Draytek Vigor 3100 Series User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. Vigor 3100 Series
  6. User manual
Draytek Vigor 3100 Series User Manual

Draytek Vigor 3100 Series User Manual

Draytek vigor 3100 series router
Hide thumbs Also See for Vigor 3100 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
Vigor 3100 Series Router
User's Guide
Version: 1.01
Date: 2006/3/27
Copyright 2006 All rights reserved.
This publication contains information that is protected by copyright. No part may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright
holders. The scope of delivery and other details are subject to change without prior notice.
Microsoft is a registered trademark of Microsoft Corp.
Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp.
Apple and Mac OS are registered trademarks of Apple Computer Inc.
Other products may be trademarks or registered trademarks of their respective manufacturers.

Advertisement

Table of Contents
loading

Related Manuals for Draytek Vigor 3100 Series

Summary of Contents for Draytek Vigor 3100 Series

  • Page 1 Vigor 3100 Series Router User’s Guide Version: 1.01 Date: 2006/3/27 Copyright 2006 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.
  • Page 2 Vigor3100 Series User’s Guide...

  • Page 3: Table Of Contents

    Preface .......................1 1.1 LED Indicators and Connectors ....................1 1.1.1 LED Explanation ....................... 1 1.1.2 Connector Explanation ..................... 2 1.2 Hardware Installation ......................2 1.2.1 Chassis Connections ......................3 Configuring Basic Settings ................5 2.1 Changing Password ........................ 5 2.2 Quick Start Wizard ........................7 2.2.1 Adjusting Protocol/Encapsulation ..................
  • Page 4 3.4.4 IM Blocking ........................44 3.4.5 P2P Blocking ........................44 3.4.6 DoS Defense ........................45 3.4.7 URL Content Filter ......................48 3.4.8 Web Content Filter......................50 3.5 Applications ........................... 51 3.5.1 Dynamic DNS ......................... 51 3.5.2 Schedule ......................... 53 3.5.3 RADIUS .......................... 54 3.5.4 UPnP..........................
  • Page 5 Trouble Shooting ...................109 5.1 Checking If the Hardware Status Is OK or Not..............109 5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not ....109 5.3 Pinging the Router from Your Computer ................112 5.4 Checking If the ISP Settings are OK or Not .................113 5.5 Backing to Factory Default Setting If Necessary ..............114 5.6 Contacting Your Dealer ......................115 Vigor3100 Series User’s Guide...

  • Page 7: Preface

    Intranet. A VPN enables you to send data between two computers across a shared public Internet network in a manner that emulates the properties of a point-to-point private link. The DrayTek Vigor3300 series VPN router supports Internet-industry standards technology to provide customers with open, interoperable VPN solutions such as X.509, DHCP over Internet Protocol Security (IPSec) up to 200 tunnels, and...

  • Page 8: Connector Explanation

    WLAN The wireless LAN function is enabled. Blinking Ethernet packets are transmitting over wireless LAN. The G.SHDSL line is connected. Blinking It means that Ethernet packets are transmitting. It means that a normal 100Mbps connection is through its corresponding port. (1, 2, 3, 4) It means that a normal 10Mbps connection is through its corresponding port.

  • Page 9: Chassis Connections

    The Vigor3100 series can be mounted on a rack by using standard brackets in a 19-inch rack or optional larger brackets on 23-inch rack (not included). The bracket for the racks are shown below. Vigor3100 Series User’s Guide...
  • Page 10 Use brackets to set the Vigor router on the rack as shown below. After the bracket installation, the Vigor3100 chassis can be installed in a rack by using four screws for each side of the rack. Vigor3100 Series User’s Guide...

  • Page 11: Configuring Basic Settings

    For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully.
  • Page 12 Go to System Maintenance page and choose Administrator Password. Enter the login password (the default is blank) on the field of Old Password. Type a new one in the field of New Password and retype it on the field of Confirm Password. Then click OK to continue.

  • Page 13: Quick Start Wizard

    If your Vigor3100 can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. There are two phases of quick setup, one is protocol/encapsulation configuration; and the other is LAN configuration. In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such as PPPoE, PPPoA, Bridged IP, or Routed IP.

  • Page 14: Pppoe/Pppoa

    Primary DNS Assign a private IP address to the primary DNS. Second DNS Assign a private IP address to the secondary DNS. PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem.

  • Page 15: Bridged Ip

    Click Finish. The online status of this protocol will be shown as below. Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish.

  • Page 16: Routed Ip

    Click 1483 Routed IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Vigor3100 Series User’s Guide...

  • Page 17: Selecting Correct Annex Type

    Click Finish. The online status of this protocol will be shown as below. After finishing Quick Start Wizard, please go to Internet Access and choose DSL Settings for choosing correct annex type for your router. Use the drop down list of Annex Type for choosing A or B according to the annex type of your router.

  • Page 18: Online Status

    Now, check the online status for your router. The online status shows the system status, WAN status, ADSL Information and other status related to this router within one page. If you select PPPoE or PPPoA as the protocol, you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page.

  • Page 19: Saving Configuration

    Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor3100 Series User’s Guide...
  • Page 20 Vigor3100 Series User’s Guide...

  • Page 21: Advanced Web Configuration

    After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more setting for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to chapter 4.

  • Page 22: Pppoe/Pppoa

    When a router begins to connect to your ISP, a serial of discovery process will occur to ask for a connection. Then a session will be created. Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP.
  • Page 23 PPPoE Pass-through The router offers PPPoE dial-up connection. Besides, you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router. For Wired LAN – If you check this box, PCs on the same network can use another set of PPPoE session (different with the Host PC) to access into Internet.

  • Page 24: Mpoa

    If you do not check Join NAT IP Pool, you can still use these public IP addresses for other purpose, such as DMZ host, Open Ports. Default MAC Address Type in MAC address for the router. You can use Default MAC Address or specify another MAC address for your necessity.
  • Page 25 To choose MPoA as the accessing protocol of the internet, please select MPoA from the Internet Access menu. The following web page will be shown. MPoA(RFC1483/2684) Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.

  • Page 26: Multi-Pvcs

    You can set up to 8 public IP addresses other than the current one you are using. Specify an IP address – Click this radio button to specify some data. IP Address – Type in the private IP address. Subnet Mask – Type in the subnet mask. Gateway IP Address –...

  • Page 27: Dsl Settings

    Enable Type in the primary IP address for the router. If necessary, type Type in the value provided by your ISP. Type in the value provided by your ISP. QoS Type Select a proper QoS type for the channel. Protocol Select a proper protocol for this channel.

  • Page 28: Lan

    AdaptiveRate Set the connection rate for the network. MaxRate Select the maximum rate for this setting. Use the drop down list to select the one that suits your router. The default value is 2312. MinRate Select the minimum rate for this setting. Use the drop down list to select the one that suits your router.
  • Page 29 In some special case, you may have a public IP subnet from your ISP such as 220.135.240.0/24. This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside.

  • Page 30: General Setup

    This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup. 1st IP Address Type in private IP address for connecting to a local private network (Default: 192.168.1.1). 1st Subnet Mask Type in an address code that determines the size of the network.
  • Page 31 Start IP Address: Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses. If the 2nd IP address of your router is 220.135.240.1, the starting IP address must be 220.135.240.2 or greater, but smaller than 220.135.240.254. IP Pool Counts: Enter the number of IP addresses in the pool.

  • Page 32: Static Route

    LAN. Disable Server – Let you manually assign IP address to every host in the LAN. Relay Agent – (1 subnet/2 subnet) Specify which subnet that DHCP server is located the relay agent should redirect the DHCP request to. Start IP Address - Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses.
  • Page 33 Index The number (1 to 10) under Index allows you to open next page to setup static route. Destination Address Displays the destination address of the static route. Status Displays the status of the static route. Viewing Routing Table Displays the routing table for your reference. Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router.
  • Page 34 Go to LAN page and click General Setup, select 1st Subnet as the RIP Protocol Control. Then click the OK button. Note: There are two reasons that we have to apply RIP Protocol Control on 1st Subnet. The first is that the LAN interface can exchange RIP packets with the neighboring routers via the 1st subnet (192.168.1.0/24).

  • Page 35: Vlan

    Go to Diagnostics and choose Routing Table to verify current routing table. Click the Index Number that you want to disable from the Static Route Configuration page. Select Inactive/Disable from the drop-down menu, and then click the OK button to disable the route.
  • Page 36 To add or remove a VLAN, please refer to the following example. If, VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4. After checking the box to enable VLAN function, you will check the table according to the needs as shown below.

  • Page 37: Nat

    Usually, the router serves as an NAT (Network Address Translation) router. NAT is a mechanism that one or more private IP addresses can be mapped into a single public one. Public IP address is usually assigned by your ISP, for which you may get charged. Private IP addresses are recognized only among internal hosts.
  • Page 38 The port redirection can only apply to incoming traffic. The server users inside the LAN can not access public IP address of the server. The correct route is to access the server using the local private IP address of the server, or you should set up an alias in a Windows hosts file. Please only redirect the ports you know you have to forward rather than forward all ports.

  • Page 39: Dmz Host

    Private IP Specify the private IP address of the internal host providing the service. Private Port Specify the private port number of the service offered by the internal host. Active Check this box to activate the port-mapping entry you have defined. Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc.
  • Page 40 The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: Enable Check to enable the DMZ Host function. Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one.

  • Page 41: Open Ports

    If you previously have set up WAN Alias in Internet Access>>PPPoE/PPPoA or Internet Access>>MPoA, you will find them in Aux. WAN IP list for your selection. Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc.
  • Page 42 However, if you previously have set up WAN Alias in Internet Access>>PPPoE/PPPoA or Internet Access>>MPoA, you will find that WAN IP appeared for your selection. Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. Local Computer Enter the private IP address of the local host or click Choose PC to select one.

  • Page 43: Firewall

    While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet.
  • Page 44 Depending on whether there is an existing Internet connection, or in other words “the WAN link status is up or down”, the IP filter architecture categorizes traffic into two: Call Filter and Data Filter. Call Filter - When there is no existing Internet connection, Call Filter is applied to all traffic, all of which should be outgoing.
  • Page 45 As the popularity of all kinds of instant messenger application arises, communication cannot become much easier. Nevertheless, while some industry may leverage this as a great tool to connect with their customers, some industry may take reserve attitude in order to reduce employee misusage during office hour or prevent unknown security leak.

  • Page 46: General Setup

    ActiveX control object is usually used for providing interactive web feature. If malicious code hides inside, it may occupy user’s system. We all know that the content on the Internet just like other types of media may be inappropriate sometimes. As a responsible parent or employer, you should protect those in your trust against the hazards.

  • Page 47: Filter Setup

    Block - All blocked packets will be logged. Pass - All passed packets will be logged. No Match - The log function will record all packets that are not matched. Note that the filter log will be displayed on the Telnet terminal when you type the log -f command.
  • Page 48 Comment Enter filter set comments/description. Maximum length is 23–character long Next Filter Set Set the link to the next filter set to be executed after the current filter set. Do not make many filter sets a loop. To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Comments Enter filter set comments/description.
  • Page 49 Subnet Mask Select the Subnet Mask for the IP Address column for this filter rule to apply from the drop-down menu. Operator, Start Port The operator column specifies the port number settings. If the Start and End Port Port is empty, the Start Port and the End Port column will be ignored.

  • Page 50: Im Blocking

    IM Blocking means instant messenger blocking. Click Firewall and click IM Blocking to open the setup page. You will see a list of common IM (such as MSN, Yahoo, ICQ/AQL) applications. Check Enable IM Blocking and select the one(s) that you want to block. To block selected IM applications during specific periods, enter the number of the scheduler predefined in Applications>>Call Schedule.

  • Page 51: Dos Defense

    Action Specify the action for each protocol. Allow – Allow the client to access into the application through the specified protocol. Disallow – Forbid the client to access into the application through the specified protocol. Disallow upload – Forbid the client to access into the application through the specified protocol for downloading.
  • Page 52 Enable Dos Defense Check the box to activate the DoS Defense Functionality. Check the box to activate the SYN flood defense function. Once Enable SYN flood defense detecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value, the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout.
  • Page 53 Block IP options Check the box to activate the Block IP options function. The Vigor router will ignore any IP packets with IP option field in the datagram header. The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information, such as security, TCC (closed user group) parameters, a series of Internet addresses, routing messages...etc.

  • Page 54: Url Content Filter

    Protocol Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer. However, the protocol types greater than 100 are reserved and undefined at this time. Therefore, the router should have ability to detect and reject this kind of packets.
  • Page 55 Enable URL Access Check the box to activate URL Access Control. Control Black List (block those Click this button to restrict accessing into the corresponding matching keyword) webpage with the keywords listed on the box below. White List (pass those Click this button to allow accessing into the corresponding matching keyword) webpage with the keywords listed on the box below.

  • Page 56: Web Content Filter

    Enable Restrict Web Check the box to activate the function. Feature Java - Check the checkbox to activate the Block Java object function. The Vigor router will discard the Java objects from the Internet. ActiveX - Check the box to activate the Block ActiveX object function.

  • Page 57: Applications

    The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address.
  • Page 58 Select Index number 1 to add an account for the router. Check Enable Dynamic DNS Account, and choose correct Service Provider: dyndns.org, type the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block. The following two blocks should be typed your account Login Name: test and Password: test. Service Provider Select the service provider for the DDNS account.

  • Page 59: Schedule

    In the DDNS setup menu, uncheck Enable Dynamic DNS Setup, and push Clear All button to disable the function and clear all accounts from the router. Delete a Dynamic DNS Account In the DDNS setup menu, click the Index number you want to delete and then push Clear All button to delete the account.

  • Page 60: Radius

    Enable Schedule Setup Check to enable the schedule. Start Date (yyyy-mm-dd) Specify the starting date of the schedule. Start Time (hh:mm) Specify the starting time of the schedule. Duration Time (hh:mm) Specify the duration (or period) for the schedule. Action Specify which action Call Schedule should apply during the period of the schedule.

  • Page 61: Upnp

    Enable Check to enable RADIUS client feature Server IP Address Enter the IP address of RADIUS server Destination Port The UDP port number that the RADIUS server is using. The default value is 1812 , based on RFC 2138. Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them.
  • Page 62 After setting Enable UPNP Service setting, an icon of IP Broadband Connection on Router on Windows XP/Network Connections will appear. The connection status and control status will be able to be activated. The NAT Traversal of UPnP enables the multimedia features of your applications to operate.

  • Page 63: Quality Of Service

    Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches. Non-privileged users can control some router functions, including removing and adding port mappings. The UPnP function dynamically adds port mappings on behalf of some UPnP-aware applications.
  • Page 64 However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort.
  • Page 65 Reserved Bandwidth Ratio It is reserved for the group index in the form of ratio of reserved bandwidth to upstream speed and reserved bandwidth to downstream speed. Setup There are two-level of settings: Basic - setup Reserved Bandwidth Ratio according to the traffic service type.

  • Page 66: Vpn And Remote Access

    SrcEdit allows you to edit source address information. DestEdit allows you to edit destination address information. If you click one of the button, you will see the following dialog. From the Address Type drop-down list, please choose one of the selections as the address type. And type in Start IP Address and End IP Address and Subnet Mask.

  • Page 67: Ppp General Setup

    This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Dial-In PPP Authentication PAP Only Select this option to force the router to authenticate dial-in users with the PAP protocol. PAP or CHAP Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first.

  • Page 68: Ipsec General Setup

    Mutual Authentication (PAP) The Mutual Authentication function is mainly used to communicate with other routers or clients who need bi-directional authentication in order to provide stronger security, for example, Cisco routers. So you should enable this function when your peer router requires mutual authentication. You should further specify the User Name and Password of the mutual authentication peer.

  • Page 69: Ipsec Peer Identity

    IKE Authentication Method This usually applies to those are remote dial-in user or node (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key -Currently only support Pre-Shared Key authentication. Pre-Shared Key- Specify a key for IKE authentication Re-type Pre-Shared Key-Confirm the pre-shared key.

  • Page 70: Remote Dial-In User

    Profile Name Type in a name in this file. Accept Any Peer ID Click to accept any peer regardless of its identity. Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value. The field can be IP Address, Domain, or E-mail Address.
  • Page 71 Set to Factory Default Click to clear all indexes. User Display the username for the specific dial-in user of the LAN-to-LAN profile. The symbol ??? represents that the profile is empty. Status Display the access state of the specific dial-in user. The symbol V and X represent the specific dial-in user to be active and inactive, respectively.
  • Page 72 the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds. ISDN Allow the remote ISDN dial-in connection. You can further set up Callback function below. You should set the User Name and Password of remote dial-in user below PPTP Allow the remote dial-in user to make a PPTP VPN connection...

  • Page 73: Lan To Lan

    (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Local ID - Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional. Callback Function The callback function provides a callback service only for the ISDN dial-in user.
  • Page 74 Profile Name Specify a name for the profile of the LAN-to-LAN connection. Enable this profile Check here to activate this profile. Call Direction Specify the allowed call direction of this LAN-to-LAN profile. Both:-initiator/responder Dial-Out- initiator only Dial-In- responder only. Always On or Idle Timeout Always On-Check to enable router always keep VPN connection.
  • Page 75 Normally, if any one of VPN peers wants to disconnect the connection, it should follow a serial of packet exchange procedure to inform each other. However, if the remote peer disconnect without notice, Vigor router will by no where to know this situation.
  • Page 76 Medium Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active. High Encapsulating Security Payload (ESP)- means payload (data) will be encrypted and authenticated. Select from below: DES without Authentication -Use DES encryption algorithm and not apply any authentication scheme.
  • Page 77 may specify a value in between 900 and 86400 seconds. IKE phase 2 key lifetime-For security reason, the lifetime of key should be defined. The default value is 3600 seconds. You may specify a value in between 600 and 86400 seconds. Perfect Forward Secret (PFS)-The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2.
  • Page 78 PPTP Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below. IPSec Tunnel Allow the remote dial-in user to trigger a IPSec VPN connection through Internet.

  • Page 79: Connection Management

    encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Callback Function The callback function provides a callback service only for the ISDN dial-in user. The router owner will be charged the connection fee by the telecom. Check to enable Callback function-Enables the callback function.

  • Page 80: Certificate Management

    Dial Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dail information among 5, 10, an 30. Refresh Click this button to refresh the whole connection status. A digital certificate works as an electronic ID, which is issued by a certification authority (CA).

  • Page 81: Local Certificate

    Generate Click this button to open Generate Certificate Request window. Type in all the information that the window request. Then click Generate again. Import Click this button to import a saved file as the certification information. Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request.

  • Page 82: Trusted Ca Certificate

    After clicking Generate, the generated information will be displayed on the window below: Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse.. to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window.

  • Page 83: System Maintenance

    For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time setup, Reboot System, Firmware Upgrade. The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.

  • Page 84: Administrator Password

    Default Gateway Displays the assigned IP address of the default gateway. Displays the assigned IP address of the primary DNS. This page allows you to set new password. Old Password Type in the old password. The factory default setting for password is blank.
  • Page 85 In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available.

  • Page 86: Syslog/Mail Alert

    Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. SysLog function is provided to help users to monitor router. There is no bother to directly get into the Web Configurator of the router or borrow debug equipments. Enable Click “Enable”...

  • Page 87: Time And Date

    It allows you to specify where the time of the router should be inquired from. Current System Time Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as router’s system time.

  • Page 88: Management

    The port number used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls. Enable remote firmware upgrade Chick the checkbox to allow remote firmware upgrade through FTP (File Transfer Protocol).

  • Page 89: Reboot System

    In the following, we use an example to explain the firmware upgrade. Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com Click System Maintenance>>...

  • Page 90: Diagnostics

    Diagnostic Tools provide a useful way to view or diagnose the status of you Vigor router. Click Diagnostics and click WAN Connection to open the web page. Refresh To obtain the latest information, click here to reload the page. Broadband Access Mode/Status Display the broadband access mode and status. If the broadband connection is active, it will show Internet access mode is enabled.

  • Page 91: Arp Cache Table

    Refresh Click it to reload the page. Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Click it to reload the page.

  • Page 92: Nat Sessions Table

    Refresh Click it to reload the page. Click Diagnostics and click NAT Sessions Table to open the setup page. Vigor3100 Series User’s Guide...

  • Page 93: Application And Examples

    The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address.
  • Page 94 Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method.
  • Page 95 Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
  • Page 96 At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection. Settings in Router B in the remote office: Go to Remote Access Control to enable the necessary VPN service. Then, for using PPP based services, such as PPTP, L2TP, or ISDN, you have to set general settings in PPP General Setup.
  • Page 97 Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method.
  • Page 98 connection. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
  • Page 99 At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor3100 Series User’s Guide...

  • Page 100: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter

    The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host.
  • Page 101 Go to Remote Dial-In Users. Click on one index number to edit a profile. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
  • Page 102 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec www.draytek.com tunnel. You can find it in CD-ROM in the package or go to download center. Install as instructed.
  • Page 103 You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method.

  • Page 104: Qos Setting Example

    Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner. Assume a teleworker sometimes works at home and takes care of children. When working time, he would use Vigor router at home to connect to the server in the headquater office downtown via either HTTPS or VPN to check email and access internal database.

  • Page 105: Lan - Created By Using Nat

    HTTPS. And click Basic button on the right. Select HTTPS in the list on the left column and click on ADD to add to right column. Click OK to exit. Check the Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of VoIP influent other application.
  • Page 106 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. Vigor3100 Series User’s Guide...
  • Page 107 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Vigor3100 Series User’s Guide...

  • Page 108: Lan - Created By Using A Public Subnet

    – – An example of setting Vigor router for IP routing of public subnet and the corresponding deployment are shown below. You can just set the settings wrapped inside the red rectangles to fit the request of IP routing usage. Vigor3100 Series User’s Guide...

  • Page 109: Request A Certificate From A Ca Server On Windows Ca Server

    Go to Certificate Management and choose Local Certificate. Vigor3100 Series User’s Guide...
  • Page 110 You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example.
  • Page 111 Select Advanced request. Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate.

  • Page 112: Request A Ca Certificate And Set As Trusted On Windows Ca Server

    you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor3100 Series User’s Guide...
  • Page 113 Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer.
  • Page 114 Vigor3100 Series User’s Guide...

  • Page 115: Trouble Shooting

    This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow below sections to check your basic installation stage by stage. Checking if the hardware status is OK or not. Checking if the Network Connection Settings on your computer is OK or not.
  • Page 116 The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties.
  • Page 117 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor3100 Series User’s Guide...

  • Page 118: Pinging The Router From Your Computer

    The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer.

  • Page 119: Checking If The Isp Settings Are Ok Or Not

    Click Internet Access Setup group and then check whether the ISP settings are set correctly. Check if the Enable option is selected. Check if all parameters of DSL Modem Settings are entered with correct values that you got from your ISP. Check if Username and Password are entered with correct values that you got from your ISP.

  • Page 120: Backing To Factory Default Setting If Necessary

    Check if the Enable option is selected. Check if all parameters of DSL Modem Settings are entered with correct values that you got from your ISP. Check if IP Address, Subnet Mask and Gateway are set correctly, or use DHCP server to obtain IP automatically by clicking Obtain an IP address automatically.

  • Page 121: Contacting Your Dealer

    After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor3100 Series User’s Guide...
  • Page 122 Vigor3100 Series User’s Guide...

Table of Contents