Vlan
Choose one of them to make the selected VLAN mapping to Subnet the specified subnet only. For example, LAN1 is specified for VLAN0. It means that PCs grouped under VLAN0 can get the IP address (es) that specified by the subnet. Vigor2920 Series User’s Guide...
Page 144: Bind Ip To Mac
Click this radio button to disable this function. All the settings Disable on this page will be invalid. Click this radio button to block the connection of the IP/MAC Strict Bind which is not listed in IP Bind List. Vigor2920 Series User’s Guide...
Page 145: Lan Port Mirror
VLAN at the same time. Third, it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port. Last, it is more convenient and easy to configure in user’s interface. Vigor2920 Series User’s Guide...
Page 146: Wired 802.1X
Each LAN port with Wired 802.1x configured will only forward 802.1x packets and block all other packets until the authentication has successfully completed. Available settings are explained as follows: Item Description Check the box to enable LAN 802.1x function. Enable Vigor2920 Series User’s Guide...
Page 147: Nat
IP address/port, the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address/port of the server. Vigor2920 Series User’s Guide...
Page 148 Display the transport layer protocol (TCP or UDP). Protocol Display the port number which will be redirected to the Public Port specified Private IP and Port of the internal host. Display the IP address of the internal host providing the Private IP Vigor2920 Series User’s Guide...
Page 149 If you choose Range as the port redirection mode, you will see two boxes on this field. Type a complete IP address in the first box (as the starting point) and the fourth digits in the second box (as the end point). Vigor2920 Series User’s Guide...
Page 150: Dmz Host
LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc. Vigor2920 Series User’s Guide...
Page 151 Choose PC up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host. Vigor2920 Series User’s Guide...
Page 152 WAN2 interface, you will find them in Aux. WAN IP for your selection. Available settings are explained as follows: Item Description Check to enable the DMZ Host function. Enable Enter the private IP address of the DMZ host, or click Choose Private IP PC to select one. Vigor2920 Series User’s Guide...
Page 153 When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 154: Open Ports
Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 20 port ranges for diverse services. Vigor2920 Series User’s Guide...
Page 155: Address Mapping
For example, you have IP addresses ranging from 86.123.123.1 ~ 86.123.123.8. However, your router uses 86.123.123.1, and the rest of the IPs are recorded in WAN IP alias. You want that private IP 192.168.1.10 can use 86.123.123.2 as source IP when it sends packet out to Vigor2920 Series User’s Guide...
Page 156 Display the subnet mask selected for this address mapping. Mask Display the status for the entry, enable or disable. Status Click the index number link to open the configuration page. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 157: Port Triggering
The duration that these ports are opened depends on the type of protocol used. The "default" durations are shown below and these duration values can be modified via telnet commands. TCP: 86400 sec. UDP: 180 sec. IGMP: 10 sec. TCP WWW: 60 sec. TCP SYN: 60 sec. Vigor2920 Series User’s Guide...
Page 158 Incoming Port profile. Display if the rule is active or de-active. Status Click the index number link to open the configuration page. Available settings are explained as follows: Item Description Check to enable this entry. Enable Vigor2920 Series User’s Guide...
Page 159 (TCP, UDP or TCP/UDP) for the incoming data of such triggering profile. Type the port or port range for the incoming packets. Incoming Port After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 160: Firewall
It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor2920 Series User’s Guide...
Page 161 4. Port Scan attack 12. Tear drop attack 5. IP options 13. Ping of Death attack 6. Land attack 14. ICMP fragment 7. Smurf attack 15. Unknown protocol 8. Trace route Below shows the menu items for Firewall. Vigor2920 Series User’s Guide...
Page 162: General Setup
Vigor router, will be filtered by firewall. If the firewall system (e.g., content filter server) does not make any response (pass or block) for these packets, then the router’s firewall will block the packets directly. Vigor2920 Series User’s Guide...
Page 163 The default setting is 60000. Choose one of the QoS rules to be applied as firewall rule. For Quality of Service detailed information of setting QoS, please refer to the related section later. Vigor2920 Series User’s Guide...
Page 164 Select one of the Web Content Filter profile settings (created Web Content Filter in CSM>> Web Content Filter) for applying with this router. Please set at least one profile for anti-virus in CSM>> Web Content Filter web page first. Or choose [Create New] from Vigor2920 Series User’s Guide...
Page 165 However, if the network is not stable, small value will be proper. Session timeout – Setting timeout for sessions can make the best utilization of network resources. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 166: Filter Setup
Set the link to the next filter set to be executed after the current Next Filter Set filter run. Do not make a loop with many filter sets. To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Vigor2920 Series User’s Guide...
Page 167 ON Set the direction of packet flow. It is for Data Filter only. For Direction the Call Filter, this setting is not available since Call Filter is only applied to outgoing traffic. Vigor2920 Series User’s Guide...
Page 168 From the IP Group drop down list, choose the one that you want to apply. Or use the IP Object drop down list to choose the object that you want. Click Edit to access into the following dialog to choose a Service Type suitable service type. Vigor2920 Series User’s Guide...
Page 169 Too Short - Apply the rule only to packets that are too short to contain a complete header. Specifies the action to be taken when packets match the rule. Filter Block Immediately - Packets matching the rule will be dropped immediately. Vigor2920 Series User’s Guide...
Page 170 [Create New] from the drop down list in this page to create a new profile. All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here. For detailed information, refer to the section of Vigor2920 Series User’s Guide...
Page 171 Please use the drop-down list to choose a codepage. If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Vigor2920 Series User’s Guide...
Page 172 TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web page. The default setting is Enabled.
Page 173 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2920 Series User’s Guide...
Page 174: Dos Defense
UDP packets for a period defined in Timeout. The default setting for threshold and timeout are 150 packets per second and 10 seconds, respectively. Check the box to activate the ICMP flood defense function. Enable ICMP flood Vigor2920 Series User’s Guide...
Page 175 Check the box to activate the Block Tear Drop function. Many Block Tear Drop machines may crash when receiving ICMP datagrams (packets) that exceed the maximum length. To avoid this type of attack, the Vigor router is designed to be capable of discarding any Vigor2920 Series User’s Guide...
Page 176 Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 177: User Management
Note: If Transparency Mode is selected in Firewall>>General Setup, User Management cannot be used any more. Please uncheck Transparency Mode first if you want to utilize user management to handle users in LAN, WAN or WLAN. Vigor2920 Series User’s Guide...
Page 178: General Setup
Rule-Based –If you choose such mode, the router will apply the filter rules configured in Firewall>>General Setup and Filter Rule to the users. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 179: User Profile
To set the user profile, please click any index number link to open the following page. Notice that profile 1 (admin) and profile 2 (System Reservation) are factory default settings. Profile 2 is reserved for future use. Click any index number to open the following configuration page: Vigor2920 Series User’s Guide...
Page 180 Firewall can be adopted for such user profile. Create New Policy – If you choose such item, the following page will be popped up for you to define another filter rule as a new policy. Vigor2920 Series User’s Guide...
Page 181 User Management >> General Setup) will be displayed. After authentication, the destination URL (if requested by the user) will be guided automatically by the router. Alert Tool – If it is selected, the user can open Alert Tool and Vigor2920 Series User’s Guide...
Page 182: User Group
When a user tries to access into the web configurator of Landing Page Vigor2920 series with the user name and password specified in this profile, he/she will be lead into the web page configured in Landing Page field in User Management>>General Setup.
Page 183: User Online Status
After finishing all the settings here, please click OK to save the configuration. This page displays the user(s) connected to the router and refreshes the connection status in an interval of several seconds. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 184 Display the idle timeout setting for such profile. Idle Time Block - can prevent specified user accessing into Internet. Action Unblock – the user will be blocked. Logout – the user will be logged out forcefully. Vigor2920 Series User’s Guide...
Page 185: Objects Settings
You can set up to 192 sets of IP Objects with different conditions. Available settings are explained as follows: Item Description Display a name for this profile. Name Clear all profiles. Set to Factory Default Click the number under Index column for settings in detail. Vigor2920 Series User’s Guide...
Page 186 Select Subnet Address if this object contains one subnet for IP address. Select Any Address if this object contains any IP address. Select Mac Address if this object contains Mac address. Type the MAC address of the network card which will be MAC Address controlled. Vigor2920 Series User’s Guide...
Page 187: Ip Group
This page allows you to bind several IP objects into one IP group. Available settings are explained as follows: Item Description Display a name for this IP group profile. Name Clear all profiles. Set to Factory Default Vigor2920 Series User’s Guide...
Page 188 Available IP Objects above will be shown in this box. Click >> button to add the selected IP objects in this box. Selected IP Objects After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 189: Ipv6 Object
Clear all profiles. Set to Factory Default Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Type a name for this profile. Maximum 15 characters are Name allowed. Vigor2920 Series User’s Guide...
Page 190 If it is checked, all the IPv6 addresses except the ones listed Invert Selection above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 191: Ipv6 Group
This page allows you to bind several IPv6 objects into one IPv6 group. Available settings are explained as follows: Item Description Clear all profiles. Set to Factory Default Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Vigor2920 Series User’s Guide...
Page 192: Service Type Object
You can set up to 96 sets of Service Type Objects with different conditions. Available settings are explained as follows: Item Description Display a name for this profile. Name Clear all profiles. Set to Factory Default Click the number under Index column for settings in detail. Vigor2920 Series User’s Guide...
Page 193 (<) – the port number less than this value is available for this profile. After finishing all the settings here, please click OK to save the configuration. Below is an example of service type objects settings. Vigor2920 Series User’s Guide...
Page 194: Service Type Group
This page allows you to bind several service types into one group. Available settings are explained as follows: Item Description Display a name for this profile. Name Clear all profiles. Set to Factory Default Vigor2920 Series User’s Guide...
Page 195 Objects Setting>>Service Type Object will be shown in this Objects box. Click >> button to add the selected IP objects in this box. Selected Service Type Objects After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 196: Keyword Object
Available settings are explained as follows: Item Description Display a name for this profile. Name Clear all profiles. Set to Factory Default Click the number under Index column for setting in detail. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 197: Keyword Group
/white list in CSM >>URL /Web Content Filter Profile. Available settings are explained as follows: Item Description Display a name for this profile. Name Clear all profiles. Set to Factory Default Click the number under Index column for setting in detail. Vigor2920 Series User’s Guide...
Page 198: File Extension Object
Profile 1 with name of “default” is the default profile, some files with the file extensions specified in this profile will be ignored and not be scanned by Vigor router. Available settings are explained as follows: Item Description Display a name for this profile. Name Vigor2920 Series User’s Guide...
Page 199 Type a name for this profile. Profile Name Type a name for such profile and check all the items of file extension that will be processed in the router. Finally, click OK to save this profile. Vigor2920 Series User’s Guide...
Page 200: Csm Profile
Vigor router will then decide whether to allow access to this site according to the categories you have selected. Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Vigor2920 Series User’s Guide...
Page 201: App Enforcement Profile
There are four tabs IM, P2P, Protocol and Misc displayed on this page. Each tab will bring out different items that you can choose to disallow people using. Below shows the items which are categorized under IM. Vigor2920 Series User’s Guide...
Page 202 After finishing all the settings here, please click OK to save the configuration. The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow. Vigor2920 Series User’s Guide...
Page 203 The items categorized under P2P ----- The items categorized under Protocol. Vigor2920 Series User’s Guide...
Page 204: Url Content Filter Profile
For example, an ActiveX control object is usually used for providing interactive web feature. If malicious code hides inside, it may occupy user’s system. Vigor2920 Series User’s Guide...
Page 205 Display the name of the URL Content Filter Profile. Name You can type the message manually for your necessity or Default Message click this button to get the default message which will be displayed on the field of Administration Message. Vigor2920 Series User’s Guide...
Page 206 Control and Web Feature below, such function can determine the priority for the actions executed. For this one, the router will process the packages with the conditions set below for web feature first, then URL second. Vigor2920 Series User’s Guide...
Page 207 In addition, the maximal length of each frame is 32-character long. After specifying keywords, the Vigor router will decline the connection request to the website whose URL string matched to any user-defined keyword. It should be Vigor2920 Series User’s Guide...
Page 208 File Extension Profile – Choose one of the profiles that you configured in Object Setting>> File Extension Objects previously for passing or blocking the file downloading. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 209: Web Content Filter Profile
Please refer to section of creating MyVigor account. WCF adopts the mechanism developed and offered by certain service provider (e.g., DrayTek). No matter activating WCF feature or getting a new license for web content filter, you have to click Activate to satisfy your request.
Page 210 It is recommended for you to use the default setting, Setup Test Server auto-selected. Such server is powered by Commtouch. Click it to open http://myvigor.draytek.com for searching Find more another qualified and suitable server. Click this link to retrieve the factory settings.
Page 211 Block - restrict accessing into the corresponding webpage with the characters listed on Group/Object Selections. If the web pages do not match with the specified feature set here, they will be processed with the categories listed on the box below. Vigor2920 Series User’s Guide...
Page 212: Bandwidth Management
To solve the problem, you can use limit session to limit the session procession for specified Hosts. In the Bandwidth Management menu, click Sessions Limit to open the web page. Vigor2920 Series User’s Guide...
Page 213 Adds the specific session limitation onto the list above. Allows you to edit the settings for the selected limitation. Edit Vigor2920 Series User’s Guide...
Page 214: Bandwidth Limit
The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs. Please use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Bandwidth Limit to open the web page. Vigor2920 Series User’s Guide...
Page 215 RX limit - Define the limitation for the speed of the downstream. If you do not set the limit in this field, the system will use the default speed for the specific limitation Vigor2920 Series User’s Guide...
Page 216 All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 217: Quality Of Service
The core routers in the backbone will do the same checking before executing treatments in order to ensure service-level consistency throughout the whole QoS-enabled network. Vigor2920 Series User’s Guide...
Page 218 Index – Display the class number that you can edit. Class Rule Name – Display the name of the class. Rule – Allow to configure detailed settings for the selected Class. Service Type – Allow to configure detailed settings for the Vigor2920 Series User’s Guide...
Page 219 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Vigor2920 Series User’s Guide...
Page 220 Check this and set the limited bandwidth ratio on the right Enable UDP Bandwidth field. This is a protection of TCP application traffic since UDP Control application traffic such as streaming video will exhaust lots of Vigor2920 Series User’s Guide...
Page 221 Edit link of that one. After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. Vigor2920 Series User’s Guide...
Page 222 It determines the service type of the data for processing with Service Type QoS control. It can also be edited. You can choose the predefined service type from the Service Type drop down list. Those types are predefined in factory. Simply choose the one Vigor2920 Series User’s Guide...
Page 223 Edit to open the rule edit page for modification. To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. Vigor2920 Series User’s Guide...
Page 224 Range as the type. By the way, you can set up to 10 service types. If you want to edit/delete an existed service type, please select the radio button of that one and click Edit/Edit for modification. Vigor2920 Series User’s Guide...
Page 225: Applications
In the DDNS setup menu, check Enable Dynamic DNS Setup. Available settings are explained as follows: Item Description Clear all profiles and recover to factory settings. Set to Factory Default Check this box to enable DDNS function. Enable Dynamic DNS Vigor2920 Series User’s Guide...
Page 226 WAN1/WAN2/WAN3 as the first channel for such account. If WAN1/WAN2/WAN3 fails, the router will use another WAN interface instead. WAN1/WAN2/WAN3 Only - While connecting, the router will use WAN1/WAN2/WAN3 as the only channel Vigor2920 Series User’s Guide...
Page 227: Schedule
Inquire Time button to set the Vigor router’s clock to current time of your PC. The clock will reset once if you power down or reset the router. There is another way to set up Vigor2920 Series User’s Guide...
Page 228 Status You can set up to 15 schedules. Then you can apply them to your Internet Access or VPN and Remote Access >> LAN-to-LAN settings. To add a schedule: Click any index, for example Index No.1. Vigor2920 Series User’s Guide...
Page 229 How often -Specify how often the schedule will be applied Once -The schedule will be applied just once Weekdays -Specify which days in one week should perform the schedule. Click OK button to save the settings. Vigor2920 Series User’s Guide...
Page 230: Radius
Server IP Address The UDP port number that the RADIUS server is using. The Destination Port default value is 1812, based on RFC 2138. The RADIUS server and client share a secret that is used to Shared Secret Vigor2920 Series User’s Guide...
Page 231: Upnp
The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility. Vigor2920 Series User’s Guide...
Page 232 Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches. Non-privileged users can control some router functions, including removing and adding port mappings. Vigor2920 Series User’s Guide...
Page 233: Igmp
It indicates the LAN port used for the multicast group. P1 to P4 Click this link to renew the working multicast group status. Refresh After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 234: Wake On Lan
Type any one of the MAC address of the bound PCs. MAC Address Click this button to wake up the selected IP. See the following Wake Up figure. The result will be shown on the box. Vigor2920 Series User’s Guide...
Page 235: Short Message Service
Type a name for such SMS profile. Profile Name Use the drop down list to specify the service provider which Service Provider offers SMS service. Type a user name that the sender can use to register to Username selected SMS provider. Vigor2920 Series User’s Guide...
Page 236: Vpn And Remote Access
Below shows the menu items for VPN and Remote Access. Such wizard is used to configure VPN settings for VPN client. Such wizard will guide to set the LAN-to-LAN profile for VPN dial out connection (from server to client) step by step. Vigor2920 Series User’s Guide...
Page 237 Route Mode/NAT Mode – If the remote network only allows Mode Selection you to dial in with single IP, please choose this mode, otherwise please choose Route Mode. There are 32 VPN profiles for users to set. Please choose a LAN-to-LAN Profile Vigor2920 Series User’s Guide...
Page 238 In this page, you have to select suitable VPN type for the VPN client profile. There are six types provided here. Different type will lead to different configuration page. After making the choices for the client profile, please click Next. You will see different configurations based on the selection(s) you made. Vigor2920 Series User’s Guide...
Page 239 When you choose PPTP (None Encryption) or PPTP (Encryption), you will see the following graphic: When you choose IPSec, you will see the following graphic: Vigor2920 Series User’s Guide...
Page 240 When you choose L2TP over IPSec (Nice to Have) or L2TP over IPSec (Must), you will see the following graphic: Available settings are explained as follows: Item Description Type a name for such profile. The length of the file is limited Profile Name to 10 characters. Vigor2920 Series User’s Guide...
Page 241 High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. This field is used to authenticate for connection when you User Name Vigor2920 Series User’s Guide...
Page 242 Click this radio button to set another profile of VPN Server Do another VPN Server through VPN Server Wizard. Wizard Setup Click this radio button to access VPN and Remote View more detailed Access>>LAN to LAN for viewing detailed configuration. configuration Vigor2920 Series User’s Guide...
Page 243: Vpn Server Wizard
VPN connection. This item is available when you choose Site to Site VPN Please choose a (LAN-to-LAN) as VPN server mode. There are 32 VPN LAN-to-LAN Profile profiles for users to set. Vigor2920 Series User’s Guide...
Page 244 Here we take the example of choosing Remote-Dial-in User as the VPN Server Mode. Check the Allowed Dial-in Type for the VPN server profile After making the choices for the server profile, please click Next. You will see different configurations based on the selection (dial-in type) you made. Vigor2920 Series User’s Guide...
Page 245 When you check PPTP, you will see the following graphic: When you check PPTP/IPSec/L2TP (three types) or PPTP/IPSec (two types) or L2TP with Policy (Nice to Have/Must), you will see the following graphic: Vigor2920 Series User’s Guide...
Page 246 Please type one LAN IP address (according to the real location Remote Network IP of the remote host) for building VPN connection. Please type the network mask (according to the real location of Remote Network the remote host) for building VPN connection. Mask Vigor2920 Series User’s Guide...
Page 247 View more detailed Access>>LAN to LAN for viewing detailed configuration. configuration If there is no problem, you can click one of the radio buttons listed on the page and click Finish to execute the next action. Vigor2920 Series User’s Guide...
Page 248: Remote Access Control
PAP or CHAP - Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first. If the dial-in user does not support this protocol, it will fall back to use the PAP protocol for authentication. Vigor2920 Series User’s Guide...
Page 249: Ipsec General Setup
Pre-Shared Key or Digital Signature (x.509). The peer that starts the negotiation proposes all its policies to the remote peer and then remote peer tries to find a highest-priority match with its policies. Eventually to set up a secure tunnel for IKE Phase 2. Vigor2920 Series User’s Guide...
Page 250 High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 251: Ipsec Peer Identity
Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2920 Series User’s Guide...
Page 252 The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 253: Remote Dial-In User
Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2920 Series User’s Guide...
Page 254 Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection. Must -Specify the IPSec policy to be definitely applied on the L2TP connection. Vigor2920 Series User’s Guide...
Page 255 IPSec Policy when you specify the IP address of the Method remote node. The only exception is Digital Signature (X.509) can be set when you select IPSec tunnel either with or without specify the IP address of the remote node. Vigor2920 Series User’s Guide...
Page 256 Local ID - Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 257: Lan To Lan
Check the box to enable the selected profile. Active Indicate the status of individual profiles. The symbol V and X Status represent the profile to be active and inactive, respectively. Vigor2920 Series User’s Guide...
Page 258 Specify a name for the profile of the LAN-to-LAN connection. Profile Name Check here to activate this profile. Enable this profile Use the drop down menu to choose a proper WAN interface VPN Dial-Out for this profile. This setting is useful for dial-out only. Through Vigor2920 Series User’s Guide...
Page 259 This function is to help the router to determine the status of Enable PING to IPSec VPN connection, especially useful in the case of keep alive abnormal VPN IPSec tunnel disruption. For details, please refer to the note below. Check to enable the transmission of Vigor2920 Series User’s Guide...
Page 260 Pre-Shared Key - Input 1-63 characters as pre-shared key. Digital Signature (X.509) - Select one predefined Profiles set in the VPN and Remote Access >>IPSec Peer Identity. This group of fields is a must for IPSec Tunnels and L2TP IPSec Security Vigor2920 Series User’s Guide...
Page 261 Three combinations are available for both modes. We suggest you select the combination that covers the most algorithms. IKE phase 1 key lifetime-For security reason, the lifetime of key should be defined. The default value is 28800 seconds. Vigor2920 Series User’s Guide...
Page 262 Determine the dial-in connection with different types. Allowed Dial-In Type PPTP - Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below. Vigor2920 Series User’s Guide...
Page 263 Local ID – Specify which one will be inspected first. Alternative Subject Name First – The alternative subject name (configured in Certificate Management>>Local Certificate) will be inspected first. Subject Name First – The subject name (configured in Certificate Management>>Local Certificate) will be inspected first. Vigor2920 Series User’s Guide...
Page 264 Address/Remote Network Mask through the VPN connection. For IPSec, this is the destination clients IDs of phase 2 quick mode. Local Network IP / Local Network Mask - Add a static route to direct all traffic destined to Local Network IP Address/Local Vigor2920 Series User’s Guide...
Page 265 VPN tunnel. Note that this setting is available only for one WAN interface is enabled. It is not available when both WAN interfaces are enabled. After finishing all the settings here, please click OK to save the configuration. Vigor2920 Series User’s Guide...
Page 266: Vpn Trunk Management
Before setting VPN TRUNK backup profile, please configure at least two sets of LAN to LAN profiles (with fully configured dial-out settings) first, otherwise you will not have selections for grouping Member1 and Member2. Available settings are explained as follows: Vigor2920 Series User’s Guide...
Page 267 LAN-to-LAN) for you to choose for grouping under certain VPN TRUNK-VPN Backup/Load Balance mechanism profile. No - Index number of LAN-to-LAN dial-out profile. Name - Profile name of LAN-to-LAN dial-out profile. Connection Type - Connection type of LAN-to-LAN dial-out profile. Vigor2920 Series User’s Guide...
Page 268 Enable radio button; type a name for such profile (e.g., 071023); choose one of the LAN-to-LAN profiles from Member1 drop down list; choose one of the LAN-to-LAN profiles from Member2 drop down list; and click Add at last. Vigor2920 Series User’s Guide...
Page 269 Peer GRE IP. See the following graphic for an example. Later, on peer side (as VPN Client): please type 192.168.50.100 in the field of My GRE IP and type IP address of the server (192.168.50.200) in the field of Peer GRE IP. Vigor2920 Series User’s Guide...
Page 270 Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. This field will display detailed information for Environment Detail Information Recovers Detection. Vigor2920 Series User’s Guide...
Page 271: Connection Management
VPN backup function. Backup Mode - This filed displays the profile name saved in VPN TRUNK Management (with Index number and VPN Server IP address). The VPN connection built by Backup Mode supports VPN backup function. Vigor2920 Series User’s Guide...
Page 272 Tx Rate – Display the transmission rate for data through such VPN tunnel. Rx Pkts – Display the receiving packets passing through such VPN channel. Rx Rate – Display the receiving rate for data through such VPN tunnel. Vigor2920 Series User’s Guide...
Page 273: Certificate Management
Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Below shows the menu items for Certificate Management. Available settings are explained as follows: Item Description Click this button to open Generate Certificate Request Generate window. Vigor2920 Series User’s Guide...
Page 274 Click this button to refresh the information listed below. Refresh Click this button to view the detailed settings for certificate View request. After clicking Generate, the generated information will be displayed on the window below: Vigor2920 Series User’s Guide...
Page 275: Trusted Ca Certificate
For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2920 Series User’s Guide...
Page 276: Certificate Backup
The more bandwidth a codec uses the better the voice quality, however the codec used must be appropriate for your Internet bandwidth. Usually there will be two types of calling scenario, as illustrated below: Vigor2920 Series User’s Guide...
Page 277 QoS Assurance assists to assign high priority to voice traffic via Internet. You will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic. Vigor2920 Series User’s Guide...
Page 278: Dialplan
Note: If the incoming or outgoing calls do not match any entry on the phonebook, the router will try to make the call "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2920 Series User’s Guide...
Page 279 The speed-dial number of this index. This can be any number Phone Number you choose, using digits 0-9 and * . The name entered here is to remind the user whose number it Display Name Enter your friend’s SIP Address. SIP URL Vigor2920 Series User’s Guide...
Page 280 "being protected". But, if the call ends up "unprotected"(e.g. peer side does not support ZRTP+SRTP), the router will not play out a warning message. Vigor2920 Series User’s Guide...
Page 281 VoIP interface. Take the above picture (Prefix Table Setup web page) as an example, the prefix number of 03 will be replaced by 8863. For example: dial number of “031111111” will be changed to “88631111111” and sent to SIP server. Vigor2920 Series User’s Guide...
Page 282 Click the link to move the selected entry up or down. Move UP /Move Down Call barring is used to block phone calls coming from the one that is not welcomed. Each item is explained as follows: Vigor2920 Series User’s Guide...
Page 283 Determine the direction for the phone call, IN – incoming call, Call Direction OUT-outgoing call, IN & OUT – both incoming and outgoing calls. Determine the type of the VoIP phone call, URI/URL or Barring Type number. Vigor2920 Series User’s Guide...
Page 284 SIP accounts. Such control also can be done based on preconfigured schedules. For Block IP Address – this function can block incoming calls (through Phone port) coming from IP address. Such control also can be done based on preconfigured schedules. Vigor2920 Series User’s Guide...
Page 285 Please dial number typed in this field to call back to that one. Dial the number typed in this field to call the previous Last Call Return [Out] outgoing phone call again. Vigor2920 Series User’s Guide...
Page 286 IP address. Dial the number typed in this field to release this function. Block IP Calls [Deact] Dial the number typed in this field to block the last incoming Block Last Calls [Act] phone call. Vigor2920 Series User’s Guide...
Page 287: Sip Accounts
As Vigor VoIP Router is turned on, it will first register with Registrar using AuthorizationUser@Domain/Realm. After that, your call will be bypassed by SIP Proxy to the destination using AccountName@Domain/Realm as identity. Note: Selection items for Ring Port will differ according to the router you have. Vigor2920 Series User’s Guide...
Page 288 By the way, ISDN-S0 can be used by mapping with MSN numbers. Show the status for the corresponding SIP account. R means Status such account is registered on SIP server successfully. – means the account is failed to register on SIP server. Vigor2920 Series User’s Guide...
Page 289 Some SIP server allows user to use VoIP function without registering. For such server, please check the box of Call without Registration. Choosing Auto is recommended. The system will select a proper way for your VoIP call. Vigor2920 Series User’s Guide...
Page 290 Manual – Choose this option if you want to specify an external IP address as the NAT transversal support. Nortel – If the soft-switch that you use supports Nortel solution, you can choose this option. Vigor2920 Series User’s Guide...
Page 291 Single Codec – If the box is checked, only the selected Codec will be applied. The amount of data contained in a single packet. The default Packet Size value is 20 ms, which means the data packet will contain 20 ms voice information. Vigor2920 Series User’s Guide...
Page 292: Phone Settings
Phone Index. Default SIP Account – “draytel_1” is the default SIP account. You can click the number below the Index field to change SIP account for each phone port. Vigor2920 Series User’s Guide...
Page 293 Dynamic RTP Port End - Specifies the end port for RTP stream. The default value is 15000. RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Vigor2920 Series User’s Guide...
Page 294 Check this box to invoke this function. A notice sound will Call Waiting appear to tell the user new phone call is waiting for your response. Click hook flash to pick up the waiting phone call. Vigor2920 Series User’s Guide...
Page 295 Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2920 Series User’s Guide...
Page 296 OutBand - Choose this one then the Vigor will capture the keypad number you pressed and transform it to digital form then send to the other side; the receiver will generate the tone according to the digital form it receive. Vigor2920 Series User’s Guide...
Page 297 DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Payload Type (rfc2833) - Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Vigor2920 Series User’s Guide...
Page 298: Status
WAIT_ANS - Indicates that a connection is launched and waiting for remote user’s answer. ALERTING - Indicates that a call is coming. ACTIVE-Indicates that the VoIP connection is launched. Indicates the voice codec employed by present channel. Codec Vigor2920 Series User’s Guide...
Page 299: Wireless Lan
Point (AP) connecting to lots of wireless clients or Stations (STA). All the STAs will share the same Internet connection via Vigor wireless router. The General Settings will set up the information of this wireless network, including its SSID as identification, located channel etc. Vigor2920 Series User’s Guide...
Page 300 LAN from wired LAN for either quarantine or limit access reasons. To isolate means neither of the parties can access each other. To elaborate an example for business use, you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of Vigor2920 Series User’s Guide...
Page 301: General Setup
Below shows the menu items for Wireless LAN. By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Vigor2920 Series User’s Guide...
Page 302 Means the identification of the wireless LAN. SSID can be any SSID text numbers or various special characters. The default SSID is "DrayTek”. We suggest you to change it. VPN – Check this box to make the wireless clients (stations) Isolate with different VPN not accessing for each other.
Page 303 Therefore, you can use and install it into your PC for matching with Packet-OVERDRIVE (refer to the following picture of Vigor N61 wireless utility window, choose Enable for TxBURST on the tab of Option). Note: * means the real transmission rate depends on the Vigor2920 Series User’s Guide...
Page 304 It controls the data transmission rate through wireless Rate Control connection. Upload – Check Enable and type the transmitting rate for data upload. Default value is 30,000 kbps. Download – Type the transmitting rate for data download. Default value is 30,000 kbps. Vigor2920 Series User’s Guide...
Page 305: Security
Internet through such router, please input the default PSK value for connection. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Vigor2920 Series User’s Guide...
Page 306 012345678(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). Type - Select from Mixed (WPA+WPA2) or WPA2 only. Pre-Shared Key (PSK) - Either 8~63 ASCII characters, such as 012345678..(or 64 Hexadecimal digits leading by 0x, such Vigor2920 Series User’s Guide...
Page 307: Access Control
MAC addresses to control their access rights. Available settings are explained as follows: Item Description Select to enable the MAC Address filter for wireless LAN Enable Mac Address identified with SSID 1 to 4 respectively. All the clients Filter Vigor2920 Series User’s Guide...
Page 308 Delete Edit the selected MAC address in the list. Edit Give up the access control set up. Cancel Click it to save the access control list. Clean all entries in the MAC address list. Clear All Vigor2920 Series User’s Guide...
Page 309: Wps
On the side of Vigor 2920 series which served as an AP, press WPS button once on the front panel of the router or click Start PBC on web configuration interface. On the side of a station with network card installed, press Start PBC button of network card. Vigor2920 Series User’s Guide...
Page 310 Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Below shows Wireless LAN>>WPS web page. Available settings are explained as follows: Item Description Check this box to enable WPS setting. Enable WPS Vigor2920 Series User’s Guide...
Page 311 Start PIN button. The WPS LED on the PinCode router will blink fast when WPS is in progress. It will return to normal condition after two minutes. (You need to setup WPS within two minutes) Vigor2920 Series User’s Guide...
Page 312: Wds
To meet the above requirement, two WDS modes are implemented in Vigor router. One is Bridge, the other is Repeater. Below shows the function of WDS-bridge interface: The application for the WDS-Repeater mode is depicted as below: Vigor2920 Series User’s Guide...
Page 313 Bridge 2 through WDS links. However, hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2. Click WDS from Wireless LAN menu. The following page will be shown. Vigor2920 Series User’s Guide...
Page 314 Type – There are some types for you to choose. WPA and Pre-shared Key WPA2 are used for WDS devices (e.g.2920n wireless router, you can set the encryption mode as WPA or WPA2 to establish your WDS system between AP and the router. Vigor2920 Series User’s Guide...
Page 315 Click Enable to make this router serving as an access point; Access Point Function click Disable to cancel this function. It allows user to send “hello” message to peers. Yet, it is valid Status only when the peer also supports this function. Vigor2920 Series User’s Guide...
Page 316: Advanced Setting
(increasing the wireless performance) or long guard interval for data transmit based on the station capability. combine frames with different Aggregation MSDU can Aggregation MSDU sizes. It is used for improving MAC layer’s performance for some brand’s clients. The default setting is Enable. Vigor2920 Series User’s Guide...
Page 317: Wmm Configuration
1 to 15. Be aware that CWMax value must be greater than CWMin or equals to CWMin value. Both values will influence the time delay for WMM accessing categories. The difference between AC_VI and AC_VO categories must be Vigor2920 Series User’s Guide...
Page 318: Ap Discovery
This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found. Please click Scan to discover all the connected APs. Vigor2920 Series User’s Guide...
Page 319 AP’s MAC address on the bottom of the page and click Bridge or Repeater. Next, click Add to. Later, the MAC address of the AP will be added to Bridge or Repeater field of WDS settings page. Vigor2920 Series User’s Guide...
Page 320: Station List
WLAN station and click Add to Access Control below. Available settings are explained as follows: Item Description Click this button to refresh the status of station list. Refresh Click this button to add current typed MAC address into Access Control. Vigor2920 Series User’s Guide...
Page 321: Web Portal
Type words or sentences here. The message will be Show the message displayed on the screen for several seconds when the wireless users access into the web page through the router. Vigor2920 Series User’s Guide...
Page 322: Usb Application
FTP sessions. The router allows up to 6 FTP sessions connecting to USB storage disk at one time. Default Charset - At present, Vigor router supports three types of character sets: default, GB2312 and BIG5. Vigor2920 Series User’s Guide...
Page 323: Usb User Management
Each item is explained as follows: Item Description Display the number link of the profile. Index Display the name that FTP/Samba users will use for accessing Username into FTP/Samba server. Display the home folder of this entry. Home Folder Vigor2920 Series User’s Guide...
Page 324 USB storage disk. In addition, if the user types “/” here, he/she can access into all of the disk folders and files in USB storage disk. Note: When write protect status for the USB storage disk is Vigor2920 Series User’s Guide...
Page 325: File Explorer
Before you click OK, you have to insert a USB storage disk into the USB interface of the Vigor router. Otherwise, you cannot save the configuration. File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router. Vigor2920 Series User’s Guide...
Page 326: Usb Disk Status
FTP server. Display the username that user uses to login to the FTP server. Username When you insert USB storage disk into the Vigor router, the system will start to find out such device within several seconds. Vigor2920 Series User’s Guide...
Page 327: Syslog Explorer
Always record the new event – only the newest events will be recorded by the system. Display the time of the event occurred. Time Display the information for each event. Message Vigor2920 Series User’s Guide...
Page 328 This page displays the syslog recorded on the USB storage disk. Each item is explained as follows: Item Description Display the time of the event occurred. Time Display the type of the record. Log Type Display the information for each event. Message Vigor2920 Series User’s Guide...
Page 329: System Maintenance
Each item is explained as follows: Item Description Display the model name of the router. Model Name Display the firmware version of the router. Firmware Version Display the date and time of the current firmware build. Build Date/Time Vigor2920 Series User’s Guide...
Page 330 - Display the IP address of the WAN interface. Default Gateway - Display the assigned IP address of the default gateway. VoIP Profile - Display the VoIP profile for the phone port. In/Out - Display the number of incoming /outgoing phone call. Vigor2920 Series User’s Guide...
Page 331: Https Encryption Setup
Available parameters are explained as follows: Item Description Choose this option to have high security. High If you have no idea of this setting, simply use the default Default setting as HTTPS encryption mode. Choose this option to have high performance. Vigor2920 Series User’s Guide...
Page 332: 324
Disable to close the mechanism of notification. The default is Disable. If you click Enable, please type the STUN Settings relational settings listed below: Server IP – Type the IP address of the STUN server. Vigor2920 Series User’s Guide...
Page 333: Administrator Password
Type in new password in this field. New Password Type in the new password again. Confirm Password When you click OK, the login window will appear. Please use the new password to access into the web configurator again. Vigor2920 Series User’s Guide...
Page 334: User Password
Below shows an example for accessing into User Operation with User Password. 1. Open System Maintenance>>User Password. 2. Check the box of Enable User Mode for simple web configuration to enable user mode operation. Type a new password in the field of New Password and click OK. Vigor2920 Series User’s Guide...
Page 335 5. The following window will be open to ask for username and password. Type the new user password in the filed of Password and click Login. 6. The main screen with User Mode will be shown as follows. Vigor2920 Series User’s Guide...
Page 336: Login Customization
At that moment, the background of the web page is blank and no heading will be displayed on the Login window. This page allows you to specify background message and the heading on the Login window if you have such requirement. Vigor2920 Series User’s Guide...
Page 337: Configuration Backup
Description Check this box to enable the login customization function. Enable Type a brief description (e.g., Welcome to DrayTek) which Login Description will be shown on the heading of the login dialog. Type words or sentences here. It will be displayed for Bulletin bulletin message.
Page 338 The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Vigor2920 Series User’s Guide...
Page 339: Syslog/Mail Alert
Web Configurator of the router or borrow debug equipments. Available parameters are explained as follows: Item Description Enable - Check Enable to activate function of syslog. SysLog Access Setup Syslog Save to – Check Syslog Server to save the log to Vigor2920 Series User’s Guide...
Page 340 For viewing the Syslog, please do the following: Just set your monitor PC’s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD. After installation, click on the Router Tools>>Syslog from program menu. Vigor2920 Series User’s Guide...
Page 341: Time And Date
Select this option to use the browser time from the remote Use Browser Time administrator PC host as router’s system time. Select to inquire time information from Time Server on the Use Internet Time Internet using assigned protocol. Select a time protocol. Time Protocol Vigor2920 Series User’s Guide...
Page 342: Management
Allow management from the Internet - Enable the checkbox Management Access to allow system administrators to login from the Internet. There Control are several servers provided by the system to allow you managing the router from Internet. Check the box(es) to Vigor2920 Series User’s Guide...
Page 343 Trap Community - Set trap community by typing a proper name. The default setting is public. Notification Host IP - Set the IP address of the host that will receive the trap community. Trap Timeout - The default setting is 10 seconds. Vigor2920 Series User’s Guide...
Page 344: Reboot System
Note: When the system pops up Reboot System web page after you configure web settings, please click Reboot Now to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2920 Series User’s Guide...
Page 345: Firmware Upgrade
You have to visit DrayTek website periodically to check if there is any new released firmware offered for your Vigor router to have newest features. If yes, download the file into your computer first. Next, access into web interface of this router and open System Maintenance>> Firmware Upgrade.
Page 346: Activation
The Activate link brings you accessing into Activate www.vigorpro.com to finish the activation of the account and the router. As for authentication information of web filter, the process Authentication Message of authenticating will be displayed on this field for your reference. Vigor2920 Series User’s Guide...
Page 347: Diagnostics
Below shows the successful activation of Web Content Filter: Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. Vigor2920 Series User’s Guide...
Page 348: Dial-Out Triggering
(e.g., PPPoE) is triggered by a package sending from the source IP address. Each item is explained as follows: Item Description It shows the source IP address (local), destination IP (remote) Decoded Format address, the protocol and length of the package. Click it to reload the page. Refresh Vigor2920 Series User’s Guide...
Page 349: Routing Table
Click Diagnostics and click Routing Table to open the web page. Each item is explained as follows: Item Description Click it to reload the page. Refresh Vigor2920 Series User’s Guide...
Page 350: Arp Cache Table
IPv6 address. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click IPv6 Neighbour Table to open the web page. Each item is explained as follows: Item Description Vigor2920 Series User’s Guide...
Page 351: Dhcp Table
It displays the MAC address for the specified PC that MAC Address DHCP assigned IP address for it. It displays the leased time of the specified PC. Leased Time It displays the host ID name of the specified PC. HOST ID Vigor2920 Series User’s Guide...
Page 352: Nat Sessions Table
It indicates the temporary port of the router used for NAT. #Pseudo Port It indicates the destination IP address and port of remote host. Peer IP:Port It displays the representing number for different interface. Interface Click it to reload the page. Refresh Vigor2920 Series User’s Guide...
Page 353: Data Flow Monitor
Description Check this box to enable this function. Enable Data Flow Monitor Use the drop down list to choose the time interval of Refresh Seconds refreshing data flow that will be done by the system automatically. Vigor2920 Series User’s Guide...
Page 354 Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General Setup. If you do not specify any rate at that page, here will display Auto for instead. Vigor2920 Series User’s Guide...
Page 355: Traffic Graph
WAN1/WAN2/WAN3 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2920 Series User’s Guide...
Page 356: Ping Diagnosis
Use the drop down list to choose the WAN interface that you Ping through want to ping through or choose Unspecified to be determined by the router automatically. Use the drop down list to choose the destination that you Ping to Vigor2920 Series User’s Guide...
Page 357: Trace Route
Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run. The result of route trace will be shown on the screen. Vigor2920 Series User’s Guide...
Page 358 It indicates the IPv6 address of the host if IPv6 protocol is Trace Host/IP Address selected. Click this button to start route tracing work. Click this link to remove the result on the window. Clear Vigor2920 Series User’s Guide...
Page 359: Syslog Explorer
Always record the new event – only the newest events will be recorded by the system. Display the time of the event occurred. Time Display the information for each event. Message Vigor2920 Series User’s Guide...
Page 360: Tspc Status
If TSPC has configured properly, the router will display the following page when the user connects to tunnel broker successfully. Available settings are explained as follows: Item Description Click this link to refresh this page manually. Refresh Vigor2920 Series User’s Guide...
Page 361: External Devices
You can change the device name if required or remove the information for off-line device whenever you want. When you finished the configuration, click OK to save it. Note: Only DrayTek products can be detected by this function. Vigor2920 Series User’s Guide...
Page 362 This page is left blank. Vigor2920 Series User’s Guide...
Page 363: Trouble Shooting
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2920 Series User’s Guide...
Page 364 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2920 Series User’s Guide...
Page 365 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2920 Series User’s Guide...
Page 366: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2920 Series User’s Guide...
Page 367: Checking If The Isp Settings Are Ok Or Not
PIN code and try again. If it still fails, it might be the compliance problem of system. Please open DrayTek Syslog Tool to capture the connection information (WAN Log) and send the page (similar to the following graphic) to the service center of DrayTek.
Page 368: Backing To Factory Default Setting If Necessary
Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click OK. After few seconds, the router will return all the settings to the factory settings. Vigor2920 Series User’s Guide...
Page 369: Contacting Your Dealer
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@DrayTek.com. Vigor2920 Series User’s Guide...
Page 370 Vigor2920 Series User’s Guide...

This manual is also suitable for:

Vigor2920n Vigor2920vn

Draytek Vigor2920 Series User Manual

Quick Links

Related Manuals for Draytek Vigor2920 Series

Summary of Contents for Draytek Vigor2920 Series

This manual is also suitable for:

Table of Contents