Page 2 Vigor3900 Multi-WAN Security Appliance User’s Guide Version: 1.7 Firmware Version: V1.0.7 (For future update, please visit DrayTek website) Date: 17/09/2013 Vigor3900 Series User’s Guide...
Page 3 Web registration is preferred. You can register your Vigor router via Owner http://www.draytek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be regularly Updates upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.
Page 4 No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu County, Taiwan Product: Vigor3900 DrayTek Corp. declares that Vigor3900 of routers are in compliance with the following essential requirements and other relevant provisions of EC, Directive 2004/108/EC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class A and EN55024/Class A.
Page 5: Table Of Contents
3.1 How to Configure Load Balance with Multi-WAN on Vigor2960, Vigor300B or Vigor3900?..21 3.2 How to Configure OSPF?......................27 3.3 How to Configure LAN to LAN IPSec Tunnel between Vigor3900 and Other Router (Main Mode) ................................33 3.4 How to run RDP service in the browser via logging in 3900's HTTPS Server?......36 3.5 How to Configure VPN Load Balance between Vigor3900 and Other Router......
Page 6 4.8.4 PPP General Setup ......................281 4.8.5 IPSec General Setup ......................284 4.8.6 VPN Profiles ........................285 4.8.7 VPN Trunk Management .....................296 4.8.8 Connection Management ....................303 4.9 Certificate Management ......................304 4.9.1 Local Certificate ........................305 4.9.2 Trusted Certificate .......................308 Vigor3900 Series User’s Guide...
Page 7 5.3 Pinging the Router from Your Computer .................. 384 5.4 Checking If the ISP Settings are OK or Not ................385 5.5 Backing to Factory Default Setting If Necessary..............386 5.6 Contacting Your Dealer ......................387 Vigor3900 Series User’s Guide...
Page 9: Chapter 1: Preface
The Vigor3900 Series integrates a rich suite of functions, including NAT, firewall, VPN, load balance, and bandwidth management capability. These products are very suitable for providing multi-integrated solutions to SME markets. A Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks like an Intranet.
Page 10: Web Configuration Buttons Explanation
Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed explanation. Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. The displays of LED indicators and connectors for the routers are different slightly. Vigor3900 Series User’s Guide...
Page 11 The data transmission is done through the corresponding Giga port. WAN1/2/3/4 No Ethernet link is established. 1000 It means that a normal 1000Mbps connection is through its corresponding port. It means that a normal 10/100Mbps connection is through its corresponding port. Vigor3900 Series User’s Guide...
Page 12 Used to restore the default settings. Press it and keep for more than 5 seconds. When you see the ACT LED begins to blink, release the button. Then the router will restart with the factory default configuration. Connecter for a power cord. ON/OFF - Power switch. Vigor3900 Series User’s Guide...
Page 13: Hardware Installation
Connect a server/modem/router (depends on your requirement) to any WAN port of Vigor3900 with Ethernet cable (RJ-45). The WAN1 (to WAN4) LED will light up. Connect the power cord to Vigor3900’s power port on the rear panel, and the other side into a wall outlet.
Page 14: Rack-Mounted Installation
The Vigor3900 Series can be mounted on a rack by using standard brackets in a 19-inch rack or optional larger brackets on 23-inch rack (not included). The bracket for 19- and 23-inch racks are shown below. Attach the brackets to the chassis of a 19- or a 23-inch rack. The second bracket attaches the other side of the chassis as above procedure.
Page 15: Chapter 2: Initialing Settings
Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. Please type default values on the window for the first time accessing. The default value for user name is admin and the password is admin. Next, click Login. Vigor3900 Series User’s Guide...
Page 16 New Password and retype it on the field of Confirm Password. Then click Apply to continue. Now, the password has been changed. Next time, use the new password to access the Web User Interface for this router. Vigor3900 Series User’s Guide...
Page 17: Quick Start Wizard
In the first page of Quick Start Wizard, please create a WAN profile. Available settings are explained as follows: Item Description Profile Use the drop down list to choose one WAN profile. IPv4 Protocol Use the drop down list to choose a connection mode for such WAN profile. Vigor3900 Series User’s Guide...
Page 18 DHCP server on the Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP address for Vigor3900 automatically. It is not necessary for you to assign any setting. (Host Name and Domain Name are required for some ISPs).
Page 19: Step 2 - Configuring The Selected Protocol
Choose the static mask from the drop down list. Gateway IP Address Type a public gateway address for such WAN profile. - click it to remove the IP address if you are not satisfied with it. Vigor3900 Series User’s Guide...
Page 20 Previous Click it to return to previous setting page. Finish Click it to finish the configuration. Cancel Click it to discard the settings configured in this page. When you finished the above settings, please click Finish. Vigor3900 Series User’s Guide...
Page 21 If your ISP provides you the PPPoE (Point-to-Point Protocol over Ethernet) connection, please select PPPoE for this router to get the following page. Enter the username and password provided by your ISP on the web page. Vigor3900 Series User’s Guide...
Page 22 Click it to return to previous setting page. Previous Click it to finish the configuration. Finish Cancel Click it to discard the settings configured in this page. When you finished the above settings, please click Finish. Vigor3900 Series User’s Guide...
Page 23 In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function. Static – specify the IP address. DHCP - obtain the IP address automatically. Vigor3900 Series User’s Guide...
Page 24 – Click the icon to remove the selected entry. Previous Click it to return to previous setting page. Finish Click it to finish the configuration. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 25 When you finished the above settings, please click Finish. Later, you can surf the Internet at any time. When the following screen appears, it means you have finished the Quick Start Wizard configuration. Vigor3900 Series User’s Guide...
Page 26: Register Vigor Router
Please follow the steps below to register the router. Before using such function, please register your router online first. Log into the Web User Interface of Vigor3900 and click Product Registration. A Login page will be shown on the screen. Please type the account and password that you created previously.
Page 27 When the following page appears, please type in Nick Name (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit. Vigor3900 Series User’s Guide...
Page 28 Now, your router information has been added to the database. Click OK to leave this web page and return to My Information web page. Take a look at the page of My Information, the new added Vigor3900 is listed under Your Device List.
Page 29: Chapter 3: Application And Tutorial
Sale's LAN will automatically failover to WAN1. Access into the Web User Interface page of Vigor router (here, we take Vigor300B as an example). Go to LAN>>General Setup to create a profile for LAN1 (192.168.1.1/24). Vigor3900 Series User’s Guide...
Page 30 Click Add to open the following page. Type the information specified for LAN1 profile, then click Apply to save the settings and exit the screen. Click Add again to create a profile for LAN2 (192.168.2.1/24). Vigor3900 Series User’s Guide...
Page 31 Type the information specified for LAN2 profile, then click Apply to save the settings and exit the screen. Open WAN >> Load Balance and click the Pool tab. Vigor3900 Series User’s Guide...
Page 32 WAN1 and WAN2 is 1:1. Also, you can type 2 and 1 for WAN1 and WAN2, then the ratio of line speed of WAN 1and line speed of WAN 2 will be 2:1. After clicking Apply, the created profile will be shown on the screen. Vigor3900 Series User’s Guide...
Page 33 Internet via WAN1 when WAN1 is up. Type the information specified for such rule. (e.g., Rule1 for Profile; 192.168.1.0 for Source IP Address; wan1 for Load Balance Pool/WAN Profile and so on). Next, click Apply to save and exit. Vigor3900 Series User’s Guide...
Page 34 Note: The priority of WAN >> Load Balance>>Rule is higher than WAN >> Default Route. Now, you have completed the configuration. Next time, when WAN1 is down, the connection for PCs behind Sale's LAN (192.168.1.1/24) will automatically failover to WAN2. Vigor3900 Series User’s Guide...
Page 35: How To Configure Ospf
It is suitable for large network and complicated data exchange. Both Vigor2960 and Vigor3900 support up to OSPF version 2(only for IPv4). The Autonomous System (AS) used in OSPF indicates the largest entity and can be divided into several areas.
Page 36 2. Next, continue to create a LAN (192.168.3.1/24) profile named lan2 with the settings shown below. 3. Open LAN >> Static Route and click the Inter-LAN Route tab to enable this profile. Vigor3900 Series User’s Guide...
Page 37 Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) 1. Open LAN >> General Setup to create a LAN (192.168.2.1/24) profile named lan1 with the settings shown below. 2. Next, continue to create a LAN (192.168.3.2/24) profile named lan2 with the settings shown below. Vigor3900 Series User’s Guide...
Page 38 Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) 1. Open LAN >> General Setup to create a LAN (192.168.4.1/24) profile named lan1 with the settings shown below. Vigor3900 Series User’s Guide...
Page 39 3. Open LAN >> Static Route and click the Inter-LAN Route tab to enable this profile. 4. Open LAN >> OSPF Configuration to enable this profile. Click Add to make the LAN Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) Vigor3900 Series User’s Guide...
Page 40 5. After setting, check the routing information (marked with red line) which is created by OSPF. Vigor3900 Series User’s Guide...
Page 41: How To Configure Lan To Lan Ipsec Tunnel Between Vigor3900 And Other Router (Main Mode)
Here provides an example about LAN to LAN IPSec tunnel established between Vigor3900 and Vigor2710. Access into the Web User Interface of Vigor3900 and open VPN and Remote Access >> LAN to LAN Profiles to add a new VPN configuration.
Page 42 In Vigor2710, it is necessary to build two VPN connections (for two WANs) to connect with Vigor3900. Please open the Web User Interface of Vigor2710 and open VPN and Remote Access >> LAN to LAN. First, please type the name of such VPN connection in the field of Profile Name (e.g., 3900).
Page 43 For the role of Vigor2710 is dialing-out, please skip Dial-In setting. Type the Remote Network IP and Remote Network Mask of Vigor3900 to complete configuration. Please check if the VPN connection is built successfully in both devices respectively. For Vigor3900, open VPN and Remote Access>>IPSec>>Status for viewing the result.
Page 44: How To Run Rdp Service In The Browser Via Logging In 3900'S Https Server
Microsoft Terminal Services. An easy way is provided to establish connection between the router and the RDP Server via any browser. Open the Web User Interface of Vigor3900. Enable the HTTPS service from System Maintenance >> Access Control by clicking Enable for HTTPS Allow and type 443 as the value of HTTPS Port.
Page 45 Open User Management >> User Profile to create a new profile named “7788”. Set the Password as 7788 and choose the profile of Win7 as SSL Application (RDP). Click Apply. Logout Vigor3900. Vigor3900 Series User’s Guide...
Page 46 Login Vigor3900 HTTPS Server with 7788 for both Username and Password. A screen like the following figure will appear. Simply click the SSL Application link. In the following screen, click Connect for connecting to Win7, the RDP server. Vigor3900 Series User’s Guide...
Page 47 After that, you can access into Windows 7 via a browser. Note the message below the window. In which, TLS means Transport Layer Security. Vigor3900 Series User’s Guide...
Page 48: Troubleshooting
If you have installed Java Runtime Environment edition 6 but still cannot establish the connection, please make sure you have disabled “Use TLS 1.0” in the Java Control Panel as figure shown below. Then, try to connect again. Vigor3900 Series User’s Guide...
Page 49: How To Configure Vpn Load Balance Between Vigor3900 And Other Router
Vigor3900. We will build VPN connection with load balance between Vigor3900 and two WANs of Vigor2950 respectively. Access into the Web User Interface of Vigor3900 and open VPN and Remote Access >> VPN Profiles to add new VPN profiles. Click Add.
Page 50 Create a profile for WAN 1 (named 2950WAN1). Type the settings as shown below: Vigor3900 Series User’s Guide...
Page 51 Click Apply to save the settings and exit the dialog. Create a profile for WAN 2 (named 2950WAN2). Vigor3900 Series User’s Guide...
Page 52 Balance Pool tab. Click Add to add a Load Balance Pool profile. The following window will pop up. Give a name for the profile. Click the Load Balance tab. Select the IPSec GRE profiles (e.g., 2950WAN1) set for Vigor2950 then click Apply. Vigor3900 Series User’s Guide...
Page 53 10. Enable this profile and input the following settings then click Apply. Type the local network IP address and Mask of Vigor3900 as Source IP Address and Source Mask; type the network IP and Mask of Vigor2950 as Destination IP Address &...
Page 54 In Vigor2950, it is necessary to build two VPN connections (for two WANs) to connect with Vigor3900. Please open the Web User Interface of Vigor2950 and open VPN and Remote Access >> LAN to LAN. First, please type the name of such VPN connection in the field of Profile Name (e.g., 3900WAN1).
Page 55 Please type the network IP address and subnet of Vigor3900 in the field of Remote Network IP and Remote Network Mask. Type the network IP address and subnet of Vigor2950 in the field of Local Network IP and Local Network Mask.
Page 56 VPN profiles in Member 1 and Member 2 respectively. Then, choose Load Balance as the Active Mode. Click Add. After finished the settings for Vigor3900 and Vigor2950, please check if the VPN connection is built successfully in both devices respectively. Take Vigor3900 for an example, open VPN and Remote Access>>...
Page 57 As to Vigor2950, please open VPN and Remote Access>>Connection Management to confirm the result. Vigor3900 Series User’s Guide...
Page 58: How To Setup 50 Wans On Vigor3900
Vigor3900 has 5 physical WANs; however, it can be extended to 50 WANs at most by using VLAN Tagging technology. Below will show how to achieve 50 WANs setup by one Vigor3900 and two VigorSwitch2260s. Refer to the following application illustration: Change mode from Basic to Advance via WAN>>General Setup page.
Page 59 Click OK. Vigor3900 will ask you to re-login. Delete default wan profiles for wan3, wan4 and wan5 by selecting the wan profile then click Delete. Click Add to add new WANs. Vigor3900 Series User’s Guide...
Page 60 VLAN ID (112~ 134 and 211~ 234) by repeating step 4 ~ step 5. Setup VLAN mode as Tag VLAN. Click Add to create a New VLAN GROUP via VLAN>>TAG-based Group page. Vigor3900 Series User’s Guide...
Page 61 Port 26 must be selected as the member for each group, for it is the channel for any packets coming from Vigor3900. As to Untag, when you check Port 2 and Port 26, you have to untag Port 2; when you check Port 3 and Port 26, you have to untag Port 3;...
Page 62 ISP modem 1 which connects to Port 1 doesn’t support VLAN Tag. While the switch receives packets from Port 1, it will add VLAN Tag 111 to the packets Then Vigor3900 wan1_1 will receive the packets. After finishing the configuration for one VigorSwitch, please set for another VigorSwitch with the same procedure.
Page 63: Cvm Application - How To Manage The Cpe (Router) Through Vigor3900
To manage CPEs through Vigor3900, you have to set URL on CPE first and set username and password for Vigor3900. For this section, we use Vigor2830 series as the example. The firmware upgrade for the CPE can be done through Vigor2830 series.
Page 64 Remember the values configured in this page. Click Apply to save the settings. To manage CPEs through Vigor3900, you have to set ACS URL on CPE first and set username and password for Vigor3900. Connect one CPE (e.g., Vigor2830 series) and get ready to access into the web user interface of the CPE.
Page 65 Login the web user interface of the CPE. Open System Maintenance>>Management Setup. Check Allow management from the Internet to set management access control. Vigor3900 Series User’s Guide...
Page 66 Click Specify an IP address. Type correct WAN IP address, subnet mask and gateway IP address for your CPE. Then click OK. Note: Reboot the CPE device and re-log into Vigor3900. CPE which has registered to Vigor3900 will be captured and displayed on the page of Central VPN Management>>CPE Management.
Page 67 Return to the web user interface of Vigor3900. Open Central VPN Management>>CPE Management. Now there is one CPE managed (Vigor2830) by Vigor3900 on the page of CPE Maintenance. Vigor3900 Series User’s Guide...
Page 68: Cvm Application - How To Build The Vpn Between Remote Devices And Vigor3900
When a remote device is managed by Vigor3900 series, it is easy to build VPN between these two devices. Access into the web user interface of Vigor3900 series. Open Central VPN Management>>CPE Management. The icons displayed on the screen means the remote devices are ready for building VPN with Vigor3900.
Page 69 Or click Advanced to open the following page for specified the CPE you want. Click Connect after finished the settings. A confirmation dialog will appear. Click OK and wait for a moment. If VPN is built successfully, related information will be displayed on Connected Devices. Vigor3900 Series User’s Guide...
Page 70 VPN and Remote Access>>LAN to LAN of the remote device for viewing the detailed information. Note: The profile name is created automatically by the system. Do not modify any value in such page to avoid VPN error. Vigor3900 Series User’s Guide...
Page 71: Cvm Application - How To Upgrade Cpe Firmware Through Vigor3900
Suppose the newest firmware file is located on your PC. You can upload it from your PC to Vigor3900. Log into the web user interface of Vigor3900. Open System Maintenance>>Access Control. Check Enable for Web Allow and type the value for Web Port. Then click Apply to save the settings.
Page 72 In the File Explorer dialog, click Upload. In the Upload dialog, click the Browse.. button to find out the firmware (e.g., 2830_0508 in this case) you want to upload from PC to Vigor3900. Then, click Upload. Vigor3900 Series User’s Guide...
Page 73 When the file is uploaded successfully, later you will find the one in the File Explorer dialog. Vigor3900 Series User’s Guide...
Page 74 To create a new firmware upgrade profile, one CPE (e.g., 2830 in this case) must be managed by Vigor3900 at least. Otherwise, the profile cannot be created successfully. Open Central VPN Management>>CPE Management. Click CPE Maintenance. In the Maintenance area, click Add.
Page 75 – now). Note that a red icon, will appear during the period of firmware upgrading. And, in the web user interface of client’s CPE, the system will show you that firmware upgrade is on going. Vigor3900 Series User’s Guide...
Page 76 If [Finished] is displayed, it means the firmware upgrade of specified CPE has completed. Open Central VPN Management>>CPE Management. In the Managed Devices Status area, choose the router (representing Vigor2830) and click Detail. Check the software version field. Vigor3900 Series User’s Guide...
Page 77: How To Use High Availability For Vigor Routers
The High Availability (HA) feature in Vigor3900 can ensure the business continuity for your organization. IT staff can use HA as a simple solution for the disaster recovery. Vigor3900 utilizes the Common Address Redundancy Protocol (CARP) to avoid the system crashing which could stop the normal operation and then cause considerable lost of the entire organization.
Page 78 1. Access into the web user interface of Vigor3900. 2. Open Applications >>High Availability. 3. In the tab of High Availability Global Setup, choose Hot-Standby as Redundant Method; choose Primary as Config Synchronization Rule; type draytek as Authentication Key; choose Automatic as Advance Preemption Mode. Click Apply to save the settings.
Page 79 3. In the tab of High Availability Global Setup, choose Hot-Standby as Redundant Method; choose Secondary as Config Synchronization Rule; type the lan1 IP address configured in router A; type draytek as Authentication Key; choose Automatic as Advance Preemption Mode. Click Apply to save the settings.
Page 80 Under such construction, when Router A (defined as Master device) is powered off, Router B (defined as Slave device) will be up and take over all the jobs that Router A performs. Later, when Router A is powered on again, all the jobs will return to Router Vigor3900 Series User’s Guide...
Page 81: Chapter 4: Advanced Web Configuration
When a router begins to connect to your ISP, a serial of discovery process will occur to ask for a connection. Then a session will be created. Your user ID and password is authenticated Vigor3900 Series User’s Guide...
Page 82: General Setup
When you switch the Mode setting from Advance to Basic or from Basic to Advance, the system will ask you to re-login web configuration interface to activate some parameters. Web Page in Basic Mode Web Page in Advance Mode Vigor3900 Series User’s Guide...
Page 83 Display the level of the priority for such profile. Port Display the physical WAN interface for such profile. IPv4 Protocol Type Display the IPv4 protocol selected by the profile. IPv6 Protocol Type Display the IPv6 protocol selected by the profile. Vigor3900 Series User’s Guide...
Page 84 Open WAN>>General Setup. Click the Add button to open the following dialog. Different protocol type selected will bring up different configuration web page. Available parameters are listed as follows: Item Description Profile (max Type a name (less than 7 characters) for such profile. length:7) Vigor3900 Series User’s Guide...
Page 85 There are several connection modes for you to specify for IPv4 protocol type. Each mode will bring up different web page. The DMZ protocol is available for WAN4 profile only. IPv4 Mode Determine such profile will be used for. Vigor3900 Series User’s Guide...
Page 86 If you choose Static as IPv4 protocol type, click the Static Tab to open the following page: Available parameters are listed as follows: Item Description IP Address Type the IP address specified for such profile. Subnet Mask Use the drop down list to choose the subnet mask for such profile. Vigor3900 Series User’s Guide...
Page 87 Assign an IP address or Domain name as a destination to be Detection Host detected whether the host is active (sending reply to the router) or not. If not, the connection of WAN interface will be regarded as breaking down. This function is available Vigor3900 Series User’s Guide...
Page 88 If you choose DHCP as IPv4 protocol type, click the DHCP Tab to open the following page: Available parameters are listed as follows: Item Description Host Name Type a name as the host name for identification. (Optional) Vigor3900 Series User’s Guide...
Page 89 If not, the connection of WAN interface will be regarded as breaking down. This function is available when Connection Detection Mode is set with PING or HTTP. Add – click this button to have a field for adding a new IP Vigor3900 Series User’s Guide...
Page 90 Save – click this button to save the setting. – click the icon to remove the selected entry. Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. Vigor3900 Series User’s Guide...
Page 91 PING and HTTP supported in Vigor router for you to choose to send the request out. Connection If you choose PING/HTTP as Connection Detection Mode, Detection Host you have to specify the detection host address in this field. Use the default setting. Vigor3900 Series User’s Guide...
Page 92 It is used for local service (e.g., NTP, ping diagnostic) or used for forwarding packets to PC on LAN/VPN. Disable – Click it to disable the function of DNS specified. Add – click this button to have a field for adding a new IP Vigor3900 Series User’s Guide...
Page 93 Enable – Click it to enable the function of Always On. The router will keep network connection all the time. Disable – Click it to disable the function of Always On. Connection Select a detecting mode for this WAN interface. There are Vigor3900 Series User’s Guide...
Page 94 Simply refer to the section of “If you choose PPPoE as IPv4 protocol type, click the PPPoE Tab to open the following page” for detailed information. If you choose Static as IPv6 protocol type, click the StaticV6 tab to open the following page: Vigor3900 Series User’s Guide...
Page 95 Save – click this button to save the setting. – click the icon to remove the selected entry. Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. Vigor3900 Series User’s Guide...
Page 96 Click it to exit the dialog without saving the configuration. If you choose DHCP-IA_PD as IPv6 protocol type It is not necessary for you to configure any web page. Enter all the settings and click Apply. The new added profile will be shown as below. Vigor3900 Series User’s Guide...
Page 97 Display the status of the profile. False means disabled; True Enable means enabled. Description Display a brief explanation for such profile. Port Display the physical WAN interface for such profile. Protocol Display the protocol selected by the profile. Vigor3900 Series User’s Guide...
Page 98 Choose the connection mode (e.g., 3G) for USB WAN. Default Click it to restore the default settings. Apply Click it to save and exit the dialog. Click it to exit the dialog without saving anything. Cancel Vigor3900 Series User’s Guide...
Page 99 Type the PPP username (optional). PPP Password Type the PPP password (optional). Default Click it to restore the default settings. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Vigor3900 Series User’s Guide...
Page 100: Default Route
Enable – Check it to let the network connection being WANs established through any active WAN interface. Disable – Check it to disable the function. Apply Click it to save the configuration. Cancel Discard current page modification. Vigor3900 Series User’s Guide...
Page 101: Load Balance
Vigor3900 supports a load balancing function. It can assign traffic with protocol type, IP address for specific host, a subnet of hosts, and port range to be allocated in WAN interface. User can assign traffic category and force it to go to dedicate network interface based on the following web page setup.
Page 102 Display the status (enabled or disabled) of the function. Failover Status Failback Display the status (enabled or disabled) of the function. Open WAN>>Load Balance and click the tab of Rule. Simply click the Add button. The following dialog will appear. Vigor3900 Series User’s Guide...
Page 103 Destination IP Address - Type a WAN IP address here as the destination IP address for such rule. – click the icon to clear the IP setting. Destination Mask- Use the drop down list on the right to Vigor3900 Series User’s Guide...
Page 104 Enable – Click it to enable such function. Disable – Click it to disable such function. Apply Click it to save the configuration. Cancel Click it to return to the factory setting. Vigor3900 Series User’s Guide...
Page 105 Enter all the settings and click Apply. The new rule profile will be added on the screen. Vigor3900 Series User’s Guide...
Page 106 Display the name of the WAN profiles for Load Balance Interface rule. Primary Profile Display the primary profile configured in Failover page for such profile. Backup Profile Display the backup profile configured in Failover page for such profile. Vigor3900 Series User’s Guide...
Page 107 Click Add. A new line for adding new entry will appear. Use the drop down list of Interface to choose the WAN profiles that will be in the Load Balance Pool. Type the value for Weight. Vigor3900 Series User’s Guide...
Page 108 In default, the system will apply Primary Profile. If Primary Primary Profile Profile cannot be used any more, the Backup Profile will be used instead. Use the drop down list to choose the one you need. Vigor3900 Series User’s Guide...
Page 109 Click Apply. A new profile will be added on the page. Vigor3900 can offer the mapped IP address to respond the DNS query coming from the remote end through the designate domain to reduce the loading of the network traffic.
Page 110 Alias Weight Such page allows you to create a new WAN profile for inbound load balance. Open WAN>>Load Balance and click the tab of Inbound Load Balance. Simply click the Add button to open the following dialog. Vigor3900 Series User’s Guide...
Page 111 Save – Click it to save the settings. IP Mapping – Use the drop down list to choose a WAN interface profile which will be used by the domain. Weight – Use the drop down list to choose the one you want. Vigor3900 Series User’s Guide...
Page 112 TTL – It means Time to live of a DNS response. Available setting range is from 0 to 2147483647. Refresh – Set the time for the PC in LAN to refresh the data. Retry – Set the times of retry if the PC fails to contact with Vigor3900 Series User’s Guide...
Page 113 Reference for advanced process. – Click the icon to remove the selected entry. CNAME Record It is used to record the DNS query for CNAME. Add – Click it to add a new host with specified reference. Vigor3900 Series User’s Guide...
Page 114 A sub-domain setting page will appear for you to add new profile. Note that the configuration is similar to the way stated on the above steps. Vigor3900 Series User’s Guide...
Page 115: Switch
It depends on the setting configured in this page for VLAN ID configured in WAN >>General Setup>>Profile relates to the VLAN ID setting configured here. This page simply displays current status of 802.1Q VALN setting profiles. Each item will be explained as follows: Vigor3900 Series User’s Guide...
Page 116 Check the box to enable the Mirror function for the switch. Mirroring Port Select a port for the administrator to use for viewing traffic sent from mirrored ports. Select a port to make the packets passing through it Mirrored Port monitored by the administrator. Vigor3900 Series User’s Guide...
Page 117 – Click Enable to enable such function. When the data cache is approaching to full load, Vigor router will pause transmitting the packets till the system is able to accept new data again. It can avoid the network traffic congestion. Vigor3900 Series User’s Guide...
Page 118 Status Display if the port connection for WAN interface is linked or not. Up means the network is connected; Down means the network is not connected. Speed Display the transmission rate (10M, 100M, 1000M or Auto) Vigor3900 Series User’s Guide...
Page 119 WAN interface. Duplex Display the duplex used (full or half) by such WAN interface. Vigor3900 Series User’s Guide...
Page 120: Lan
This page allows you to enable the profile, give a brief explanation for such profile, specify the VLAN ID, specify MAC address, and choose protocol type for such profile. Each item will be explained as follows: Vigor3900 Series User’s Guide...
Page 121 Display the subnet mask for such LAN profile. DHCP Server Display the status (Enable/Disable) of the DHCP server. IPv6 Protocol Display the IPv6 protocol type for the LAN profile. Open LAN>>General Setup and click the General Setup tab. Vigor3900 Series User’s Guide...
Page 122 Enable – Click it to enable the default MAC address for such Address profile. Disable – Click it to type the MAC address manually for such profile. If Default MAC address is disabled, please specify a MAC MAC Address Vigor3900 Series User’s Guide...
Page 123 – click the icon to remove the selected entry. DHCP Routers In general, this box will be blank. It means Vigor3900 will be regarded as the gateway for the user. However, if you want to use other gateway, please assign the IP address in this field.
Page 124 Except Link-Local, each type requires different parameter settings. Link-Local- Link-Local address is used for communicating with neighbouring nodes on the same link. It is defined by the address prefix fe80::/10. You don't need to setup Link-Local Vigor3900 Series User’s Guide...
Page 125 Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. When you finish the above settings, please click Apply to save the configuration and exit the dialog. Vigor3900 Series User’s Guide...
Page 126 Display the status of the profile. False means disabled; True means enabled. DHCP Server Location Display the LAN or WAN profile for the DHCP server. DHCP Server IP Display the IP address of DHCP server. Open LAN>>General Setup and click the DHCP Relay tab. Vigor3900 Series User’s Guide...
Page 127 Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. When you finish the above settings, please click Apply to save the configuration and exit the dialog. Vigor3900 Series User’s Guide...
Page 128 Refresh Renew current web page. Profile Display the name of the LAN profile. Enable Display the status of the profile. False means disabled; True means enabled. Advertisement Lifetime Display the lifetime value. Vigor3900 Series User’s Guide...
Page 129 A lifetime of 0 indicates that the router is not a default router and should not appear on the default router list. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Vigor3900 Series User’s Guide...
Page 130 Refresh Renew current web page. Profile Display the name of the LAN profile. Enable Display the status of the profile. False means disabled; True means enabled. Mode Display the mode (automatic setting or manual setting) Vigor3900 Series User’s Guide...
Page 131 Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog. Available parameters are listed as follows: Item Description Profile Display the name of the LAN profile. Enable Check this box to enable this profile. Mode Choose Automatic Setting or Manual Setting. Vigor3900 Series User’s Guide...
Page 132 2000:0000:0000:0000:0000:0000:0000:10 or 2000::10. Set the private IP address for DNS server. If this field is blank, users on LAN will treat Vigor3900 as the DNS server. Add – Click it to add a new IP address for DNS server. Save – Click it to save the setting.
Page 133: Pppoe Server
Enable – Click it to isolate the PPPoE users who access into Internet via Vigor router.. Deny Internet Access Disable –Click it to disable this function. Except PPPoE User Enable – If you click Enable, only the PPPoE user can access into Internet. Vigor3900 Series User’s Guide...
Page 134 It is available when RADIUS or LDAP is selected as User Authentication Type. Use the drop down list to specify LAN profile for authentication. Apply Click it to save and exit the dialog. Cancel Click it to discard current page modification. Vigor3900 Series User’s Guide...
Page 135 Display the IP address of the client’s host. Up Time Display the time that the PPPoE connection built. RX Bytes Display the total amount of received packets. TX Bytes Display the total amount of transmitted packets. Vigor3900 Series User’s Guide...
Page 136: Ip Routing
WAN. When the local device tries to transmit the data packets out, Vigor3900 will send it out through that certain WAN interface without passing through NAT. Meanwhile, remote device also can access the local device directly without any difficulty.
Page 137 Choose one of WAN profiles for sending data out. LAN Profile Choose one of LAN profiles for the local device. Type the private IP address for such IP routing profile. Type the subnet mask for such IP routing profile. Mask Vigor3900 Series User’s Guide...
Page 138: Static Route
Delete Remove the selected static route setting. To delete a static route setting, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Vigor3900 Series User’s Guide...
Page 139 Display the distance to the target. Open LAN>>Static Routing and click the Static Route tab. Click the Add button. The following dialog will appear. Available parameters are listed as follows: Item Description Type the name of the static route profile. Profile Vigor3900 Series User’s Guide...
Page 140 Type the distance to the target (usually counted in hops). Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. The new profile will be added on the screen. Vigor3900 Series User’s Guide...
Page 141 Display the prefix length of the profile. Prefix Length Nexthop Display the nexthop address for such static route profile. WAN / LAN Profile Display the subnet LAN or WAN profile of the gateway. Metric Display the distance to the target. Vigor3900 Series User’s Guide...
Page 142 Choose one of the LAN/WAN profiles of the gateway for such static route. Metric Type the distance to the target (usually counted in hops). Apply Click it to save and exit the dialog. Click it to exit the dialog without saving anything. Cancel Vigor3900 Series User’s Guide...
Page 143 Enter all the settings and click Apply. The new profile will be added on the screen. To make the users in different LAN communicating with each other, please check the box to enable Inter-LAN route function. Vigor3900 Series User’s Guide...
Page 144: Switch
Modify the selected VLAN ID setting. Edit To edit VALN ID setting, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Vigor3900 Series User’s Guide...
Page 145 VLAN group. Determine which LAN interface can be used to access into Member Internet for such LAN profile with the VLAN ID number. If the icon appears in front of the drop down list, it means Vigor3900 Series User’s Guide...
Page 146 Click it to exit the dialog without saving anything. Enter all the settings and click Apply. The new profile will be added on the screen. Vigor3900 supports port mirroring function in LAN interfaces. This mechanism helps manager track the network errors or abnormal packets transmission without interrupting the flow of data access the network.
Page 147 Check the box to enable the Mirror function for the switch. Select a port to view traffic sent from mirrored ports. Mirroring Port Select which port is necessary to be mirrored. Mirrored Port Refresh Renew current web page. Apply Click it to save the settings. Vigor3900 Series User’s Guide...
Page 148 Display the duplex used (full or half) by such profile. Duplex Display the transmission rate (10M, 100M, 1000M or Auto) Speed of the date for such profile. flow_control Display the status (enable or disable) of such function. Note Display additional information. Vigor3900 Series User’s Guide...
Page 149 Display addition information for such interface. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. The profile has been edited. Vigor3900 Series User’s Guide...
Page 150 Display the status (up or down) for the interface. Speed Display the transmission rate (10M, 100M, 1000M or Auto) of the date for such profile. Duplex Display the duplex used (full or half) by such profile. Vigor3900 Series User’s Guide...
Page 151: Bind Ip To Mac
Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Move on IP Bind List IP Address - Display the IP address of one device. MAC Address - Display the MAC address of the device. Vigor3900 Series User’s Guide...
Page 152 Strict_Bind – Only specified IP addresses will be assigned to the device with bind MAC address. Other devices which are not listed on the Bind Table shall still NOT get the IP address from DHCP server. Vigor3900 Series User’s Guide...
Page 153 IP address. Click it to save and exit the dialog. Apply Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new profile has been added onto Bind Table. Vigor3900 Series User’s Guide...
Page 154: Rip Configuration
B will tell A "if you want to send packets to C, please send it to me first", then A will create a routing rule to forward packet that destination is C to B. In another direction, C will do the same thing. Vigor3900 Series User’s Guide...
Page 155 Check the box to enable such function. Profile Choose the LAN/WAN profile(s). Apply Click it to save the settings. Cancel Click it to discard the settings configured in this page. After finished the settings, click Apply to save them. Vigor3900 Series User’s Guide...
Page 156: Ospf Configuration
Check the box to enable such function. Profile Choose a LAN profile from the drop down list to apply for such configuration. Apply Click it to save the settings. Cancel Click it to cancel the settings configuration. Vigor3900 Series User’s Guide...
Page 157: Nat
Series is NAT-enabled by default and gets one globally routable IP addresses from the ISP by Static, PPPoE, or DHCP mechanism. The Vigor3900 Series assigns private network IP addresses according to RFC-1918 protocol and translates the private network addresses to a globally routable IP address so that local hosts can communicate with the router and access the Internet.
Page 158 Allow to modify the selected profile name. Profile Display the name of the profile. Enable Display the status of the profile. False means disabled; True means enabled. WAN Profile Display the WAN interface of this profile. Vigor3900 Series User’s Guide...
Page 159 Display the ending number of the public port. Private Port Display the number of the private port. Open NAT>> Port Redirection. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Vigor3900 Series User’s Guide...
Page 160 Simply type the private IP used for this entry. Protocol Choose the protocol used for the entry. Port Redirection Specify the direction for the port to be redirected. Mode Public Port Start/ It is available when Range-to-One or Range-to-Range is Vigor3900 Series User’s Guide...
Page 161: Dmz Host
If an outside user penetrated the DMZ host’s security, only the Web pages will be corrupted but other company information would not be exposed. Each item will be explained as follows: Item Description Vigor3900 Series User’s Guide...
Page 162 Display the selected WAN IP address if Use IP Alias is enabled. DMZ Host IP Display the IP address of the DMZ host. Allow DMZ Host to Display if such function is enabled or disabled. Access Network Open NAT>> DMZ Host. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 163 Use the drop down list to choose the IP group profile(s) to apply to such profile. Allowed Service This is an optional setting. Type Use the drop down list to choose the type(s) to apply to such profile. Apply Click it to save and exit the dialog. Vigor3900 Series User’s Guide...
Page 164 Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new profile has been added onto DMZ Host table. Vigor3900 Series User’s Guide...
Page 165: Address Mapping
Change the order of selected profile by moving it down. Rename Allow to modify the selected profile name. Display the name of the profile. Profile Enable Display the status of the profile. False means disabled; True means enabled. Vigor3900 Series User’s Guide...
Page 166 Display if failover to the default route is enabled or disabled. Failback Display if the function of Failback is enabled or disabled. Open NAT>> Address Mapping. Simply click the Add button. The following dialog will appear. Vigor3900 Series User’s Guide...
Page 167 Use the drop down list to specify one IP group for such profile. If there is nothing to be specified, simply open Object Settings to create the one you want. Protocol Choose the protocol used for the entry. Vigor3900 Series User’s Guide...
Page 168 Apply Click it to save and exit the dialog. Click it to exit the dialog without saving anything. Cancel Enter all the settings and click Apply. A new profile has been added onto Address Mapping table. Vigor3900 Series User’s Guide...
Page 169: Alg
Click it to save the settings. Click Apply to save the settings. The H.323 ALG allows incoming and outgoing VoIP calls passing through NAT. If required, check the box and click Apply to save the settings. Vigor3900 Series User’s Guide...
Page 170: Firewall
The firewall controls the allowance and denial of packets through the router. Firewall Setup in the Vigor3900 Series mainly consists of packet filtering, Denial of Service (DoS) and URL (Universal Resource Locator) content filtering facilities. These firewall filters help to protect your local network against attack from outsiders. A firewall...
Page 171 To build an IP group containing IP filter rules, please follow the steps: Open Firewall>>Filter Setup and click the IP Filter tab. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Vigor3900 Series User’s Guide...
Page 172 You can create filter rule by clicking on the left side of the selected IP filter group profile. A setting page will appear for you to add new IP filter rule profile. Move your mouse to click Add. Vigor3900 Series User’s Guide...
Page 173 Pass_If_No_Further_Match as Block Action, you have to specify next IP filter group for further matching. Syslog Click Enable to make the history of firewall actions appearing on the System Maintenance >> Syslog/Mail Alert >> Syslog File. Vigor3900 Series User’s Guide...
Page 174 Choose one or more user group profiles from the drop down list. The selected profile will be treated as source target. You can click to create another new user group profile. Vigor3900 Series User’s Guide...
Page 175 Enter all the settings and click Apply. 10. A new IP filter rule has been added under the IP Filter Group (named IPF_Market in this case). Note: You can create multiple IP filter rules under a certain IP Filter group. Vigor3900 Series User’s Guide...
Page 176 Display the status of the profile. False means disabled; True means enabled. Time Object If no time schedule is set, None will be shown in this field. Time Group Display the Time group profile selected for such application Vigor3900 Series User’s Guide...
Page 177 Display the P2P object profile selected for such application profile. P2P Block Display the P2P object profile selected for such application profile. Open Firewall>>Filter Setup and click the Application Filter tab. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 178 The selected profile will be filtered by the router when such application filter profile is applied. You can click to create another new IP group profile, or you can click the edit icon to modify the existed group profile. Vigor3900 Series User’s Guide...
Page 179 Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new Application filter profile has been added. Vigor3900 Series User’s Guide...
Page 180 Display the status of the profile. False means disabled; True Enable means enabled. Filter Https Display if the HTTPs filter is enabled or not. Time Object If no time schedule is set, None will be shown in this field. Vigor3900 Series User’s Guide...
Page 181 The message will display on the user's browser when he/she tries to access the blocked web page. Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 182 Disable. target Time Object - Click the triangle icon to display the profile selection box. Choose a schedule profile to be applied on such application filter profile. The router will perform the Vigor3900 Series User’s Guide...
Page 183 Choose e one or more keyword object profiles from the drop down list which will be allowed / not be allowed to pass through the router. You can click to create another new keyword object profile, Vigor3900 Series User’s Guide...
Page 184 This page is designed for the user in China only. For people outside China, skip this section. Each item will be explained as follows: Item Description Add a new group profile for QQ filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify Vigor3900 Series User’s Guide...
Page 185 QQ profile is enabled. Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page. Open Firewall>>Filter Setup and click the QQ Filter tab. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 186 QQ account. Click it to save and exit the dialog. Click it to discard the settings configured in this page. Cancel Enter all the settings and click Add. A new QQ filter profile has been added. Vigor3900 Series User’s Guide...
Page 187: Dos Defense
Click Enable to block the packets attacks coming from Storm Defense unknown multicast storm. Storm Filtering Rate Type a number (1~4096, unit of 64Kpbs) as for the filtering rate. Refresh Renew current web page. Apply Click it to save the configuration. Vigor3900 Series User’s Guide...
Page 188 The default setting for timeout is 10 seconds. Block UDP Flood Click Enable to activate the UDP flood defense function. If the amount of UDP packets from the Internet exceeds the user-defined threshold value, the router will be forced to Vigor3900 Series User’s Guide...
Page 189 Click Enable to activate the Block Unknown Protocol Protocol function. The router will block any packets with unknown protocol types. Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 190: Mac Block
Allow to modify the selected profile name. Profile Display the name of the profile. Display the status of the profile. False means disabled; True Enable means enabled. MAC Address Display the MAC address for such profile. Vigor3900 Series User’s Guide...
Page 191 Apply Click it to save and exit the dialog. Click it to exit the dialog without saving anything. Cancel Enter all the settings and click Apply. A new MAC Block profile has been created. Vigor3900 Series User’s Guide...
Page 192: Objects Setting
Vigor3900 allows users to set different filter profiles based on IP, service type, keyword, file extension, instant message application, P2P application, protocol application, web category, QQ application, time setting, SMS service, mail service and notification. These objects setting profiles can be applied in Firewall.
Page 193: Ip Object
Display the address type (single, range or subnet) for such profile. Start IP Address Display the IP address of the starting point for such profile. Display the IP address of the ending point for such profile. End IP Address Vigor3900 Series User’s Guide...
Page 194 Choose the address type (Single / Range /Subnet) for such profile. Start IP Address Type the IP address of the starting point for such profile. End IP Address Type the IP address of the ending point for such profile if Vigor3900 Series User’s Guide...
Page 195 Subnet as Address Type. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new IP object profile has been created. Vigor3900 Series User’s Guide...
Page 196: Ip Group
Display the total number (32) of the object profiles to be created. Group Name Display the name of the object group. Description Display the description for such profile. Objects Display the object profiles grouped under such group. Vigor3900 Series User’s Guide...
Page 197 Setting>>IP Object will be seen here. To clear the selected one, click to remove current object selections. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 198: Service Type Object
To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (96) of the object profiles to be created. Vigor3900 Series User’s Guide...
Page 199 Type a name for such profile. The number of the characters allowed to be typed here is 10. Protocol Specify one of the protocols for such profile. Source Port Start It is available for TCP/UDP protocol. It can be ignored for ICMP. Vigor3900 Series User’s Guide...
Page 200 ICMP. Type a port number (0 – 65535) as the ending destination port. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new Service Type Object profile has been created. Vigor3900 Series User’s Guide...
Page 201: Service Type Group
Display the total number (32) of the object profiles to be created. Group Name Display the name of the service type group. Description Display the description for such profile. Objects Display the service type object profiles grouped under such group. Vigor3900 Series User’s Guide...
Page 202 To clear the selected one, click to remove current object selections. Apply Click it to save the configuration. Click it to exit the dialog without saving the configuration. Cancel Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 203: Keyword Object
A new Service Type Group profile has been created. Keyword can be set as a filter rule to be applied in Firewall. Vigor3900 allows users to set keyword profile with several keywords. Even, it allows users to group several keyword profiles within a keyword group.
Page 204 Save – Click it to save the setting. – click the icon to remove the selected entry. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 205: File Extension Object
To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (8) of the object profiles to be created. Profile Display the name of the profile. Vigor3900 Series User’s Guide...
Page 206 Display the selected file extension of execution. Open Objects Setting>>File Extension Object. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the File Extension Object group.. Vigor3900 Series User’s Guide...
Page 207 Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new File Extension Object profile has been created. Vigor3900 Series User’s Guide...
Page 208: Im Object
Profile Display the name of the IM object profile. Member Display the IM application specified in such profile. WebIM Display the status of IM object whether including the specified set of web IM or not. Vigor3900 Series User’s Guide...
Page 209 Type the name of the IM object group. The number of the characters allowed to be typed here is 10. Member Several IM applications offered for you to choose. Check the one(s) you want to add for such profile. Vigor3900 Series User’s Guide...
Page 210 Apply Click it to save the configuration. Click it to exit the dialog without saving the configuration. Cancel Enter all the settings and click Apply. A new IM Object profile has been created. Vigor3900 Series User’s Guide...
Page 211: P2P Object
Vigor3900 can block P2P application for users, especially for the ones who always upload or download improper files to Internet. P2P object setting lists all of the point to point application for you to choose to block. Choose the one(s) you want to block and save as a P2P Object profile. Later, it can be applied to Firewall as a filter rule and reach the purpose of block.
Page 212 Several P2P applications offered for you to choose. Check the one(s) you want to add for such profile. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 213: Protocol Object
A new P2P Object profile has been created. Network services, e.g., DNS, FTP, HTTP, POP3, for LAN users can be blocked by Vigor3900. Common services will be listed in this function and can be selected to be blocked by the router.
Page 214 Type the name of the protocol object profile. The number of the characters allowed to be typed here is 10. Member Several protocols offered for you to choose. Check the one (s) you want to add for such profile. Vigor3900 Series User’s Guide...
Page 215: Web Category Object
If you want to purchase a formal edition, simply contact with your DrayTek dealer. Note: Web Content Filter (WCF) is not a built-in service of Vigor router but a service powered by Commtouch.
Page 216 Business Display the items under certain category that you choose to block. Chatting Display the items under certain category that you choose to block. Display the items under certain category that you choose to Computer block. Vigor3900 Series User’s Guide...
Page 217 10. Child Protection The web pages which are not suitable for children will be classified into different categories. Simply check the one(s) that you don’t want the children to visit. Vigor3900 Series User’s Guide...
Page 218 Simply check the one(s) that you don’t want the user to visit. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new Web Category Object profile has been created. Vigor3900 Series User’s Guide...
Page 219 Move your mouse to the link of Activate URL and click it. The system will guide you to access into MyVigor website. After finishing the activation for the trial version of WCF, remember to purchase “Silver Card” for WCF service from your DrayTek dealer or distributor. Vigor3900 Series User’s Guide...
Page 220 Display the total number (16) of the object profiles to be created. Profile Display the name of the QQ object profile. Display the account name of the QQ object profile. Description Display a brief explanation of the QQ object profile. Vigor3900 Series User’s Guide...
Page 221: Qq Object
- Click this button to remove the selected account. Description Type a brief explanation for the QQ object profile. Click it to save the configuration. Apply Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 222 To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (16) of the object profiles to be created. Group Name Display the name of the group. Vigor3900 Series User’s Guide...
Page 223: Qq Group
All the available objects that you have added on Objects Setting>>QQ Object will be seen here. To clear the selected one, click to remove current object selections. Apply Click it to save the configuration. Vigor3900 Series User’s Guide...
Page 224 Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new QQ group profile has been created. Vigor3900 Series User’s Guide...
Page 225: Time Object
Display the starting time of the time object profile. End Date Display the ending date of the time object profile. End Time Display the ending time of the time object profile. Weekdays Display the frequency of such time object profile. Vigor3900 Series User’s Guide...
Page 226 Specify the starting date of the time object profile. Specify the starting time of the time object profile. Start Time End Date Specify the ending date of the time object profile. End Time Specify the ending time of the time object profile. Vigor3900 Series User’s Guide...
Page 227 Specify which days in one week should perform the schedule. Click it to save the configuration. Apply Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new Time Object profile has been created. Vigor3900 Series User’s Guide...
Page 228: Time Group
Display the total number (8) of the object profiles to be created. Display the name of the group. Group Name Description Display the brief explanation for such group. Objects Display the time objects selected by such group. Vigor3900 Series User’s Guide...
Page 229 All the available time objects that you have added on Objects Setting>>Time Object will be seen here. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 230: Sms Service Object
To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (8) of the object profiles to be created. Profile Display the name of the profile. Vigor3900 Series User’s Guide...
Page 231 Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type a name for such SMS profile. The maximum length of the name you can set is 20 characters. Vigor3900 Series User’s Guide...
Page 232 SMS. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new SMS object profile has been created. Vigor3900 Series User’s Guide...
Page 233: Mail Service Object
Display the mail address of the sender. SMTP Port Display the port number used for the SMTP service. SMTP Server Display the IP address of the SMTP Server Authentication Enable means such profile must be authenticated by the server. Vigor3900 Series User’s Guide...
Page 234 Type a name for such SMS profile. The maximum length of the name you can set is 20 characters. Check this box to enable such profile. Enable Mail From Type the e-mail address of the sender. Vigor3900 Series User’s Guide...
Page 235 31 characters. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new mail service object profile has been created. Vigor3900 Series User’s Guide...
Page 236: Notification Object
Display if such function is enabled or disabled. VPN Disconnection Display if such function is enabled or disabled. VPN Reconnection Display if such function is enabled or disabled. Temperature Display if such function is enabled or disabled. Vigor3900 Series User’s Guide...
Page 237 Enable – When disconnection happened to a VPN tunnel, the router system will send the alert message to the recipient. Enable - When reconnection happened to a VPN tunnel, the VPN Reconnection router system will send the alert message to the recipient. Vigor3900 Series User’s Guide...
Page 238: User Management
Enter all the settings and click Apply. A new notification object profile has been created. User Management can manage all the accounts (user profiles) to connect to Internet via different protocols. Below shows the menu items for User Management: Vigor3900 Series User’s Guide...
Page 239: General Setup
Rule-Based is configured in default. Available parameters will be explained as follows: Item Description Mode There are two modes offered here for you to choose. Each mode will bring different filtering effect to the users involved. Vigor3900 Series User’s Guide...
Page 240 User-based Firewall Status will start to record each authentication event of specified users including authentication failure or success, user’s IP, when or how much time the user uses, and how much rest time for the user. Vigor3900 Series User’s Guide...
Page 241 Display the ending time of the wireless station. Rest Time Display the rest time for the wireless station to browse the Internet. Disconnect It is available for the administrator to turn off a specific user’s connection immediately. Vigor3900 Series User’s Guide...
Page 242: User Profile
This function allows to configure all accounts (user profiles) in Vigor3900, including PPTP/L2TP, System user, and so on. Each item will be explained as follows: Item Description Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
Page 243 Display the frequency for the quota reset. Time Quota(min) Display the time quota allowed for such user profile. Traffic Quota(MB) Display the traffic quota allowed for such user profile. Open User Management>>User Profile. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 244 When the user passes the authentication, he/she can access Internet via this router. However the accessing operation will be restricted with the conditions configured in this user profile. Check this box to enable such profile. Enable Vigor3900 Series User’s Guide...
Page 245 The range is from 1 to 255. -1 means not limit; 0 means No access. System User Choose True to allow the user accessing into WUI of Vigor3900 via the username and password above. If you choose False, you can set SSL for such profile. PPTP/L2TP/SSL Click Enable to make network connection through...
Page 246 Enable – Click it to enable the function. Apply Click it to save the configuration. Click it to exit the dialog without saving the configuration. Cancel Enter all the settings and click Apply. A new User Profile has been created. Vigor3900 Series User’s Guide...
Page 247: Usergroup
Display the total number (200) of the object profiles to be created. Usergroup Display the name of the user group. Enable Display the status of the profile. False means disabled; True means enabled. Member Display the user profiles under such group. Vigor3900 Series User’s Guide...
Page 248 Click it to save the configuration. Apply Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new User Group Profile has been created. Vigor3900 Series User’s Guide...
Page 249: Radius
1812, based on RFC 2138. Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Vigor3900 Series User’s Guide...
Page 250: Ldap/Active Directory
Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Vigor3900 Series User’s Guide...
Page 251 Display the configured regular DN if Bind Type is set with Regular Mode. Regular Password Display the configured regular password if Bind Type is set with Regular Mode. Open User Management>>LDAP/Active Directory. Simply click the Add button. The following dialog will appear. Vigor3900 Series User’s Guide...
Page 252 For the regular mode, you’ll need to type in the Regular DN and Regular Password. Server IP Address Enter the IP address of LDAP server. Port Type a port number as the destination port for LDAP server. Vigor3900 Series User’s Guide...
Page 253 By default, the Usage Time is 480 minutes. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new LADP/Active Directory Profile has been created. Vigor3900 Series User’s Guide...
Page 254: Application
Basically, Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www.dyndns.org, www.no-ip.com, www.dtdns.com, www.changeip.com, www.dynamic- nameserver.com. You should visit their websites to register your own domain name for the router. Vigor3900 Series User’s Guide...
Page 255 The information will update immediately when the Refresh button is clicked. Profile Display the name of the DDNS. Status Display the connection status for the DDNS sever. Display the domain name for the DDNS server. Domain Name Vigor3900 Series User’s Guide...
Page 256 Display the domain name of such profile. IP Source Display the interface (My WAN IP or My Internet IP) selected by such DDNS profile. Force update interval Display the interval setting to refresh the data for such Vigor3900 Series User’s Guide...
Page 257 Selected_wan_first – The DDNS profile will be applied to the traffic via WAN interface first, then applied to other interface. Selected_wan_only – The DDNS profile will be applied to the traffic via WAN interface only. No other interface will be used. Vigor3900 Series User’s Guide...
Page 258 Set the time for the router to perform auto update for DDNS interval service. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. The DDNS Profile has been modified. Vigor3900 Series User’s Guide...
Page 259: Gvrp
This page displays the information related to all DDNS. This function can define the method for the changing the VLAN information among devices. With supporting GVRP, the device can receive the VLAN information coming from other devices. Available parameters are listed as follows: Vigor3900 Series User’s Guide...
Page 260 Join Time Define the time for the system to send GVRP packet to other device. The unit is second. Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 261: Igmp Proxy
Further, the user does not have to manually set up port mappings or a DMZ. UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice, video and messaging features. Vigor3900 Series User’s Guide...
Page 262 The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility. Vigor3900 Series User’s Guide...
Page 263 Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches. Non-privileged users can control some router functions, including removing and adding port mappings. Vigor3900 Series User’s Guide...
Page 264: High Availability
Slave (backup) device could replace the Master role to take over all jobs as soon as possible. However, once the original Master is working again, the Slave would be changed to original role to stand by. Vigor3900 Series User’s Guide...
Page 265 LAN, it routes user’s traffic while others stay in standby status. Settings under Config Synchronization Role(Hot-Standby) – Specify the Hot-Standby role for such Vigor router. Primary – It means such Vigor router is treated as the primary Vigor3900 Series User’s Guide...
Page 266 Authentication Key – Type a string as the authentication key. It is used for encrypting the HA session communication to prevent malicious attack. Advance Preemption Mode – Specify a mode for changing the Config Synchronization Role. Vigor3900 Series User’s Guide...
Page 267 Config Synchronization IP (Hot-Standby) – Type the IP Settings under Active-Standby address of the router plays the role of Master. Priority ID (Hot-Standby) – Type a value (1~30). The secondary router with the highest priority will take charge of Vigor3900 Series User’s Guide...
Page 268 Virtual IP for Display the IP address of the gateway. Gateway VHID Display the virtual host ID number of the profile. HA Status Display the online status (Master, Backup, LAN_failed and WAN_Failed) of such HA profile. Vigor3900 Series User’s Guide...
Page 269 VHID is used for Backup router to identify which Master will be backed up. Role Select a role for this device as Primary or Secondary. (Hot-Standby) Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 270 When the primary device fails, one of the rest ones will be elected as the new master device. When the Master device fails, one of the slave devices will be chosen as the Master device to offer the network service for the connected PCs. Vigor3900 Series User’s Guide...
Page 271 WAN interfaces can be active which provide more flexible utilization of network service. When LAN1 in Router A fails, one of the available line connections (e.g., LAN1 in Router C) will be selected to offer the network service for all the connected PCs. Vigor3900 Series User’s Guide...
Page 272: Wake On Lan
LAN Profile – Use the drop down list to choose one of the LAN profiles. Click this button to wake up the selected IP. See the Wake Up following figure. The result will be shown on the box. Delete Click this button to remove all the settings. Vigor3900 Series User’s Guide...
Page 273: Sms / Mail Alert Service
Display the name of the SMS provider. Recipient Display the one who will receive the SMS. Notify Profile Display the name of the notify profile. Open Applications>> SMS/Mail Alert Service and click the SMS Alert Service tab. Vigor3900 Series User’s Guide...
Page 274 Such profiles can be created from Object Setting>>Notification Object. Apply Click it to save the configuration and exit the page. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 275 Display the index number (from 1 to 10) of the profile. Enable This Profile Display the status of the profile. False means disabled; True means enabled. Mail Profile Display the name of the mail profile. Display the one who will receive the mail alert. Recipient Vigor3900 Series User’s Guide...
Page 276 Choose a profile (specify the timing for sending SMS) from the drop down list. Such profiles can be created from Object Setting>>Notification Object. Apply Click it to save the configuration and exit the page. Cancel Click it to exit the dialog without saving the configuration. Vigor3900 Series User’s Guide...
Page 277 Enter all the settings and click Apply. The mail alert service profile has been modified. Vigor3900 Series User’s Guide...
Page 278: Vpn And Remote Access
Below shows the menu items for VPN and Remote Access. Such wizard is used to configure VPN settings for VPN client. Such wizard will guide to set the LAN-to-LAN profile for VPN dial out connection step by step. Vigor3900 Series User’s Guide...
Page 279 Create New VPN Profile – It allows you to create a new VPN LAN to LAN profile. Simply type the name in the field of Profile Name. The field of Profile Name is available only when you click this setting. Vigor3900 Series User’s Guide...
Page 280 Specify the type. Click Create New VPN Profile and type the name of the profile. Then, click Next. If you choose PPTP as the Type, you will get the following screen: Available parameters are listed as follows: Item Description Profile Display the name of the VPN profile. Vigor3900 Series User’s Guide...
Page 281 Available parameters are listed as follows: Item Description Profile Display the name of the VPN profile. Enable Check this box to enable such profile. Choose a WAN profile to be used by such profile. WAN Profile Vigor3900 Series User’s Guide...
Page 282 It is the timeout timer. The peer will be declared dead once no acknowledge message is received after timeout value. Use the value 0 to disable this function. The recommended value is 120 seconds if enabled. Vigor3900 Series User’s Guide...
Page 283 Fill in the required information on this page and click Finish. A new profile has been created. Vigor3900 Series User’s Guide...
Page 284: Vpn Server Wizard
Such wizard is used to configure VPN settings for VPN server. Such wizard will guide to set the LAN-to-LAN profile for VPN dial in connection step by step. Open VPN and Remote Access >> VPN Server Wizard. The following dialog will appear. Available parameters are listed as follows: Item Description Vigor3900 Series User’s Guide...
Page 285 Choose a user for authentication in PPTP connection. Such profile shall be created in User Management>>User Profile previously. Otherwise, there are no selections displayed here. Local IP / Subnet Type the IP address and subnet mask of local host. Mask Vigor3900 Series User’s Guide...
Page 286 Signature. Choose PSK or RSA for such profile. Certificate Choose a local certificate from the drop down list if RSA is selected as Auth Type. Preshared Key Type a pre-shared key for authentication if PSK is selected as Auth Type. Vigor3900 Series User’s Guide...
Page 287 Fill in the required information on this page and click Finish. A pop-up window will appear. Click OK. Then, return to VPN and Remote Access>>VPN Server Wizard. The new added VPN server profile will be displayed on the screen. Vigor3900 Series User’s Guide...
Page 288: Remote Access Control
Check the box(es) to enable the service. Service / L2TP VPN Service/DHCP over IPSec Service/L2TP over IPSec Service Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 289: Ppp General Setup
CHAP protocol. MPPE Encryption Specify one of the encryptions for such server. It is available only when MS-CHAP or MS-CHAP_v2 is selected. User Authentication Set user authentication to Local server, RADIUS server or Type LDAP server. Vigor3900 Series User’s Guide...
Page 290 Netbios Naming Packet inside the tunnel. Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 291 Choose a LDAP profile for PPTP Server if LDAP is selected as user authentication type. To clear the selected one, click to remove current object selections. Choose a LAN profile for L2TP Server if RADIUS/LDAP is LAN Profile selected as user authentication type. Vigor3900 Series User’s Guide...
Page 292: Ipsec General Setup
Type the UDP port number for Internet Key Exchange (IKE) IKE Port traffic to the VPN server. NAT-Port Type the UDP port number for IPSec network address translator traversal (NAT-T) traffic. IPSec MSS Type the port number for IPSec MSS. Vigor3900 Series User’s Guide...
Page 293: Vpn Profiles
Display the LAN to LAN profile with PPTP Dial-out policy. Display the LAN to LAN profile with PPTP Dial-in policy. PPTP Dial-in Profile Number Limit Display the total number (500) of the object profiles to be Vigor3900 Series User’s Guide...
Page 294 Authentication Header (AH) and the Encapsulating Security Payload (ESP), and through the use of cryptographic key management procedures and protocols. Open VPN and Remote Access >> LAN to LAN. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 295 LAN subnet mask for the remote host. More Remote Subnet – Add more remote subnet in this field if required. Auth Type - The authentication to be used by Pre-Shared Key or RSA Signature. Choose PSK or RSA for such Vigor3900 Series User’s Guide...
Page 296 Enable – Click it to enable Aggressive Mode. Disable – Click it to disable Aggressive Mode. Local Peer ID Type the ID for Vigor3900 which can be configured by the remote end. It is available only when Aggressive Mode is enabled.
Page 297 120 seconds if enabled. Choose one of the LAN profiles as a source IP. Source IP After filling the required information for Advanced, click the GRE tab to open the following page. Available parameters are listed as follows: Vigor3900 Series User’s Guide...
Page 298 Proposal (Dial-Out) encryption algorithms to the VPN peers, and get its feedback to find a match. IKE Phase1 Propose the local available algorithms to the VPN peers, and Authentication get its feedback to find a match. Vigor3900 Series User’s Guide...
Page 299 Enter all the settings and click Apply. A new IPSec LAN-to-LAN profile has been created. Below will guide you to create a PPTP dial-out profile for VPN connection: Open VPN and Remote Access >> VPN Profiles. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 300 Local IP/Subnet Mask - Type the IP address and subnet mask of local host. Remote IP / Subnet Mask - Type the LAN IP address and LAN subnet mask for the remote host. Route / NAT Mode - Specify the purpose for such profile. Vigor3900 Series User’s Guide...
Page 301 Enter all the settings and click Apply. A new PPTP Dial-Out profile has been created. Below will guide you to create a PPTP dial-in profile for VPN connection: Open VPN and Remote Access >>VPN Profiles. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 302 Click it to create a new user profile or to modify an existing For User Profile profile. See the explanation later. PPTP User Name Choose a PPTP user profile for authentication in PPTP connection. Such profile shall be created in User Management>>User Vigor3900 Series User’s Guide...
Page 303 Management>>User Profile, or click Set PPTP Dial-In For User Profile in this page to configure a new one for choosing for authentication in PPTP connection. Below shows the window of Set PPTP Dial-In For User Profile. For the configuration and detailed information, simply refer to 4.6.2 User Profile. Vigor3900 Series User’s Guide...
Page 304: Vpn Trunk Management
It can assist users to do effective load sharing for multiple VPN tunnels according to real line bandwidth. Moreover, it offers three types of algorithms for load balancing and binding tunnel policy mechanism to let the administrator manage the network more flexibly. Vigor3900 Series User’s Guide...
Page 305 Display the source IP address specified for this profile. Source IP Address Source Mask Display the subnet mask address specified for the source IP of this entry. Destination IP Address Display the destination IP address specified for this entry. Vigor3900 Series User’s Guide...
Page 306 Open VPN and Remote Access >>VPN TRUNK Management and click the Load Balance Rule tab. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Vigor3900 Series User’s Guide...
Page 307 Then, such rule will be applied by the pool. Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. A new profile has been created. Vigor3900 Series User’s Guide...
Page 308 Display which mode (load_balance or failover) is selected. Interface Display the name of the Load Balance profile grouped under such pool profile. Primary Interface Display the primary interface for failover. Backup Interface Display the backup interface for failover. Vigor3900 Series User’s Guide...
Page 309 Remote Access>>VPN Profiles to create a new IPSec LAN to LAN profile with enabled GRE setting. Then, return to this page to specify the Interface option. Enter all the settings and click Apply. A new profile has been created. Vigor3900 Series User’s Guide...
Page 310 Refer to Chapter 3, How to Configure VPN Load Balance between Vigor3900 and Other Router for getting more detailed information about Load Balance application. Vigor3900 Series User’s Guide...
Page 311: Connection Management
Display the virtual network established by such VPN profile. Up Time Display the connection time of this VPN tunnel. Display the total received packets through this VPN. RX (Packets) TX (Packets) Display the total transmitted packets through this VPN. Disconnect Terminate the VPN connection. Vigor3900 Series User’s Guide...
Page 312: Certificate Management
Local certificate is created by the end user and must be signed by a trusted CA center. Vigor3900 can serve as a trusted CA and is called with “Root CA”. Therefore, any user can ask for certificate signed by Vigor3900.
Page 313: Local Certificate
This page allows users to generate certificate based on different work requests. Local certificate can be signed by itself or signed by a root CA (e.g., root CA on Vigor3900). Each item will be explained as follows: Item Description Allow you to upload current configuration to the host as a Upload CA certificate.
Page 314 Simply click the Generate button. The following dialog will appear. Available parameters are listed as follows: Item Description Certificate Name Type the name of the local certificate. ID Type The ID type for such certificate. There are four types: Vigor3900 Series User’s Guide...
Page 315 Click it to create a new local certificate based on the configuration here. Cancel Click it to exit the web page without saving the configuration. Enter all the settings and click Apply. A new generated Local Certificate has been created. Vigor3900 Series User’s Guide...
Page 316: Trusted Certificate
This page allows you to build a RootCA certificate for Vigor3900. RootCA can be deleted but not edited. If you want to modify the settings for a RootCA, please delete the one and create another one by clicking Build RootCA.
Page 317 The following dialog will appear. Available parameters are listed as follows: Item Description Certificate Name Display the name of the trusted CA certificate. Organization Unit Type a description for the organization unit. Organization Type the name of the organization. Vigor3900 Series User’s Guide...
Page 318 Click it to create a new local certificate based on the configuration here. Cancel Click it to exit the web page without saving the configuration. Enter all the settings and click Apply. A new RootCA Certificate has been created. Vigor3900 Series User’s Guide...
Page 319: Remote Certificate
Vigor3900, as a Root CA, can sign any certificate coming from end users locally or remotely. The selected user-defined certificate must be uploaded to Root CA. Also, the processing result will be displayed on this page. Each item will be explained as follows:...
Page 320: Ssl Vpn
OpenVPN Access Server offers a wide range of configurations for remote access to private cloud network resources and/or internal network. Note: Vigor3900 will support up to 20 simultaneous dial-in OpenVPN tunnels. In general, there are two advantages of OpenVPN: OpenVPN can be operated on different systems such as Windows, Linux, and MacOS.
Page 321 Type the mask address for the subnet IP address. Apply Click it to save the settings. Cancel Click it to exit the web page without saving the configuration. After finishing all the settings here, please click Apply to save the configuration. Vigor3900 Series User’s Guide...
Page 322: Ssl Web Proxy
Profile Number Limit Profile Display the name of the profile that you create. Display the URL. Host IP Address Display the IP address for the Host. Open SSL VPN>> SSL Web Proxy. Simply click the Add button. Vigor3900 Series User’s Guide...
Page 323 If you type function variation as URL, you have to type Host IP Address corresponding IP address in this filed. Such field must match with URL setting. Enter all the settings and click Apply. A new SSL Web Proxy profile has been created. Vigor3900 Series User’s Guide...
Page 324: Ssl Application
Display the total number (10) of the profiles to be created. Profile Display the name of the profile that you create. IP Address Display the IP address for this protocol. Port Display the port used for this protocol. Scaling Display the percentage for such application. Vigor3900 Series User’s Guide...
Page 325 Type the IP address for this protocol. Port Specify the port used for this protocol. The default setting is 5900. Scaling Chose the percentage (100%, 80%, 60) for such application. Enter all the settings and click Apply. Vigor3900 Series User’s Guide...
Page 326 To delete a profile, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (10) of the profiles to be created. Display the name of the profile that you create. Profile Vigor3900 Series User’s Guide...
Page 327 Profile Type the name of the profile that you create. Type the IP address for this protocol. IP Address Port Specify the port used for this protocol. Screen Size Chose the screen size for such application. Vigor3900 Series User’s Guide...
Page 328 Enter all the settings and click Apply. A new SSL Application profile has been created. Vigor3900 Series User’s Guide...
Page 329: Online User Status
If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access into DrayTek SSL VPN portal interface. Each item will be explained as follows: Item Description Renew current web page. Refresh Auto Refresh Specify the interval of refresh time to obtain the latest status.
Page 330: Central Vpn Management
Vigor3900 can build virtual private network (VPN) between itself and any other TR-069 CPE by the function of central VPN management. In addition, it can be treated as a server (called CVM server) which can manage TR-069 CPE for periodical firmware upgrade, configuration backup and restoring configuration.
Page 331 Click it to save the configuration. Cancel Click it to discard the settings configured in this page. This page allows you to configure the basic settings for the VPN tunnel of Vigor3900. Available parameters are listed as follows: Item Description WAN Profile Choose a WAN interface profile to be used.
Page 332 IKE Phase1 Mode Choose Aggressive or Main as the IKE Phase1 Mode. Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 333: Cpe Management
All the CPEs managed by Vigor3900 can be seen with icons from this page. This page allows you to manage the CPEs connected to Vigor3900. Page without CPE connected Page with CPE connected Available parameters are listed as follows: Item Description Vigor3900 Series User’s Guide...
Page 334 Managed Devices Status This area displays icons for the CPE managed by Vigor3900. Edit – To modify the name and location of specific CPE, click the one you want and click the Edit button. A pop up window will appear. Simply change the name (for identification) and/or location manually.
Page 335 Profile – Display the name of the profile. Device – Display the name (named by Vigor3900) of the devices selected by such profile. Name – Display the name (can be modified by the administrator) of the device.
Page 336 Refer to sections “3.7 How to manage the CPE (router) through Vigor3900?” and “3.9 How to upgrade CPE firmware through Vigor3900?” for more detailed information. Follow the steps below to create a new maintenance profile. Click Add from the Maintenance area The Maintenance dialog appears.
Page 337 Usually, the name of the device will be assigned by Vigor3900 automatically. If you want to give a name easy for easy recognition, refer to 4.11.2.1 CPE Maintenance to specify another name for the device additionally. Name Display the name (can be modified by the administrator) of the device.
Page 338 A new maintenance profile has been created. An easy method is offered to configure VPN settings for building VPN connection between Vigor3900 (treated as VPN server) and other Vigor router (treated as CPE device, i.e.VPN client). Available parameters are listed as follows:...
Page 339 VJ Compression; then click Connect to build the VPN connection. Note: If the VPN connection has been established successfully, a new LAN to LAN profile will be created for the CPE automatically. See the following example. Vigor3900 Series User’s Guide...
Page 340 CPE from the Device drop down list. Then, click Apply to save the settings. Such profile will be applied to the device connecting to Vigor3900 with VPN. Delete – Click it to delete the profile. The VPN between the router and the client might not be guaranteed.
Page 341 To display the location of the selected CPE with a bird’s eye view, open Central VPN Management>>CPE Management and click the tab of Map. Vigor3900 Series User’s Guide...
Page 342: Log/Alert
The Log page offers brief information to identify the CPE connected to Vigor3900. The Alert page offers brief information to identify the CPE connected to Vigor3900. Vigor3900 Series User’s Guide...
Page 343: Bandwidth Management
Differentiated quality of service is therefore one of the most important issues over the Internet infrastructure. In Vigor router, DSCP (Differentiated Service Code Point) support is also taken into consideration in the design of the QoS-guaranteed control module. Vigor3900 Series User’s Guide...
Page 344: Quality Of Service
This page allows you to set WAN interface for QoS. Choose one of the WAN interfaces and click Apply to save the settings. This page allows you to configure bandwidth percentage of data and voice signals transmission for outgoing data. Available parameters are listed as follows: Vigor3900 Series User’s Guide...
Page 345 Type the number as the total transmission rate for the incoming data. The range can be set from 64000 to 10000000. Click the unit for such rate. Queue 5 Weight ~ There are several available incoming queues, four shapers at Vigor3900 Series User’s Guide...
Page 346: Qos Rule
Delete button. Refresh Renew current web page. Allow to modify the selected profile name. Rename Profile Display the name of the profile for the filter. Enable Display the status of the profile. False means disabled; True Vigor3900 Series User’s Guide...
Page 347 Display the setting of TOS. Queue Number Display the queue number that such filter is categorized. Open Bandwidth Management>> QoS Rule. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Vigor3900 Series User’s Guide...
Page 348 Source IP Object – Use the drop down list to choose one of the source IP objects for such rule profile. Source IP Group – Use the drop down list to choose one of the source IP group for such rule profile. Vigor3900 Series User’s Guide...
Page 349 End IP Address - Type the IP address of the ending point for such profile if you choose Range as Address Type. Subnet Mask – Choose the subnet mask from the drop down list if you choose Subnet as Address Type. Vigor3900 Series User’s Guide...
Page 350 Apply Click it to save the configuration and exit the page. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. A QoS rule profiler has been created. Vigor3900 Series User’s Guide...
Page 351: Sessions Limit
Change the order of selected profile by moving it down. Rename Allow to modify the selected profile name. Display the name of the profile. Profile Enable Display the status of the profile. False means disabled; True means enabled. Vigor3900 Series User’s Guide...
Page 352 Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page. Open Bandwidth Management>> Sessions Limit. Simply click the Add button. The following dialog will appear. Vigor3900 Series User’s Guide...
Page 353 Source IP Object - Click the triangle icon to display the profile selection box. Choose one or more IP object profiles from the drop down list. The selected profile will be treated Vigor3900 Series User’s Guide...
Page 354: Bandwidth Limit
Please use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Bandwidth Limit to open the web page. Each item will be explained as follows: Item Description Add a new profile. Vigor3900 Series User’s Guide...
Page 355 Default TX Limit – Define the limitation for the speed of the upstream. Default RX Limit –Define the limitation for the speed of the upstream. Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 356 Define the limitation for the speed of the downstream. If you do not set the limit in this field, the system will use the default speed for the specific limitation you set for each index. Do not type the value with “0”, otherwise the profile Vigor3900 Series User’s Guide...
Page 357 Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A bandwidth limit profile has been created. Vigor3900 Series User’s Guide...
Page 358: Usb Application
Upper limit Calibration Type a value used for correcting the temperature error. Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. Vigor3900 Series User’s Guide...
Page 359 Below shows an example of temperature graph: Vigor3900 Series User’s Guide...
Page 360: System Maintenance
Auto Configuration Server, e.g., TR-069 device through an VigorACS. Each item will be explained as follows: Item Description Enable Check this box to enable such profile. ACS Server Such data must be typed according to the ACS (Auto Vigor3900 Series User’s Guide...
Page 361: Administrator Password
Choose one of the WAN profiles which will be recognized WAN Profile by VigorACS. Port Type the port number for Vigor3900 which will be recognized by VigorACS. CPE URL Display the URL of such CPE. The default setting is Enable. Please set periodic time for Periodic Status VigorACS to send notification to CPE.
Page 362: Configuration Backup
Backup Selected Config – The configuration file will be stored with an existing file in local host. You must select which file you want to store. Config File Name Display the default configuration file name. You can change Vigor3900 Series User’s Guide...
Page 363 Use the Browse.. button to locate the file for uploading to the router. Restore Click it to upload the selected file to the router. After finishing the restoration, the system will ask you to reboot the router. Vigor3900 Series User’s Guide...
Page 364 Vigor3900 Series User’s Guide...
Page 365: Syslog / Mail Alert
It is available when Remote or Both is selected as Status. Router Name Type the name of the router. The default name is Vigor. Firewall Log Click Enable to make the firewall log recorded in the Syslog. Vigor3900 Series User’s Guide...
Page 366 Click it to discard the settings configured in this page. Available parameters are listed as follows: Item Description Renew the web page. Refresh Download Log Save or open the Syslog file. Clear Syslog Remove all of the records. Vigor3900 Series User’s Guide...
Page 367 Send A Test Mail Click it to send a test mail to the specified address. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Vigor3900 Series User’s Guide...
Page 368: Time And Date
Click Enable to enable the daylight saving. Such feature is available for certain area. Apply Click this button to save the configuration and exit the web page. Click it to discard the settings configured in this page. Cancel Vigor3900 Series User’s Guide...
Page 369: Access Control
Click Enable to allow system administrator to login from the HTTPS server and management the web page of the router. Type the port number for the management through HTTPS HTTPS Port server. Server Certificate Use the default setting. Vigor3900 Series User’s Guide...
Page 370: Snmp Setup
Click Enable to allow system administrator to ping the router from WAN interface. Block LAN Profile Choose the LAN profile(s) that the IPs controlled under such profile will be blocked by Vigor3900. Allow Ping form LAN Click Enable to allow system administrator to ping the router from LAN interface.
Page 371: Reboot System
Default Configurations click Reboot. Reboot with Customized Click it to reboot the router using the current configuration Configurations (only the configuration settings listed and selected below). If you choose this option, Select Config File will be available Vigor3900 Series User’s Guide...
Page 372: Firmware Upgrade
The following web page will guide you to upgrade firmware by using such page. Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and the FTP site is ftp.DrayTek.com.
Page 373: Diagnostics
In some cases, a user may need to know some information about the router, such as static or dynamic databases, or other routing information. The Vigor3900 supports five functions, Routing Table, ARP Cache Table, DHCP Assignment Table, NAT Sessions Table and Traffic Graph for the user to review such information.
Page 374 Metric Display the distance to the target (usually counted in hops). It may be needed by routing daemons. Iface Display the direction of such route represented with LAN/WAN profile (starting from LAN/WAN profile to LAN/WAN profile). Vigor3900 Series User’s Guide...
Page 375 U (route is up) H (target is a host) G (use gateway) R (reinstate route for dynamic routing) D (dynamically installed by daemon or redirect) M (modified from routing daemon or redirect) A (installed by addrconf) Vigor3900 Series User’s Guide...
Page 376: Arp Cache Table
Remove all of the information from this page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box. The system will display the records relating to the keyword. Vigor3900 Series User’s Guide...
Page 377 Display the direction of such route represented with LAN/WAN profile (starting from LAN/WAN profile to LAN/WAN profile). User Display the identity of the user. Delete the selected profile. Clear Each item will be explained as follows: Item Description Vigor3900 Series User’s Guide...
Page 378 PROBE - The neighbor is no longer to be reachable, and unicast Neighbor Solicitation probes are being sent to verify reachability. Vigor3900 Series User’s Guide...
Page 379: Dhcp Table
Display the IP address of the static DHCP server. Start Date Display the starting date that DHCP server is activated. Start Time Display the starting time that DHCP server is activated. Display the end date that DHCP server is closed. End Date Vigor3900 Series User’s Guide...
Page 380 Display the interface used by the DHCP server. Display the IPv6 address of the static DHCP server. IPv6 Address Start Time Display the starting time that DHCP server is activated. End Time Display the end time that DHCP server is closed. Vigor3900 Series User’s Guide...
Page 381: Nat Session Table
Display the source IP address and port of local PC. Destination Display the destination IP address and port of remote host. Display the WAN IP address of the router. Protocol Display the protocol of such NAT session used. Vigor3900 Series User’s Guide...
Page 382: Traffic Graph
Recent 24 Hours – Display the information of CPU operation about recent 24 hours. Recent 7 Days – Display the information of CPU operation about recent 7 days. Recent 4 Weeks – Display the information of CPU operation about recent 4 weeks. Vigor3900 Series User’s Guide...
Page 383 Recent 24 Hours – Display the information of WAN operation about recent 24 hours. Recent 7 Days – Display the information of WAN operation about recent 7 days. Recent 4 Weeks – Display the information of WAN operation about recent 4 weeks. Vigor3900 Series User’s Guide...
Page 384: Web Console
Below show a graphic for CPU: Click Diagnostics and click Web Console to pen the web page for typing commands used in console connection. A remote user can operate Vigor3900 from this web page without installing and opening other connection utility.
Page 385: Ping/Trace Route
Interface - Choose one of the LAN or WAN profile to be applied by such function. Start Click it to start the action of Ping or TraceRoute. Stop Click it to terminate the action of Ping or TraceRoute. Vigor3900 Series User’s Guide...
Page 386: Data Flow Monitor
Display the records with 1 hour/24 hours/7 days recently. 24 Hours / Recent 7 Days Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh Vigor3900 Series User’s Guide...
Page 387: External Devices
External Devices to make detailed configuration. Each item will be explained as follows: Item Description Enable External Devices Check the box to detect the external device connected to Vigor3900. Click it to renew the web page. Refresh Vigor3900 Series User’s Guide...
Page 388: Product Registration
Note: Only DrayTek products can be detected by this function. Please refer to section 2.3 Register Vigor Router for more detailed information. Vigor3900 Series User’s Guide...
Page 389: Chapter 5: Trouble Shooting
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor3900 Series User’s Guide...
Page 390 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor3900 Series User’s Guide...
Page 391 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor3900 Series User’s Guide...
Page 392: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor3900 Series User’s Guide...
Page 393: Checking If The Isp Settings Are Ok Or Not
Open Online Status to check current network status. Be careful to check if the settings coming from your ISP have been typed correctly or not. Vigor3900 Series User’s Guide...
Page 394: Backing To Factory Default Setting If Necessary
Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Reboot with Factory Default Configuration and click Reboot. After few seconds, the router will return all the settings to the factory settings. Vigor3900 Series User’s Guide...
Page 395: Contacting Your Dealer
If the router settings are correct at all, and the router still does not connect to internet, please contact your ISP technical support representative to help you for configuration. Also, if the router still cannot work correctly, please contact your dealer for help. For any further questions, please send e-mail to support@draytek.com. Vigor3900 Series User’s Guide...

Draytek vigor3900 User Manual

Chapter 1: Preface

Chapter 2: Initialing Settings

Chapter 3: Application and Tutorial

Chapter 4: Advanced Web Configuration

Chapter 5: Trouble Shooting

Quick Links

Troubleshooting

Related Manuals for Draytek vigor3900

Summary of Contents for Draytek vigor3900

Table of Contents