Page 2 Vigor2620 LTE Series LTE Router User’s Guide Version: 1.01 Firmware Version: V3.8.11 (For future update, please visit DrayTek web site) Date: April 26, 2019 Vigor2620 Series User’s Guide...
Page 3 Web registration is preferred. You can register your Vigor router via http://www.DrayTek.com. Firmware & Tools Updates  Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents. More update, please visit www.draytek.com.
Page 4: Table Of Contents
Part I Installation .........................i I-1 Introduction ........................... 1 I-1-1 Indicators and Connectors ....................2 I-2 Hardware Installation ........................6 I-2-1 Network Connection via LTE....................6 I-2-2 Network Connection via DSL ....................7 I-2-3 Wall-Mounted Installation ....................8 I-3 Accessing Web Page ........................9 I-4 Changing Password........................11 I-5 Dashboard...........................
Page 5 II-2-1-1 WAN1..................56 II-2-1-2 LTE ..................58 II-2-2 Internet Access......................... 59 II-2-2-1 Details Page for PPPoE/PPPoA in WAN1 (Physical Mode: ADSL) ....60 II-2-2-2 Details Page for MPoA/Static or Dynamic IP in WAN1 (Physical Mode: ADSL) .64 II-2-2-3 Details Page for PPPoE in WAN1 (Physical Mode: VDSL2) ......68 II-2-2-4 Details Page for MPoA/Static or Dynamic IP in WAN1 (Physical Mode: VDSL2) 71 II-2-2-5 Details Page for PPPoE in WAN2 (Physical Mode: Ethernet) ......74 II-2-2-6 Details Page for Static or Dynamic IP in WAN2 (Physical Mode: Ethernet)..76...
Page 6 A-1 How to use DrayDDNS? ..............148 A-2 How to Configure Customized DDNS?............ 153 II-6 Routing............................. 157 Web User Interface ........................158 II-6-1 Static Route ........................158 Part III Wireless LAN......................163 III-1 Wireless LAN .......................... 164 Web User Interface ........................168 III-1-1 Wireless Wizard......................
Page 7 V-1 Firewall............................. 236 Web User Interface ........................238 V-1-1 General Setup ........................ 238 V-1-2 Filter Setup........................243 V-1-3 DoS Defense........................252 V-1-3-1 DoS Defense................252 V-1-3-2 Spoofing Defense............... 255 Application Notes ........................256 A-1 How to Configure Certain Computers Accessing to Internet ......256 V-2 Central Security Management (CSM)..................
Page 8 VI-3 Central Management (AP)...................... 326 Web User Interface ........................327 VI-3-1 Dashboard........................327 VI-3-2 Status ..........................328 VI-3-3 WLAN Profile......................... 329 VI-3-4 AP Maintenance......................334 VI-3-5 Traffic Graph ......................... 335 VI-3-6 Temperature Sensor ..................... 336 VI-3-7 Event Log ........................336 VI-3-8 Total Traffic ........................
Page 9 VIII-4 Pinging the Router from Your Computer ................393 VIII-5 Checking If the ISP Settings are OK or Not ................. 395 VIII-6 Backing to Factory Default Setting If Necessary ..............396 VIII-7 Contacting DrayTek ......................397 Part IX Telnet Commands....................399 Accessing Telnet of Vigor2620 ....................... 400 Index ..........................593...
Page 11: Part I Installation
This part will introduce Vigor router and guide to install the device in hardware and software.
Page 13: Introduction
Vigor2620 LTE series is a router equipped with an LTE module which allows you to access the Internet via a SIM card. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DES, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with VPN tunnels.
Page 14: I-1-1 Indicators And Connectors
Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. Status Explanation The router is powered off. Blinking The router is powered on and running normally. The router is ready to access Internet. The router is not ready to access Internet. Blinking Slowly: The DSL connection is ready.
Page 15 Vigor2620L, Vigor2620Le, Interface Description Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration.
Page 16 Status Explanation The router is powered off. Blinking The router is powered on and running normally. The router is ready to access Internet. The router is not ready to access Internet. Blinking Slowly: The DSL connection is ready. Quickly: The DSL connection is establishing. Physical line has been connected.
Page 17 Vigor2620Ln, Vigor2620Lne, Interface Description Wireless LAN  Press the button and release it within 2 seconds. When the wireless ON/OFF/WPS function is ready, the green LED will be on.  Press the button and release it within 2 seconds to turn off the WLAN function.
Page 18: Hardware Installation
Before starting to configure the router, you have to connect your devices correctly. In this section, Vigor2620n is taken as an example. Install the SIM card into the card slot. The back plate of the SIM card slot must be removed first and the direction of card notch must be on the left side.
Page 19: I-2-2 Network Connection Via Dsl
Connect the DSL interface to the external ADSL splitter with an ADSL line cable. Connect to your computer with a RJ-45 cable. Connect one end of the power cord to the power port of this device. Connect the other end to the wall outlet of electricity. Power on the router.
Page 20: I-2-3 Wall-Mounted Installation
Vigor2620 has keyhole type mounting slots on the underside. 1. A template is provided on the Vigor2620 packaging box to enable you to space the screws correctly on the wall. 2. Place the template on the wall and drill the holes according to the recommended instruction.
Page 21: Accessing Web Page
Make sure your PC connects to the router correctly. You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192.168.1.1.
Page 22 Now, the Main Screen will appear. Take Vigor2620Ln as as example. Info The home page will be different slightly in accordance with the type of the router you have. The web page can be logged out according to the chosen condition. The default setting is Auto Logout, which means the web configuration system will logout after 5 minutes without any operation.
Page 23: Changing Password
Please change the password for the original security of the router. Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. Please type “admin/admin” as Username/Password for accessing into the web user interface with admin mode.
Page 24: Dashboard
Dashboard shows the connection status including System Information, IPv4 Internet Access, IPv6 Internet Access, Interface (physical connection), Security and Quick Access. Click Dashboard from the main menu on the left side of the main page. A web page with default selections will be displayed on the screen. Refer to the following figure: Vigor2620 Series User’s Guide...
Page 25: I-5-1 Virtual Panel
On the top of the Dashboard, a virtual panel (simulating the physical panel of the router) displays the physical interface connection. It will be refreshed every five seconds. When you move and click the mouse cursor on LEDs (except ACT), USB ports, or LAN1 – LAN4, related web setting page will be open for you to configure if required.
Page 26: I-5-3 Quick Access For Common Used Menu
All the menu items can be accessed and arranged orderly on the left side of the main page for your request. However, some important and common used menu items which can be accessed in a quick way just for convenience. Look at the right side of the Dashboard.
Page 27: I-5-4 Gui Map
Host connected physically to the router via LAN port(s) will be displayed with green circles in the field of Connected. All of the hosts (including wireless clients) displayed with Host ID, IP Address and MAC address indicates that the traffic would be transmitted through LAN port(s) and then the WAN port. The purpose is to perform the traffic monitor of the host(s).
Page 28: I-5-5 Web Console
It is not necessary to use the telnet command via DOS prompt. The changes made by using web console have the same effects as modified through web user interface. The functions/settings modified under Web Console also can be reviewed on the web user interface.
Page 29: I-5-7 Logout
Click this icon to exit the web user interface. Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. Vigor2620 Series User’s Guide...
Page 30 Detailed explanation (for IPv4) is shown below: Item Description LAN Status Primary DNS-Displays the primary DNS server address for WAN interface. Secondary DNS -Displays the secondary DNS server address for WAN interface. IP Address-Displays the IP address of the LAN interface. TX Packets-Displays the total transmitted packets at the LAN interface.
Page 31: I-5-8-2 Virtual Wan
Detailed explanation (for IPv6) is shown below: Item Description LAN Status IP Address- Displays the IPv6 address of the LAN interface.. TX Packets-Displays the total transmitted packets at the LAN interface. RX Packets-Displays the total received packets at the LAN interface.
Page 32: Quick Start Wizard
Quick Start Wizard can help you to deploy and use the router easily and quickly. Go to Wizards>>Quick Start Wizard. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. On the next page, please select the WAN interface that you use. If DSL interface is used, please choose WAN1;...
Page 33: I-6-1 Lte
Choose LTE. Enter a string as Display Name (optional). Click Next. After clicking Next, you will get the following web page. Available settings are explained as follows: Item Description Internet Access Specify a connection mode from the drop down menu. SIM PIN code Enter PIN code of the SIM card that will be used to access Internet.
Page 34 Item Description required by some ISPs. Back Click it to return to previous setting page. Next Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. Please manually enter the Username/Password provided by your ISP. Click Next for viewing summary of such connection.
Page 35: I-6-2 Wan1 (Adsl/Vdsl2)
WAN1 is specified for ADSL or VDSL2 connection. Available settings are explained as follows: Item Description Display Name Enter a name to identify such WAN. Physical Mode Display the physical mode of this WAN interface. DSL Mode Specify a DSL mode from the drop down menu. Choose WAN1 as WAN Interface and click the Next button;...
Page 36 Item Description Protocol There are two modes offered for you to choose for WAN1 interface. Choose PPPoE/PPPoA as the protocol. For ADSL Only Such field is provided for ADSL only. You have to choose encapsulation and Enter the values for VPI and VCI. Or, click Auto detect to find out the best values.
Page 37 Available settings are explained as follows: Item Description Service Name Enter the description of the specific network service. (Optional) Username Assign a specific valid user name provided by the ISP. Note: The maximum length of the user name you can set is 63 characters.
Page 38 Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Now, you can enjoy surfing on the Internet. Vigor2620 Series User’s Guide...
Page 39 Choose WAN1 as WAN Interface and click the Next button; you will get the following page. Available settings are explained as follows: Item Description Protocol There are two modes offered for you to choose for WAN1 interface. Choose MPoA / Static or Dynamic IP as the protocol. For ADSL Only Such field is provided for ADSL only.
Page 40 Primary DNS Enter the primary IP address for the router. Secondary DNS Enter secondary IP address for necessity in the future. VLAN Tag insertion Enable – Enable the function of VLAN with tag. (VDSL2)/(ADSL) The router will add specific VLAN number to all packets on the WAN while sending them out.
Page 41: I-6-3 Wan2 (Ethernet)
WAN2 can be configured for physical mode of Ethernet. If you choose Ethernet WAN2, please specify a physical type. Then, click Next. Available settings are explained as follows: Item Description Display Name Type a name for the router. Physical Mode Display the physical mode of this WAN interface.
Page 42 Click PPPoE as the Internet Access Type. Then click Next to get the following page. Available settings are explained as follows: Item Description Service Name Enter the description of the specific network service. (Optional) Username Assign a specific valid user name provided by the ISP. Note: The maximum length of the user name you can set is 63 characters.
Page 43 Please manually enter the Username/Password provided by your ISP. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Now, you can enjoy surfing on the Internet. Vigor2620 Series User’s Guide...
Page 44 Choose PPTP as the WAN Interface and click the Next button. The following page will be open for you to Enter all the information originally provided by your ISP. Available settings are explained as follows: Item Description Username Assign a specific valid user name provided by the ISP. Note: The maximum length of the user name you can set is 63 characters.
Page 45 IP address automatically from DHCP server. Specify an IP address – you have to type relational settings manually. IP Address - Enter the IP address. Subnet Mask –Enter the subnet mask. Gateway – Enter the IP address of the gateway. Primary DNS - Enter the primary IP address for the router.
Page 46 Click Static IP as the Internet Access type and click the Next button. The following page will be open for you to Enter the IP address information originally provided by your ISP. Available settings are explained as follows: Item Description WAN IP Enter the IP address.
Page 47 Click Next for next step. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Now, you can enjoy surfing on the Internet. Vigor2620 Series User’s Guide...
Page 48 Click DHCP as the Internet Access type and click the Next button. The following page will be open for you to Enter the IP address information originally provided by your ISP. Available settings are explained as follows: Item Description Host Name Enter the name of the host.
Page 49 After finished the settings above, click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Now, you can enjoy surfing on the Internet. Vigor2620 Series User’s Guide...
Page 50: Service Activation Wizard
“admin/admin” on Username/Password while Logging into the web user interface. Service Activation Wizard is a tool which allows you to activate services without accessing into the server (MyVigor) located on http://myvigor.draytek.com. Info Such function is available only for Admin Mode.
Page 51 Cryan 30-day trial is WCF which offers 30-day trial period. After trial, you can purchase DrayTek's prepared Cryan GlobalView WCF package from retailing outlets. DT-DDNS, developed by DrayTek, offers one year free charge service of dynamic DNS service for internal use. Setting confirmation page will be displayed as follows, please click Activate.
Page 52: Registering Vigor Router
You have finished the configuration of Quick Start Wizard and you can surf the Internet at any time. Now it is the time to register your Vigor router to MyVigor website for getting more service. Please follow the steps below to finish the router registration. Please login the web configuration interface of Vigor router by typing “admin/admin”...
Page 53 Info If you haven’t an accessing account, please refer to section Creating an Account for MyVigor to create your own one. Please read the articles on the Agreement regarding user rights carefully while creating a user account. The following page will be displayed after you logging in MyVigor. Type a nickname for the router, then click Add.
Page 54 This page is left blank. Vigor2620 Series User’s Guide...
Page 55: Part Ii Connectivity
It means wide area network. Public IP will be used in WAN. It means local area network. Private IP will be used in LAN. Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP.
Page 56: Lte
LTE WAN with SIM card can provide convinent Internet access for Vigor router. However, we can't stop thinking about what can Vigor router utilize this SIM card to provide more useful functions for user? Now, we have developed some useful functions for user, such as sending SMS from a router to report router status, rebooting router remotely via SMS with taking security into consideration, and so on.
Page 57: Web User Interface
This page allows you to configure general settings for LTE. When SMS Quota Limit is enabled, you can specify the number of SMS quota, actions to perform when quota exceeded, and the period of resetting SMS quota used. Available settings are explained as follows: Item Description Enable SMS Quota Limit...
Page 58: Ii-1-1-2 Sms Inbox
reset. Custom This setting allows the user to define the billing cycle according to his request. The number of SMS sent will be reset with an interval of cycle duration. Custom – Monthly is default setting. If long period or a short period is required, use Custom.
Page 59: Ii-1-2 Sms Inbox
This page will list the received SMS messages in the LTE SIM card. The SMS Inbox table shows the received date, the phone number or sender ID where this message was from, and the beginning of the message content. Since the data size of one SMS is limited, a long message will be sent by multiple SMS. For the convenience of users, we provide two modes.
Page 60 Message Content - Display the full content of the  message. OK - Return to previous page.  Delete - Click it to delete this message and return to  previous page. Next - Click it to see the content of next message. ...
Page 61 Message Content - Display the full content of the message. OK - Return to previous page. Delete - Click it to delete all SMS of this message and return to previous page. Next - Click it to see the content of next SMS index. Vigor2620 Series User’s Guide...
Page 62: Ii-1-3 Send Sms
This page is used to send SMS messages by the LTE SIM card. It also displays the number of SMS required to send the message. Available settings are explained as follows: Item Description Recipient Number Type the phone number of the recipient. The format can be an international phone number ( +8869123455678) or a general phone number(0912345678).
Page 63: Ii-1-4 Router Commands
This page allows the user to set function to reboot Vigor router remotely and get the router status via SMS. Go to LTE>>Router Commands to get the following page. Available settings are explained as follows: Item Description Reboot on SMS Message Enable with Password / To reboot Vigor router remotely via SMS, please check such box and type the password/PIN number (treated as...
Page 64 authentication for any mobile phone). The password shall be composed by letters, numbers and baseline. Access Control List Check the box to type or modify (up to 3) phone numbers. The phone number specified here is capable of sending SMS to reboot such Vigor router remotely.
Page 65: Ii-1-5 Status
Vigor router with LTE function is capable of accessing into Internet and able to send SMS to specified mobile phone. This page will display basic information about the embedded LTE module and the current LTE connection. Each item is explained as follows: Item Description Status...
Page 66 Max Channel RX Rate SMS Centre Number The phone number for SMS service of the LTE SIM card. SMS Service status Whether the SMS service of the LTE SIM card is ready. SMS Loading Whether the received SMS messages in the LTE SIM card have been loaded to the Router.
Page 67: Wan
It allows users to access Internet. IP means Internet Protocol. Every device in an IP-based Network including routers, print server, and host PCs, needs an IP address to identify its location on the network. To avoid address conflicts, IP addresses are publicly registered with the Network Information Centre (NIC).
Page 68: Web User Interface
This section will introduce some general settings of Internet and explain the connection modes for WAN in details. This webpage allows you to set general setup for WAN1and WAN3 respectively. Available settings are explained as follows: Item Description Index Click the WAN /LTE interface link under Index to access into the WAN configuration page.
Page 69 Available settings are explained as follows: Item Description Enable Choose Yes to invoke the settings for this WAN interface. Choose No to disable the settings for this WAN interface. Display Name Enter the description for such WAN interface. Physical Mode Display the physical mode of this WAN interface.
Page 70: Ii-2-1-2 Lte
To use 3G/4G network connection through 3G/4G USB Modem, please configure WAN3 interface. Available settings are explained as follows: Item Description Enable Choose Yes to invoke the settings for this WAN interface. Choose No to disable the settings for this WAN interface. Display Name Enter the description for such WAN interface.
Page 71: Ii-2-2 Internet Access
This page allows you to set WAN configuration with different modes. Available settings are explained as follows: Item Description Index Display the WAN interface. Display Name It shows the name of the WAN1/WAN2/LTE that entered in general setup. Physical Mode It shows the physical connection for WAN (Ethernet or fiber) according to the real network connection.
Page 72: Ii-2-2-1 Details Page For Pppoe/Pppoa In Wan1 (Physical Mode: Adsl)
Enable – Check the box to enable the function of DHCP Option. Each DHCP option is composed by an option number with data. For example, Option number:100 Data: abcd When such function is enabled, the specified values for DHCP option will be seen in DHCP reply packets. Interface –...
Page 73 Available settings are explained as follows: Item Description Enable/Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. ADSL Modem Settings Set up the DSL parameters required by your ISP.
Page 74 Username – Type in the username provided by ISP in this field. Password – Type in the password provided by ISP in this field. More Options –It shows optional settings for configuration.  Service Name - Enter the description of the specific network service.
Page 75 Detect – Click it to detect a suitable MTU value  Accept – After clicking it, the detected value will be  displayed in the field of MTU. PPP/MP Setup PPP Authentication – Select PAP only or PAP or CHAP for PPP.
Page 76 Note: To have PPPoA Pass-through, please choose PPPoA protocol and check the box(es) here. The router will behave like a modem which only serves the PPPoE client on the LAN. That’s, the router will offer PPPoA dial-up connection. MAC Address Default MAC Address –...
Page 77 Item Description Enable/Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. ADSL Modem Settings Set up the DSL parameters required by your ISP. These settings configured here are specified for ADSL only.
Page 78 DNS Server IP Address Type in the primary IP address for the router. If necessary, type in secondary IP address for necessity in the future. WAN Connection Such function allows you to verify whether network Detection connection is alive or not through ARP Detect or Ping Detect. Mode –...
Page 79 Path MTU to – Type the IP address as the specific  transmit path. MTU size start from – Determine the starting point  value of the packet. Default setting is 1500.  MTU reduce size by– It determines the decreasing size of MTU value.
Page 80: Ii-2-2-2 Details Page For Mpoa/Static Or Dynamic Ip In Wan1 (Physical Mode: Adsl) .64 Ii-2-2-3 Details Page For Pppoe In Wan1 (Physical Mode: Vdsl2)
To choose PPPoE as the accessing protocol of the Internet, please select PPPoE from the WAN>>Internet Access >>WAN1 page. The following web page will be shown. Available settings are explained as follows: Item Description Enable/Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
Page 81 group of account and password additionally. WAN Connection Such function allows you to verify whether network Detection connection is alive or not through ARP Detect or Ping Detect. Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection.
Page 82 Fixed IP Address – Type in a fixed IP address. WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using.
Page 83 MPoA is a specification that enables ATM services to be integrated with existing LANs, which use either Ethernet, token-ring or TCP/IP protocols. The goal of MPoA is to allow different LANs to send packets to each other via an ATM backbone. To use MPoA/Static or Dynamic IP as the accessing protocol of the Internet, select MPoA/Static or Dynamic IP from the WAN>>Internet Access >>WAN1 page.
Page 84 ISP.  Domain Name – Type in the domain name that you have assigned.  DHCP Client Identifier* - Check the box to specify username and password as the DHCP client identifier for some ISP.  Username: Type a name as username. The maximum length of the user name you can set is 63 characters.
Page 85 detection mode, you have to type Primary or Secondary IP address in this field for pinging.  Ping Gateway IP – If you choose Ping Detect as detection mode, you also can enable this setting to use current WAN gateway IP address for pinging. With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.
Page 86: Ii-2-2-4 Details Page For Mpoa/Static Or Dynamic Ip In Wan1 (Physical Mode: Vdsl2) 71 Ii-2-2-5 Details Page For Pppoe In Wan2 (Physical Mode: Ethernet)
To choose PPPoE as the accessing protocol of the Internet, please select PPPoE from the WAN>>Internet Access >>WAN2 page. The following web page will be shown. Available settings are explained as follows: Item Description Enable/Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
Page 87 Detection connection is alive or not through PPP Detect or Ping Detect. Mode – Choose PPP Detect or Ping Detect for the system to execute for WAN detection. If you choose Ping Detect as the detection mode, you have to type required settings for the following items.
Page 88: Ii-2-2-6 Details Page For Static Or Dynamic Ip In Wan2 (Physical Mode: Ethernet)
PPP/MP Setup PPP Authentication – Select PAP only or PAP or CHAP for PPP. Idle Timeout – Set the timeout for breaking down the Internet after passing through the time without any action. IP Assignment (IPCP)- Usually ISP dynamically assigns IP address to you each time you connect to it and request.
Page 89 To use Static or Dynamic IP as the accessing protocol of the internet, please click the Static or Dynamic IP tab. The following web page will be shown. Available settings are explained as follows: Item Description Enable / Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
Page 90 mode, you also can enable this setting to use current WAN gateway IP address for pinging. With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.  TTL (Time to Live) – Set TTL value of PING operation. ...
Page 91 than the current one you are using. Obtain an IP address automatically – Click this button to obtain the IP address automatically if you want to use Dynamic IP mode.  Router Name: Enter the router name provided by ISP. ...
Page 92: Ii-2-2-7 Details Page For Pptp
To use PPTP as the accessing protocol of the internet, please click the PPTP tab. The following web page will be shown. Available settings are explained as follows: Item Description PPTP Enable - Click this radio button to enable a PPTP client to establish a tunnel to a DSL modem on the WAN interface.
Page 93 Path MTU to – Choose the destination as the specific  transmit path and Enter the IP address. MTU size start from - Determine the starting point  value of the packet.  MTU reduce size by – It determines the decreasing size of MTU value.
Page 94: Ii-2-2-8 Details Page For Ipv6 - Offline
– – When Offline is selected, the IPv6 connection will be disabled. – – During the procedure of IPv4 PPPoE connection, we can get the IPv6 Link Local Address between the gateway and Vigor router through IPv6CP. Later, use DHCPv6 or accept RA to acquire the IPv6 prefix address (such as: 2001:B010:7300:200::/64) offered by the ISP.
Page 95: Ii-2-2-10 Details Page For Ipv6 - Tspc
RIPng Protocol RIPng (RIP next generation) offers the same functions and benefits as IPv4 RIP v2. Below shows an example for successful IPv6 connection based on PPP mode. Info At present, the IPv6 prefix can be acquired via the PPPoE mode connection which is available for the areas such as Taiwan (hinet), the Netherlands, Australia and UK.
Page 96 Available settings are explained as follows: Item Description Username Enter the name obtained from the broker. It is suggested for you to apply another username and password for http://gogonet.gogo6.com/page/freenet6-account. The maximum length of the name you can set is 63 characters.
Page 97: Ii-2-2-11 Details Page For Ipv6 - Aiccu
– – Available settings are explained as follows: Item Description Always On Check this box to keep the network connection always. Username Enter the name obtained from the broker. Please apply new account at http://www.sixxs.net/. It is suggested for you to apply another username and password.
Page 98: Ii-2-2-12 Details Page For Ipv6 - Dhcpv6 Client
detection mode, you have to type IP address in this field for pinging.  TTL (Time to Live) –If you choose Ping Detect as detection mode, you have to type TTL value. After finished the above settings, click OK to save the settings. –...
Page 99: Ii-2-2-13 Details Page For Ipv6 - Static Ipv6
– – This type allows you to setup static IPv6 address for WAN interface. Available settings are explained as follows: Item Description Static IPv6 Address IPv6 Address – Enter the IPv6 Static IP Address. configuration Prefix Length – Enter the fixed value for prefix length. Add –...
Page 100: Ii-2-2-14 Details Page For Ipv6 - 6In4 Static Tunnel
 Ping IP/Hostname – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging.  TTL (Time to Live) –If you choose Ping Detect as detection mode, you have to type TTL value. RIPng Protocol RIPng (RIP next generation) offers the same functions and benefits as IPv4 RIP v2.
Page 101 for pinging.  TTL (Time to Live) –If you choose Ping Detect as detection mode, you have to type TTL value. After finished the above settings, click OK to save the settings. Below shows an example for successful IPv6 connection based on 6in4 Static Tunnel mode. Vigor2620 Series User’s Guide...
Page 102: Ii-2-2-15 Details Page For Ipv6 - 6Rd
– – This type allows you to setup 6rd for WAN interface. Available settings are explained as follows: Item Description 6rd Mode Auto 6rd – Retrieve 6rd prefix automatically from 6rd service provider. The IPv4 WAN must be set as "DHCP". Static 6rd - Set 6rd options manually.
Page 103 Vigor2620 Series User’s Guide...
Page 104: Ii-2-3 Multi-Pvc/Vlan
Multi-VLAN allows users to create profiles for specific WAN interface and bridge connections for user applications that require very high network throughput. Simply go to WAN and select Multi-VLAN. Channel 1 to 2 have the following fixed assignments and cannot be altered. ...
Page 105 To configure a PVC channel, click its channel number. WAN links for Channel 5, 6 and 7 are provided for router-borne application such as TR-069. The settings must be applied and obtained from your ISP. For your special request, please contact with your ISP and then click WAN link of Channel 5, 6 and 7 to configure your router.
Page 106 Connection for this selected and the WAN. The WAN interface of the bridge Channel connection will be built upon the WAN type selected using the VLAN tag configured. Physical Members – Group the physical ports by checking the corresponding check box(es) for applying the port-based bridge connection.
Page 107 use. Always On – If selected, the router will maintain the PPPoE/PPPoA connection. Idle Timeout – Maximum length of time, in seconds, of idling allowed (no traffic) before the connection is dropped. IP Address From ISP - Specifies how the WAN IP address of the channel configured.
Page 108 Available settings are explained as follows: Item Description QoS Type Select a proper QoS type for the channel according to the information that your ISP provides. It represents Peak Cell Rate. The default setting is “0”. It represents Sustainable Cell Rate. The value of SCR must be smaller than PCR.
Page 109: Application Notes
This document is going to demonstrate how to implement an IPv6 address on Vigor Router's WAN. 1. Before configuring IPv6 on WAN, please make sure the router is connected to the IPv4 Internet. 2. Go to WAN >> Internet Access, click on IPv6 of the WAN interface that you would like to configure an IPv6 address.
Page 110 4. After accomplishing the configurations, Network Administrator may check the status from the IPv6 tab on Online Status >> Physical Connection page. 5. Furthermore, Network Administrator may test the connectivity of IPv6 from the router by going to Diagnostics >> Ping Diagnosis and selecting "IPv6". Below we will provide some examples of configuring IPv6 with different connection types.
Page 111 This applies if the IPv4 access mode is PPPoE, and the IPv4 ISP also provides an IPv6 address. To use IPv6 PPP, you just need to choose the Connection Type to "PPP", no other setting is required. In this mode, the IPv6 connectivity is provided by a tunnel broker on the IPv4 Internet through a tunnel set up by Tunnel Setup Protocol (TSP).
Page 112 If your ISP provides a static IPv6 address for you, you may configure that IPv6 address for WAN by doing the following steps: Set Connection Type to Static IPv6. Enter the IPv6 address and Prefix Length which provided by the ISP, and click Add. You should see the IPv6 address in Current IPv6 Address Table.
Page 113 In this mode, the IPv6 connectivity is provided by a tunnel broker on the IPv4 Internet through a tunnel configured manually. To use 6in4 Static Tunnel, you need sign up for a tunnel broker service and get an IPv6 address and routed IPv6 prefixes first. Then, configure the router as follows: Set Connection Type to 6in4 Static Tunnel.
Page 114: Lan
Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP. The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address.
Page 115 Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other. When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method.
Page 116: Web User Interface
A LAN comprises a collection of LAN clients, which are networked devices on your premises. A LAN client can be a computer, a printer, a Voice-over-IP (VoIP) phone, a mobile phone, a gaming console, an Internet Protocol Television (IPTV), etc, and can have either a wired (using Ethernet cabling) or wireless (using Wi-Fi) network connection.
Page 117 Available settings are explained as follows: Item Description General Setup Allow to configure settings for each subnet respectively. Index - Display all of the LAN items. Enable- Basically, LAN1 status is enabled in default. LAN2 and IP Routed Subnet can be observed by checking the Enable box.
Page 118: Ii-3-1-1 Details Page For Lan1 - Ethernet Tcp/Ip And Dhcp Setup
Info To configure a subnet, select its Detials Page button to bring up the LAN Details Page. – – There are two configuration pages for LAN1, Ethernet TCP/IP and DHCP Setup (based on IPv4) and IPv6 Setup. Click the tab for each type and refer to the following explanations for detailed information.
Page 119 given out to LAN DHCP clients. IP Pool Counts - The maximum number of IP addresses  to be handed out by DHCP. The default value is 200. Valid range is between 1 and 253. The actual number of IP addresses available for assignment is the IP Pool Counts, or 253 minus the last octet of the Start IP Address, whichever is smaller.
Page 120: Ii-3-1-2 Details Page For Lan2
If the IP address of a domain name is already in the DNS cache, the router will resolve the domain name immediately. Otherwise, the router forwards the DNS query packet to the external DNS server by establishing a WAN (e.g. DSL/Cable) connection.
Page 121 Configuration router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network.
Page 122: Ii-3-1-3 Details Page For Ip Routed Subnet
Status: If both the Primary IP and Secondary IP Address fields are left empty, the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache. If the IP address of a domain name is already in the DNS cache, the router will resolve the domain name immediately.
Page 123 Routing Information Protocol. DHCP Server DHCP stands for Dynamic Host Configuration Protocol. The Configuration router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network.
Page 124: Ii-3-1-4 Details Page For Lan Ipv6 Setup
There are two configuration pages for each LAN. Click the tab for each type and refer to the following explanations for detailed information. Below shows the settings page for IPv6. It provides 2 daemons for LAN side IPv6 address configuration. One is SLAAC(stateless) and the other is DHCPv6 (Stateful) server.
Page 125 Prefix Length – Enter the fixed value for prefix length. Add – Click it to add a new entry. Delete – Click it to remove an existed entry. Unique Local Address Unique Local Addresses (ULAs) are private IPv6 addresses (ULA) configuration assigned to LAN clients.
Page 126 Server could assign IPv6 address to PC according to the Start/End IPv6 address configuration. Disable Server –Click it to disable DHCPv6 server. IPv6 Address Random Allocation - Auto IPv6 range – After check the box, Vigor router will assign the IPv6 range automatically. Start IPv6 Address / End IPv6 Address –Enter the start and end address for IPv6 server.
Page 127: Ii-3-1-5 Advanced Dhcp Options
Min/Max Interval Time (sec) – It defines the interval (between minimum time and maximum time) for sending RA (Router Advertisement) packets. Default Lifetime (sec) –Within such period of time, Vigor2620 can be treated as the default gateway. Default Preference – It determines the priority of the host behind the router when RA (Router Advertisement) packets are transmitted.
Page 128 Available settings are explained as follows: Item Description Customized List Shows all the DHCP options that have been configured in the system. Enable If selected, DHCP option entry is enabled. If unselected, DHCP option entry is disabled. Interface LAN interface(s) to which this entry is applicable. Next Server IP Overrides the DHCP Next Server IP address (DHCP Option 66) Address/SIAddr...
Page 129: Ii-3-2 Vlan
Virtual Local Area Networks (VLANs) allow you to subdivide your LAN to facilitate management or to improve network security. Select LAN>>VLAN from the menu bar of the Web UI to bring up the VLAN Configuration page. The tagged VLANs (802.1q) can mark data with a VLAN identifier. This identifier can be carried through an onward Ethernet switch to specific ports.
Page 130 Info Settings in this page only applied to LAN port but not WAN port. Available settings are explained as follows: Item Description Enable Click it to enable VLAN configuration. P1 – P2– Check the LAN port(s) to group them under the selected VLAN.
Page 131 Inter-LAN Routing allows different LAN subnets to be interconnected or isolated. It is only available when the VLAN functionality is enabled. In the Inter-LAN Routing matrix, a selected checkbox means that the 2 intersecting LANs can communicate with each other. Vigor2620 series features a hugely flexible VLAN system.
Page 132: Ii-3-3 Bind Ip To Mac
Vigor router supports up to six private IP subnets on LAN. Each can be independent (isolated) or common (able to communicate with each other). This is ideal for departmental or multi-occupancy applications. Info As for the VLAN applications, refer to “Appendix I: VLAN Application on Vigor Router”...
Page 133 Available settings are explained as follows: Item Description Enable Click this radio button to invoke this function. However, IP/MAC which is not listed in IP Bind List also can connect to Internet. Disable Click this radio button to disable this function. All the settings on this page will be invalid.
Page 134 Strict Bind Check the box to block the connection of the IP/MAC which is not listed in IP Bind List. LAN clients will be assigned IP addresses according to the MAC-to-IP address associations on this page. LAN client whose MAC address has not been bound to an IP address will be denied network access.
Page 135 Info Before you select Strict Bind, you have to bind one set of IP/MAC address for one PC. If not, no one of the PCs can access into Internet. And the web user interface of the router might not be accessed. When you finish the configuration, click OK to save the settings.
Page 136: Nat
Usually, the router serves as an NAT (Network Address Translation) router. NAT is a mechanism that one or more private IP addresses can be mapped into a single public one. Public IP address is usually assigned by your ISP, for which you may get charged. Private IP addresses are recognized only among internal hosts.
Page 137: Web User Interface
Port Redirection is usually set up for server related service inside the local network (LAN), such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP address for each server and this public IP address/domain name are recognized by all users. Since the server is actually located inside the LAN, the network well protected by NAT of the router, and identified by its private IP address/port, the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping...
Page 138 Each item is explained as follows: Item Description Index Display the number of the profile. Enable Check the box to enable the profile. Service Name Display the description of the specific network service. WAN Interface Display the WAN IP address used by the profile. Protocol Display the transport layer protocol (TCP or UDP).
Page 139 Available settings are explained as follows: Item Description Enable Check this box to enable such port redirection setting. Mode Two options (Single and Range) are provided here for you to choose. To set a range for the specific service, select Range. In Range mode, if the public port (start port and end port) and the starting IP of private IP had been entered, the system will calculate and display the ending IP of private IP...
Page 140 Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc. Since the common port numbers of these services (servers) are all the same, you may need to reset the router in order to avoid confliction. For example, the built-in web user interface in the router is with default port 80, which may conflict with the web server in the local network, http://192.168.1.13:80.
Page 141: Ii-4-2 Dmz Host
As mentioned above, Port Redirection can redirect incoming TCP/UDP or other traffic on particular ports to the specific private IP address/port of host in the LAN. However, other IP protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN.
Page 142 Available settings are explained as follows: Item Description Choose Private IP or None first. Private IP Enter the private IP address of the DMZ host, or click Choose IP to select one. Choose IP Click this button and then a window will automatically pop up, as depicted below.
Page 143 Choose IP Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the screen.
Page 144: Ii-4-3 Open Ports
Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.
Page 145 Available settings are explained as follows: Item Description Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. Source IP Use the drop down list to specify an IP object. Or click IP Object link to create a new one for applying.
Page 146: Ii-4-4 Alg
After finishing all the settings here, please click OK to save the configuration. ALG means Application Layer Gateway. There are two methods provided by Vigor router, RTSP (Real Time Streaming Protocol) ALG and SIP (Session Initiation Protocol) ALG, for processing the packets of voice and video. RTSP ALG makes RTSP message, RTCP message, and RTP packets of voice and video be transmitted and received correctly via NAT by Vigor router.
Page 147 Check the box to make correspond protocol message packet from TCP transmit and receive via NAT. Check the box to make correspond protocol message packet from UDP transmit and receive via NAT. Vigor2620 Series User’s Guide...
Page 148: Applications
The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address.
Page 149: Web User Interface
Assume you have a registered domain name from the DDNS provider, say hostname.dyndns.org, and an account with username: test and password: test. Open Applications>>Dynamic DNS. In the DDNS setup menu, check Enable Dynamic DNS Setup. Available settings are explained as follows: Item Description Enable Dynamic DNS...
Page 150 Enable Check the box to enable this account. Domain Name Display the domain name that you set on the setting page of DDNS setup. Select Index number 1 to add an account for the router. Check Enable Dynamic DNS Account, and choose correct Service Provider: dyndns.org, Enter the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block.
Page 151 Enable Dynamic DNS Check this box to enable the current account. If you did Account check the box, you will see a check mark appeared on the Active column of the previous web page in step 2). Service Provider Select the service provider for the DDNS account. Provider Host Enter the IP address or the domain name of the host which provides related service.
Page 152: Ii-5-2 Schedule
Uncheck Enable Dynamic DNS Setup, and click Clear All button to disable the function and clear all accounts from the router. The Vigor router has a built-in clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only schedule the router to dialup to the Internet at a specified time, but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours.
Page 153 Available settings are explained as follows: Item Description Enable Schedule Check to enable the schedule. Setup Comment Type a short description for such schedule. Start Date Specify the starting date of the schedule. (yyyy-mm-dd) Start Time (hh:mm) Specify the starting time of the schedule. Duration Time Specify the duration (or period) for the schedule.
Page 154 How Often Specify how often the schedule will be applied.  Once -The schedule will be applied just once  Weekdays -Specify which days in one week should perform the schedule.  Monthly, on date – The router will only execute the action applied such schedule on the date (1 to 28) of a month.
Page 155: Ii-5-3 Radius
Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers. It is the most common method of authenticating and authorizing dial-up and tunneled network users. The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication.
Page 156: Ii-5-4 Upnp
The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”.
Page 157: Ii-5-5 Igmp
IGMP is the abbreviation of Internet Group Management Protocol. It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups. Available settings are explained as follows: Item Description IGMP Proxy Check this box to enable this function. The application of multicast will be executed through WAN /PVC/VLAN port.
Page 158: Ii-5-5-2 Working Group
After finishing all the settings here, please click OK to save the configuration. Available settings are explained as follows: Item Description Refresh Click this link to renew the working multicast group status. Group ID This field displays the ID port for the multicast group. The available range for IGMP starts from 224.0.0.0 to 239.255.255.254.
Page 159: Ii-5-6 Sms Alert Service
The function of SMS (Short Message Service) Alert is that Vigor router sends a message to user’s mobile or e-mail box through specified service provider to assist the user knowing the real-time abnormal situations. Vigor router allows you to set up to 10 SMS profiles which will be sent out according to different conditions.
Page 160: Application Notes
Vigor router supports various DDNS service providers, user can set up user-defined profile to update the DDNS even the service provider is not on the list. Now, DrayTek starts to support our own DDNS service - DrayDDNS. We will provide a domain name for each Vigor Router, this single domain name can record IP addresses of all WAN.
Page 161 Tick Enable Dynamic DNS Setup b. Click an available profile index c. Tick Enable Dynamic DNS Account d. Select DrayTek Global (www.drayddns.com) as Service Provider e. Select the WAN you would like to upload the IP to DDNS server f. Click Get domain g.
Page 162 Currently, only the domain name is allowed to be modified MyVigor website. We will need to register the router to MyVigor server, and log in to MyVigor website to modify it. Please visit https://myvigor.draytek.com/ or go to Applications >> Dynamic DNS Setup >> DrayDDNS profile and click Edit domain.
Page 163 Input the desired Domain name (e.g., XXXX25) and click Update. Vigor router will get the modified domain name when the it performs next DDNS updating. We can click Sync domain to accelerate this process. After few seconds, the router will get the new domain name and print it on the profiles list.
Page 164 Vigor2620 Series User’s Guide...
Page 165: How To Configure Customized Ddns
This article describes how to configure customized DDNS on Vigor routers to update your IP to the DDNS server. We will take “Changeip.org” and “3322.net” as example. Before setting, please make sure that the WAN connection is up. Note that, Username: jo*** Password: jo******** Host name: j*****.changeip.org...
Page 166 Now we have to configure the router so it can do the same job for us automatically. Please go to Applications >> Dynamic DNS to create a profile for user-defined DDNS client. Set the Service Provider as User-Defined. Set the Service API as: /dynamic/dns/update.asp?u=jo***&p=jo********&hostname=j****.changeip.org&ip=###IP ### &cmd=update&offline=0 In which, ###IP### is a value which will be replaced with the current interface IP...
Page 167 To update the IP to the DDNS server via editing the HTML script, we can Enter the following script on the browser: “good 111.243.178.53” means our IP has been updated to the server successfully. Now we have to configure the router so it can do the same job for us automatically. Please go to Applications >>...
Page 168 The customized Service Provider is also eligible with the ClouDNS.net. Vigor2620 Series User’s Guide...
Page 169: Routing
Other routing Specify routing policy to determine the direction of the data transmission. Info For more detailed information about using policy route, refer to Support >>FAQ/Application Notes on www.draytek.com. Vigor2620 Series User’s Guide...
Page 170: Web User Interface
Static routing is an alternative to dynamic routing. It is a process that the system network administrator can configure network routers with all the required information for packet forwarding. Go to Routing >> Static Route. The router offers IPv4 and IPv6 for you to configure the static route.
Page 171 Here is an example (based on IPv4) of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router. Assuming the Internet access has been configured and the router works properly: use the Main Router to surf the Internet.
Page 172 Click the LAN >> Static Route and click on the Index Number 1. Check the Enable box. Please add a static route as shown below, which regulates all packets destined to 192.168.10.0 will be forwarded to 192.168.1.2. Click OK. Available settings are explained as follows: Item Description Enable...
Page 173 Go to Diagnostics and choose Routing Table to verify current routing table. You can set up to 40 profiles for IPv6 static route. Click the IPv6 tab to open the following page: Available settings are explained as follows: Item Description Set to Factory Default Clear all of the settings and return to factory default settings.
Page 174 Available settings are explained as follows: Item Description Enable Click it to enable this profile. Destination IPv6 Address / Enter the IP address with the prefix length for this entry. Prefix Len Gateway IPv6 Address Enter the gateway address for this entry. Network Interface Use the drop down list to specify an interface for this static route.
Page 175: Part Iii Wireless Lan
Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access. Vigor2620 Series User’s Guide...
Page 176: Wireless Lan
This function is used for “n” model only. Over recent years, the market for wireless communications has enjoyed tremendous growth. Wireless technology now reaches or is capable of reaching virtually every location on the surface of the earth. Hundreds of millions of people exchange information every day via wireless communication products.
Page 177 Vigor router supports four SSID settings for wireless connections. Each SSID can be defined with different name and download/upload rate for selecting by stations connected to the router wirelessly. Vigor Router is equipped with a hardware AES encryption engine so it can apply the highest protection to your data without influencing user experience.
Page 178 It will display all the stations in your wireless network and the status of their connection. WPS (Wi-Fi Protected Setup) provides easy procedure to make network connection between wireless station and wireless access point (vigor router) with the encryption of WPA and WPA2.
Page 179 On the side of Vigor2620 series which served as an AP, press WPS button once on the  front panel of the router or click Start PBC on web configuration interface. On the side of a station with network card installed, press Start PBC button of network card. If you want to use PIN code, you have to know the PIN code specified in wireless client.
Page 180: Web User Interface
Item Description Name Enter the SSID name of this router for wireless connection. The default name is defined with DrayTek. Change the name if required. Mode At present, the router can connect to 11b Only, 11g Only, 11n Only, Mixed (11b+11g), Mixed (11g+11n) and Mixed (11b+11g+11n) stations simultaneously.
Page 181 Channel Means the channel of frequency of the wireless LAN. The default channel is 6. You may switch channel if the selected channel is under serious interference. If you have no idea of choosing the frequency, please select Auto to let system determine for you.
Page 182 manually in this field below or automatically negotiated via 802.1x authentication. Either 8~63 ASCII characters, such as 012345678(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). Rate Control Check the box to enable the rate control function. Upload / Download - Enter the values as the limits for data upload and data download.
Page 183: Iii-1-2 General Setup
By clicking the Wireless LAN>>General Setup, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Available settings are explained as follows: Item Description Enable Wireless LAN Check the box to enable wireless function.
Page 184 Hide SSID Check it to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN. Depending on the wireless utility, the user may only see the information except SSID or just cannot see any thing about Vigor wireless router while site surveying.
Page 185: Iii-1-3 Security
This page allows you to set security with different modes for SSID 1, 2, 3 and 4 respectively. After configuring the correct settings, please click OK to save and invoke it. The password (PSK) of default security mode is provided and stated on the label pasted on the bottom of the router.
Page 186 There are several modes provided for you to choose. Mode Info You should also set RADIUS Server simultaneously if 802.1x mode is selected. Disable - Turn off the encryption mechanism. WEP - Accepts only WEP clients and the encryption key should be entered in WEP Key.
Page 187: Iii-1-4 Access Control
128-Bit - For 128 bits WEP key, either 13 ASCII characters, such as ABCDEFGHIJKLM (or 26 hexadecimal digits leading by 0x, such as 0x4142434445464748494A4B4C4D). All wireless devices must support the same WEP encryption bit size and have the same key. Four keys can be entered here, but only one key can be selected at a time.
Page 188: Iii-1-5 Wps
(expressed by MAC addresses) listed in the box can be grouped under different wireless LAN. For example, they can be grouped under SSID 1 and SSID 2 at the same time if you check SSID 1 and SSID 2. MAC Address Filter Display all MAC addresses that are edited before.
Page 189 Item Description Enable WPS Check this box to enable WPS setting. WPS Status Display related system information for WPS. If the wireless security (encryption) function of the router is properly configured, you can see ‘Configured’ message here. SSID Display the SSID1 of the router. WPS is supported by SSID1 only.
Page 190: Iii-1-6 Wds
WDS means Wireless Distribution System. It is a protocol for connecting two access points (AP) wirelessly. Usually, it can be used for the following application:  Provide bridge traffic between two LANs through the air.  Extend the coverage range of a WLAN. Refer to the following table: WDS Mode Wireless...
Page 191 Available settings are explained as follows: Item Description Mode Choose the mode for WDS setting. Disable mode will not invoke any WDS setting. Repeater mode is for the second one. Security There are three types for security, Disable, WEP and Pre-shared key.
Page 192 performance. If you want to invoke the peer MAC address, remember to check Enable box in the front of the MAC address after typing. Repeater If you choose Repeater as the connecting mode, please Enter the peer MAC address (of VigorAP/Vigor router required to make connection with such Vigor router and used to extend the wireless signal) in these fields.
Page 193: Iii-1-7 Advanced Setting
This page allows users to set advanced settings such as operation mode, channel bandwidth, guard interval, and aggregation MSDU for wireless data transmission. Available settings are explained as follows: Item Description Operation Mode Mixed Mode – the router can transmit data with the ways supported in both 802.11a/b/g and 802.11n standards.
Page 194 use Long Preamble if needed to communicate with this kind of devices. Packet-OVERDRIVE TX This feature can enhance the performance in data Burst transmission about 40%* more (by checking Tx Burst). It is active only when both sides of Access Point and Station (in wireless client) invoke this function at the same time.
Page 195 Country Code Vigor router broadcasts country codes by following the 802.11d standard. However, some wireless stations will detect / scan the country code to prevent conflict occurred. If conflict is detected, wireless station will be warned and is unable to make network connection. Therefore, changing the country code to ensure successful network connection will be necessary for some clients.
Page 196: Iii-1-8 Ap Discovery
Vigor router can scan all regulatory channels and find working APs in the neighborhood. Based on the scanning result, users will know which channel is clean for usage. Also, it can be used to facilitate finding an AP for a WDS link. Notice that during the scanning process (about 5 seconds), no client is allowed to connect to Vigor.
Page 197: Iii-1-9 Station List
Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Available settings are explained as follows: Item Description...
Page 198 This page is left blank. Vigor2620 Series User’s Guide...
Page 199: Part Iv Vpn
A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link.
Page 200: Vpn And Remote Access
A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link.
Page 201: Web User Interface
Such wizard is used to configure VPN settings for VPN client. Such wizard will guide to set the LAN-to-LAN profile for VPN dial out connection (from server to client) step by step. Open Wizards>>VPN Client Wizard. The following page will appear. Available settings are explained as follows: Item Description...
Page 202 When you finish the mode and profile selection, please click Next to open the following page. In this page, you have to select suitable VPN type for the VPN client profile. There are six types provided here. Different type will lead to different configuration page. After making the choices for the client profile, please click Next.
Page 203 When you choose IPsec, you will see the following graphic: When you choose SSL, you will see the following graphic: Vigor2620 Series User’s Guide...
Page 204 When you choose L2TP over IPsec (Nice to Have) or L2TP over IPsec (Must), you will see the following graphic: Available settings are explained as follows: Item Description Profile Name Type a name for such profile. The length of the file is limited Vigor2620 Series User’s Guide...
Page 205 to 10 characters. Always On Check to enable router always keep VPN connection. Server IP/Host Name Enter the IP address of the server or Enter the host name for for VPN such VPN profile. IKE Authentication IKE Authentication Method usually applies to those are Method remote dial-in user or node (LAN to LAN) which uses dynamic IP address and IPsec-related VPN connections such as L2TP...
Page 206 Available settings are explained as follows: Item Description Go to the VPN Click this radio button to access VPN and Remote Connection Access>>Connection Management for viewing VPN Management Connection status. Do another VPN Click this radio button to set another profile of VPN Server Server Wizard Setup through VPN Server Wizard.
Page 207: Iv-1-2 Vpn Server Wizard
Such wizard is used to configure VPN settings for VPN server. Such wizard will guide to set the LAN-to-LAN profile for VPN dial in connection (from client to server) step by step. Open Wizards>>VPN Server Wizard. The following page will appear. Available settings are explained as follows: Item Description...
Page 208 Different Dial-in Type will lead to different configuration page. In addition, adjustable items for each dial-in type will be changed according to the VPN Server Mode (Site to Site VPN and Remote Dial-in User) selected. After making the choices for the server profile, please click Next. You will see different configurations based on the selection you made.
Page 209 When you check IPsec, you will see the following graphic: Available settings are explained as follows: Item Description Profile Name Type a name for such profile. The length of the file is limited to 10 characters. User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above.
Page 210 Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPsec policy above. The length of the name is limited to 11 characters. Pre-Shared Key For IPsec/L2TP IPsec authentication, you have to type a pre-shared key.
Page 211: Iv-1-3 Remote Access Control
Item Description Go to the VPN Click this radio button to access VPN and Remote Connection Access>>Connection Management for viewing VPN Management Connection status. Do another VPN Click this radio button to set another profile of VPN Server Server Wizard Setup through VPN Server Wizard.
Page 212: Iv-1-4 Ppp General Setup
This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPsec. Available settings are explained as follows: Item Description Dial-In PPP Authentication PAP Only - elect this option to force the router to authenticate dial-in users with the PAP protocol. PAP/CHAP/MS-CHAP/MS-CHAPv2 - Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first.
Page 213 authentication. You should further specify the User Name and Password of the mutual authentication peer. The length of the name/password is limited to 23/19 characters. IP Address Assignment for Enter a start IP address for the dial-in PPP connection. You Dial-In Users should choose an IP address from the local private network.
Page 214: Iv-1-5 Ipsec General Setup
In IPsec General Setup, there are two major parts of configuration. There are two phases of IPsec.  Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman parameter values, and lifetime to protect the following IKE exchange, authentication of both peers using either a Pre-Shared Key or Digital Signature (x.509).
Page 215 IPsec tunnel. There are two methods offered by Vigor router for you to authenticate the incoming data coming from remote dial-in user, Certificate (X.509) and Pre-Shared Key. Certificate for Dial-in –Choose one of the local certificates from the drop down list. General Pre-Shared Key - Define the PSK key for general authentication.
Page 216: Iv-1-6 Ipsec Peer Identity
To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote User Dial-In connection, here you may edit a table of peer certificate for selection. As shown below, the router provides 32 entries of digital certificates for peer dial-in users. Available settings are explained as follows: Item Description...
Page 217 Available settings are explained as follows: Item Description Profile Name Enter the name of the profile. The maximum length of the name you can set is 32 characters. Enable this account Check it to enable such account profile. Accept Any Peer ID Click to accept any peer regardless of its identity.
Page 218: Iv-1-7 Remote Dial-In User
You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via VPN connection. You may set parameters including specified connection peer ID, connection type (VPN connection - including PPTP, IPsec Tunnel, and L2TP by itself or over IPsec) and corresponding security methods, etc.
Page 219 profile is empty. Status Display the access state of the specific dial-in user. The symbol V and X represent the specific dial-in user to be active and inactive, respectively. Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right.
Page 220 None - Do not apply the IPsec policy. Accordingly, the  VPN connection employed the L2TP without IPsec policy can be viewed as one pure L2TP connection. Nice to Have - Apply the IPsec policy first, if it is  applicable during negotiation.
Page 221: Iv-1-8 Lan To Lan
pre-shared key. Digital Signature (X.509) – Check the box of Digital Signature to invoke this function and Select one predefined Profiles set in the VPN and Remote Access >>IPsec Peer Identity. IPsec Security Method This group of fields is a must for IPsec Tunnels and L2TP with IPsec Policy when you specify the remote node.
Page 222 Name Indicate the name of the LAN-to-LAN profile. The symbol ??? represents that the profile is empty. Active V – means the profile has been enabled. X – means the profile has not been enabled. Status Online – means such LAN to LAN profile is in use. Offline –...
Page 223 WAN1 Only /WAN2 Only/ LTE Only - While connecting,  the router will use WAN1/WAN2/WAN3 or LTE/WAN4 as the only channel for VPN connection. WAN1 Only: Only establish VPN if WAN2 down - If  WAN2 failed, the router will use WAN1 for VPN connection.
Page 224 authentication of remote server. IPsec Tunnel - Build an IPsec VPN connection to the server through Internet. L2TP with IPsec Policy - Build a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPsec. Select from below: ...
Page 225 scheme. DES with Authentication-Use DES encryption  algorithm and apply MD5 or SHA-1 authentication algorithm. 3DES without Authentication-Use triple DES  encryption algorithm and not apply any authentication scheme. 3DES with Authentication-Use triple DES  encryption algorithm and apply MD5 or SHA-1 authentication algorithm.
Page 226 Local ID-In Aggressive mode, Local ID is on behalf of the IP address while identity authenticating with remote VPN server. The length of the ID is limited to 47 characters. Schedule Profile - Set the wireless LAN to work at certain time interval only.
Page 227 Nice to Have - Apply the IPsec policy first, if it is  applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection.  Must - Specify the IPsec policy to be definitely applied on the L2TP connection. SSL Tunnel- Allow the remote dial-in user to trigger an ...
Page 228 Encryption Standard (DES), Triple DES (3DES), and AES. TCP/IP Network My WAN IP –This field is only applicable when you select Settings PPTP or L2TP with or without IPsec policy above. The default value is 0.0.0.0, which means the Vigor router will get a PPP IP address from the remote router during the IPCP negotiation phase.
Page 229 sessions which are not coming from the IP address defined in the Virtual IP Mapping list. After checking the box of IPSec VPN with the Same subnet, the options under TCP/IP Network Settings will be changed as shown below: Remote Network IP/ Remote Network Mask - Add a static route to direct all traffic destined to this Remote Network IP Address/Remote Network Mask through the VPN connection.
Page 230 After finishing all the settings here, please click OK to save the configuration. Vigor2620 Series User’s Guide...
Page 231: Iv-1-9 Connection Management
You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Available settings are explained as follows: Item Description Dial-out Tool This filed displays the profile configured in LAN-to-LAN (with...
Page 232: Ssl Vpn
An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. There are two benefits that SSL VPN provides:  It is not necessary for users to preinstall VPN client software for executing SSL VPN connection.
Page 233: Web User Interface
This page determines the general configuration for SSL VPN Server and SSL Tunnel. Available settings are explained as follows: Item Description Bind to WAN Choose and check WAN interface(s) for SSL VPN tunnel establishment. Port Such port is set for SSL VPN server. It will not affect the HTTPS Port configuration set in System Maintenance>>Management.
Page 234: Iv-2-2 User Account
With SSL VPN, Vigor2620 series let teleworkers have convenient and simple remote access to central site VPN. The teleworkers do not need to install any VPN software manually. From regular web browser, you can establish VPN connection back to your main office even in a guest network or web cafe.
Page 235 Click each index to edit one remote user profile. Available settings are explained as follows: Item Description User account and Enable this account - Check the box to enable this function. Authentication Idle Timeout- If the dial-in user is idle over the limitation of the timer, the router will drop this connection.
Page 236 Item Description L2TP with IPSec Policy - Allow the remote dial-in user to make a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPSec. Select from below:  None - Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection.
Page 237 Item Description IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node. Check the Medium, DES, 3DES or AES box as the security method. Medium-Authentication Header (AH) means data will be authenticated, but not be encrypted.
Page 238: Iv-2-3 Ssl Portal Online User
If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access into DrayTek SSL VPN portal interface. Next, users can open SSL VPN>> Online Status to view logging status of SSL VPN.
Page 239: Certificate Management
A digital certificate works as an electronic ID, which is issued by a certification authority (CA). It contains information such as your name, a serial number, expiration dates etc., and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
Page 240: Web User Interface
Available settings are explained as follows: Item Description Generate Click this button to open Generate Certificate Request window. Enter all the information that the window requests. Then click Generate again. Import Click this button to import a saved file as the certification information.
Page 241 Info Please be noted that “Common Name” must be configured with router’s WAN IP or domain name. After clicking GENERATE, the generated information will be displayed on the window below: Vigor router allows you to generate a certificate request and submit it the CA server, then import it as “Local Certificate”.
Page 242 Available settings are explained as follows: Item Description Upload Local Certificate It allows users to import the certificate which is generated by Vigor router and signed by CA server. If you have done well in certificate generation, the Status of the certificate will be shown as “OK”.
Page 243 Click this button to refresh the information listed below. Click this button to view the detailed settings for certificate request. Info You have to copy the certificate request information from above window. Next, access your CA server and enter the page of certificate request, copy the information into it and submit a request.
Page 244: Iv-3-2 Trusted Ca Certificate
Therefore, Vigor router offers a mechanism which allows you to generate root CA to save time and provide convenience for general user. Later, such root CA generated by DrayTek server can perform the issuing of local certificate. Info Root CA can be deleted but not edited.
Page 245 To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window. For viewing each trusted CA certificate, click View to open the certificate detail information window.
Page 246: Iv-3-3 Certificate Backup
Local certificate and Trusted CA certificate for this router can be saved within one file. Please click Backup on the following screen to save them. If you want to set encryption password for these certificates, please type characters in both fields of Encrypt password and Confirm password.
Page 247: Part V Security
While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet.
Page 248: Firewall
While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet.
Page 249 Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy static packet filtering, which examines a packet based on the information in its header, stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid.
Page 250: Web User Interface
Below shows the menu items for Firewall. General Setup allows you to adjust settings of IP Filter and common options. Here you can enable or disable the Call Filter or Data Filter. Under some circumstance, your filter set can be linked to work in a serial manner. So here you assign the Start Filter Set only. Also you can configure the Log Flag settings, Apply IP filter to VPN incoming packets, and Accept incoming fragmented UDP packets.
Page 251 Data Filter Check Enable to activate the Data Filter function. Assign a start filter set for the Data Filter. Always pass inbound Some on-line games (for example: Half Life) will use lots of fragmented large fragmented UDP packets to transfer game data. Instinctively packets…...
Page 252 Such page allows you to choose filtering profiles including QoS, Load-Balance policy, WCF, APP Enforcement, URL Content Filter, for data transmission via Vigor router. Available settings are explained as follows: Item Description Filter Select Pass or Block for the packets that do not match with the filter rules.
Page 253 URL Content Filter Select one of the URL Content Filter profile settings (created in CSM>> URL Content Filter) for applying with this router. Please set at least one profile for choosing in CSM>> URL Content Filter web page first. Or choose [Create New] from the drop down list in this page to create a new profile.
Page 254 performance will be. However, if the network is not stable, small value will be proper. Session timeout – Setting timeout for sessions can make the best utilization of network resources. Backup Firewall Click Backup to save the firewall configuration. Restore Firewall Click Select to choose a firewall configuration file.
Page 255: V-1-2 Filter Setup
Click Firewall and click Filter Setup to open the setup page. To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule.
Page 256 Action Display the packets to be passed /blocked. Display the content security managed Move Up/Down Use Up or Down link to move the order of the filter rules. Next Filter Set Set the link to the next filter set to be executed after the current filter run.
Page 257 Source/Destination IP Click Edit to access into the following dialog to choose the source/destination IP or IP ranges. Protocol Specify the protocol(s) which this filter rule will apply to. Source Port / (=) – when the first and last value are the same, it indicates Destination Port one port;...
Page 258 down list in this page to create a new profile. All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here. For detailed information, refer to the section of APP Enforcement profile setup. For troubleshooting needs, you can specify to record information for IM/P2P by checking the Log box.
Page 259 To use Advance Mode, do the following steps: 1. Click the Advance Mode radio button. 2. Click Index 1 to access into the following page. Available settings are explained as follows: Item Description Enable Check this box to enable the filter rule. Comments Enter filter set comments/description.
Page 260 source/destination IP or IP ranges. To set the IP address manually, please choose Any Address/Single Address/Range Address/Subnet Address as the Address Type and type them in this dialog. In addition, if you want to use the IP range from defined groups or objects, please choose Group and Objects as the Address Type.
Page 261 Protocol - Specify the protocol(s) which this filter rule will apply to. Source/Destination Port – (=) – when the first and last value are the same, it indicates one port; when the first and last values are different, it indicates a range for the port and available for this service type.
Page 262 related section later. APP Enforcement Select an APP Enforcement profile for global IM/P2P application blocking. If there is no profile for you to select, please choose [Create New] from the drop down list in this page to create a new profile. All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here.
Page 263 TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web page. The default setting is Enabled.
Page 264: V-1-3 Dos Defense
As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Available settings are explained as follows: Item Description Enable Dos Defense...
Page 265 Enable UDP flood defense Check the box to activate the UDP flood defense function. Once detecting the Threshold of the UDP packets from the Internet has exceeded the defined value, the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout.
Page 266 Activating the DoS/DDoS defense functionality might block some legal packets. For example, when you activate the fraggle attack defense, all broadcast UDP packets coming from the Internet are blocked. Therefore, the RIP packets from the Internet might be dropped. Block TCP flag scan Check the box to activate the Block TCP flag scan function.
Page 267: V-1-3-2 Spoofing Defense
After finishing all the settings here, please click OK to save the configuration. Click the Spoofing Defense tab to open the setup page. Vigor2620 Series User’s Guide...
Page 268: Application Notes
We can specify certain computers (e.g., 192.168.1.10 ~ 192.168.1.20) accessing to Internet through Vigor router. Others (e.g., 192.168.1.31 and 192.168.1.32) outside the range can get the source from LAN only. The way we can use is to set two rules under Firewall. For Rule 1 of Set 2 under Firewall>>Filter Setup is used as the default setting, we have to create a new rule starting from Filter Rule 2 of Set 2.
Page 269 Check the box of Check to enable the Filter Rule. Enter the comments (e.g., block_all). Choose Block If No Further Match for the Filter setting. Then, click OK. Info In default, the router will check the packets starting with Set 2, Filter Rule 2 to Filter Rule 7.
Page 270 A dialog box will be popped up. Choose Range Address as Address Type by using the drop down list. Type 192.168.1.10 in the field of Start IP, and type 192.168.1.20 in the field of End IP. Then, click OK to save the settings. The computers within the range can access into the Internet.
Page 271 Both filter rules have been created. Click OK. Now, all the settings are configured well. Only the computers with the IP addresses within 192.168.1.10 ~ 192.168.1.20 can access to Internet. Vigor2620 Series User’s Guide...
Page 272: Central Security Management (Csm)
CSM is an abbreviation of Central Security Management which is used to control IM/P2P usage, filter the web content and URL content to reach a goal of security management. As the popularity of all kinds of instant messenger application arises, communication cannot become much easier.
Page 273: Web User Interface
You can define policy profiles for IM (Instant Messenger)/P2P (Peer to Peer)/Protocol/Misc application. This page allows you to set 32 profiles for different requirements. The APP Enforcement Profile will be applied in Default Rule of Firewall>>General Setup for filtering. Available settings are explained as follows: Item Description Set to Factory Default...
Page 274 Available settings are explained as follows: Item Description Profile Name Type a name for the CSM profile. The maximum length of the name you can set is 15 characters. Select All Click it to choose all of the items in this page. Clear All Uncheck all the selected boxes.
Page 275: V-2-2 Url Content Filter Profile
To provide an appropriate cyberspace to users, Vigor router equips with URL Content Filter not only to limit illegal traffic from/to the inappropriate web sites but also prohibit other web feature where malicious code may conceal. Once a user Enter or click on an URL with objectionable keywords, URL keyword blocking facility will decline the HTTP request to that web page thus can limit user’s access to the website.
Page 276 Administration Message You can Enter the message manually for your necessity. Default Message - You can Enter the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message.
Page 277 Pass – Only the log about Pass will be recorded in Syslog. Block – Only the log about Block will be recorded in Syslog. All – All the actions (Pass and Block) will be recorded in Syslog. URL Access Control Enable URL Access Control - Check the box to activate URL Access Control.
Page 278 Web Feature Enable Web Feature Restriction- Check this box to make the keyword being blocked or passed. Action - This setting is available only when Either: URL Access Control First or Either: Web Feature First is selected. Pass - Allow accessing into the corresponding webpage with the keywords listed on the box below.
Page 279: V-2-3 Web Content Filter Profile
Please refer to section of creating MyVigor account. WCF adopts the mechanism developed and offered by certain service provider (e.g., DrayTek). No matter activating WCF feature or getting a new license for web content filter, you have to click Activate to satisfy your request.
Page 280 You need to specify a server for categorize searching when you type URL in browser based on the web content filter profile. Find more - Click it to open http://myvigor.draytek.com for searching another qualified and suitable server. Setup Test Server It is recommended for you to use the default setting, auto-selected.
Page 281 user tries to access the same destination ID, the router will check it by comparing the record stored. If it matches, the page will be retrieved quickly. Such item can provide URL matching with the fastest rate. L1+L2 Cache – the router will check the URL with fast processing rate combining the feature of L1 and L2.
Page 282 If the web pages do not match with the specified feature set here, they will be processed with the categories listed on the box below. Action Pass - allow accessing into the corresponding webpage with the categories listed on the box below. Block - restrict accessing into the corresponding webpage with the categories listed on the box below.
Page 283: Application Notes
The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Anti-Spam, Web Content Filter, Anti-Intrusion, and etc.) to filtering the web pages for the sake of protecting your system. To access into MyVigor for getting more information, please create an account for MyVigor.
Page 284 2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. The system will ask if you are 16 years old or over.  If yes, click I am 16 or over. Vigor2620 Series User’s Guide...
Page 285  If not, click I am under 16 years old to get the following page. Then, click I and my legal guardian agree. 5. After reading the terms of service/privacy policy, click Agree. 6. In the following page, enter your personal information in this page and then click Continue.
Page 286 8. Now you have created an account successfully. 9. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 10. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished.
Page 287 12. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. Vigor2620 Series User’s Guide...
Page 288: How To Block Facebook Service Accessed By The Users Via Web Content Filter / Url Content Filter
There are two ways to block the facebook service, Web Content Filter and URL Content Filter. Web Content Filter, Benefits: Easily and quickly implement the category/website that you want to block. Note: License is required. URL Content Filter, Benefits: Free, flexible for customize webpage. Note: Manual setting (e.g., one keyword for one website.) Make sure the Web Content Filter (powered by Commtouch) license is valid.
Page 289 Open CSM >> Web Content Filter Profile to create a WCF profile. Check Social Networking with Action, Block. Enable this profile in Firewall>>General Setup>>Default Rule. Vigor2620 Series User’s Guide...
Page 290 Next time when someone accesses facebook via this router, the web page would be blocked and the following message would be displayed instead. II. Via URL Content Filter A. Block the web page containing the word of “Facebook” Open Object Settings>>Keyword Object. Click an index number to open the setting page.
Page 291 When you finished the above steps, click OK. Then, open Firewall>>General Setup. Click the Default Rule tab. Choose the profile just configured from the drop down list in the field of URL Content Filter. Now, users cannot open any web page with the word “facebook”...
Page 292 Open CSM>>URL Content Filter Profile. Click an index number to open the setting page. Configure the settings as the following figure. When you finished the above steps, please open Firewall>>General Setup. Click the Default Rule tab. Choose the profile just configured from the drop down list in the field of URL Content Filter.
Page 293 Vigor2620 Series User’s Guide...
Page 294 This page is left blank. Vigor2620 Series User’s Guide...
Page 295: Part Vi Management
There are several items offered for the Vigor router system setup: System Status, TR-069, Administrator Password, User Password, Configuration Backup, Syslog /Mail Alert, Time and Date, SNMP, Management, Panel Control, Self-Signed Certificate, Reboot System, Firmware Upgrade, and Activation. It is used to control the bandwith of data transmission through configuration of Sessions Limit, Bandwidth Limit, and Quality of Servie (QoS).
Page 296: System Maintenance
For the system setup, there are several items that you have to know the way of configuration: System Status, TR-069, Administrator Password, User Password, Configuration Backup, Syslog /Mail Alert, Time and Date, SNMP, Management, Panel Control, Self-Signed Certificate, Reboot System, Firmware Upgrade and Activation. Below shows the menu items for System Maintenance.
Page 297: Web User Interface
The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information. Also, you could get the current running firmware version or firmware related information from this presentation. Available settings are explained as follows: Item Description Model Name Display the model name of the router.
Page 298 - Display the MAC address of the WAN Interface. Connection - Display the connection type. IP Address - Display the IP address of the WAN interface. Default Gateway - Display the assigned IP address of the default gateway. IPv6 Address - Display the IPv6 address for LAN. Scope - Display the scope of IPv6 address.
Page 299 This device supports TR-069 standard. It is very convenient for an administrator to manage a TR-069 device through an Auto Configuration Server e.g., VigorACS. Available settings are explained as follows: Item Description Tr069 Click Enable to activate the settings on this page. ACS Server On Choose the interface for the router connecting to ACS server.
Page 300 Test With Inform – Click it to send a message based on the event code selection to test if such CPE is able to communicate with VigorACS SI server. Event Code – Use the drop down menu to specify an event to perform the test.
Page 301: Vi-1-3 Administrator Password
This page allows you to set new password. Available settings are explained as follows: Item Description Administrator Password Old Password - Enter the old password. The factory default setting for password is “admin”. New Password -Enter new password in this field. The length of the password is limited to 23 characters.
Page 302: Vi-1-4 User Password
This page allows you to set new password for user operation. Available settings are explained as follows: Item Description Enable User Mode for After checking this box, you can access into the web user simple web configuration interface with the password typed here for simple web configuration.
Page 303 3. The following screen will appear. Simply click OK. 4. Log out Vigor router web user interface by clicking the Logout button. 5. The following window will be open to ask for username and password. Enter the new user password in the filed of Password and click Login. 6.
Page 304: Vi-1-5 Configuration Backup
Such function can be used to apply the router settings configured by other Vigor router to Vigor2620. Follow the steps below to backup your configuration. Go to System Maintenance >> Configuration Backup. The following page will be popped-up, as shown below. Available settings are explained as follows: Item Description...
Page 305 Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Info Backup for Certification must be done independently.
Page 306: Vi-1-6 Syslog/Mail Alert
SysLog function is provided for users to monitor router. Available settings are explained as follows: Item Description SysLog Access Setup Enable - Check Enable to activate function of syslog. Syslog Save to – Check Syslog Server to save the log to Syslog server.
Page 307 some e-mail server uses https as the transmission method. Authentication - Check this box to activate this function while using e-mail application. User Name - Enter the user name for authentication. Password - Enter the password for authentication. Enable E-mail Alert - Check the box to send alert message to the e-mail box while the router detecting the item(s) you specify here.
Page 308: Vi-1-7 Time And Date
It allows you to specify where the time of the router should be inquired from. Available settings are explained as follows: Item Description Current System Time Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as router’s system time.
Page 309: Vi-1-8 Snmp
Interval Send NTP Request Specify a WAN interface to send NTP request for time Through synchronization. Click OK to save these settings. This page allows you to configure settings for SNMP and SNMPV3 services. The SNMPv3 is more secure than SNMP through the encryption method (support AES and DES) and authentication method (support MD5 and SHA) for the management needs.
Page 310 The maximum length of the text is limited to 23 characters. Manager Host IP (IPv4) Set one host as the manager to execute SNMP function. Please Enter IPv4 address to specify certain host. Manager Host IP (IPv6) Set one host as the manager to execute SNMP function. Please Enter IPv6 address to specify certain host.
Page 311: Vi-1-9 Management
This page allows you to manage the settings for Internet/LAN Access Control, Access List from Internet, Management Port Setup, TLS/SSL Encryption Setup, CVM Access Control and Device Management. The management pages for IPv4 and IPv6 protocols are different. Available settings are explained as follows: Item Description Router Name...
Page 312 Logout icon manually. Internet Access Control Allow management from the Internet - Enable the checkbox to allow system administrators to login from the Internet. There are several servers provided by the system to allow you managing the router from Internet. Check the box(es) to specify.
Page 313 connect, however, it's not recommended. AP Management Enable AP Management – Check it to enable the function of Central Management>>AP. If unchecked, menu items related to Central Management>>AP will be hidden. Device Management Check the box to enable the device management function for Vigor2620.
Page 314: Vi-1-10 Panel Control
The behavior of the buttons on the front panel of the Vigor router can be customized as desired. The Factory Reset and Wireless ON/OFF/WPS buttons on the front panel are enabled by default and can be enabled or disabled if required. Disabling the Factory Reset button will prevent tampering by unauthorized parties, or to avoid accidental triggering of a router reset when being used wake up LEDs.
Page 315: Vi-1-11 Self-Signed Certificate
A self-signed certificate is a unique identification for the device (e.g., Vigor router) which generates the certificate by itself to ensure the router security. Such self-signed certificate is signed with its own private key. The self-signed certificate will be applied in SSL VPN, HTTPS, and so on. In addition, it can be created for free by using a wide variety of tools.
Page 316 Vigor2620 Series User’s Guide...
Page 317: Vi-1-12 Reboot System
The Web user interface may be used to restart your router. Click Reboot System from System Maintenance to open the following page. Schedule Profile - You can Enter four sets of time schedule for performing system reboot. All the schedules can be set previously in Applications >> Schedule web page and you can use the number that you have set in that web page.
Page 318: Vi-1-13 Firmware Upgrade
Click System Maintenance>> Firmware Upgrade to proceed to firmware upgrade. Click Select to specify the one you just download. After choosing the file you want, click Upgrade. The system will upgrade the firmware of the router automatically. Vigor2620 Series User’s Guide...
Page 319: Vi-1-14 Activation
After you have finished the setting profiles for WCF (refer to Web Content Filter Profile), it is the time to activate the mechanism for your computer. Click System Maintenance>>Activation to open the following page for accessing http://myvigor.draytek.com. Available settings are explained as follows: Item...
Page 320 Below shows the successful activation of Web Content Filter: Vigor2620 Series User’s Guide...
Page 321: Bandwidth Management
A PC with private IP address can access to the Internet via NAT router. The router will generate the records of NAT sessions for such connection. The P2P (Peer to Peer) applications (e.g., BitTorrent) always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted.
Page 322 Vigor routers as edge routers of DS domain shall check the marked DSCP value in the IP header of bypassing traffic, to allocate certain amount of resource execute appropriate policing, classification or scheduling. The core routers in the backbone will do the same checking before executing treatments in order to ensure service-level consistency throughout the whole QoS-enabled network.
Page 323: Web User Interface
Below shows the menu items for Bandwidth Management. In the Bandwidth Management menu, click Sessions Limit to open the web page. To activate the function of limit session for IPv4 and/or IPv6, simply click Enable and set the default session limit. Available settings are explained as follows: Item Description...
Page 324 Limitation List Displays a list of specific limitations that you set on this web page. Specific Limitation Start IP- Defines the start IP address for limit session. End IP - Defines the end IP address for limit session. Maximum Sessions - Defines the available session number for each host in the specific range of IP addresses.
Page 325: Vi-2-2 Bandwidth Limit
In the Bandwidth Management menu, click Bandwidth Limit to open the web page. To activate the function of limit bandwidth for IPv4 and /or IPv6, simply click Enable and set the default upstream and downstream limit. Available settings are explained as follows: Item Description Bandwidth Limit...
Page 326 Specific Limitation Start IP - Define the start IP address for limit bandwidth. End IP - Define the end IP address for limit bandwidth. Each /Shared - Select Each to make each IP within the range of Start IP and End IP having the same speed defined in TX limit and RX limit fields;...
Page 327: Vi-2-3 Quality Of Service
In the Bandwidth Management menu, click Quality of Service to open the web page. Available settings are explained as follows: Item Description General Setup Index – Display the WAN interface number link that you can edit. Enable – Check the box to enable the QoS function for WAN interface.
Page 328 Click the WAN1/WAN2/LTE link to access into next page for the general setup of WAN interface. As to class rule, simply click the Edit link to access into next for configuration. You can configure general setup for the WAN interface, edit the Class Rule, and edit the Service Type for the Class Rule for your request.
Page 329 Click WAN interface number link to configure the limited bandwidth ratio for QoS of the WAN interface. Available settings are explained as follows: Item Description Enable UDP Bandwidth Set the limited bandwidth ratio. This is a protection of TCP Control application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth.
Page 330 After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. For adding a new rule, click Add to open the following page. Available settings are explained as follows: Item Description...
Page 331 Remote Address Click the Edit button to set the remote IP address (on LAN/WAN) for the rule. Address Type – Determine the address type for the source address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and End IP address.
Page 332 To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. For adding a new service type, click Add to open the following page. Available settings are explained as follows: Item Description...
Page 333 By the way, you can set up to 10 service types. If you want to edit/delete an existed service type, please select the radio button of that one and click Edit/Edit for modification. Packets coming from LAN IP can be retagged through QoS setting. When the packets sent out through WAN interface, all of them will be tagged with certain header and that will be easily to be identified by server on ISP.
Page 334: Application Notes
Internet connection line? The advanced bandwidth management technology-QoS (Quality of Service) helps you to well allocate the bandwidth upon your demand of Voice, Video, or Data transferring. Let's see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below.
Page 335 In the pop-up window, choose Range Address as the Address Type and Enter the start IP address and end IP address in relational fields. Click OK to save the settings and exit the window. Click OK again to save the settings. Vigor2620 Series User’s Guide...
Page 336 The class rule for VoIP has been set. Click OK to return to previous page. Do the same steps to add class rules for IPTV and Data/Email with IP addresses as shown below. Assuming you get 2MB/512Kb Internet line. You can check Enable of WAN1 to set up the bandwidth for different groups among VoIP, IPTV and Data/Email.
Page 337 10. Enter 30, 50 and 15 in the boxes for VoIP, IPTV and Data/Email respectively. 11. Click the WAN1 link and check the box of Enable UDP Bandwidth Control. 12. Click OK to save the settings. Vigor2620 Series User’s Guide...
Page 338: Central Management (Ap)
Vigor2620L can manage the access points supporting AP management via Central AP Management. AP Map is helpful to determine the best location for VigorAP in a room. A floor plan of a room is required to be uploaded first. By dragging and dropping available VigorAP icon from the list to the floor plan, the placement with the best wireless coverage will be clearly indicated through simulated signal strength Vigor router can execute configuration backup, configuration restoration, firmware upgrade...
Page 339: Web User Interface
This page shows VigorAP’s information about Status, Event Log, Total Traffic or Station Number by displaying VigorAP icon, text and histogram. Just move and click your mouse cursor on Status, Event Log, Total Traffic or Station Number. Corresponding web pages will be open immediately.
Page 340: Vi-3-2 Status
This page displays current status (online, offline or SSID hidden, IP address, encryption, channel, version, password and etc.) of the access points managed by Vigor router. Please open Central AP Management>>Function Support List to check what AP Models are supported. Available settings are explained as follows: Item Description...
Page 341: Vi-3-3 Wlan Profile
WLAN profile is used to apply to a selected access point. It is very convenient for the administrator to configure the setting for access point without opening the web user interface of the access point. Click the number link of the selected profile to modify the content of the profile. Available settings are explained as follows: Item Description...
Page 342 Simply choose the device you want from Existing Device field. Click >> to move the device to Selected Device field. Then, click OK. The selected WLAN profile will be applied to the selected access point immediately. Later the access point will reboot. To Local WLAN Profile configured in this page is specified for VigorAP connected to Vigor router.
Page 343 1. Select the WLAN profile (index number 1 to 5) you want to edit. 2. Click the index number link to display the following page. Info The function of Auto Provision is available for the default WLAN profile. Vigor2620 Series User’s Guide...
Page 344 3. After finished the general settings configuration, click Next to open the following page for 2.4G wireless security settings. Vigor2620 Series User’s Guide...
Page 345 4. After finished the above web page configuration, click Next to open the following page for 5G wireless security settings. 5. When you finished the above web page configuration, click Finish to exit and return to the first page. The modified WLAN profile will be shown on the web page. Vigor2620 Series User’s Guide...
Page 346: Vi-3-4 Ap Maintenance
Vigor router can execute configuration backup, configuration restoration, firmware upgrade and remote reboot for the APs managed by the router. It is very convenient for the administrator to process maintenance without accessing into the web user interface of the access point. Info Config Backup can be performed to one AP at one time.
Page 347: Vi-3-5 Traffic Graph
Select Device and Selected Device areas. Selected Device Display the access points that will be applied by such function after clicking OK. After finishing all the settings here, please click OK to perform the action. Click Traffic Graph to open the web page. Choose one of the managed Access Points, LAN-A or LAN-B, daily or weekly for viewing data transmission chart.
Page 348: Vi-3-6 Temperature Sensor
Many VigorAPs and Vigor routers can be installed with temperature sensor. If VigorAP (e.g., VigorAP 910C) is managed under Vigor router, then Vigor router can obtain the temperature change graph of the USB temperature sensor installed onto VigorAP. This page displays data including current temperature, maximum temperature, minimum temperature and average temperature.
Page 349: Vi-3-8 Total Traffic
Such page will display the total traffic of data receiving and data transmitting for VigorAPs managed by Vigor router. The total number of the wireless clients will be shown on this page. Vigor2620 Series User’s Guide...
Page 350: Vi-3-10 Load Balance
The parameters configured for Load Balance can help to distribute the traffic for all of the access points registered to Vigor router. Thus, the bandwidth will not be occupied by certain access points. Available settings are explained as follows: Item Description AP Load Balance It is used to determine the operation mode when the system...
Page 351 Download Limit – Use the drop down list to specify the traffic limit for downloading. Action When Threshold Stop accepting new connections – When the number of Exceeded stations or the traffic reaches the threshold defined in this web page, Vigor router will stop any new connection asked by other access point.
Page 352 This page is left blank. Vigor2620 Series User’s Guide...
Page 353: Part Vii Others
Define objects such as IP address, service type, keyword, file extension and others. These pre-defined objects can be applied in CSM. Vigor2620 Series User’s Guide...
Page 354: Objects Settings
Define objects such as IP address, service type, keyword, file extension and others. These pre-defined objects can be applied in CSM. Vigor2620 Series User’s Guide...
Page 355: Web User Interface
For IPs in a range and service ports in a limited range usually will be applied in configuring router’s settings, therefore we can define them with objects and bind them with groups for using conveniently. Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address).
Page 356 Available settings are explained as follows: Item Description View Use the drop down list to choose a type (Single Address, Range Address, Subnet Address, Mac Address or all) that IP object with the selected type will be shown on this page. Set to Factory Default Clear all profiles.
Page 357 it, press Download to store the default CSM template (a table without any input data) to your hard disk. Download – Download the CSV file from Vigor router and store in your hard disk. Restore IP Object Select – Click it to specify a predefined CSV file. Restore –...
Page 358 Subnet Mask Enter the subnet mask if the Subnet Address type is selected. Invert Selection If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Below is an example of IP objects settings.
Page 359: Vii-1-2 Ip Group
This page allows you to bind several IP objects into one IP group. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1.
Page 360: Vii-1-3 Ipv6 Object
Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose WAN, LAN or Any to display all the available IP objects with the specified interface. Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box.
Page 361 To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile.
Page 362: Vii-1-4 Ipv6 Group
This page allows you to bind several IPv6 objects into one IPv6 group. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1.
Page 363: Vii-1-5 Service Type Object
Available settings are explained as follows: Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Available IPv6 All the available IPv6 objects with the specified interface Objects chosen above will be shown in this box. Selected IPv6 Objects Click >>...
Page 364 To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile.
Page 365: Vii-1-6 Service Type Group
After finishing all the settings, please click OK to save the configuration. This page allows you to bind several service types into one group. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure.
Page 366 To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Group column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile.
Page 367: Vii-1-7 Keyword Object
You can set 200 keyword object profiles for choosing as black /white list in CSM >>URL Web Content Filter Profile. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile.
Page 368 To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile, e.g., game.
Page 369: Vii-1-8 Keyword Group
This page allows you to bind several keyword objects into one group. The keyword groups set here will be chosen as black /white list in CSM >>URL /Web Content Filter Profile. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles.
Page 370: Vii-1-9 File Extension Object
Available settings are explained as follows: Item Description Name Type a name for this group. Maximum 15 characters are allowed. Available Keyword You can gather keyword objects from Keyword Object page Objects within one keyword group. All the available Keyword objects that you have created will be shown in this box.
Page 371 To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Profile column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Profile Name Type a name for this profile.
Page 372: Vii-1-10 Sms Service Object
This page allows you to set ten profiles which will be applied in Application>>SMS Service Object. Each item is explained as follows: Item Description Set to Factory Default Clear all of the settings and return to factory default settings. Index Display the profile number that you can configure.
Page 373 Service Provider Use the drop down list to specify the service provider which offers SMS service. Username Type a user name that the sender can use to register to selected SMS provider. The maximum length of the name you can set is 31 characters.
Page 374 Vigor router offers several SMS service provider to offer the SMS service. However, if your service provider cannot be found from the service provider list, simply use Index 9 and Index 10 to make customized SMS service. The profile name for Index 9 and Index 10 are fixed. You can click the number (e.g., #9) under Index column for configuration in details.
Page 375: Vii-1-11 Notification Object
characters. Password Type a password that the sender can use to register to selected SMS provider. The maximum length of the password you can set is 31 characters. Quota Enter the total number of the messages that the router will send out.
Page 376 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Profile Name Type a name for such notification profile. The maximum length of the name you can set is 15 characters. Category Display the types that will be monitored. Status Display the status for the category.
Page 377: Vii-1-12 String Object
This page allows you to set string profiles which will be applied in route policy (domain name selection for destination) and etc. Available settings are explained as follows: Item Description Click it to open the following page for adding a new string object.
Page 378: Application Notes
Follow the steps listed below: Log into the web user interface of Vigor router. Configure relational objects first. Open Object Settings>>SMS Server Object to get the following page. Index 1 to Index 8 allows you to choose the built-in SMS service provider. If the SMS service provider is not on the list, you can configure Index 9 and Index 10 to add the new service provider to Vigor router.
Page 379 After finished the settings, click OK to return to previous page. Now you have finished the configuration of the SMS Provider profile setting. Open Object Settings>>Notification Object to configure the event conditions of the notification. Choose any index number (e.g., Index 1 in this case) to configure conditions for sending the SMS.
Page 380 After finished the settings, click OK to return to previous page. You have finished the configuration of the notification object profile setting. Now, open Applications >> SMS Alert Service. Use the drop down list to choose SMS Provider and the Notify Profile (specify the time of sending SMS). Then, Enter the phone number in the field of Recipient Number (the one who will receive the SMS).
Page 381 Choose one of the Index numbers (9 or 10) allowing you to customize the SMS Provider. In the web page, Enter the URL string of the SMS provider and Enter the username and password. After clicking OK, the new added SMS provider will be added and will be available for you to specify for sending SMS out.
Page 382 This page is left blank. Vigor2620 Series User’s Guide...
Page 383: Part Viii Troubleshooting
This part will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Vigor2620 Series User’s Guide...
Page 384: Viii-1 Diagnostics
Backing to factory default setting if necessary.  If all above stages are done and the router still cannot run normally, it is the time for you to contact your dealer or DrayTek technical support for advanced help. Vigor2620 Series User’s Guide...
Page 385: Web User Interface
Fisrt, take a look at the menu items under Diagnostics. Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Click Diagnostics and click Dial-out Triggering to open the web page. The internet connection (e.g., PPPoE) is triggered by a package sending from the source IP address. Available settings are explained as follows: Item Description...
Page 386: Viii-1-2 Routing Table
Click Diagnostics and click Routing Table to open the web page. Available settings are explained as follows: Item Description Refresh Click it to reload the page. Vigor2620 Series User’s Guide...
Page 387: Viii-1-3 Arp Cache Table
Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Available settings are explained as follows: Item Description Show...
Page 388: Viii-1-4 Ipv6 Neighbour Table
The table shows a mapping between an Ethernet hardware address (MAC Address) and an IPv6 address. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click IPv6 Neighbour Table to open the web page. Available settings are explained as follows: Item Description...
Page 389: Viii-1-5 Dhcp Table
The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click DHCP Table to open the web page. Available settings are explained as follows: Item Description Index It displays the connection item number.
Page 390: Viii-1-6 Nat Sessions Table
Click Diagnostics and click NAT Sessions Table to open the list page. Available settings are explained as follows: Item Description Private IP:Port It indicates the source IP address and port of local PC. #Pseudo Port It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host.
Page 391: Viii-1-7 Dns Cache Table
Click Diagnostics and click DNS Cache Table to open the web page. The record of domain Name and the mapping IP address for answering the DNS query from LAN will be stored on Vigor router’s Cache temporarily and displayed on Diagnostics >> DNS Cache Table.
Page 392 Click Diagnostics and click Ping Diagnosis to open the web page. Available settings are explained as follows: Item Description IPV4 /IPV6 Choose the interface for such function. Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Auto to be determined by the router automatically.
Page 393 want to ping. IP Address Enter the IP address of the Host/IP that you want to ping. Ping IPv6 Address Enter the IPv6 address that you want to ping. Click this button to start the ping work. The result will be displayed on the screen.
Page 394 Available settings are explained as follows: Item Description Enable Data Flow Monitor Check this box to enable this function. Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically.
Page 395 Current /Peak/Speed Current means current transmission rate and receiving rate for WAN interface. Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General Setup. If you do not specify any rate at that page, here will display Auto for instead.
Page 396 Click Diagnostics and click Traffic Graph to open the web page. Choose WAN1 Bandwidth, Sessions, Ping Detect, daily or weekly for viewing different traffic graph. Click Reset to zero the accumulated RX/TX (received and transmitted) data of WAN. Click Refresh to renew the graph at any time.
Page 397 Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply Enter the IP address of the host in the box and click Run. The result of route trace will be shown on the screen. Available settings are explained as follows: Item Description...
Page 398 to ping through. Host/IP Address It indicates the IP address of the host. Trace Host/IP Address It indicates the IPv6 address of the host. Click this button to start route tracing work. Clear Click this link to remove the result on the window. IPv6 TSPC status web page could help you to diagnose the connection status of TSPC.
Page 399 This page can display content of IP connection detected by DoS Flooding Defense mechanism. It is useful and convenient for network engineers (e.g., MIS engineer) to inspect the network environment to find out if there is any abnormal connection. Information of IP traced and destination port used for SYN Flood, UDP Flood and ICMP Flood attacks will be detected and shown respectively on different pages.
Page 400 However, if an IP address is comfirmed to be blocked due to its abnormal behavior, click the Blocking IP List tab to block it forever. For example, IP address “192.168.1.123” (displayed on the following web page) will be blocked forever. Available settings are explained as follows: Item Description...
Page 401 Follow the steps below to verify the hardware status. Check the power line and WLAN/LAN cable connections. Refer to “I-2 Hardware Installation” for details. Turn on the router. Make sure the Activity LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status.
Page 402 Info The example is based on Windows 7. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.DrayTek.com. Open All Programs>>Getting Started>>Control Panel. Click Network and Sharing Center. In the following window, click Change adapter settings.
Page 403 Select Internet Protocol Version 4 (TCP/IP) and then click Properties. Select Obtain an IP address automatically and Obtain DNS server address automatically. Finally, click OK. Vigor2620 Series User’s Guide...
Page 404 Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2620 Series User’s Guide...
Page 405 The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer.
Page 406 Vigor2620 Series User’s Guide...
Page 407  If the problem of LEDs cannot be solved by the above measures, please contact with the nearest reseller, or send an e-mail to DrayTek FAE for technical support.  Check if the settings offered by ISP are configured well or not.
Page 408 Sometimes, a wrong connection can be improved by returning to the default settings. Try to reset the router by software or hardware. Such function is available in Admin Mode only. Info After pressing factory default setting, you will loose all settings you did before.
Page 409 If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@DrayTek.com. Vigor2620 Series User’s Guide...
Page 410 This page is left blank. Vigor2620 Series User’s Guide...
Page 411 Vigor2620 Series User’s Guide...
Page 412 This chapter also gives you a general description for accessing telnet and describes the firmware versions for the routers explained in this manual. Info For Windows 7 user, please make sure the Windows Features of Telnet Client has been turned on under Control Panel>>Programs. Type cmd and press Enter.
Page 413 Vigor2620 Series User’s Guide...
Page 414 This command allows the user to adjust the percentage of data transmission (receiving/transmitting) for QoS application. adsl txpct <auto/percent> adsl rxpct <auto/percent> Parameter Description <auto> It means auto detection of ADSL transmission packet. <percent> Specify the percentage of ADSL transmission packet. Available range is 10-100.
Page 415 This parameter is used only for PPPoE/PPPoA <Password> This parameter is used only for PPPoE/PPPoA You have to reboot the system when you set it on Route mode. > adsl ppp o 35 8 1 1 4 1 -1 draytek draytek pvc no.=0 vci=35 vpi=8...
Page 416 AcquireIP: Dhcp_client(1) Idle timeout:-1 Username=draytek Password=draytek This command can specify a LAN port (LAN1 to LAN4) for mapping to certain PVC, and the mapping port/PVC will be operated in bridge mode. adsl bridge <pvc_no/status/save/enable/disable> <on/off/clear/tag tag_no><service type>...
Page 417 PVC 0 & 1 can't set for bridge mode. Please use 'save' to save config. This command can make the router accessing into the idle status. If you want to invoke the router again, you have to reboot the router by using “reboot” command. adsl idle <on / tcpmessage / tcpmessage_off>...
Page 418 This command is used to test if the connection between CPE and CO is OK or not. adsl oamlb <n><type> adsl oamlb chklink <on/off> adsl oamlb <log_on/log_off> Parameter Description <n> It means the total number of transmitted packets. n=F4~F5 <type> It means the protocol that you can use.
Page 419 This command can display the annex interface of this router. > adsl annex % hardware is annex A. % VDSL2 modem code is annex A/B/C This command is used to add or remove ADSL modes (such as ANNEXL, ANNEXM and ANNEXJ) supported by Multimode.
Page 420 > adsl showbins 2 30 DOWNSTREAM : -------------------------------------------------------------------------- Bin SNR Gain Bi - Bin SNR Gain Bi - Bin SNR Gain Bi - Bin SNR Gain Bi dB .1dB ts dB .1dB ts dB .1dB ts dB .1dB ts --- ----- ---- -- - --- ----- ---- -- - --- ----- ---- -- - --- ----- ---- -- --- ----- ---- -- - --- ----- ---- -- - --- ----- ---- -- - --- ----- ---- -- Bin SNR Gain Bi - Bin SNR Gain Bi - Bin SNR Gain Bi - Bin SNR Gain Bi dB .1dB ts...
Page 421 > adsl savecfg % Xdsl Cfg Save OK! This command allows you to configure user-defined CPE vendor ID. adsl vendorid <status/on/off> <set vid0 vid1> Parameter Description <status> Display current status of user-defined vendor ID. <on> Enable the user-defined function. <off> Disable the user-defined function.
Page 422 > adsl atm pcr 1 200 max % PCR is 200 for pvc 1. > adsl atm pcr status channel --------------------------- > adsl atm mbs 2 300 max % MBS is 300 for pvc 2. This command can configure PVC to PVC binding. Such command is available only for PPPoE and MPoA 1483 Bridge mode.
Page 423 adsl inventory cpe Parameter Description It means DSLAM (Digital Subscriber Line Access Multiplexer) or CO (Central Office). It means CPE (Customer Premise Equipment). > adsl inventory co xDSL inventory info only available in showtime. > adsl inventory cpe G.994 vendor ID : 0XB5004946544E5444 G.994.1 country code : 0XB500...
Page 424 This command can make the router accessing into the idle status. If you want to invoke the router again, you have to reboot the router by using “reboot” command. vdsl idle <on / tcpmessage /tcpmessage_off> Parameter Description DSL is under test mode. DSL debug tool mode is off.
Page 425 vdsl showbins <startbin> <endbin> vdsl showbins up Parameter Description <startbin> Enter a number as startbin. startbin= 0 ~ 4092. <endbin> Enter a number as endbin. Endbin= 4 ~ 4095. Show upstream information. > vdsl showbins 2 30 DOWNSTREAM : -------------------------------------------------------------------------- Bin SNR Gain Bi - Bin SNR Gain Bi - Bin SNR Gain Bi - Bin SNR Gain Bi dB .1dB ts dB .1dB ts...
Page 426 trellis [US] = OFF, [DS] = > vdsl optn default trellis [US] = ON, [DS] = bitswap [US] = 0, [DS] = [0: default(ON), 1: ON, 2: OFF] [US] = 0, [DS] = [0: default(=3), 2: OFF, 3: ON , 4: DYNAMIC_SOS] retx [US] = ON, [DS] =...
Page 427 Parameter Description It means DSLAM (Digital Subscriber Line Access Multiplexer) or CO (Central Office). It means CPE (Customer Premise Equipment). > vdsl inventory co xDSL inventory info only available in showtime. > vdsl inventory cpe G.994 vendor ID : 0XB5004946544E5444 G.994.1 country code : 0XB500 G.994.1 provider code...
Page 428 > csm appe prof -i 1 setdefault APPE Profile 1 was reseted. It is used to configure group settings for IM/P2P/Protocol and Others in APP Enforcement Profile. csm appe set -i INDEX -v <GROUP> csm appe set -i INDEX -e <AP_IDX> csm appe set -i INDEX -d <AP_IDX>...
Page 429 ------------------------------------------------------------- PROTOCOL PROTOCOL PROTOCOL PROTOCOL HTTP PROTOCOL IMAP PROTOCOL IMAP STARTTLS PROTOCOL 2.4.0 ………… It is used to display the configuration status (enabled or disabled) for IM/P2P/Protocol/Other applications. csm appe config -v <INDEX><-i/-p/-t/-m> Parameter Description <INDEX> It means to specify the index number of CSM profile. INDEX= 1~32.
Page 430 csm ucf msg MSG csm ucf obj <INDEX> -n <PROFILE_NAME> -l <P/B/A> <uac>< wf> csm ucf obj <INDEX> -n <PROFILE_NAME> csm ucf obj <INDEX> -p <VALUE> csm ucf obj <INDEX> <-l P/B/A> csm ucf obj <INDEX> uac csm ucf obj <INDEX> wf Parameter Description show...
Page 431 csm ucf obj <INDEX> uac -i <E/D> csm ucf obj <INDEX> uac -o <KEY_WORD_Object_Index> csm ucf obj <INDEX> uac -g <KEY_WORD_Group_Index> Parameter Description <INDEX> It means to specify the index number of CSM profile. INDEX= 1~8. It means to view the protocol configuration of the CSM profile. It means to enable the function of URL Access Control.
Page 432 It means to configure the settings regarding to Web Feature (wf). csm ucf obj <INDEX> wf -v csm ucf obj <INDEX> wf -e csm ucf obj <INDEX> wf -d csm ucf obj <INDEX> wf -a <P/B> csm ucf obj <INDEX> wf -s <WEB_FEATURE> csm ucf obj <INDEX>...
Page 433 It means to configure the settings regarding to web control filter (wcf). csm wcf show csm wcf look csm wcf cache csm wcf server WCF_SERVER csm wcf msg MSG csm wcf setdefault csm wcf obj <INDEX> -v csm wcf obj <INDEX> -a <P/B> csm wcf obj <INDEX>...
Page 434 It means to select the items under CATEGORY or WEB_GROUP. <CATEGORY/WEB_GROUP> <WEB_GROUP>: Includes "Child Protection Group", "Leisure Group", "Business Group", "Chating Group", "Computer Internet Group", "Other Group" <CATEGORY>: Includes "Advertisement & Pop-Ups", "Alcohol & Tobacco", "Anonymizers", "Arts", "Business", "Transportation", "Chat", "Forums &...
Page 435 > csm wcf obj 1 -n test_wcf Profile Index: 1 Profile Name:[test_wcf] []White/Black list Action:[block] No Obj NO. Object Name --- -------- --------------------------------- No Grp NO. Group Name --- -------- --------------------------------- Action:[block] Log:[block] -------------------------------------------------------------------------- child Protection Group: [v]Alcohol & Tobacco [v]Criminal &...
Page 436 This command allows users to set Dynamica DNS account. ddns set option <value> Parameter Description It means index number of Dynamic DNS Account. <value> <value>=1~6 -E <value> It means to enable /disable Dynamic DNS Account. <value>=0~1 0: Disable 1: Enable -W <value>...
Page 437 17: Viettel DDNS (vddns.vn) 18: vigorddns.com (www.vigorddns.com) 19: ZoneEdit DDNS (dynamic.zoneedit.com) T <value> It means to type Servive Type. <value>= 1~3 1: Dynamic 2: Custom 3: Static -D <Host Name> <sub It means to type Domain Name. Domain Name> i.e: Account index 1 setting Domain Name for Dynamic Service Type >>...
Page 438 [ ] Enable Dynamic DNS Account WAN Interface: WAN1 First Service Provider: dyn.com (www.dyn.com) Service Type: Dynamic Domain Name: [].[] Login Name: [ ] Wildcards [ ] Backup MX Mail Extender: Determine Real WAN IP: WAN IP DrayTek> Vigor2620 Series User’s Guide...
Page 439 This command allows users to configure the settings for DoS defense system. dos <-V / D / A> dos -s <ATTACK_F> <THRESHOLD> <TIMEOUT> dos <-a /-e> <ATTACK_F><ATTACK_0> dos -d <ATTACK_F><ATTACK_0> dos -o <LOG_TYPE> -p<LOG_TYPE> -l <LOG_TYPE> dos <-P/-B> add4 <ipv4_addr> dos <-P/-B>...
Page 440 The Dos Defense system is Activated >dos –s synflood 50 10 Synflood is enabled! Threshold=50 <pke/sec> timeout=10 <pke/sec> DrayTek> dos -P add4 192.168.1.59 Add IP in Passing IP List success. Type this command will leave telnet window. This command allows you to configure detailed settings for WAN connection.
Page 441 Parameter Description <command><parameter>| The available commands with parameters are listed below. …] […] means that you can Enter several commands in one line. -M <n> M means to set Internet Access Mode (Mandatory) and n means different modes (represented by 0 – 3) n=0: Offline n=1: PPPoE n=2: Dynamic IP...
Page 442 -D <dial string> Set Modem Dial String (max. 31 characters) for USB PPP mode. -v <service name> Set Service Name (max. 23 characters) for USB PPP mode. -m <ppp username> Set PPP Username (max. 63 characters) for USB PPP mode. -o <ppp password>...
Page 443 -k <username> Set ADSL account Username (max. 49 characters) when Separate Account is enabled. -l <password> Set ADSL account Password (max. 49 characters) when Separate Account is enabled. >internet -M 1 -S tcom -u username -p password -a 0 -t -1 -i 0.0.0.0 WAN1 Internet Mode set to PPPoE/PPPoA WAN1 ISP Name set to tcom WAN1 Username set to username...
Page 444 Parameter Description Display current IP address which allows users set as the public subnet IP address. <public subnet IP Specify an IP address. The system will set the one that you address> specified as the public subnet IP address. > ip pubaddr ? % ip addr <public subnet IP address>...
Page 445 > ip aux add 192.168.1.65 1 % 192.168.1.65 has added in index 2. DrayTek> ip aux ? %% ip aux add [IP] [Join to NAT Pool] %% ip aux remove [Index] Where IP = Auxiliary WAN IP Address.
Page 446 This command allows users to set/add a specified LAN IP your router. ip addr <IP address> Parameter Description <IP address> It means the LAN IP address. <IP address>=Enter an IPv4 address. >ip addr 192.168.50.1 % Set IP address OK !!! Info When the LAN IP address is changed, the start IP address of DHCP server are still the same.
Page 447 ip arp status ip arp accept <0/1/2/3/4/5/status> ip arp setCacheLife <time> In which, arp add allows users to add a new IP address into the ARP table; arp del allows users to remove an IP address; arp flush allows users to clear arp cache; arp status allows users to review current status for the arp table;...
Page 448 ip dhcpc option -l ip dhcpc option -d <idx> ip dhcpc option -e <1 or 0> -w <wan unmber> -c<option number> -v <option value> ip dhcpc option -e <1 or 0> -w <wan unmber> -c <option number> –x <option value> ip dhcpc option -e <1 or 0>...
Page 449 Pinging 192.168.1.1 with 64 bytes of Data through LAN Receive reply from 192.168.1.1, time<1ms Receive reply from 192.168.1.1, time<1ms Receive reply from 192.168.1.1, time<1ms Receive reply from 192.168.1.1, time<1msReceive reply from 192.168.1.1, time<1ms Packets: Sent = 5, Received = 5, Lost = 0 (0% loss) This command allows users to trace the routes from the router to the host.
Page 450 This command allows users to set the RIP (routing information protocol) of IP. ip rip <0/1/2> Parameter Description <0/1/2> 0 means disable; 1 means first subnet and 2 means second subnet. > ip rip 1 %% Set RIP LAN1. Vigor2620 Series User’s Guide...
Page 451 This command allows users to set the RIP (routing information protocol) of WAN IP. ip wanrip <ifno> -e <0/1> Parameter Description <ifno> It means the connection interface. 1: WAN1, 2:WAN2, 3: PVC3,4: PVC4,5: PVC5 Note: PVC3 ~PVC5 are virtual WANs. -e <0/1>...
Page 452 This command allows users to set static route. ip route add <dst> <netmask> <gateway> <ifno> <rtype> ip route del <dst> <netmask> <rtype> ip route status ip route cnc ip route default off ip route clean <1/0> Parameter Description add <dst> <netmask> It means to add an IP address as static route.
Page 453 > ip igmp_proxy query 130000 This command is for setting IGMP General Query Interval The default value is 125000 ms Current Setting is:130000 ms > DrayTek> ip igmp_proxy version show igmp version rule: auto wan ver: v2 lan ver: v3...
Page 454 This command allows users to enable or disable IGMP snoop function. ip igmp_snoop enable ip igmp_snoop disable ip igmp_snoop status ip igmp_snoop txquery <on/off> <v2/v3> ip igmp_snoop chkleave ip igmp_snoop separate <on/off> Parameter Description enable It means to enable igmp snoop function disable It means to disable igmp snoop function.
Page 455 This command allows users to enable or disable IGMP Fast Leave function. ip igmp_fl enable ip igmp_fl disable ip igmp_fl status Parameter Description enable It means to enable IGMP Fast Leave function disable It means to disable IGMP Fast Leave function. status It means to display current IGMP Fast Leave configuration.
Page 456 ip dmzswitch active_trueip Parameter Description It means to turn off DMZ function. private It means to set DMZ with private IP. active_trueip It means to set the DMZ with active true IP. >ip dmzswitch off > This command allows users to set maximum session limit number for the specified IP; set message for exceeding session limit and set how many seconds the IP session block works.
Page 457 command. <num>: It means the number of the session limits, e.g., 100. <p2pnum>: It means the number of the session limits, e.g., 50 for P2P. > ip session default 100 > ip session add 192.168.1.5-192.168.1.100 100 50 > ip session on >...
Page 458 > ip bandwidth default 200 800 > ip bandwidth add 192.168.1.50-192.168.1.100 10 60 > ip bandwidth status IP range: 192.168.1.50 - 192.168.1.100 : Tx:10K Rx:60K Current ip Bandwidth limit is turn off Auto adjustment is off > This command allows users to set IP-MAC binding for LAN host. ip bindmac on ip bindmac off ip bindmac <strict_on/strict_off>...
Page 459 <clear>: Remove the subnet settings. <show>: Display the subnet settings. show It means to display the IP address and MAC address of the pair of binded one. > ip bindmac add 192.168.1.46 00:50:7f:22:33:55 just for test > ip bindmac show ip bind mac function is turned OFF ip bind mac function is STRICT OFF Show all IP Bind MAC entries.
Page 460 This command is used to set the maximum number of NAT users. ip maxnatuser <user no> Parameter Description <user no> A number specified here means the total NAT users that Vigor router supports. 0 – It means no limitation. > ip maxnatuser 100 % Max NAT user = 100 This command is used to enable/disable the IP Spoofing Defense.
Page 461 ip6 addr -l <prefix> <prefix-length> <LAN1/LAN2> ip6 addr <-p/-b> <prefix> <prefix-length> <WAN1/WAN2/USB1/USB2> ip6 addr -x <LAN1|LAN2> ip6 addr -c <LAN1|LAN2> ip6 addr -e <type> <LAN1|LAN2> Parameter Description -s <prefix> <prefix-length> It means to add a static ipv6 address. <LAN1/LAN2/WAN1/WAN2/U <prefix>: It means to enter the prefix number of IPv6 SB1/USB2/VPN1/..VPN32>...
Page 462 It means to add a ULA. <prefix> <prefix-length> <LAN1/LAN2> <prefix>: It means to enter the prefix number of IPv6 address. <prefix-length>: It means to enter a fixed value as the length of the prefix. <LAN1/LAN2 >: It means to specify a LAN interface for such address.
Page 463 [<command> The available commands with parameters are listed below. <parameter>|…] […] means that you can Enter several commands in one line. It means to show current DHCPv6 status. It means to ask the SIP. It means to ask the SIP name. It means to ask the DNS setting.
Page 464 Non-temporary Address. -t <time> It means to set solicit interval. <time>: 0 ~ 7 seconds (default value is 0). -c <parameter> It means to send rapid commit to server. 1: Enable 0: Disable -i <parameter> It means to send information request to server. 1: Enable 0: Disable -e <parameter>...
Page 465 Parameter Description server It means the dhcp server settings. <<command> The available commands with parameters are listed below. <parameter>/…> <…> means that you can Enter several commands in one line. It means to show current DHCPv6 status. It means to show current DHCPv6 IP Assignment Table. -n <name>...
Page 466 <suffix><prefix_len><clie nt linklocal><client DUID> pddel <PD index> It means to delete PD node. <PD index>: Enter a number. -A <parameter> It means to set authentication protocol. <parameter>: Enter 0, 2 or 3. 0: Undefine 2: delayed protocol 3: Reconfigure key - M <parameter>...
Page 467 n=3: AICCU, n=4: DHCPv6, n=5: Static n=6: 6in4-Static n=7: 6rd -m n It means to set IPv6 MTU. n = any value (0 means “unspecified”). -C <n> It means to set 6rd connection mode. n=0: Auto n=1: Static -s <server> It means to set 6rd IPv4 Border Relay.
Page 468 0:NS Detect 1:Ping Detect 2:Always On -z <value> It means to set Ping Detect TTL (0-255). <value>: Enter 0~255. -x <hostname/ IPv6 addr> It means to set Ping Detect Host (hostname or IPv6 address). <hostname/ipv6 addr> : Enter a hostname or an IPv6 address.
Page 469 This command allows you to set a IPv6 neighbour table. ip6 neigh -s <inet6_addr> <eth_addr> <LAN1/LAN2/WAN1/WAN2/USB1/USB2> ip6 neigh -d <inet6_addr> <LAN1/LAN2/WAN1/WAN2/USB1/USB2> ip6 neigh -a <inet6_addr> <-N LAN1/LAN2/WAN1/WAN2/USB1/USB2> Parameter Description It means to add a neighbour. <inet6_addr> <eth_addr> <LAN1/LAN2/WAN1/WAN2/U <inet6_addr>: Enter an IPv6 address. SB1/USB2>...
Page 470 This command allows you to add a proxy neighbour. ip6 pneigh -s <inet6_addr> <LAN1/LAN2/WAN1/WAN2/USB1/USB2> ip6 pneigh -d <inet6_addr><LAN1/LAN2/WAN1/WAN2/USB1/USB2> ip6 pneigh -a <inet6_addr> <-N LAN1/LAN2/WAN1/WAN2/USB1/USB2> Parameter Description It means to add a proxy neighbour. <inet6_addr> <eth_addr> <inet6_addr>: Enter an IPv6 address. <LAN1/LAN2/WAN1/WAN submask address.
Page 471 default route. It means to delete a route. <prefix> <prefix-length> <prefix>: It means to enter the prefix number of IPv6 address. <prefix length>: It means to enter a fixed value as the length of the prefix. It means to show the route status. <LAN1/LAN2/WAN1/WAN2/ USB1/USB2/VPN1~VPN32>...
Page 472 Receive reply from 2001:4860:4860::8888, time=330ms Receive reply from 2001:4860:4860::8888, time=330ms Packets: Sent = 5, Received = 5, Lost = 0 <% loss> > This command allows you to trace the routes from the router to the host. ip6 tracert <IPV6 address/Host><LAN1/LAN2/WAN1/WAN2/USB1/USB2> Parameter Description <IPV6 address/Host>...
Page 473 Router DNS name : 8886666.broker.freenet6.net Remote Endpoint v4 Address :81.171.72.11 Remote Endpoint v6 Address : 2001:05c0:1400:000b:0000:0000:0000:10b8 Tspc Prefixlen : 56 Tunnel Broker: Amsterdam.freenet.net Status: Connected > This command allows you to enable or disable RADVD server. Ip6 radvd <LAN1/LAN2> <-<command> <parameter>/ ... > Parameter Description <<command>...
Page 474 Hop limit : 64 Reachable time Retransmit time Preference : Medium This command allows you to manage the settings for access list. ip6 mngt list ip6 mngt list add <Index> <prefix><prefix-length> ip6 mngt list remove <Index> ip6 mngt list flush ip6 mngt status ip6 mngt <internet/ http/telnet/ping/https/ssh/enforce_https>...
Page 475 This command allows you to check the online status of IPv6 WAN/USB. ip6 online <WAN1/WAN2/USB1/USB2> Parameter Description <WAN1/WAN2/USB1/USB2> It means the connection interface. > ip6 online WAN1 % WAN1 online status : % IPv6 WAN1 Disabled % Default Gateway : :: % Interface : DOWN % UpTime : 0:00:00 % IPv6 DNS Server: :: Static...
Page 476 Parameter Description –h It is used to display the usage of such command. It is used to show the NTP state. -p <0/1> It is used to specify NTP server for IPv6. 0 – Auto 1 – First Query IPv6 NTP Server. >...
Page 477 n=1: LAN1 n=2: LAN2, n=3: DMZ. > ip6 lan -l 1 -w 1 -d 2001:4860:4860::8888 -o 1 -f 0 -s 2 Set primary WAN1! % Set 1st DNS server 2001:4860:4860::8888 Set Other Option Enable! [LAN1] support ipv6! This setting will take effect after rebooting. Please use "sys reboot"...
Page 478 range. <IP1-IP2> : Specify a range for IPv6 addresses. <num>: Enter a number. del<IP1> /all <del> It means to delete the session limit for an IPv6 range. <IP1> : Specify the first IPv6 address within the IPv6 range. all: Delete all the session limits. >...
Page 479 <IP1> - Specify a range for IPv6 addresses. all: Delete all the bandwidth limits. > ip6 bandwidth on > ip6 bandwidth add 2001:ABCD::2-2001:ABCD::10 512 5M shared > ip6 bandwidth status IPv6 range: 2001:ABCD::2 - 2001:ABCD::10 : Tx:512K Rx:5M shared Current ip6 Bandwidth limit is turn on Current default ip6 Bandwidth rate is Tx:2000K Rx:8000K bps >...
Page 480 ipf flowtrack view -f ipf flowtrack view -b ipf flowtrack view -i <IP address> -p<value> -t<value> -f Parameter Description It means to refresh the flowtrack. It means to enable or disable the flowtrack. It means to show the sessions state of flowtrack. If you do not specify any IP address, then all the session state of flowtrack will be displayed.
Page 481 It means to show the latest call log. It means to show the IP filter log. It means to show this usage help. It means to show PPP/MP log. It means to show all logs saved in the log buffer. It means to show WAN log.
Page 482 > mngt httpport 80 % Set web server port to 80 done. This command allows users to set HTTPS port for management. mngt httpsport <https port> Parameter Description <https port> <https port>: Enter the number for HTTPS port. The default setting is 443.
Page 483 > mngt sshport 23 % Set ssh port to 23 done. This command is used to pass or block Ping from LAN PC to the internet. mngt noping on mngt noping off mngt noping viewlog mngt noping clearlog Parameter Description All PING packets will be forwarded from LAN PC to Internet.
Page 484 <port>: Enter a port number. viewlog It means to display a log of defense worm packet, including source MAC and source IP. clearlog It means to remove the log of defense worm packet. > mngt defenseworm add 21 Add TCP port 21 Block TCP port list: 135, 137, 138, 139, 445, 21 >...
Page 485 mngt lanaccess -e <0/1> –s <value>–i <value> mngt lanaccess –f mngt lanaccess –d mngt lanaccess –v mngt lanaccess –h Parameter Description -e <0/1> –s <value> –i -e: It means to enable/disable the function. <value> <0/1>: Enter 0 or 1. 0,disable the function; 1, enable the function.
Page 486 It means to delete the selected item. <index>: Enter an index number of the entry. flush It means to remove all the settings in the access list. DrayTek> mngt accesslist add 2 192.168.2.76 255.255.255.0 %% Set OK. > mngt accesslist list DrayTek> mngt accesslist list...
Page 487 -T <seconds> It means to set the trap timeout. <seconds>: Enter a value (0~999) It means to list SNMP setting. > mngt snmp -e 1 -g draytek -s DK -m 192.168.1.20,192.168.5.192/26,10.20.3.40/24 -t trapcom -n 192.168.1.20,10.20.3.40 -T 88 SNMP Agent Turn on!!!
Page 488 This command is used to configure multi-subnet. msubnet switch <2> <On/Off> Parameter Description <2> It means LAN interface. 2=LAN2 <On/Off> On means turning on the subnet for the specified LAN interface. Off means turning off the subnet. > msubnet switch 2 On % LAN2 Subnet On! This setting will take effect after rebooting.
Page 489 <2> It means LAN interface. <IP address> Enter the subnet mask address for the specified LAN interface. > msubnet nmask 2 255.255.0.0 % Set LAN2 subnet mask done !!! This setting will take effect after rebooting. Please use "sys reboot" command to reboot the router. This command is used to display current status of subnet.
Page 490 This command is used to configure the subnet for NAT or Routing usage. msubnet nat <2> <On/Off> Parameter Description <2> It means LAN interface. <On/Off> On – It means the subnet will be configured for NAT usage. Off - It means the subnet will be configured for Routing usage.
Page 491 % msubnet talk <1/2> <1/2> <On/Off> % where 1:LAN1, 2:LAN2 % Now: LAN1 LAN2 % LAN1 % LAN2 DrayTek> > This command is used to configure a starting IP address for DCHP. msubnet startip <2><Gateway IP> Vigor2620 Series User’s Guide...
Page 492 Parameter Description <2> It means LAN interface. 2: LAN2 <Gateway IP> Type an IP address as the starting IP address for a subnet. > msubnet startip 2 192.168.2.90 %Set LAN2 Dhcp Start IP done !!! This setting will take effect after rebooting. Please use "sys reboot"...
Page 493 Parameter Description <2> It means LAN interface. 2=LAN2 <count> Choose the following number for specifying different node type. 1: B-node 2: P-node 4: M-node 8: H-node 0: Not specify any type for node. > msubnet nodetype 2 1 % Set LAN2 Dhcp Node Type done !!! >...
Page 494 msubnet secWINS <2><WINS IP> Parameter Description <2> It means LAN interface. 2:LAN2 <WINS IP> Enter the IP address as the WINS IP. > msubnet secWINS 2 192.168.3.89 % Set LAN2 Dhcp Secondary WINS IP done !!! > msubnet secWINS % msubnet secWINS <2> <WINS IP> % Now: LAN2 192.168.3.89 This command is used to set TFTP server for multi-subnet.
Page 495 Parameter Description <interface> Available settings include LAN1~LAN2, IP_Routed_Subnet. <value> <value>: Enter a number (1000 ~ 1500(Bytes)). Default value is 1500. > msubnet mtu LAN1 1492 Set LAN1 subnet mtu as 1492 > msubnet mtu Usage: >msubnet mtu <interface> <value> <interface>: LAN1~LAN2,IP_Routed_Subnet, <value>: 1000 ~ 1500 (Bytes), fault: 1500 (Bytes) e.x: >msubnet mtu LAN1 1492...
Page 496 This command is used to create an IP object profile. object ip obj setdefault object ip obj INDEX -v object ip obj INDEX -n NAME object ip obj INDEX -i INTERFACE object ip obj INDEX -s INVERT object ip obj INDEX -a TYPE <START_IP><END/MASK_IP> Parameter Description setdefault...
Page 497 START_IP) as the end IP address. > object ip obj 1 -n marketing > object ip obj 1 -a 1 192.168.1.45 > object ip obj 1 -v IP Object Profile 1 Name :[marketing] Interface:[Any] Address type:[single] Start ip address:[192.168.1.45] End/Mask ip address:[0.0.0.0] MAC Address:[00:00:00:00:00:00] Invert Selection:[0] This command is used to integrate several IP objects under an IP group profile.
Page 498 Example: :object ip grp 3 -a 1 2 3 4 5 The IP object profiles with index number 1,2,3,4 and 5 will be group under such profile. > object ip grp 2 -n First IP Group Profile 2 Name :[First] Interface:[Any] Included ip object index: [0:][0]...
Page 499 This comman is used to create an IPv6 object profile. object ipv6 obj setdefault object ipv6 obj INDEX -v object ipv6 obj INDEX -n NAME object ipv6 obj INDEX -s INVERT object ipv6 obj INDEX -e MATCH_TYPE object ipv6 obj INDEX -a TYPE <START_IP> <END_IP>/<Prefix Length> Parameter Description setdefault...
Page 500 > object ipv6 obj 3 -e 1 You can not set 64 bits Interface ID for Subnet type. Setting saved. > object ipv6 obj 3 -a 3 2607:f0d0:1002:51::4 2607:f0d0:1002:51::4 Setting saved. > object ipv6 obj 3 -v IPv6 Object Profile 3 Name Address Type:[range] Start IPv6 Address:[2607:F0D0:1002:51::4]...
Page 501 [0:][0] [1:][0] [2:][0] [3:][0] [4:][0] [5:][0] [6:][0] [7:][0] > object ipv6 grp 8 -a 1 2 3 4 5 IPv6 Group Profile 8 Name :[bruce] Included ip object index: [0:][1] [1:][2] [2:][3] [3:][4] [4:][5] [5:][0] [6:][0] [7:][0] This command is used to create service object profile. object service obj setdefault object service obj INDEX -v object service obj INDEX -n NAME...
Page 502 58, means ICMPv6 255, means TCP/UDP Other values mean other protocols. Example: object service obj 8 -p 1 INDEX -s CHK It means to set source port check and configure port range <START_P><END_P> (1~65565) for TCP/UDP. INDEX: Enter the index number of the specified service object profile.
Page 503 Protocol:[TCP/UDP] Source port check action:[!=] Source port range:[120~240] Destination port check action:[!=] Destination port range:[200~220] > This command is used to integrate several service objects under a service group profile. object service grp setdefault object service grp INDEX –v object service grp INDEX –n NAME object service grp INDEX –a SER_OBJ_INDEX Parameter Description...
Page 504 Name :[Grope_1] Included service object index: [0:][1] [1:][2] [2:][0] [3:][0] [4:][0] [5:][0] [6:][0] [7:][0] This command is used to create keyword profile. object kw obj setdefault object kw obj show object kw obj show PAGE object kw obj INDEX –v object kw obj INDEX –n NAME object kw obj INDEX –a CONTENTS object kw obj INDEX -c...
Page 505 > object kw obj 1 -a gambling Profile 1 Name :[children] Content:[gambling] > object kw obj 1 -v Profile 1 Name :[children] Content:[gambling] This command is used to create File Extension Object profile. object fe show object fe setdefault object fe obj INDEX -v object fe obj INDEX -n NAME object fe obj INDEX -e CATEGORY|FILE_EXTENSION object fe obj INDEX -d CATEGORY|FILE_EXTENSION...
Page 506 CATEGORY|FILE_EXTENSI FILE_EXTENSION. INDEX: Enter the index number (from 1 to 8) of the specified file extension object profile. CATEGORY: Image, Video, Audio, Java, ActiveX, Compression, Executation Example: object fe obj 1 -e Image FILE_EXTENSION: ".bmp", ".dib", ".gif", ".jpeg", ".jpg", ".jpg2", ".jp2", ".pct", ".pcx", ".pic", ".pict", ".png", ".tif", ".tiff", ".asf", ".avi", ".mov", ".mpe", ".mpeg", ".mpg", ".mp4", ".qt", ".rm", ".wmv", ".3gp", ".3gpp", ".3gpp2", ".3g2", ".flv", ".swf", ".aac", ".aiff"...
Page 507 This command is used to create short message object profile. object sms show object sms setdefault object sms obj INDEX -v object sms obj INDEX -n NAME object sms obj INDEX -s Service Provider object sms obj INDEX -u Username object sms obj INDEX -p Password object sms obj INDEX -q Quota object sms obj INDEX -i Interval...
Page 508 INDEX: Enter the index number (from 1 to 10) of the specified SMS object profile. Password: Enter a password that the sender can use to register to selected SMS provider. INDEX -q Quota Enter the number of the credit that you purchase from the service provider.
Page 509 object mail obj INDEX -i Sending Interval Parameter Description show It means to show the contents for all of the profiles. setdefault It means to return to default settings for all profiles. INDEX -v It means to view the information of the specified mail object profile.
Page 510 > object mail obj 1 -n buyer > object mail obj 1 -s 192.168.1.98 > object mail obj 1 -m 25 > object mail obj 1 -t 1 > object mail obj 1 -u john > object mail obj 1 -p happy123456 >...
Page 511 > object noti obj 1 -e 1 1 > object noti obj 1 -e 2 1 > object noti obj 1 -e 5 3 > object noti obj 1 -v DrayTek> object noti obj 1 -v Profile Index: 1 Profile Name:[marketing] Category...
Page 512 specified schedule object. <comment>: Enter a brief description (1 ~ 32 characters). <INDEX> -D <year> It means to set the starting date of the profile. <month> <day> <INDEX>: Enter the index number (from 1 to 15) of the specified schedule object. <year>...
Page 513 > object schedule set 1 -a 0 > object schedule set 1 -h "1 Mon Wed" > object schedule view 1 Index No.1 -------------------------------------------------- [v] Enable Schedule Setup Comment [ Working ] Start Date (yyyy-mm-dd) [ 2017 ]-[ 4 ]-[ 18 ] Start Time (hh:mm) [ 8 ]:[ 1 ] Duration Time (hh:mm)
Page 514 status It means to view the Ethernet port status. wanfc It means to set WAN flow control. > port 1 100F %Set Port 1 Force speed 100 Full duplex OK !!! This command allows you to set a time of keeping the session connection for specified protocol.
Page 515 <parameter>/… <…> means that you can Enter several commands in one line. Enter it to display the usage of this command. -W <1~3> It means to specify WAN interface. <1~3>: Enter 1, 2, 3. Default is 1 (WAN1). -m <mode> It means to define which traffic the QoS control settings will apply to and eable QoS control.
Page 516 <command> The available commands with parameters are listed below. <parameter>/… <…> means that you can Enter several commands in one line. Type it to display the usage of this command. -c <no> Specify the inde number for the class. <no>: Enter 1, 2 or 3. The default setting is class 1. -n <name>...
Page 517 > qos class -c 2 -n draytek -a -m 1 -l 192.168.1.50:192.168.1.80 Following setting will set in the class2 class 2 name set to draytek Add a rule in class2 Class2 the 1 rule enabled Set local address type to Range, 192.168.1.50:192.168.1.80 This command allows user to configure protocol type and port number for QoS.
Page 518 > qos setdefault Setdefault! > This command can exit the telnet command screen. This command displays current status of LAN IP address settings. > show lan The LAN settings: Status Mask DHCP Start IP Pool Gateway -------- --------------- --------------- ---- --------------- ---- [V]LAN1 192.168.1.1 255.255.255.0 192.168.1.10...
Page 519 This command displays current status of DNS setting. > show dns Domain name server settings: % LAN1 Primary DNS: [Not set] % LAN1 Secondary DNS: [Not set] % LAN2 Primary DNS: [Not set] % LAN2 Secondary DNS: [Not set] This command displays current status of open port setting. >...
Page 520 This command displays current status of NAT. > show nat Port Redirection Running Table: Index Protocol Public Port Private IP Private Port 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 --- MORE --- ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page]...
Page 521 Level2 TCP=60000 UDP=30000 ICMP=5000 This command displays current status of current session. > show session % Maximum Session Number: 30000 % Maximum Session Usage: 0 % Current Session Usage: 0 % Current Session Used(include waiting for free): 0 % WAN1 Current Session Usage: 0 % WAN2 Current Session Usage: 0 % WAN3 Current Session Usage: 0 This command displays current status of LAN and WAN connections.
Page 522 ITU Version[0] : b5004946 ITU Version[1] : 544e0000 VDSL Firmware Version : 05-07-06-0D-01-07 [with Vectoring support] Power Management Mode : DSL_G997_PMS_NA Test Mode : DISABLE ---------------- ATU-C Info --------------- Far Current Attenuation : 0 dB Far SNR Margin 0 dB CO ITU Version[0] : 00000000 CO ITU Version[1]...
Page 523 It means to reset the transmitted/received bytes to Zero. interface It means to specify WAN1 interface for displaying related statistics. > DrayTek> show statistic WAN1 total TX: 0 Bytes ,RX: 0 Bytes WAN2 total TX: 0 Bytes ,RX: 0 Bytes WAN3 total TX: 0 Bytes ,RX: 0 Bytes...
Page 524 This command is used to enable DCHP2 server. srv dhcp dhcp2 -<command> <parameter> / ... Parameter Description <command> The available commands with parameters are listed below. <parameter>/… […] means that you can Enter several commands in one line. -l <enable> It menas to enable the LAN port to public DHCP.
Page 525 The maximum is 10. status It means the execution result of this command. add <MAC Addr It means creating a list of hosts to be assigned. XX-XX-XX-XX-XX-XX> <MAC Addr>: Enter the MAC Address of the host. del <MAC Addr It means removing the selected MAC address. XX-XX-XX-XX-XX-XX>...
Page 526 This command allows users to set Secondary IP Address for DNS Server in LAN. srv dhcp dns2 <LAN1/LAN2> <DNS IP address> Parameter Description <LAN1/LAN2> It means to specify the LAN interface. <DNS IP address> It means the IP address that you want to use as DNS2. <DNS IP address>: Enter the IP address that you want to use as DNS1 (seconday DNS).
Page 527 This command allows users to specify gateway address for DHCP server. srv dhcp gateway <Gateway IP> Parameter Description <Gateway IP> It means to specify a gateway address used for DHCP server. <gateway IP>: Enter an IP address. > srv dhcp gateway 192.168.2.1 This setting will take effect after rebooting.
Page 528 Parameter Description <server ip> It means the IP address that you want to used as DHCP server. <server ip>: Enter an IP address. <Index> The router will invoke this function according to the subnet 1 or 2 specified here. <index>: Enter 1 or 2. >...
Page 529 This command can set the lease time for the DHCP server. srv dhcp leasetime <Lease Time (sec)> Parameter Description <Lease Time (sec)> It means the lease time that DHCP server can use. The unit is second. <Lease Time (sec)>: Enter a value. >...
Page 530 This command can set the primary IP address for the DHCP server. srv dhcp primWINS <WINS IP address> srv dhcp primWINS clear Parameter Description <WINS IP address> It means the IP address of primary WINS server. <WINS IP address>: Enter an IP address. clear It means to remove the IP address settings of primary WINS server.
Page 531 This command can set the time to check if the IP address can be assigned again by DHCP server or not. srv dhcp expRecycleIP <sec time> Parameter Description <sec time> It means to set the time (5~300 seconds) for checking if the IP can be assigned again or not.
Page 532 This command allows users to set DMZ host. Before using this command, please set WAN IP Alias first. srv nat dmz n m -e <1/0> -i <IP address> srv nat dmz -r srv nat dmz -v Parameter Description It means to map selected WAN IP to certain host. 1: wan1 It means the index number of the DMZ host.
Page 533 This command allows users to enable or disable IPSec ESP tunnel passthrough and IKE source port (500) preservation. srv nat ipsecpass on srv nat ipsecpass off srv nat ipsecpass status Parameter Description [options] The available commands with parameters are listed below. It means to enable IPSec ESP tunnel passthrough and IKE source port (500) preservation.
Page 534 -w <widx> <ipidx> It means to specify the public IP. <widx> – Enter 1, 2, 255 (means the WAN interface) 1: WAN1 (Default) 2: WAN1 Alias 1 255: all WANs. <ipidx> – Enter 1 ~ 32 for Alias IPs. -p <protocol> Specify the transport layer protocol.
Page 535 Parameter Description add <idx> <serv name> It means to add a new port redirection table with an index <proto> <pub port> <src number. <idx>: Enter an index number (1 to 20). ip idx> <pri ip> <pri port> < serv name>: Enter a name as service name. <wan1 ~ wan4>...
Page 536 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 --- MORE --- ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page] --- This command allows users to view a summary of NAT port redirection setting, open port and DMZ settings.
Page 537 On – enable the button function. Off – disable the button function. > sys board button def on > default button is on now. This command reset the router with factory default settings. When a user types this command, all the configuration will be reset to default setting. sys cfg default sys cfg status Parameter...
Page 538 Parameter Description <on/off> <on>: Turn on the FTP server of the system. <off>: Turn off the FTP server of the system. > sys ftpd on % sys ftpd turn on !!! This command can set and remove the domain name of the system when DHCP mode is selected for WAN.
Page 539 Interface 4 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-02 Interface 5 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-03 Interface 6 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-04 Interface 7 Ethernet: Status: DOWN IP Address: 0.0.0.0 Netmask: 0x00000000 MAC: 00-50-7F-00-00-05...
Page 540 This command allows users to set password for the administrator. sys passwd <old password> <new password: ASCII string> Parameter Description <old password> <new <old password>: Enter the old password for administrator. password: ASCII string> <new passoword: ASCII string>: Enter the the password for administrator.
Page 541 > sys commit > This command can turn on TFTP server for upgrading the firmware. > sys tftpd % TFTP server enabled !!! This command can display current version for the system. > sys version Router Model: Vigor2620Ln Version: r80480_beta English Profile version: 3.0.0 Status: 1 (0x62d6b751) Router IP: 192.168.1.1...
Page 542 This command can turn on or turn off polling buffer for the router. sys pollbuf <on/off> Parameter Description <on/off> <on>: Turn on pulling buffer. <off>: Turn off pulling buffer. > sys pollbuf on % Buffer polling is on! > sys pollbuf off % Buffer polling is off! This command can improve triple play quality.
Page 543 This command can set CPE settings for applying in VigorACS. sys tr069 get int. sys tr069 get <parm> <nextlevel> sys tr069 set <parm> <value> sys tr069 getnoti <parm> sys tr069 setnoti <parm> <value> sys tr069 log sys tr069 debug <on/off> sys tr069 save sys tr069 clear sys tr069 inform <event code>...
Page 544 inform <event code> It means to inform parameters for tr069 with different event codes. <event code>: Enter 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 0, BOOTSTRAP 1, 1 BOOT 2, PERIODIC 3, SCHEDULED 4, VALUE CHANGE 5, KICKED 6, CONNECTION REQUEST 7, TRANSFER COMPLETE 8, DIAGNOSTICS COMPLETE...
Page 545 sys alg <1/0> Parameter Description <1/0> <1/0>: Enter 1 or 0. 1, means to turn on ALG. 0, means to turn off ALG. > sys sip_alg ? Usage: sys alg <command> <parameter> -e: enable ALG (0:disable, 1:enable) Current ALG status -ALG Master Switch: Disabled >...
Page 546 This command can turn on/off SIP ALG (Application Layer Gateway) for RTSP sys rtsp_alg -e <1/0> sys rtsp_alg -p <port number> sys rtsp_alg -u <1/0> sys rtsp_alg -t <1/0> sys rtsp_alg -v Parameter Description -e <1/0> Enable (1) or disable (0) the function of RTSP ALG. -p <port number>...
Page 547 <-e/-d/-s> Parameter Description reset_regser It means to reset the server as default setting, http://auth.draytek.com. licera It means to erase license setting. licifno <AUTO/WAN#1> It means license and signature download interface setting. <AUTO/WAN#1>: Enter AUTO or WAN1, WAN2, etc.
Page 548 This command is used to configure daylight save setting. sys daylightsave [-<command> <parameter> | ... ] Parameter Description <command><parameter>/ The available commands with parameters are listed below. … […] means that you can Enter several commands in one line. Display the daylight saving settings. Set to factory default setting.
Page 549 This command is used to configure TTL settings which will be displayed in DNS Cache table. sys dnsCacheTbl <command><parameter>/… Parameter Description [<command><parameter> The available commands with parameters are listed below. |…] […] means that you can Enter several commands in one line. Display DNS IPv4 entry in the DNS cache table.
Page 550 <enable>: Enter 1 or 0. -v <enable> Enable (1) or disable (0) VPN Log. <enable>: Enter 1 or 0. -e <enable> Enable (1) or disable (0) User Access Log. <enable>: Enter 1 or 0. -c <enable> Enable (1) or disable (0) Call Log. <enable>: Enter 1 or 0.
Page 551 > sys mailalert -i 172.16.3.168 > sys mailalert -o 886 Set SMTP Server Port as 886 > sys mailalert -a john@draytek.com Set Alert Mail Reciver E-maiil Address as john@draytek.com > sys mailalert -v ------ Current setting for Mail Alert ------ Mail Alert: Enable SMTP Server IP Address: 172.16.3.168...
Page 552 server <domain> Set the domain name of the time server. <domain>: Enter a string. The maximum length is 39 characters. show Display the time server setting. wan <option> Select WAN interface for applying the time server. <option>: Enter 0, 1, 2, 3 or 4. 0, Auto 1, WAN1 2, WAN2...
Page 553 50 - GMT+05:30 Bombay, Calcutta 51 - GMT+05:30 Madras, New Delhi 52 - GMT+06:00 Astana, Almaty, Dhaka 53 - GMT+06:00 Colombo 54 - GMT+07:00 Bangkok, Hanoi, Jakarta 55 - GMT+08:00 Beijing, Chongqing 56 - GMT+08:00 Hong Kong, Urumqi 57 - GMT+08:00 Singapore 58 - GMT+08:00 Taipei 59 - GMT+08:00 Perth 60 - GMT+09:00 Seoul...
Page 554 4, IPv6 Internet Access 5, Interface 6, Security 7, System Resource 8, LTE Status 9, Quick Access a, VoIP <value>: Enter 1 or 0. 1, Enable 0, Disable > sys dashboard -1 1 -2 0 System Information enabled IPv4 LAN Information disabled This command is used to display current settings for sending test mail.
Page 555 ((0)) InternalClient >>192.168.1.10<<, RemoteHost >>0.0.0.0<< InternalPort >>21<<, ExternalPort >>21<< PortMapProtocol >>TCP<< The tmpvirtual server index >>0<< PortMapLeaseDuration >>0<<, PortMapEnabled >>0<< Ftp Example [MICROSOFT] ((1)) InternalClient >>0.0.0.0<<, RemoteHost >>0.0.0.0<< InternalPort >>0<<, ExternalPort >>0<< PortMapProtocol >><NULL><< The tmpvirtual server index >>0<< PortMapLeaseDuration >>0<<, PortMapEnabled >>0<< PortMapProtocol >><NULL><<...
Page 556 UPNP start. > upnp subscribe >>>> (1) serviceType urn:schemas-microsoft-com:service:OSInfo:1 >>>> (2) serviceType urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1 >>>> (3) serviceType urn:schemas-upnp-org:service:WANPOTSLinkConfig:1 >>>> (4) serviceType urn:schemas-upnp-org:service:WANPPPConnection:1 >>>> (5) serviceType urn:schemas-upnp-org:service:WANIPConnection:1 This command can display current status of temp Virtual Server of your router. Vigor> upnp tmpvs ****************** Temp virtual server status **************** ((0)) real_addr >>192.168.1.10<<, pseudo_addr >>172.16.3.229<<...
Page 557 use wan1 now. This command is to configure specified WAN as bridge mode. vigbrg set -v <IP version> -w <WAN_idx> -l <LAN_idx> -e <0/1> -f <0/1> Parameter Description -v <IP version> -w -v <IP version>: Enter 4 or 6. Indicate the IP version for the IP <WAN_idx>...
Page 558 This command allows users to transfer a bridge modem into ADSL router by accessing into and adjusting specified IP address. Users can access into Web UI of the router to manage the router through the IP address configured here. vigbrg cfgip <IP Address> Parameter Description <IP Address>...
Page 559 vlan off > vlan off VLAN is Disable! Force subnet LAN2 to be disabled!! This command allows you to enable VLAN function. vlan on > vlan on VLAN is Enable! This command is used to define the priority for each VLAN profile setting. vlan pri n pri_no Parameter Description...
Page 560 > vlan status VLAN is Enable : ------------------------------------------------------ VLAN Enable VID Pri p1 p2 p3 p4 s1 s2 s3 s4 subnet ------------------------------------------------------ 1:LAN1 1:LAN1 1:LAN1 V V 1:LAN1 1:LAN1 1:LAN1 1:LAN1 1:LAN1 ------------------------------------------------------ Note: they are only untag for s1/s2/s3/s4, but they can join tag vlan with lan ports.
Page 561 This command changes the VLAN encapsulation mechanisms in the LAN driver. vlan submode <on/off/status> Parameter Description <on/off/status> <on/off/status>: Enter on, off or status to enable, disable or display the submode status. on, means to enable the promiscuous mode. off, means to disable the promiscuous mode. status, means to display if submode is normal mode or promiscuous mode.
Page 562 > vlan tagged unlimited on unlimited mode is ON This command is used to configure VID number for each VLAN channel. vlan vid n vid_no Parameter Description n vid_no n: Enter 0 ~ 7. It means VLAN channel. Vid_no: Enter 0 ~ 4095. It means the value of VLAN ID. Enter the value as the VLAN ID number.
Page 563 This command allows users to set advanced parameters for LAN to LAN function. vpn l2lset <list index> peerid <peerid> vpn l2lset <list index> localid <localid> vpn l2lset <list index> main <auto/proposal index> vpn l2lset <list index> aggressive <desg1/desg2/aesg1/aesg2> vpn l2lset <list index> pfs <on/off> vpn l2lset <list index>...
Page 564 This command allows users to configure setting for remote dial-in VPN profile. vpn dinset <list index> vpn dinset <list index> <on/off> vpn dinset <list index> username <USERNAME> vpn dinset <list index> password <PASSWORD> vpn dinset <list index> motp <on/off> vpn dinset <list index> pin_secret <pin> <secret> vpn dinset <list index>...
Page 565 pin_secret<pin> <secret> <list index>: Enter the index number of L2L (LAN to LAN) profile. <pin>: Enter the code for authentication (e.g, 1234). <secret>: Use the 32 digit-secret number generated by mOTP in the mobile phone (e.g., e759bb6f0e94c7ab4fe6) <list index> timeout It means to set the time out for dial-in VPN profile.
Page 566 Block, when there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting, it can block data transmission of Netbios Naming Packet inside the tunnel. <list index> multicastvpn <list index>: Enter the index number of L2L (LAN to LAN) <pass/block>...
Page 567 Idle Timeout: 300 sec > vpn dinset 1 on % set profile active > vpn dinset 1 motp on % Enable Mobile OTP mode!> > vpn dinset 1 pin_secret 1234 e759bb6f0e94c7ab4fe6 > vpn dinset 1 Dial-in profile index 1 Profile Name: ??? Status: Active Mobile OTP: Enabled PIN: 1234...
Page 568 vpn setup <index> <name> ipsec_out <ip> <key> <nip> <nmask> Command of L2Tp Dial-Out vpn setup <index> <name> l2tp_out <ip> <usr> <pwd> <nip> <nmask> Command of Dial-In vpn setup <index> <name> dialin <ip> <usr> <pwd> <key> <nip> <nmask> Parameter Description For PPTP Dial-Out <index>...
Page 569 <usr>: Enter the user name for the PPTP connection. <pwd>: Enter the password required for the PPPT connection. <key>: Enter the value of IPsec Pre-Shared Key. <nip>: Enter the remote network IP address. <nmask>: Enter the mask for the remote network IP. e.g., vpn setup 1 name1 dialin 1.2.3.4 vigor 1234 abc 192.168.1.0 255.255.255.0...
Page 570 L2TP(IPSec Policy None). l1, L2TP(IPSec Policy Nice to Have). l2, L2TP(IPSec Policy Must). <dialto=>: Enter dialto=IP address or dialto=Host Name for VPN (such as dialto=draytek.com or dialto=123.45.67.89). <ltype=>: Enter ltype=0, ltype=1, ltype=2 or ltype=3 to specify Link Type. 0, disable...
Page 571 VPN dial-in with a specified IP address (e.g., 203.12.23.48). <peerid=>: Enter peerid=ID name as the peer ID for remote VPN gateway. For example, peerid=draytek means the word "draytek" is used as the local ID. <iname=>: Enter iname=name as the dial-in username. For example, iname=admin means the word "admin"...
Page 572 For example, rnip=4.5.6.7 means the IP address "4.5.6.7" is used as the Remote Network IP. <rnmask=>: Enter rnmask=mask address to set the Remote Network Mask. For example, rnmask=255.255.255.0 means the mask address "255.255.255.0" is used as the Remote Network Mask. <lnip=>: Enter lnip=IP address to set the Local Netowrk IP.
Page 573 vpn mroute <index> add <network ip>/<mask> vpn mroute <index> del <network ip>/<mask> Parameter Description <index> list It means to display the route settings. <index>: Enter an index number (1 ~ 32) of the VPN profile. <index> add <network It means to add a new route. ip>/<mask>...
Page 574 > rayrouter> vpn list 1 all Common Settings Profile Name : name1 Profile Status : Enable VPN Connection Through : WAN1 First Dialout WAN IP Alias Index : None Netbios Naming Packet : Pass Call Direction : Dial-In Idle Timeout : 300 PING to keep alive : off...
Page 575 This command allows users to enable second subnet IP as VPN server IP. vpn 2ndsubnet <on/off> Parameter Description <on/off> <on/off>: Enter on or off. on: enable or disable second subnet. off: disable the second subnet. > vpn 2ndsubnet on %Enable second subnet IP as VPN server IP! This command allows users to enable or disable NetBios for Remote Access User Accounts or LAN-to-LAN Profile.
Page 576 This command allows users to configure the maximum segment size (MSS) for different TCP types. vpn mss show vpn mss default vpn mss set <connection type> <TCP maximum segment size range> Parameter Description show It means to display current setting status. default TCP maximum segment size for all the VPN connection will be set as 1360 bytes.
Page 577 Parameter Description Display IKE memory status an dleakage list. Display IPsec state list. V2 debug <on/off> It is used for RD debug. > vpn ike -q IKE Memory Status and Leakage List # of free L-Buffer=95, minimum=94, leak=1 # of free M-Buffer=529, minimum=529 leak=3 # of free S-Buffer=1199, minimum=1198, leak=1 # of free Msgid-Buffer=1024, minimum=1024 This command allows users to pass or block the multi-cast packet via VPN.
Page 578 on – the second subnet is allowed to pass VPN tunnel. off –the second subnet is not allowed to pass VPN tunnel. > vpn pass2nd on % 2nd subnet is allowed to pass VPN tunnel! This command allows users to determine if the packets passing through by NAT or not when the VPN tunnel disconnects.
Page 579 This command allows users to build VPN between clients via virtual subnet. vpn sameSubnet –I <value> vpn sameSubnet –E <0/1> vpn sameSubnet –e <value> vpn sameSubnet –I <IP address> vpn sameSubnet –o <add/del> vpn sameSubnet –v Parameter Description –I <value> It means to specify the index number of VPN profile.
Page 580 <MRU size>: Enter a value (1400 ~ 1600) to set the number of PPP LCP MRU. >wan ppp_mru 1 ? % Now: 1492 > wan ppp_mru 1 1490 > > wan ppp_mru 1 ? % Now: 1490 > wan ppp_mru 1 1492 >...
Page 581 pri, primary DNS sec, secondary DNS <ipv4_addr>: Enter the IPv4 address for the DNS server. > wan dns 1 pri 192.168.1.126 % Set WAN1 primary DNS done. % Now: 192.168.1.126 This command allows you to enable or disable the function of DF (Don’t fragment) wan DF_check <on/off>...
Page 582 Parameter Description <on/off> <on/off>: Enter on or off. on, enable WAN forward. off, disable WAN forward. > wan forward ? %WAN forwarding is Disable! > wan forward on %WAN forwarding is enable! This command allows you to display the status of WAN connection, including connection mode, TX/RX packets, DNS settings and IP address.
Page 583 This command allows you to configure WAN connection detection. When Ping Detection is enabled (for Static IP or PPPoE mode), Router pings specified IP addresses to detect the WAN connection. wan detect <wan1> <on/off/always_on> wan detect <wan1> <off> -t <time> wan detect <wan1>...
Page 584 target. (1, yes; 0, no) Note that USB WAN (PPP mode) cannot support PING gateway <wan1> <wan1>: Enter wan1 to specify WAN1. interval<Interval> <interval>: Enter a value to set the interval between each ping operation. Available setting is between 1 and 3600. The unit is second.
Page 585 channel. <clear>: Enter clear to clear the port setting. <tag tag_no>: Enter a tag number (-1, 1~4095) for VLAN (e.g, tag -1, tag 100, and etc.) <service type/vlan priority>: Enter 0 or 1 (for service type, 0 for Normal, 1 for IGMP), or enter a value (0~7) for VLAN priority.
Page 586 wan vlan wan <#> <enable/disable> wan vlan wan <#> pri <value> wan vlan stat Parameter Description wan <#> tag <value> Specify which WAN interface will be tagged. <#>: Enter 1 for WAN1. tag: Type a number for tagging on WAN interface. <value>: Enter a number.
Page 587 This command allows you to run a WAN MTU Discovery. The user can specify an IPv6 target to ping and find the suitable MTU size of the WAN interface. wan detect_mtu6 -i <Host/IP address> -s <mtu_size> -w <1> Parameter Description -i <Host/IP address>...
Page 588 <ssid1 ssid2 ssid3 ssid4>: Enter ssid1, ssid2, ssid3, or ssid4 to select SSID1, SSID2, SSID3 or SSID4. <comment>: Enter a brief decription. <isolate>: Enter isolate. del <MAC> It means to delete a MAC address entry defined in the access control list. <MAC>: Enter a MAC address.
Page 589 wl config ratectl <ssid_num><enable> <upload download> wl config isolate <ssid_num> <lan member> wl config dtim <value> wl config beaconperiod <value> wl config radio <enable> wl config frag <value> wl config rts <value> wl config rate_alg <value> wl config country <value> Parameter Description mode <value>...
Page 590 <mode><key><index> connection. <SSID_NUMBER>: Enter 1, 2, 3 or 4 to specify SSID1, SSID2, SSID3 or SSID4. <mode>: Available settings are: disable: No security. wpa1x: WPA/802.1x Only wpa21x: WPA2/802.1x Only wpamix1x: Mixed (WPA+WPA2/802.1x only) wep1x: WEP/802.1x Only wpapsk: WPA/PSK wpa2psk: WPA2/PSK wpamixpsk: Mixed (WPA+WPA2)/PSK wep: <key>: Enter a string.
Page 591 country <value> <value>: Enter two capital letters (e.g., TW) to specify the country. > wl config mode 11bgn Current mode is 11bgn % <Note> Please restart wireless after you set the channel > wl config channel 13 Current channel is 13 % <Note>...
Page 592 % New Wlan Setting is: % SSID=MKT % Chan=2 % Wl is Enable This command allows users to activate wireless settings. wl act <En> Parameter Description <En> It means to enable or disable the function of VPN isolation. <enable>: Enter 0 or 1. 0: diable 1: enable >...
Page 593 This command allows users to activate the function of VPN isolation. wl iso_vpn <ssid> <En> Parameter Description <SSID>: Enter 1, 2, 3 or 4 to specify each SSID. <ssid> <En> 1, SSID1 2, SSID2 3, SSID3 4, SSID4 <En>: Enter 1 or 0 to enable or disable the function of VPN isolation.
Page 594 ACM can restrict stations from using specific category  class if it is enabled. Example: wl wmm ap 0 3 4 6 0 0 bss QueIdx Aifsn Cwmin It means to set WMM for wireless clients. Cwmax Txop ACM QueIdx means the number of the queue which the WMM ...
Page 595 > Vigor2620 Series User’s Guide...
Page 596 This command allows you to configure wireless settings. wl ht bw value wl ht gi value wl ht badecline value wl ht autoba value wl ht rdg value wl ht msdu value wl ht txpower value wl ht antenna value wl ht greenfield value Parameter Description...
Page 597 This command allows you to restart wireless setting. > wl restart Wireless restart....This command allows you to configure WDS settings. wl wds mode <value> wl wds security <value> wl wds ap <value> wl wds hello <value> wl wds status wl wds show wl wds mac add <index addr>...
Page 598 hello <value> It means to send hello message to remote end (peer). <value>: Enter 1 or 0. 1, enable the function. 0, disable the function. status It means to display WDS link status for 2.4GHz connection. show It means to display current WDS settings. mac add <index addr>...
Page 599 This command is used to display the wireless station which accessing Internet via Vigor router. wl stalist show wl statlist num Parameter Description show Display the station list. Display the number of wireless station. > wl stalist show 2.4G Wireless Station List : Index Status IP Address MAC Address Associated with...
Page 600 The apm command(s) is use to display, remove, discover or query the information of VigorAP registered to Vigor2620. apm enable amp disable apm show apm clear apm discover apm query Parameter Description enable Enable the APM function. disable Disable the APM function. show It displays current information of APM profile.
Page 601 > apm profile summary # Name SSID Security RateCtrl(U/D) - ---------------- ---------------- ------------ ------- ------ 0 Default DrayTek-LAN-A WPA+WPA2/PSK x DrayTek-LAN-B WPA+WPA2/PSK x 2 forcarrie DrayTek Disable This command is used to display or remove the information of registered VigorAP, including MAC address, name, and authentication.
Page 602 clear It means to remove the information related to VigorAP registered Vigor2620. > apm cache show Name Auth ------------ -------------------- -------------------- > This command allows to set parameters related to AP management control. apm lbcfg <set> <value> apm lbcfg <show> Parameter Description <set>...
Page 603 limit (for upload) 1 – Mbps 0 – kbps [10] – The tenth number means to determine the unit of traffic limit (for download) 1 – Mbps 0 – kbps [11] - Define the RSSI threshold (-200 ~ -50 dbm) show It shows the configuration value.
Page 604 This command is used to display related syslog data from central AP management. apm syslog > apm syslog "2015-11-04 12:24:21", "[APM] [VigorAP900_01daa902080] Get Rogue AP Detection Data from AP" 2015-11-04 12:24:56", "[APM] [VigorAP900_01daa902080] Get Rogue AP Detection Data from AP Success" 2015-11-04 12:34:21", "[APM] [VigorAP900_01daa902080] Get Rogue AP Detection Data from AP"...
Page 605 ６Ｂ 6rd Mode, 78 Backup, 110 6rd Prefix, 78 Backup MX, 127 6rd Prefix Length, 78 Bandwidth Limit, 300, 304 Bind IP to MAC, 108 Ａ Bind to WAN, 210 Bridge, 167 Access Control, 163 Bridge Mode, 55, 61 Access Mode, 47 Bridge Subnet, 55 Access Mode - Ethernet, 47...
Page 606 Data Flow Monitor, 371 DoS Flood Table, 377 DataType, 47 DrayTek Banner, 239 Daylight Saving, 287 DSL Mode, 45 Default Lifetime, 102 DSL Modem Code, 45 Default MAC Address, 52, 58, 61, 64, 66 DSL Status, 376 Default Preference, 102...
Page 607 Keep WAN Connection, 65 Ｈ Keyword Group, 347 Hardware Installation, 6 Keyword Object, 345 Hide SSID, 160 Host Name, 36 Ｌ LAN, 90 Ｉ LAN- General Setup, 92 Idle Timeout, 64, 82, 196 LAN Routed Prefix, 76 IGMP, 133 LAN to LAN, 198 IGMP Proxy, 133 Lease Time, 94, 96, 99 IGMP Snooping, 133...
Page 608 PPP General Setup, 189 Ｎ PPP Setup, 69 Name Link, 13 PPPoE, 21, 29 NAT, 112 PPPoE Pass-through, 51, 58 NAT Sessions Table, 368 PPPoE/PPPoA, 23 NAT Traversal, 132 PPTP, 196 Netbios Naming Packet, 196 PPTP/L2TP, 32 Network Configuration, 94, 96, 98 Prefix Len, 150 Network Interface, 150 Prefix Length, 75...
Page 609 Restore, 110 Source IP, 115, 121 RIP Protocol, 55, 61, 66 Specify an IP address, 59 RIPng Protocol, 71, 74, 76, 102 Specify Remote Node, 196 Root CA, 221 SPI, 226 Route Policy, 145 SSID, 157 Router Advertisement Configuration, 102 SSL Tunnel, 196 Router Name, 66, 285 SSL VPN, 209...
Page 610 Trusted CA, 222 VPN, 176 Trusted CA Certificate, 221 VPN and Remote Access, 177 TSPC, 71 VPN Client Wizard, 178 TTL (Time to Live), 50, 54, 57, 60, 62, 65, 70, 72, 73, VPN Server Wizard, 184 74, 75, 76, 78, 82 Tunnel Broker, 72, 73 Ｗ...

This manual is also suitable for:

Vigor2620ln Vigor2620lne

Draytek Vigor2620 LTE Series User Manual

Part I Installation

Part II Connectivity

Part III Wireless LAN

Part IV VPN

Part V Security

Part VI Management

Part VII Others

Part VIII Troubleshooting

Quick Links

Related Manuals for Draytek Vigor2620 LTE Series

Summary of Contents for Draytek Vigor2620 LTE Series