Draytek Vigor 110 User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. Vigor 110
  6. User manual

Draytek Vigor 110 User Manual

Adsl2/2+ firewall router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Vigor 110
ADSL2/2+ Firewall Router
User's Guide
Version: 1.0
Date: 2007/11/01
Copyright 2007 All rights reserved.
This publication contains information that is protected by copyright. No part may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright
holders. The scope of delivery and other details are subject to change without prior notice.
Microsoft is a registered trademark of Microsoft Corp.
Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp.
Apple and Mac OS are registered trademarks of Apple Inc.
Other products may be trademarks or registered trademarks of their respective manufacturers.

Advertisement

Table of Contents
loading

Related Manuals for Draytek Vigor 110

Summary of Contents for Draytek Vigor 110

  • Page 1 Vigor 110 ADSL2/2+ Firewall Router User’s Guide Version: 1.0 Date: 2007/11/01 Copyright 2007 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.
  • Page 2 Vigor110 User’s Guide...

  • Page 3: Table Of Contents

    Preface .......................1 1.1 Panel Explanation ........................1 1.2 Hardware Installation ......................2 Configuring Basic Settings ................3 2.1 Changing Password ........................ 3 2.2 Quick Start Wizard ........................5 2.2.1 Adjusting Protocol/Encapsulation ..................5 2.2.2 PPPoE/PPPoA........................6 2.2.3 Bridged IP ......................... 8 2.2.4 Routed IP..........................
  • Page 4 3.5.3 UPnP..........................47 3.5.4 IGMP..........................48 3.5.5 Wake on LAN........................49 3.6 System Maintenance......................49 3.6.1 System Status......................... 49 3.6.2 Administrator Password....................50 3.6.3 Configuration Backup ..................... 50 3.6.4 Syslog/Mail Alert ......................52 3.6.5 Time and Date ........................ 54 3.6.6 Management........................55 3.6.7 Reboot System .......................

  • Page 5: Preface

    Targeting requirement for residential users, Vigor110 is an ADSL2/2+ enabled integrated access device. With downstream speed up to 12Mbps (ADSL2) or 24Mbps (ADSL2+), Vigor110 provides exceptional bandwidth for Internet access. To secure your network, the Vigor110 provides an advanced firewall with advanced features, such as Stateful Packet Inspection (SPI) to offer network reliability by detecting and prohibiting malicious penetrating packets or DoS attacks, user-configurable web filtering for parental control against network abuse etc.

  • Page 6: Hardware Installation

    Before starting to configure the router, you have to connect your devices correctly. Connect the DSL interface to the external ADSL splitter with an ADSL line cable. Connect LAN port to your computer with a RJ-45 cable. Connect one end of the power cord to the power port of this device. Connect the other end to the wall outlet of electricity.

  • Page 7: Configuring Basic Settings

    For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully.
  • Page 8 Now, the Main Screen will pop up. Go to System Maintenance page and choose Administrator Password. Enter the login password (the default is blank) on the field of Old Password. Type a new one in the field of New Password and retype it on the field of Retype New Password. Then click OK to continue.

  • Page 9: Quick Start Wizard

    If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such as PPPoE, PPPoA, Bridged IP, or Routed IP.

  • Page 10: Pppoe/Pppoa

    Stands for Virtual Channel Identifier. It is a 16-bit field inside ATM cell’s header that indicates the cell’s next destination as it travels through the network. A virtual channel is a logical connection between two end devices on the network. Protocol/Encapsulation Select an IP mode for this WAN interface.
  • Page 11 ISP Name Assign a specific name for ISP requirement. User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Confirm Password Retype the password. Always On Check this box to allow the router connecting to Internet forever. Idle Timeout Type in the value (unit is second) as the idle timeout of the connection.

  • Page 12: Bridged Ip

    Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. Vigor110 User’s Guide...

  • Page 13: Routed Ip

    Click 1483 Routed IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. Vigor110 User’s Guide...

  • Page 14: Online Status

    The online status shows the system status, WAN status, ADSL Information and other status related to this router within one page. If you select PPPoE or PPPoA as the protocol, you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page. Primary DNS Displays the assigned IP address of the primary DNS.

  • Page 15: Advanced Web Configuration

    After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more settings for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to Chapter 4.

  • Page 16: Pppoe/Pppoa

    Below shows menu items for Internet Access: PPPoA, included in RFC1483, can be operated in either Logical Link Control-Subnetwork Access Protocol or VC-Mux mode. As a CPE device, Vigor router encapsulates the PPP session based for transport across the ADSL loop and your ISP’s Digital Subscriber Line Access Pultiplexer (SDLAM).
  • Page 17 ISP via the Vigor router. For Wired LAN – If you check this box, PCs on the same network can use another set of PPPoE session (different with the Host PC) to access into Internet. ISP Access Setup Enter your allocated username, password and authentication parameters according to the information provided by your ISP.

  • Page 18: Mpoa

    If you do not check Join NAT IP Pool, you can still use these public IP addresses for other purpose, such as DMZ host, Open Ports. Default MAC Address Type in MAC address for the router. You can use Default MAC Address or specify another MAC address for your necessity.
  • Page 19 MPoA (RFC1483/2684) Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. DSL Modem Settings Set up the DSL parameters required by your ISP. These are vital for building DSL connection to your ISP.

  • Page 20: Lan

    Specify an IP address – Click this radio button to specify some data. IP Address – Type in the private IP address. Subnet Mask – Type in the subnet mask. Gateway IP Address – Type in gateway IP address. Default MAC Address Type in MAC address for the router. You can use Default MAC Address or specify another MAC address for your necessity.

  • Page 21: General Setup

    Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other. When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method.

  • Page 22: Static Route

    IP Address Type in private IP address for connecting to a local private network (Default: 192.168.1.1). Subnet Mask Type in an address code that determines the size of the network. (Default: 255.255.255.0/ 24) DHCP Server DHCP stands for Dynamic Host Configuration Protocol. The Configuration router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user...
  • Page 23 Destination Address Displays the destination address of the static route. Status Displays the status of the static route. Viewing Routing Table Displays the routing table for your reference. Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router.
  • Page 24 Note: There are two reasons that we have to apply RIP Protocol Control on 1st Subnet. The first is that the LAN interface can exchange RIP packets with the neighboring routers via the 1st subnet (192.168.1.0/24). The second is that those hosts on the internal private subnets (ex.
  • Page 25 Click the Index Number that you want to disable from the Static Route Configuration page. Select Inactive/Disable from the drop-down menu, and then click the OK button to disable the route. Vigor110 User’s Guide...

  • Page 26: Nat

    Usually, the router serves as an NAT (Network Address Translation) router. NAT is a mechanism that one or more private IP addresses can be mapped into a single public one. Public IP address is usually assigned by your ISP, for which you may get charged. Private IP addresses are recognized only among internal hosts.
  • Page 27 The port redirection can only apply to incoming traffic. The server users inside the LAN can not access public IP address of the server. The correct route is to access the server using the local private IP address of the server, or you should set up an alias in a Windows hosts file. Please only redirect the ports you know you have to forward rather than forward all ports.

  • Page 28: Dmz Host

    Private IP Specify the private IP address of the internal host providing the service. Private Port Specify the private port number of the service offered by the internal host. Active Check this box to activate the port-mapping entry you have defined. Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc.
  • Page 29 Note: The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: DMZ Host You can set Private IP or Active True IP as the DMZ host. Private IP If you choose Private IP as the selection for DMZ host, please type in private IP or select any one by clicking the Choose PC...

  • Page 30: Open Ports

    Enable Check to enable the DMZ Host function. Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one. Choose PC Click this button and then a window will automatically pop up, as depicted below.
  • Page 31 Index Indicate the relative number for the particular entry that you want to offer service in a local host. You should click the appropriate index number to edit or clear the corresponding entry. Comment Specify the name for the defined network service. Aux.

  • Page 32: Well-Known Ports List

    Local Computer Enter the private IP address of the local host or click Choose PC to select one. Choose PC Click this button and, subsequently, a window having a list of private IP addresses of local hosts will automatically pop up. Select the appropriate IP address of the local host in the list.

  • Page 33: Firewall

    While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet.
  • Page 34 If legal, the packet will pass. Then the router shall “initiate a call” to build the Internet connection and send the packet to Internet. Data Filter - When there is an existing Internet connection, Data Filter is applied to incoming and outgoing traffic. It will check packets according to the filter rules. If legal, the packet will pass the router.
  • Page 35 The DoS Defense functionality helps you to detect and mitigate the DoS attack. The attacks are usually categorized into two types, the flooding-type attacks and the vulnerability attacks. The flooding-type attacks will attempt to exhaust all your system's resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system.

  • Page 36: General Setup

    General Setup allows you to adjust settings of IP Filter and common options. Here you can enable or disable the Call Filter or Data Filter. Under some circumstance, your filter set can be linked to work in a serial manner. So here you assign the Start Filter Set only. Also you can configure the Log Flag settings, Enable Stateful packet inspection, Drop non-http connection on TCP port 80, and Accept incoming fragmented UDP packets.

  • Page 37: Filter Setup

    Click Firewall and click Filter Setup to open the setup page. To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule.
  • Page 38 To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Comments Enter filter set comments/description. Maximum length is 14- character long. Check this box to enable the filter rule. Check to enable the Filter Rule Pass or Block Specifies the action to be taken when packets match the rule.
  • Page 39 If the End Port is empty, the filter rule will set the port number to be the value of the Start Port. Otherwise, the port number ranges between the Start Port and the End Port (including the Start Port and the End Port). (!=)If the End Port is empty, the port number is not equal to the value of the Start Port.
  • Page 40 As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be further defined.

  • Page 41: Im Blocking

    IM Blocking means instant messenger blocking. Click Firewall and click IM Blocking to open the setup page. You will see a list of common IM (such as MSN, Yahoo, ICQ/AQL) applications. Check Enable IM Blocking and select the one(s) that you want to block. To block selected IM applications during specific periods, enter the number of the scheduler predefined in Applications>Schedule.

  • Page 42: Dos Defense

    Disallow upload – Forbid the client to access into the application through the specified protocol for downloading. Yet uploading is allowed. As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page.
  • Page 43 Enable PortScan Port Scan attacks the Vigor router by sending lots of packets to detection many ports in an attempt to find ignorant services would respond. Check the box to activate the Port Scan detection. Whenever detecting this malicious exploration behavior by monitoring the port-scanning Threshold rate, the Vigor router will send out a warning.
  • Page 44 Block Land Check the box to enforce the Vigor router to defense the Land attacks. The Land attack combines the SYN attack technology with IP spoofing. A Land attack occurs when an attacker sends spoofed SYN packets with the identical source and destination addresses, as well as the port number to victims.

  • Page 45: Url Content Filter

    Based on the list of user defined keywords, the URL Content Filter facility in Vigor router inspects the URL string in every outgoing HTTP request. No matter the URL string is found full or partial matched with a keyword, the Vigor router will block the associated HTTP connection.
  • Page 46 Keyword The Vigor router provides 8 frames for users to define keywords and each frame supports multiple keywords. The keyword could be a noun, a partial noun, or a complete URL string. Multiple keywords within a frame are separated by space, comma, or semicolon. In addition, the maximal length of each frame is 32-character long.

  • Page 47: Applications

    Below shows the menu items of Application: The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet.
  • Page 48 View Log Display DDNS log status. Force Update Force the router updates its information to DDNS server. Select Index number 1 to add an account for the router. Check Enable Dynamic DNS Account, and choose correct Service Provider: dyndns.org, type the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block.

  • Page 49: Schedule

    The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only schedule the router to dialup to the Internet at a specified time, but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours.
  • Page 50 Action Specify which action Call Schedule should apply during the period of the schedule. Force On -Force the connection to be always on. Force Down -Force the connection to be always down. Enable Dial-On-Demand -Specify the connection to be dial-on-demand and the value of idle timeout should be specified in Idle Timeout field.

  • Page 51: Upnp

    The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”.

  • Page 52: Igmp

    The reminder as regards concern about Firewall and UPnP: Can't work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports.

  • Page 53: Wake On Lan

    A PC client on LAN can be woken up by the router it connects. When a user wants to wake up a specified PC through the router, he/she must type correct MAC address of the specified PC on this web page of Wake On LAN of this router. In addition, such PC must have installed a network card supporting WOL function.

  • Page 54: Administrator Password

    Subnet Mask Displays the subnet mask address of the LAN interface. DHCP Server Displays the current status of DHCP server of the LAN interface. MAC Address Displays the MAC address of the WAN Interface. IP Address Displays the IP address of the WAN interface. Default Gateway Displays the assigned IP address of the default gateway.
  • Page 55 Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. Click Save button, the configuration will download automatically to your computer as a file named config.cfg.

  • Page 56: Syslog/Mail Alert

    Click Browse button to choose the correct configuration file for uploading to the router. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. SysLog function is provided to help users to monitor router. There is no bother to directly get into the Web Configurator of the router or borrow debug equipments.
  • Page 57 User Name Type the user name for authentication. Password Type the password for authentication. Click OK to save these settings. For viewing the Syslog, please do the following: Just set your monitor PC’s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD.

  • Page 58: Time And Date

    It allows you to specify where the time of the router should be inquired from. Current System Time Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as router’s system time.

  • Page 59: Management

    This page allows you to manage the settings for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. Chick the checkbox to allow remote firmware upgrade through FTP (File Enable remote Transfer Protocol).

  • Page 60: Reboot System

    Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.

  • Page 61: Diagnostics

    For the detailed information about firmware update, please go to Chapter 4. Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Click Diagnostics and click WAN Connection to open the web page. Refresh To obtain the latest information, click here to reload the page.

  • Page 62: Dial-Out Trigger

    Click Diagnostics and click Dial-out Trigger to open the web page. Refresh Click it to reload the page. Click Diagnostics and click Routing Table to open the web page. Refresh Click it to reload the page. Vigor110 User’s Guide...

  • Page 63: Arp Cache Table

    Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Clear Click it to clear the whole table. Refresh Click it to reload the page.

  • Page 64: Nat Sessions Table

    HOST ID It displays the host ID name of the specified PC. Refresh Click it to reload the page. Click Diagnostics and click NAT Active Sessions Table to open the setup page. Private IP:Port It indicates the source IP address and port of local PC. #Pseudo Port It indicates the temporary port of the router used for NAT.

  • Page 65: Data Flow Monitor

    Ping through Use the drop down list to choose the interface that you want to ping through. Ping to Use the drop down list to choose the destination that you would like to ping. IP Address Type in the IP address of the Host/IP that you want to ping. Click this button to start the ping work.

  • Page 66: Trace Route

    Refresh Click this link to refresh this page manually. Index Display the number of the data flow. IP Address Display the IP address of the monitored device. TX rate (kbps) Display the transmission speed of the monitored device. RX rate (kbps) Display the receiving speed of the monitored device.
  • Page 67 Ping through Use the drop down list to choose the interface that you want to ping through. Host/IP Address It indicates the IP address of the host. Click this button to start route tracing work. Clear Click this link to remove the result on the window. Vigor110 User’s Guide...
  • Page 68 This page is left blank. Vigor110 User’s Guide...

  • Page 69: Application And Examples

    – – An example of default setting and the corresponding deployment are shown below. The default Vigor router private IP address/Subnet Mask is 192.168.1.1/255.255.255.0. The built-in DHCP server is enabled so it assigns every local NATed host an IP address of 192.168.1.x starting from 192.168.1.10.

  • Page 70: Upgrade Firmware For Your Router

    You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools. 1. Insert CD of the router to your CD ROM. 2.
  • Page 71 5. Go to www.draytek.com to find out the newly update firmware for your router. 6. Access into Support Center >> Downloads. Find out the model name of the router and click the firmware link. The Tools of Vigor router will display as shown below.
  • Page 72 12. Type in your router IP, usually 192.168.1.1. 13. Click the button to the right side of Firmware file typing box. Locate the files that you download from the company web sites. You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings).

  • Page 73: Trouble Shooting

    This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. Checking if the hardware status is OK or not. Checking if the network connection settings on your computer are OK or not.
  • Page 74 The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties.
  • Page 75 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor110 User’s Guide...

  • Page 76: Pinging The Router From Your Computer

    The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer.
  • Page 77 Click Internet Access group and then check whether the ISP settings are set correctly. Check if the Enable option is selected. Check if Username and Password are entered with correct values that you got from your ISP. Check if the Enable option for Broadband Access is selected. Vigor110 User’s Guide...

  • Page 78: Backing To Factory Default Setting If Necessary

    Check if all parameters of DSL Modem Settings are entered with correct value that provided by your ISP. Especially, check if the encapsulation is selected properly or not (it should be the same with the setting on Quick Start Wizard). Check if IP Address, Subnet Mask and Gateway are set correctly (must identify with the values from your ISP) if you choose Specify an IP address.

  • Page 79: Contacting Your Dealer

    After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor110 User’s Guide...

Table of Contents