Epson 3300 Network Router User Manual
Contents
1. Quick Setup System Network Advance Firewall QoS VPN VoIP 8 17 13 P M Network WAN Load Balance O Disable Enable C Auto Weight Backup Disable O Enable Edit IP Mode Active Default Route Load Balance Weight E Backup Slave VolP WANI Static 50 iv WAN2 Static 30 O WANS PPPoE 20 WAN4 PPTP O Apply Cancel Load Balance Enables or disables the WAN load balance function The Auto Weight option becomes available if Enable mode is selected Load Balance allows the router distributing data in and out of the Internet by using different WAN interfaces at the same time Backup Enables or disables backup function for WAN interfaces If you enable this function the backup master backup slave will execute the job of master slave device when the master slave device fails to work Vigor3300 Series User s Guide 37 38 Edit IP Mode Active Default Route Load Balance Weight Backup Master Backup Slave VoIP Open the configuration page of this WAN interface Displays current mode of this WAN interface There are five options Static DHCP PPPoE PPTP and DHCP Activates closes this WAN interface Sets this WAN interface as default route interface Adds this WAN interface to the load balance group Sets the weight load 10 90 for this WAN interface for load balance This selection is available only when Auto Weight is unchecked Sets this WAN interface as a master interface WANI must be as2. Network Interface Destination IP Gateway IP Mask 1 2 1 6 7 8 9 O 10 1 Edit Delete Delete All Network Interface Displays the network interface LAN WANI 2 3 or 4 Destination IP Displays the destination IP of the static route Gateway IP Displays the gateway address of the static route Mask Displays the subnet mask of this route Edit Allows users to edit the selected static route settings Delete Delete All Removes one or all the selected static route settings The system allows users to set up to 10 static routes for the router Edit the Static Route To edit static route for certain item select the radio button of the item and click Edit on the bottom of the page The following web page will be displayed Vigor3300 Series User s Guide a Vigor3300 series VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall Qos VPN VoIP 9 40 37 A M Advanced Static Route Edit Network Interface WAN1 Gateway IP 172 16 2 233 Destination IP 202 66 88 99 Subnet Mask 24 4 Apply Cancel Network Interface Select a network interface as a destination to be sent It includes LAN and WANI WAMN4 Gateway IP Assign an IP address of the gateway for the interface selected above Destination IP Assign the IP address of the destination that data will be transferred to Packets ready to destination will be sent out through the net
3. _ Status i Explanation It means a full duplex connection on corresponding port It means a half duplex connection on corresponding port wan _ WAN1 WAN2 WAN3 Interface Description Console Provided for technician use LAN P1 P4 Connecter for local networked devices WANI WAN3 Connecter for remote networked devices Connecter Specification Auxiliary Type Connected to Remarks Cables Color Power Cord 90 264V AC Vigor3300 Series User s Guide 7 1 2 Hardware Installation Before starting to configure the router you have to connect your devices correctly l Connect the power cord to the power port of Vigor3300 router on the rear panel and the other side into a wall outlet Power on the device by pressing the power switch on the rear panel The PWR LED should be ON The system starts to initiate After completing the system test the ACT LED will light up and start blinking Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of Vigor3300 Connect the other end of the cable RJ 45 to the Ethernet port on your computer that device also can connect to other computers to form a small area network The LAN LED for that port on the front panel will light up Connect a server modem router depends on your requirement to any available WAN port of the device with Ethernet cable RJ 45 The WAN LED will light up Connect telephone sets to the
4. In the Advanced group click the Radius option You will get the following page Vigor3300 Series User s Guide Quick Setup System Network Advanced Firewall Qos VPN VoIP 8 40 57 P M Advanced RADIUS O Disable Enable Server IP Address 69 14 1001 Destination Port 1812 Shared Secret ccce Confirm Shared Secret esoe WAN Interface WANI Apply Cancel Enable Disable Click Disable to disable this function Click Enable to activate this function Server IP Address Assign an IP address of a Radius server Destination Port Shared Secret Confirm Shared Secret WAN Interface Assign a destination port number used for Radius function Assign a code for authentication to server The RADIUS server and client share a secret which is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret Confirm the code assigned in Shared Secret field Select one specific WAN interface to be used Click Apply to reboot the system and apply the settings Vigor3300 Series User s Guide 61 3 3 4 Port Block The Port Block function provides a user to set lots of proprietary port numbers Packets will be dropped if destination ports both TCP and UCP of packets with these assigned port numbers are on WAN and LAN The advantage of this feature is to filter some unnecessary packets or attacking packets on Internet environment or LAN network Vigor3300 Serie
5. In the Network setting type the subnet 192 168 2 0 to LAN2 For example the VLAN6 LAN IP is 192 168 2 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 2 2 to 192 168 2 254 In the Network setting type the subnet 192 168 3 0 to LAN3 For example the VLAN7 LAN IP is 192 168 3 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 3 2 to 192 168 3 254 In the Network setting type the subnet 192 168 4 0 to LAN4 For example the VLAN8 LAN IP is 192 168 4 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 4 2 to 192 168 4 254 Vigor3300 Series User s Guide A 3 2 Two VLANs for Different Departments in A Company A company wants to separate the Engineer Department and Other Departments to limit their communication to protect the engineering data In this case we can define two VLANs that are VLANS and VLANG6 The subnet of VLANS is 192 168 1 0 and the subnet of VLAN6 is 192 168 2 0 192 168 1 0 192 168 1 0 192 168 4 0 192 168 2 0 auw bi zos auw bi zos SJ Engineer Department Engineer Department Other Departments Other Departments Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS and VLAN6 Groups 3 Inthe VLANS type 5 to VLAN ID In the Member field choose p1 and p2 Then choose Tagged for Frame Tag O
6. VPN IPSec User Certificate 2 Generate Generate Certificate Signing Request Certification Name ID Type ID Value User Certificate Information Organization Unit Organization Locality City State Province Common Name Country e mail Key Size Certification Name ID Type ID Value Organization Unit Organization Locality City State Province Common Name Country E mail Key Size 3300CA _0804 Domain Name vi RDS Draytek Houko Hsin Chu abc Taivan v abc draytek com tw 1024 Bits Apply Cancel The name of the certification entry The ID type for this entry There are three types Domain Name Certificated by domain name IP Certificated by IP address Email Certificated by email address The ID value for this entry The unit value of this organization The value of this organization The local city name of this entry The state name of this entry The common name for this entry The country name of this entry The email address of this entry The key size for this entry There are 3 options 1024 Bits 1536 Bits and 2048 Bits When you finish the configuration please click Apply to invoke it To download a user certificate please click index number one with the status of Request Generated and click the Download button If not you might see the following dialog to warn you Vigor3300 Series User s Guide 101 M
7. Vigor3300 Series User s Guide Symmetric Media 3 7 9 Incoming Call Barring Full auto no need to config NAT only for SIP If you click this function the user does not configure NAT information STUN Local Port Type the port number of the STUN server STUN Server Address Type the IP address of the STUN server STUN Server Port Type the port number of the STUN Server Disable symmetric RTP and T 38 Click this button to make RTP and T 38 being not symmetrical Enable symmetric RTP and T 38 Click this button to make RTP and T 38 being symmetrical When Vigor3300 detects the IP address of the receiving packets differing with the address informed by remote end Vigor3300 will change the IP address automatically according to the real IP address of the packets to ensure the remote receiver can get the packets This feature is used to bar incoming VoIP calls from the Internet Barring classes can be specified to allow or deny incoming calls There are five barring classes on the device The default setting is Allow all incoming calls Set This page allows you to choose a barring class match method and set a range for speed dial entries for the incoming call barring VoIP Incoming Call Barring Set Barring Class only Deny calls from deny list Match Method Disable Name Disable IP Domain Speed Dial Entries From 1 M Ta 150 Barring Class Vigor3300 Ser
8. 0 J o 0 5060 o 5060 300 0 Oo de a jo a jo o Example iptel iptel org iptel org iptel org Apply Cancel For SIP Configuration SIP Local Port Active Outbound Proxy Proxy Name Proxy Address Proxy Port Registrar Address Registrar Port Expires Domain Type the port number for SIP protocol The default value is 5060 Click this box to activate this SIP proxy server setting Check this box to enable this function for sending SIP protocol packets to an SIP proxy server Type the name of the SIP proxy server Type the IP address of the SIP proxy server Type the port number of the SIP proxy server Type the IP address or domain name of the SIP registrar server Type the port number of the SIP registrar server Type the timeout value for SIP protocols The default value is 300 Type the IP address or domain name of the SIP Domain Realm You can set up to 3 sets of SIP configurations in this page 108 Vigor3300 Series User s Guide For MGCP Configuration VoIP Protocol Select Protocol O SIP Om GCP MGCP SIP Configuration Configuration MGCP Local Port 2427 MGCP Call Agent Address 192 168 100 100 MGCP Call Agent Port 2727 EndPoint Name Style aalni fip_addr O mac_addr lip_addr Oa aln mac_addr O aaln Wild carded RSIP Each endpoint sends its own RSIP Send only one wild RSIP Apply Cancel MGCP Local Port The UDP port number in MGCP loc
9. cccccccccccccccssssseeceeeeeeseeeesseceeeeeeeeesseeeeeeeeseueaseeeeeeseessaaaeeeees 30 Sr PREDO O eee E A A E E A 33 arD OSIC TIOS e i aniursiniresehcaaidieaeedentelaaucicns 34 3 2 NGIWOIK SCUUD sac senecGacevsencnncdhadesnetaeested EE EEEE RE EEEE EEEE 37 3 2 1 WAN and Internet Access Setup cc ceecccccccceceeseeseeeeeeeeeeeeeseeeeeeesssaeeaeeeeeeeeessaaeeeeess 37 ae PLAN e E E E E 44 3 23 Load Balance POMC as sccasccsaacnactiocodadasinctctsnsahsunstanetdceiancbted ostdentsseniatanndadaedoentdonseacenaddens 47 3 24 High Availability cncascahanatisenasingenstentebtecoadiautnnsdidaundesheedan coset ENE ES NEEE N 48 I NG oer ce terns E E E E E E E E E EE 50 TAAU NCA EU en ee EA EEE RE E E E E i 51 OW OUI MOWE E e E E E E E 52 NATSU a A a E a 54 Coes ae RADIUS GE hena a A ee ee ene ee eee 60 Ce OM OG orrori deers en cncsee ecencs E E E E T E E R 62 SAS DDN S CUD a a se ssesanaincivasmonanactasn ata nacdackvsseesenustseodeaaueiestuavaes cacaes 62 3 3 0 Call Schedul SCID crisci neogeno aaiae muachesdececabssenetedosssadde 65 3 3 7 WAN Port Mirroring Setup cscs ccs cose excise ceseccsictduczeceee sau siaescatasadocsvacedpedenddakssanscosatenctebeseesses 67 Vigor3300 Series User s Guide iii 3 3 8 LAN Port Mirroring S tup ccccccsssecccceeseececccseeseeeceeeauseeeesseaueeeeeseeaseeeseauseeeesesageeeess 68 Os LAN VEAN SETUD eerie a e cians E EE EES r A 68 TONM P e ra E E E E E E E E EA EA 71 SA FEW EUD a E E E EE 76 Oe A cs
10. eae reer IP Address Displays the IP address of the WAN interface MAC Address Displays the MAC address of the WAN Interface Primary DNS Displays the IP address of the primary DNS Secondary DNS Displays the IP address of the secondary DNS Gateway Displays the IP address of the default gateway RX Packets Displays the total received packets for each WAN interface TX Packets Displays the total transmitted packets for each WAN interface Connection Status Displays the connection status of the WAN interface Up Time Displays the total system uptime of the interface Vigor3300 Series User s Guide 25 26 3 1 2 Time As an NTP Network Time Protocol client the router gets standard time from the time server Some time based functions such as Call Schedule and URL Content filtering cannot work properly until the system time functions run successfully Typically NTP achieves high accuracy and reliability with multiple redundant servers and diverse network paths The Vigor3300 Series supports synchronization with a specific NTP server or the remote PC host of the administrator In the System group click the Time option The Time page is shown below System Time NTP Server Time Zone Daylight Saving Time Update Interval Use Browser Time Use NTP Time NTP Server Time Zone Daylight Savings Time Update Interval Apply GMT 00 00 Greenwich Mean Time NotUse Ouse 30 seconds w
11. 172 16 3 88 IP Alias List 1 10 1 1 101 2 10 1 1 102 4 6 9 32 Apply Reset Cancel IP Address Sets the private IP address of WAN interface Subnet Mask Sets the subnet mask value of WAN interface Default Gateway Sets the private IP address of gateway Primary DNS Sets the private IP address of primary DNS Secondary DNS Sets the private IP address of secondary DNS Vigor3300 Series User s Guide 39 Host Name Domain Name Detect Type Detect Interval sec No Reply Count Detect Destination Host IP or Domain Name IP Alias List Apply Reset 40 Some ISP may ask you to type your host name Please type in if necessary Some ISP may ask you to type your domain name Please type in if necessary Select a detecting type for this WAN interface There are three ways Send ARP to Gateway Send PING and Send HTTP Request supported in 3300 send Http Request Send ARP to Gateway Send PING Send Http Request Assign an interval period of time for each detecting The minimum value is 3 and no limit for maximum value Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not If not the connection of WAN inte
12. Compressed Files Execution Files Cookie Proxy Multimedia Files Filter Schedule a Restrict Web ne SurfControl Filter Schedule Apply Cancel Activates the Block Java object function The router will discard Java objects from the Internet Activates the Block ActiveX object function The router will discard ActiveX object from the Internet Activates the Block Compressed file function to prevent from downloading of any compressed file These following types of compressed files are blocked by the router Zip rar arj ace cab sit Activates the Block Executable file function to prevent from downloading of any executable file The following types of executable files are blocked by the router exe com scr pif bas bat inf reg Activates the Block Cookie function Cookies are used by many websites to create stateful sessions for tracking Internet users which would violate the users privacy The router will filter out all cookies related transmissions Activates the Block Proxy function The router will filter out all proxy related transmissions Activates the Block Multimedia function The router will filter out multimedia from any website Filter Schedule function controls what times the URL content filter should be active It can specify what times the URL content filtering facility should be active Vigor3300 Series User s Guide 87 Firewall URL
13. Dublin wv Apply Cancel Click this option to use the browser time from the remote administrator PC host as router s system time Click this option to use the time from an NTP server as router s system time Assign a public IP address or domain name of the NTP server Select the time zone where the Vigor3300 1s located Select Use to activate this function This function is useful for some areas Select a time interval for updating from the NTP server Click Apply to save these settings Vigor3300 Series User s Guide 3 1 3 Syslog The Vigor3300 Series supports a Syslog function to keep a record of abnormal conditions The router will send Syslog packets to a Syslog server on the remote site The administrator can observe any abnormal events from Vigor3300 In the System group click the Syslog option The Syslog web page is shown below System Syslog log Server IP 0 0 0 0 log Server Port 514 Apply Cancel Status Click Enable to activate this function The router will send system log message for your reference If you click Disable the router will not send out any message about system log Syslog Server IP The IP address of the Syslog server If a user assigns an IP address of 0 0 0 0 the Syslog function will be disabled Then Vigor3300 will not send Syslog packets to the Syslog server Syslog Server Port Assign a port for the Syslog protocol Apply Click Apply to save these set
14. Port 1 FXS Hotline Vigor3300 Series User s Guide Apply Cancel Click Enable to activate this port or Disable to close this port User Name Type the user name a number for each phone line Password Type the user password for each phone line Display Name Type the user name to be displayed on another phone terminal Authentication ID Type the characters for authenticate this port Proxy Server Type the SIP proxy server to be applied on this port VoIP IP Address The interface is used to apply VoIP traffics There are two options WAN and LAN VPN If LAN VPN is selected VoIP can be applied through a VPN tunnel to create a high security voice phone Hotline Number to Internet Pre set a phone number to make the port dialing out to Internet automatically 111 112 FXO Codec CAS FAX Hotline Number to PBX PSTN Pre set a phone number to make the port dialing out to PBX PSTN automatically Manual Disconnection Click Disconnect to disconnect this phone line by manual Preferred Codec It can be applied on this port Vigor3300 supports five Codecs The default setting is G 729A You can choose another one as preferred Codec for outgoing calls G 7294 8kbps v G 711U PCHU 64kbps G 711A PCMA 64kbps G 7294 Skbps G 723 1 63kbps G 726 32kbps Single Codec If you checked this box only preferred codec will be used for outgoing and incoming calls And if the
15. Quick Setup System Network Advanced Firewall Qos VPN VoIP 8 35 51 P M Advanced DDNS Setting Status O Disable Enable Interface VAN1 v Server Provider dyndns org www dyndns org v Server Type dynamic Domain Name abc dyndns org Login Name draytek Login Password eeeccce a Wild Card Disable O Enable Backup Mx Disable O Enable Mail Extender dray draytek com Apply Cancel C k 1 I 1 Dr k j p Status Click Disable to disable this function Click Enable to activate this function Interface Select a specific interface for registering on DDNS server The Interface should be any WAN port on V3300 series Vigor3300 Series User s Guide 63 64 Server Provider Server Type Domain Name Login Name Login Password Wild Card Backup MX Mail Extender Assign a provider name to support DDNS server The Vigor3300 supports 7 domain server providers as default dyndns org vwy dyndns orq i no 1p com www no 1p com DtDNS www dtdns com ChangelP com www changeip com dynamic naneserver www dynamic nameserver com huagai net waw ddns cn Select Static Dynamic or Custom type for this entry of DDNS settings Assign a private domain name to be accessed Assign a name to login into DDNS server Assign a password to login into DDNS server If you want anything here yourhost dyndns org to work EX To make things like www yourhost dyndns org work click Enab
16. Vigor3300 Series User s Guide Edit 10 1 1 1 724 I 10 1 2 1 24 m O Basit Advanced None vi Basic O Advanced O None v Hex undefined wv Apply Cancel Type the source IP address with subnet mask value to be applied for this filter Type the destination IP address with subnet mask value to be applied for this filter There are three options for you to choose Basic Only the Service Type field is allowed to be configured Advanced The Protocol and Port fields are allowed to be configured None No field is allowed to be configured 91 92 Service Type Protocol Port DiffServ CodePoint Status DiffServ CodePoint Type DiffServ CodePoint Class Select the service type that you want to use There are thirty five service types provided CU SEEME LO TCP UDP 7648 a DNS TCP UDP 53 F FINGER TCP 79 H 323 TCP 1720 HTTP TCP 80 HTTPS TCP 443 IKE UDP 500 IPSEC AH IP 51 IPSEC ESP IP 50 IRC TCP UDP 6667 L2TP UDP 1701 NEWS TCP 144 NFS UDP 2049 NNTP TCP 1193 PING IP 1 POP3 TCP 110 PPTP TCP 1723 RCMD TCP 512 REAL AUDIO TCP 7070 RTSP TCP UDP 554 SFTP TCP 115 SMTP TCP 25 SNMP TCP UDP 161 SNMP TRAPS TCP UDP 162 SOL NET TCP 1521 SSH TCP UDP 22 SYSLOG UDP 514 TELNET TCP 23 TFTP UDP 69 FTP TCP 20 21 v lt There are three options TCP UDP and TCP UDP Cho
17. 0E 0C 35 E3 EA 11 seconds Refresh Assigned IP Displays the IP address of the static DHCP server MAC Address Displays the MAC address of the static DHCP server Time Left Displays the remaining time for this IP address assigned by DHCP server When the time expired such IP address would not be kept for this client and might be assigned to other client Refresh Click Refresh to re display this web page for getting newest routing information Vigor3300 Series User s Guide 35 36 Select View NAT Active Sessions Table to get the following page This table can display about 30000 sessions with 20 pages Vigor3300 series MultiService Security Quick Setup System Network Advanced Firewall Qos VPN VoIP 5 38 13 P M VIGOROUS BROADBAND ACCESS Type Expire in State Source IP Dest IP sPort dPort Rep Source IP Rep Dest IP sPort dPort tcp 591 ESTABLISHED 192 168 1 222 207 46 6 24 3435 1863 207 46 6 24 172a T6424 225 1863 34682 tcp 598 ESTABLISHED 192 168 1 222 207 46 6 153 3476 1863 207 46 6 153 172 16 2 225 1863 34723 lt gt Page Index 1234567891011 1213141516 17 1819 20 Type Displays the protocol used for the active session Expire in State Source IP Dest IP sPort dPort Rep Source IP Rep Dest IP sPort dPort Displays the remaining time second of this session Displays the condition of this session Displays the source IP address of the packet transmitted Displays the destination IP address of the pa
18. 21 seconds 34 BBB 53 9401 Tue Aug 1 14 27 42 2006 Displays the model name of the router Displays the hardware version of the router Displays the firmware version of the router Displays the date and time of the current firmware build Displays the amount of time that the router has been online Displays the average percentage of the CPU being used Displays the percentage of memory being used me Displays the current local system time The status of LAN connection is shown in this page Simply click LAN Status tag to get the detailed Vigor3300 series MultiService Security Network Quick Setup System System Status Refresh Option Advance Firewall Qos VPN VoIP 2 59 48 P M Every 10 Seconds Vv Basic Status WAN Status IP Address 192 168 1 99 MAC Address 00 50 7F 64 38 05 High Available Status Master RX Packets 1369086 TX Packets 248268 IP Address Displays the IP address of the LAN interface MAC Address Displays the MAC address of the LAN Interface Vigor3300 Series User s Guide 23 24 High Available Status RX Packets TX Packets The High Available Status is shown when the function is enabled When there are two Vigor3300 devices in the same LAN one can be set as Master device and the other can be set as Slave device Master It means that Vigor3300 plays the Master role in high availability feature Slave It means that Vigor3300 plays the Slave role in high
19. Ds A sector size 69096 sector size 65906 sector size 60506 sector size 69996 tector size 655936 flash block at bf d3baeo t ethaddr 68 50 7 28 88 23 ethaddrl 60 50 7f 28 00 e4 ethaddr 00 30 7 25 00 e4 default_nif_wanl_mac AD 5A FF 20 AN o Hdefaul t_nit_wan _mac 00 50 7f 78 80 e5 dofault_nif_wand_mac 60 50 7 28 80 06 Hdefault nit wani mac BA DA ef 28 BB a HE AE d ETa E a amp Y3 board for Vo GPIO anita have voip card Draytek login 3300 series AUS dataci grani amp h I 3 1 7 Reboot The Vigor3300 Series system can be restarted from a Web browser Reboot screen can appear after you finish the changing of WAN and LAN settings You have to reboot the router to invoke the configured settings that you made before Besides you can select Reset to factory default to reboot the device and retrieve the default settings In the System group choose the Reboot option In the web page of Reboot a user must either keep the current configuration settings or use the default configuration after the Vigor3300 Series system has been rebooted Ig 300 series VIGOROUS J AND ACCESS MultiService Security Quick Setup System Network Advanced Firewall Qos VPN VoIP 5 23 46 P M System Reboot System rebooting will take 70 seconds Cl Reset to factory default Click Apply to reboot the whole system The rebooting procedure usually takes 70 or more seconds Vigor3300 serie
20. E Downstream Rate 102400 kbps Upstream Rate 102400 kbps Type Fast Ethernet v Physical Mode uto Negotiation IP Mode Static DHCP OPPPoE O PPTP PPPOE PPTP Configuration Configuration After setting up the WAN interface the user can click Next to setup the LAN interface continuously Quick Setup LAN DHCP Relay l LAN IP DHCP Raat IP Routing IP Configuration IP Address 192 168 1 1 Subnet Mask 255 255 255 0 DHCP Server Status eEnable ODisable O Relay Agent Start IP 192 168 1 10 End IP 192 168 1 254 Primary DNS Secondary DNS Lease Time Min 1440 Gateway IP Optional lt lt Previous Finish IP Address Assign an IP address for the LAN interface Subnet Mask Assign the subnet mask for the LAN interface Status Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Start IP Assign the start IP address of the IP pool that DHCP server can use for clients in LAN Vigor3300 Series User s Guide 17 18 End IP Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN Primary DNS Type the IP address for primary DNS When you finished the above required settings please click Finish A system reboot page will appear Click Apply to activate the DHCP mode configuration 2 2 4 PPPoE This mode is used
21. Internet Protocol The default wide area network protocol that provides communication across diverse interoonnected networks Show icon in notification area when connected Notify me when this connection has limited or no connectivity Select Obtain an IP address automatically and Obtain DNS server address automatically Internet Protocol TCP IP Properties General Akemate Configuration You can get IP settings assigned automatically if your network supports this capabdty Uthenwse you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically O Use the following IP address O Use the following DNS server addresses Prefered DNS server lemas ONS Vigor3300 Series User s Guide 129 For MacOs 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 aA Network mAg Show All Displays Sound Network Startup Disk Location Automatic Ke Show Built in Ethernet HH PPPoE AppleTalk Proxies Ethernet Configure IPv4 Using DHCP Hd IP Address 192 168 1 10 Renew DHCP Lease Subnet Mask 255 255 255 0 DHCP Client ID If required Router 192 168 1 1 DNS Servers Optional Search Domains Optional IPv6 Address fe80 0000 0000 0000
22. QoS Quality of Service guaranteed technology in the Vigor 3300 Series allows the network administrator to monitor analyze and allocate bandwidth for various types of network traffic in real time and or for business critical traffic Thus timing sensitive applications will not be impacted by web surfing traffic or other non critical applications such as file transfer Without QoS guaranteed control there would be virtually no way to prioritize Vigor3300 Series User s Guide users services or guarantee allocation of finite bandwidth resources to network or servers for supporting timing sensitive and mission critical network applications such as VoIP Voice over IP and online gaming applications Differentiated quality of service is therefore one of the most important issues over the Internet infrastructure In the Vigor 3300 Series DSCP Differentiated Service Code Point support is also taken into consideration in the design of theQoS guaranteed control module The QoS function handles incoming and outgoing classes independently Users can configure incoming or outgoing separately without any impact on the other VIGOROUS BROADBAND ACCESS Quick Setup System Network Advanced Firewall VPN VoIP 4 28 47 P M p Incoming Class Setup Incoming Class Filter p Outgoing Class Setup Sy Outgoing Class Filter System Status Refresh Option No Refresh v Refresh LAN Status WAN status Model VYigor330
23. Series User s Guide Read only Readyrite Apply Cancel Type the community string e g public for SNMP Assign a value of subnet mask for host IP address 73 74 Max Access Select the authority as Read only or Read Write Read only means user only can monitor managed devices Read Write means user can control managed devices including change the values of variable stored within managed devices Apply Click Apply to save this setting and return the previous page To delete an item click the radio button of the item that you want to delete Then click Delete on the bottom of the page to remove the entry A dialog will be prompted for you to ask confirmation Click OK SNMP Traps In managed network by SNMP protocol agent will send a specific packet as an attention for administrator called Trap Trap is the only PDU Protocol data unit sent by an agent on its own initiative It is used to notify the management station of an unusual event that may demand further attention like a link down Choose SNMP Traps option to see the following page VIGOROUS BROADBAND ACCESS MultiService Security j Quick Setup System Network Advanced Firewall QoS VPN VoIP 8 08 16 P M EMS SNMP Traps Trap Server Trap Community Trap server port 4 1 0 8 a 10 1 Edit Delete Delete All Trap Server Display the IP address of the trap server Trap Community Display the community string of the trap se
24. Vigor3300 Series User s Guide 153 154 the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the switch In the VLAN8 type 8 to VLAN ID In the Member field choose p1 p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from some users Advanced LAN VLAN Setting Disable Port Base VLAN 902 10 VLAN Port Base 02 10 VLAN VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation P1 MANS 6 je P4 P1 P2 P3 P4 Enable management port for F4 SSS Port Setting P1 p2 P3 P4 Apply Reset Cancel After applying the settings the web page will be redirected to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure After rebooting the tagged ports will communicate with 802 1Q tagged devices only The network configuration is the same with A 2 1 Please refer to A 2 1 part Vigor3300 Series User s Guide
25. an IP address Click it to allow specified IP addresses or subnets to be passed through The allowed IP address The allowed subnet mask of IP address The list of IP addresses where content filter rules are not applied SurfControl can help to avoid your employees accessing into improper websites and affecting the work efficiency protect your children from viewing inappropriate websites and accessing chat rooms and monitor and control web access from all computers connected to your router Vigor3300 Series User s Guide 85 86 Firewall URL Filter ODisable Enable URL Access SurfControl Restrict Web Control Feature Access Control by Category Filter schedule CPA Server ODisable Enable Activate Free Trial and Purchase Subscription D Select a CPA Server asia surfcpa com z 7 i glact a GPA Selar asia surfcpa com Test a site to verify whether it is categorized SurfContrel Permitted Categories List Forbidden Categories List others Categories are downloaded from the Surfcontrol Server URL Option v Add Edit Delete Exception URL List Examples of URL yuun abe org all items under this host and the host itself will be considered yuna abe org direct all items under this hosts particular directory excluding the directory itself will be considered wuun abc org page htm only this particular
26. availability feature If there is only one Vigor3300 used in LAN this line will be blank Displays the total number of received packets at the LAN interface Displays the total transmitted packets at the LAN interface Vigor3300 Series User s Guide WAN Status The status of WAN interface Static DHCP PPPoE PPTP or DMZ is shown in this page Simply click WAN Status tag to get the detailed There are four sets of WAN status can be shown in this page at one time The sample below just lists one set of WAN status for only WAN interface is used Vigor3300 series VIGOROUS BROADBAND ACCESS MultiService Security A Me BUICK Setlip System Hatwork Ady anced Firewall PFH Yor 6 17 27 F k System Status FG O ar phig He Retresh a Basic Status LAN Status WAN Status WAN WAM IF Acicireme VFS 2 326 IF Acicdreee MAC Acie Priman ONA BGC Oh ary S OO Ft sted ch i AA A i i TEE M a Ti MAC Agira a OO Tt ated et Primary Gls BRCan dary UNS aa aay i72 76 2 2453 A giray Rai Packets i 1 A n Packets m Packets 12030 m Pe hele Sennection Status connected Coennection Biatu Lip Time 0 days 2 hours O minutes 0 seconds Up Time WAN WANA IP Address MAC Address Primar OMS Secondary ONG O0 50 Ftated ce IF Address MAC Address MUNET A fated cg Primary DAS Secondary ONS AIR A DAIRA AY Rex Packots RX Packets Tx Packeta TX Packets Connection status Connection Status
27. dealer for help For any further questions please send e mail to support draytek com Vigor3300 Series User s Guide Appendix A Application for 802 1 VLAN A 1 Block LAN to LAN Communication To control the communication of PCs among different network segments effectively please adjust firewall setting to deny LAN to LAN communication from Firewall gt IP Filter Group Table Thus PCs that belong to various LANs will not connect with each other through the router To a company with several departments such feature is useful for it to determine data sharing among different departments 1 Open Firewall gt IP Filter gt Group Table to access into the following page Click Index 2 radio button Firewall IP Filter Group Table IP Fitter Group Table Index Group Name Next Group Comment f Pass Block Group for pass rules O 2 Block none Group for block rules Add Edit Delete 2 In this page click Add Rule Choose Block as Next Group Name Firewall IP Filter Table Group Mame sock Next Group Mame Comment Group for block rules Add Rule Apply Cancel 3 In the following page please set Block immediately as the action and click Apply Vigor3300 Series User s Guide 137 Firewall IP Filter Add Filter Rule Filter Condition Active SOUrCE IP any Subnet Mask 255 255 265 0 Destination IP any Subnet Mask 000000 Group Mame Block Frotocol Direction Fragment Action B
28. des 3des w CI PFS Perfect Forward Secrecy Accept all supported proposal v O Disable Enable 30 seconds 120 seconds Apply Cancel Key Lifetime main The rekey renegotiated period of the IKE Phasel keying Proposal main channel of a connection The acceptable range is from 5 to 480 minutes 8 hours The proposed encryption and or authentication algorithms for IKE Phasel negotiation There are several proposals offered in this page with combination of three types of algorithms Encryption algorithms DES 3DES AES Authentication algorithms MD5 SHA1 DH Diffie Hellman Group MODP768 MODP1024 MODP1536 Proposal eee des nmnd5 modpr bg des md5 modpilz 4 des nmd5 modpi536 dea amp ha modp7 bg des sha modpilz 4 des sha modpi536 3des md5 modp7bg 3des nmnd5 modpilz 4 3des nmnd5 modpi536 3des sha modp7 bs 3des sha modpilz 4 3des sha modpi536 aes z 8 md5 modpr 68 aes 2 8 md5 modpilz 4 aes z2 8 md5 modpi536 aeslz8 sha modp 68 aes 28 sha modpilz 4 aes 28 sha modpi5b36 Key Lifetime quick The rekey renegotiated period of the IKE Phase2 keying Vigor3300 Series User s Guide channel The acceptable range is from 5 to 1440 minutes 24 hours 97 Proposal quick Accepted Proposal PFS Status Delay Timeout The proposed encryption and or authentication algorithms for IKE Phase2 negotiations There are 2 options Encryption algorithms NULL
29. function The router will reject any ICMP echo request destined for the broadcast address Enable Block Trace Route Activates the Block trace route function The router will not forward any trace route packets Enable Block SYN Activates the Block SYN fragment function Any packets Fragment having the SYN flag and fragmented bit sets will be dropped Enable Block Fraggle Activates the Block fraggle Attack function Any broadcast Attack UDP packets received from the Internet are blocked Enable TCP Flag Scan Activates the Block TCP flag scan function Any TCP packet with an anomalous flag setting is dropped These scanning activities include no flag scan FIN without ACK scan SYN FIN scan Xmas scan and full Xmas scan Enable Tear Drop Activates the Block Tear Drop function This attack involves the perpetrator sending overlapping packets to the target hosts so that target host will hang once they re construct the packets The routers will block any packets resembling this attacking activity Enable Ping of Death Activates the Block Ping of Death function Many machines may crash when receiving an ICMP datagram that exceeds the maximum length The router will block any fragmented ICMP packets with a length greater than 1024 octets Enable Block ICMP Activates the Block ICMP fragment function Any ICMP Fragment packets with fragmented bit sets are dropped Enable Block Unknown Activates the Block Unknown Protocol function The router P
30. item page or file will be considered CPA Server Select a CPA Server Permitted Categories List Forbidden Categories List URL Option Exception URL List Apply Cancel Enable or Disable URL Access Control The domain name is used to as a CPA server The name should be filled when enable CPA Server otherwise it will impact performance The permitted categories are obtained from the selected CPA Server The forbidden categories are obtained from the selected CPA server The URL domain name Allow or Deny the selected URL The list of filtered URLs It is recommended for you to refer to Web Content Filter user s guide for more information about SurfControl Restrict Web Feature This feature blocks malicious codes hidden in Web pages such as Java Applet Active X Cookies Proxy compressed files and executable files It is also able to block all downloads of multimedia files from Web pages in order to control the bandwidth usage Vigor3300 Series User s Guide Malicious code may be embedded in some executable objects such as ActiveX Java Applet compressed files executable files Proxy and Multimedia For example an ActiveX object with malicious code may gain unlimited access to the system Firewall URL Filter ODisable Enable URL Access Control OD Java LJ Activex CI Compressed Files CI Cookies C Execution Files C Proxy C Multimedia Files Java ActiveX
31. local host if the port number matches that defined in the table In the Advanced group move to NAT option and choose Port Redirection to get the corresponding page Vigor3300 Series User s Guide e VIGOROUS BROADBAND ACCESS Quick Setup System Network Advanced Firewall QoS VPN VoIP 5 14 54 P M Advanced NAT Port Redirection Comment Protocol Spa i Public Port End Private IP 5 MRSE Speni Use IP Alias WAN Interface IP Alias 1 2 3 0 40 5 6 O 7 8 9 10 Edit Delete Delete All Comment Displays the name of the entry Protocol Displays the protocol used for the entry Public Port Start Displays the start point in the range of public port Public Port End Displays the end point in the range of public port Private IP Displays the private IP used for this entry Private Port Start Displays the start point in the range of private port Private Port End Displays the end point in the range of private port Edit Allows users to edit the selected port redirection settings Delete Delete All Removes one all the selected port redirection settings To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Vigor3300 series C VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall QoS VPN VoIP 8 14 42 P M Advanced NAT Por
32. page is available only for the PCs with certain network cards which support 802 1Q VLAN feature It is useless for general network cards Advanced LAN VLAN Setting Port Base VLAN 802 1Q VLAN Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation P P2 P3 P4 P1 P2 P3 P4 1 O VLANS 5 apa Untagged Tagged Tagged v 2 D wan 6 o o Tagged Z Untagged Tagged vl 3 DOD VLAN7 z Jaja Tagged v Tagged v Untagged 4 Management Port Port Setting P1 p2 P3 P4 Port VLANID 5 6 Apply Reset Cancel Active Check this box to activate the settings of this entry If you check the Management Port box below Index 4 will be unchangeable and locked And you have to set Port VLAN ID for P4 previously before you check Management Port Name Specify the name for the four groups of VLAN VLAN ID Type a number used for identification on VLAN for your computer Later you have to type the same ID number for each PC which wants to be grouped within the same VLAN group In addition if you type wrong ID number the following message will appear to warn you Please type correct number Microsoft Internet Explorer By the way if you don t know how to configure a VLAN setting on your computer please refer to How to Check Edit VLAN ID on Your PC below for more detailed information Member To make the hosts with the same VLAN ID of different ports communicating with eac
33. tag will be inserted to the frame from company B 5 Inthe VLAN7 type 7 to VLAN ID In the Member field choose p3 Then choose the Tagged for Frame Tag Operation in p3 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of company C 149 Vigor3300 Series User s Guide 150 6 In the VLAN8 type 8 to VLAN ID In the Member field choose p4 Then choose the Tagged for Frame Tag Operation in p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from company D Advanced LAN VLAN Setting O Disable Port Base VLAN 802 10 VLAN Port Base VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation P1 P2 P3 P4 Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged Tagged _ Enable management port for P4 Port Setting P1 p2 P3 P4 Port VLANID 5 6 f 5 Apply Reset Cancel After applying the settings the web page will be redirect to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure After rebooting the tagged ports will communicate with 802 1Q tagged devic
34. the PVID to 6 for the device does not support 802 1Q VLAN 5 Inthe VLAN7 input 7 to VLAN ID In the Member field choose p3 Then choose the Untagged for Frame Tag Operation in p3 Configure the PVID to 7 for the device does not support 802 1Q VLAN 6 Inthe VLAN8 input 8 to VLAN ID In the Member field choose p4 Then choose the Untagged for Frame Tag Operation in p4 Configure the PVID to 8 for the device does not support 802 1Q VLAN Vigor3300 Series User s Guide 145 10 11 12 Advanced LAN VLAN Setting O Disable Port Base WLAN 02 10 VLAN soz1a vean Index Actve Name VLAN ID Member Frame Tag Operation Pi P4 Pi P2 P3 P4 VLAN A vas je A Fort Base VLAN Group van F Tassed __MJ Teaged __ Untsaged _W Tsased_w vas je C Enable management port for P4 Port Setting P1 P P3 P4 Apply Reset Cancel After applying the settings the web page will be redirected to reboot web page You can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure After rebooting the tagged ports will communicate with 802 1Q tagged devices only In the Network setting type the subnet 192 168 1 0 to LAN For example the VLANS5 LAN IP is 192 168 1 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 1 2 to 192 168 1 254
35. the delete button A dialog box will appear to ask your confirmation Click OK to 102 Vigor3300 Series User s Guide delete it or click Cancel to leave the dialog without deletion Microsoft Internet Explorer D Are you sure of deleting this User Certificate Item To view a user certificate please click the index number that you want to view the detailed information of the certificate and click the View button The following page will be shown for your reference VPN IPSec User Certificate 1 View Certificate Name Issuer Subject Valid From Valid To Status iC TWST Hsin ChwL Houko O DrayteWOU RD3 CN presto emailAddress pcho draytek com tw iC TWWST Houkol L Hsin Chu O RDWOU DraytekK CN 3300CA_O0804 emailAddress pcho draytek com Aug 4 11 57 40 2005 GMT Aug 4 11 57 40 2007 GMT Back This page will show the VPN connection status VPN IPSec Status Name Status Algorithm Remote IP Remote Subnet aes Byte In ages Uptime 1 2900 up DES_0 HMAC_SHA1 NO_FFS 614 230 211 232 192 168 279 024 13 T16 12 B24 29 Refresh Disconnect Name Displays the name of the PSec tunnel Status Displays the status of the tunnel up or down Algorithm Displays the algorithm used by this IPSec Remote IP Displays remote IP address of the tunnel Remote Subnet Packet In Byte In Packet Out Byte Out Uptime Refresh Disconnect Vigor3300 Series User s Guide Displays remote subnet mask of the tunnel Displ
36. 0 Hardware Version 1 0 Firmware Yersion 2 5 6 2 EN Build Date amp Time Mon Nov 28 14 29 17 CST 2005 System Uptime 8 days 7 hours 50 minutes 27 seconds CPU Usage 10 1307 Memory Usage 59 1026 Current System Time Fri Dec 16 08 30 34 2005 DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise network solution For the web pages for incoming class setup and outgoing class setup incoming class filter and outgoing class filter are similar they will be explained in the same sections Vigor3300 Series User s Guide 89 90 3 5 1 Incoming Outgoing Class Setup Incoming Outgoing Class Setup allows you to configure bandwidth percentage for data and voice signals transmission Click the QoS option and choose Incoming Class Setup Outgoing Class Setup There are eight queues that can be configured The total sum of bandwidth has to be 100 percent for all configured queues Any leftover bandwidth is assigned to eight queues to meet 100 percent totally QoS Incoming Class Setup Disable Enable Index Class Name Bandwidth 1 A others lo Apply Cancel Clear All Disable Enable Click Disable to close this setting Click Enable to activate this setting Index It represents the number for each queue Class Name Please type the name for each queue Bandwidth Please type the usage percentage for each queue Apply Click this button to apply all the s
37. 0 Series User s Guide Apply Reset Cancel Select a detecting type for this WAN interface There are three ways Send ARP to Gateway Send PING and Send HTTP Request supported in the router Send Http Request Send ARP to Gateway Send PING Send Http Request Assign an interval period of time for each detecting The minimum value is 3 and no limit for maximum value Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not If not the connection of WAN interface will be regarded as breaking down This function is available when Detect Type is set with Send PING or Send Http Request 41 42 Apply Reset Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Click this button to clear all the configurations for this page PPPoE with a DSL Modem Setup Most DSL modem users will use this mode All the local users can share one PPPoE connection to access the Internet static DHCP PPPoE PPTP Configuration Configuration 889966666 hinet net PPTP Local Address User Name Password Authenticat
38. 020a 95ff fe8d 72e4 Configure IPv6 rr Click the lock to prevent further changes Assistme Apply Now 130 Vigor3300 Series User s Guide 4 3 Pinging the Router from Your Computer The default gateway IP address of the router is 192 168 1 1 For some reason you might need to use ping command to check the link status of the router The most important thing for this command is that the computer will receive a reply from 192 168 1 1 for correct link If not please check the IP address of your computer We suggest you setting the network connection as get IP automatically Please refer to the section 3 2 Please follow the steps below to ping the router correctly For Windows l 2 4 Open the Command Prompt window from Start menu gt gt Run Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP The DOS command dialog will appear w Command Prompt Microsoft Windows HP Version 5 1 2600 CC Copyright 1985 2001 Microsoft Corp D Documents and Settings fae gt ping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Ping statistics for 192 168 1 1 Packets Sent 4 Received 4 Lost A loss Approximate round trip times in milli seconds Minim
39. 5 MS 714 25 M2 25 2H O76 2685 6728 42685 SEPAC Pards i 6714 2005 amp ilere Tes ee at 1882 AFA6 D 2A AAZ 4 755 637 6 4 959 985 aR 199 419 ee all AUTOEHEC EAT COHFIG EYE Documents and Settings Inet pub Packet lesterkesult txt Peogeam Files WSHS2Z255 _en all uint miS VINDOWS hut ac 5 Diris 2 188 312 576 bytes free GisstFtp i 19Y2 168 1 1 put c vdkdddob_en adll 6 Now in the Console you will find the following information When Updating flash block at bfX XX XXX appears it means the firmware is under downloading amp 3300 Hyper Terminal MAER File Edit Hew Cal Trerefer Help Cae s 0 FF sector size sector size sector size sector S176 poctor pizt sector size sector size sector S17e sector size sector size sector size sector size sector size sector size sector size sector size sector size sector size sector size sector size sector size sector size sector size pdating flash block a 0 8 A A i i i i i i n i 8 A Connected 0 03 45 Abo detect Sredi O H 7 When set flash0O_0 780000 800000 general appears it means the firmware downloading has been completed The router will reboot itself and you will see the Firmware version V2 5 7 Please wait about 70 seconds to relogin the router The procedure is finished now Vigor3300 Series User s Guide OD Hyper Terminal Fla Edt Whew Call Trarefor Hop Ca 3
40. 68 1 2 to 192 168 1 254 In the Network setting type the subnet 192 168 2 0 to LAN2 For example the VLAN6 LAN IP is 192 168 2 1 and the Subnet Mask is 255 255 255 0 Then users in the other departments can set IP address from 192 168 2 2 to 192 168 2 254 Vigor3300 Series User s Guide A 3 3 Example for the Companies in the Same Building There are four companies in the same building They share the broadband network and use the Vigor3300V router to achieve the load balance security and VoIP features In this case we can define four VLANs including VLANS VLAN6 VLAN7 and VLANS8 The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 is 192 168 3 0 and the subnet of VLAN8 is 192 168 4 0 LAN 192 168 1 0 192 168 2 0 192 168 3 0 192 168 4 0 ot a ga os bs FJ ho ay oo 2 a E pesi LJ R z 2 Z Company A Company B Company C Company D Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS type 5 to VLAN ID In the Member field choose p1 Then choose the Tagged for Frame Tag Operation in pl We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of company A 4 Inthe VLAN6 type 6 to VLAN ID In the Member field choose p2 Then choose the Tagged for Frame Tag Operation in p2 We can ignore the PVID Port VLAN ID because 802 1q
41. Allow users to edit the selected DMZ host settings Delete Delete All Remove one all the selected DMZ host settings To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Quick Setup System Network Advanced Firewall QoS VPN VoIP 8 18 41 P M Advanced NAT DMZ Host Edit 1 WAN Interface VANI Private IP 20 1 1 1 Use IP Alias Disable Enable IP Alias Apply Cancel WAN Interface Select a WAN interface as the channel for DMZ host Private IP Assign an IP address of DMZ server to be permitted for access from outside Vigor3300 Series User s Guide 59 60 Use IP Alias Disable option uses WAN interface Enable option uses IP Alias addresses IP Alias Select an IP address which are set within the list of IP Alias configured in Network gt gt WAN interface Apply Click Apply to reboot the system and apply the settings Common Ports List This page lists common ports used in Internet The information includes service application protocol for that service and port number of that service Advanced NAT Common Ports List Service Application Protocol Port Number File Transfer Protocol FTP Tice 3 SSH Remote Login Protocol ex pcAnvVhere JDP fe Telnet TEF 23 Simple Mail Transfer Protocol SMTF TEF 25 Domain Mame Serer OMS WIDP aa Wii Server HTTP TFP ao P
42. Apply Cancel Enable Disable Click Disable to disable this function Click Enable to activate this function Mirroring Port Select a port to view traffic sent from mirrored ports Mirrored Port s Click which ports are necessary to be mirrored After finishing the settings please click Apply 3 3 9 LAN VLAN Setup Virtual LANs VLANs are logical independent workgroups within a network These workgroups communicate as if they had a physical connection to the network However VLAWNS are not limited by the hardware constraints that physically connect traditional LAN segments to a network As a result VLANs allow the network manager to segment the network with a logical hierarchical structure VLANs can define a network by application or department For instance in the enterprise a company might create one VLAN for multimedia users and another for e mail users or a company might have one VLAN for its Engineering Department another for its Marketing Department and another for its guest who can only use Internet not Intranet VLANs can also be set up according to the organization structure within a company For example the company president might have his own VLAN his executive staff might have a different VLAN and the remaining employees might have yet a different VLAN VLANs can also set up according to different company in the same building to save the money and reduce the device establishment This router supports Virtual LAN
43. Apply Cancel Vigor3300 Series User s Guide 57 Protocol Select the transport layer protocol It could be TCP UDP or All for selection Public IP Select an IP address the selections provided here are set in IP Alias List of Network gt gt WAN interface Local host can use this IP to connect to Internet If you want to choose any on of the Public IP settings you must specify some IP addresses in the IP Alias List of the Static DHCP Configuration page first If you did not type in any IP address in the IP Alias List the Public IP setting will be empty in this field And when you click Apply a message will appear to inform you Private IP Assign an IP address or a subnet to be compared with the source IP address for incoming packets Subnet Mask Select a value of subnet mask for private IP address Click Apply to reboot the system and apply the settings By the way user can click Delete to remove one current existed NAT entry in the Advanced NAT Address Mapping page and click Delete All to remove all entries DMZ Host In computer networks a DMZ De Militarized Zone is a computer host or small network inserted as a neutral zone between a company s private network and the outside public network It prevents outside users from getting direct access to company network A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well In a typical DMZ configuration for
44. DES 3DES AES Authentication algorithms MD5 SHA1 If you choose Only accept proposal listed above only the selected proposal will be accepted and applied by this device If you choose Accecpt all supported proposal all the proposals supported by this device will be accepted and applied Accepted Proposal Accept all supported proposal w Only accept proposal listed above Accept all supported proposal Enables the PFS Perfect Forward Secrecy function A new Diffie Hellman Key Exchange is included every time an encryption and or authentication key are computed on PFS Enables or Disables the dead peer detection function The keep alive timer A Hello message will be emitted periodically when a tunnel is idle Use the value 0 to disable this function The recommended value is 30 seconds if enabled The timeout timer The peer will be declared dead once no acknowledge message is received after timeout value Use the value 0 to disable this function The recommended value is 120 seconds if enabled After finish the configuration click Apply to apply the IPSec policy setting into the policy table VPN IPSec Policy Table Connection Name Research 010 010 00 0 0 0 Local Subnet Remote Gateway Remote Subnet Interface Admin Status Operational Status Action 172 16 3 228 32 Le ee Oks Pea ESUE EF WANT enable down Initiate 1 Refresh Edit Delete Delete All Significant fields will be summarized
45. Data Filter Start Filter Group Group Table Disable Enable Apply Cancel Disable or Enable the firewall function This firewall can only be enabled if at least one filter group exists The default is Disable Default group names provided here are Pass and Block Select the first filter group to begin filtering mechanism The group in this list must exist and had been pre configured The system provides three types of filter for you to choose in default The available settings provided here can be added or edited in Firewall gt gt IP Filter gt gt Group Table Group Table allows you to set definitions for different groups of the filters that will be applied for the function of IP filter Firewall IP Filter Group Table Index 1 2 Index Group Name Next Group Comment Add Edit Vigor3300 Series User s Guide IP Filter Group Table Group Name Next Group Comment Block Group for pass rules ock none Group for block rules Add Edit Delete Allows you to change current IP filter table or add new rule for current group Click the number link to get into the IP filter table page for editing Displays the group name Displays next group name Displays the notice for current group Allows you to add a new IP filter table Allows you to edit selected IP filter table T1 Delete Allows you to delete selected IP filter table configuration If this entry is assigned as the started fil
46. Display the using frequency once or specific day in a week of this schedule Week Option Display the specific day in a week if you choose Weekdays as the How often setting WAN Display the WAN interface used for this entry Edit Allow users to edit the selected call schedule settings Delete Delete All Remove one all the selected call schedule settings Edit Call Schedule To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Vigor3300 Series User s Guide 65 Vi MultiService Security Quick Setup System e VIGOROUS BROADBAND ACCESS Advance Call Schedule Edit O Disable Enable Start Date Start Time Action How often Network Interface Enable Disable Start Date Start Time Action How often Network Advance Firewall Qos VPN VoIP 2004 12 28 _ Year Month Date 00 o0 _ CHour minute force dawn force on Once Weekdays Monday Tuesday wednesday Thursday Friday Saturday Sunday WANI Apply Cancel rayTek Corp 1997 2004 All rights reserved DrayTek provides enterprise network solution Click Disable to disable this function Click Enable to activate this function Assign a date for starting this profile Assign a time for starting this profile Force down means to inactivate the Network Interface Force up me
47. Dray Tek Vigor 3300 Series Broadband VoIP Security Load Balance Router User s Guide Version 2 1 Date 2006 08 02 Copyright Information Copyright Declarations Trademarks Copyright 2006 All rights reserved This publication contains information that is protected by copyright No part may be reproduced transmitted transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders The scope of delivery and other details are subject to change without prior notice The following trademarks are used in this document Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Computer Inc Other products may be trademarks or registered trademarks of their respective manufacturers Vigor3300 Series User s Guide Table of Contents 1 PR CTACE ceiscacec rs case eset E E EEE 1 1 1 LED Indicators and Connection 2 cacesecscncntcetcemeteadenensbacsicacssdnddeedasitubeatetceivesaapensstdecdianstahd neetans 2 1 1 1 LED Indicators and Connectors for VigorS300V cccccceeeeececeeeeeeaeeeeeeeeeeeeaeeeeeeeeeeeeesaas 2 1 1 2 LED Indicators and Connectors for Vigor3300 cccccccssseeeeeceeeeeseeseeeeeeeeeseaeeeeeeeeeeeaas 4 1 1 3 LED Indicators and Connectors for Vigor3300B ccceeceeeccceee
48. FXS ports of Vigor3300V with telephone lines RJ 11 to RJ 11 For the users of Vigor3300 and Vigor3300B please skip this step Connect the FXO ports to PABX with telephone lines RJ 11 to RJ 11 For the users of Vigor3300 and Vigor3300B please skip this step Below shows an outline of the hardware installation for your reference take Vigor3300V as an example SHO Power Cable 1 Vigor3300V Multiservice Security d DSL Cabel Fiber Modem DSL Cabel Fiber Modem isPri DSL Cabel Fiber Modem ISPn Wizard Server Vigor3300 Series User s Guide 1 2 1 Detailed Explanation for the Connector Here provides you detailed explanation for some specific connectors that you have to be familiar The RS232 Connector The RJ45 connection jet is used for CLI commands for system configuration and control functions in the Vigor3300 Series The jet is used for initialization of the Vigor3300 Series during preliminary installation The management cable as shown in Figure 1 5 converts the RJ45 to the RS232 interface The RJ45 jet connects to a console interface in the Vigor3300 Series while the RS232 DB9 connects to a console port on the computer The default setting of the console port is baud rate 57600 no parity and 8 bit with 1 stop bit DB 9 Connector RJ 45 Connector Standard 10 100 Base T Ethernet Interface Connector RJ45 jets provide 10 100 Base T Ethernet int
49. Filter ODisable Enable Restrict Web SurftControl Feare Filter Schedule 8 00 To 18 o0 URL Access Control Always Block Block only at Day of Week Cal Days Osun Mmon MTue Mwea MiThu Merri CO Sat Apply Cancel Always Block The URL content filtering facility is always active Block only at The URL content filtering facility is active during the specified times from H1 M1 to H2 M2 in one day where H1 and H2 indicate the hours and M1 and M2 represent the minutes Days of Week The URL content filtering facility is active during the specified days of the week The default value is 8 00 to 18 00 from Monday to Friday Warning Page After the configuration of URL Filter is configured properly an alert page will appear in the browser when an HTTP request is denied Refer to the following graphic HTTP 420 CF Blocked Mozilla E Ioj xj File Edit Yiew Go Bookmarks Toole Window Help Beek aw ee a http ewe whitehouse cor E EAIC eee at Home af Bookmarks i The Mozilla Oreanization ff Latest Builds id b ar T ab What s Related BREF Search R The requested Web page is denied by system administrator Add Manage Search 4 Do AG Please contact with the administrator for further information z Personal Toolbar Folder z Mozilla Project Imported IE Favorites 4 3 5 Quality of Service Setup 88 The
50. G tae Cell Phone ie Administrator Server Phone i x Pn MSC BS Base station of Cordless Phone e g DECT Cell Phone hea Dinam i France VIGOROUS BROADBAND ACCESS Protocol Port Settings System Status EMM Acvenced Speed Did PS Refresh Option No Refresh v Refresh E Nisceteneous Sy Tone Settings LAN Status WAN Status BS ccs Model Yigor3300 Sy NAT Traversal Hardware Version 1 0 Incoming Call Barring bs Set Firmware Version 2 5 6 2 EN Sy Call History Sy Allow List Build Date amp Time Mon Nov 28 14 29 17 CST 2005 MS Status MH Deny List System Uptime 8 days 7 hours 50 minutes 27 seconds CPU Usage 10 1307 Memory Usage 59 1026 Current System Time Fri Dec 16 08 30 34 2005 DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise network solution 3 7 1 Protocol There are two protocols can be used for VoIP SIP and MGCP You should click either one of buttons to set corresponding settings for VoIP phones Be aware that both sides local end and remote end should use same protocol for VoIP phones Vigor3300 Series User s Guide 107 VoIP Protocol Select Protocol sip O MGCP SIP MGCP Configuration Configuration SIP Local Part 5060 5 Outbound Proxy Proxy r Registrar Expires 3 Active Proxy na Proxy Address Port Registrar Addr Port fear Domain 1 o fo 5060 o 5060 300
51. IF 10 1 1 777 Subnet Wask 255 255 255 0 i ort between 100 200 any protocol w WAN to LAN do not care Block immediately Apply Cancel coy e It means the source IP address Placing the symbol before a particular IP address will prevent this rule from being applied to that IP address It is equal to the logical NOT operator It means the subnet mask for the source IP It means the port for the source IP Type the values in the boxes of start port and end port As for the operators Port If the Start Port column is empty the Start Port and the End Port column will be ignored The filter rule will filter out any port number If the End Port column is empty the filter rule will set the port number to be the value of the Start Port column Otherwise the port number ranges from the Start Port to the End Port including the Start Port and the End Port If the End Port column is empty the port number is not equal to the value of the Start Port column Otherwise this port number is not between the Start Port and the End Port including the Start Port and End Port gt Specifies the port number is larger than or equal to the Start Port lt Specifies the port number is less than or equal to the Start Port 79 Destination IP Destination Mask Destination Port Group Name Protocol Direction Fragments Block or Pass 80 Between Specifies
52. N O LNK Attack O O O 6 ioom PWR WLAN acs O FDx WAN2 WANS WAN1 P1 P2 P3 P4 LAN Status Explanation PWR On The router is powered on Off The router is powered off ACT The system is active The system is hanged WLAN Reserved for future use VPN The VPN tunnel is launched Off The VPN tunnel is closed Attack On The Attack function is active Off The Attack function is inactive QoS On The QoS function is active Off The QoS function is inactive Z 7N The Ethernet link is established on corresponding port O No Ethernet link is established ff oe 100M On It means that a normal 100 Mbps connection is Ce through its corresponding port i It means that a normal 10 Mbps connection is through its corresponding port FDX It means a full duplex connection on corresponding port It means a half duplex connection on corresponding port cae The Ethernet link is established LAN The data transmission is done through the 1 2 3 4 corresponding port No Ethernet link is established Vigor3300 Series User s Guide _ Status i Explanation 100M On It means that a normal 100Mbps connection is through its corresponding port Off It means that a normal 10Mbps connection is through its corresponding port FDX It means a full duplex connection on corresponding port Off It means a half duplex connection on corresponding port Interface Descriptio
53. Received PL Packets Lost JI Interarrival Jitter Estimate ms LA Average TX Delay ms The Codec mode used for this phone calling The period of time for sampling on voice signal The status of VAD The status of DTMF This page displays the connection status for VoIP phone calls VoIP Status Refresh Option No Refresh Register Call Caller z g Call Status i Status Type Number 1 Idle Register Status Call Status Call Type Caller Number Callee Number Start Time Remote RTP Address Remote RTP Port Codec Type Packet Period VAD DTMF Relay v Refresh Callee Remote RTP Remote Codec Packet DTMF Number acl a Address RTE Pari A AN Type Period na Relay The status of registering in proxy server The calling status The dialing direction for this call Incoming Outgoing The phone number of the caller The phone number of the receiver The starting time of the call The IP address of the remote voice site The used port number of the remote voice site The Codec mode used for this phone call The period of time for sampling on voice signal The status of VAD The status of DTMF Vigor3300 Series User s Guide You can click Refresh to get the latest status information for these VoIP phones In addition you can set the time interval of refreshing Use the drop down list of Refresh Option to choose an automatic refreshing setting If you choose No Refresh the system will not refresh thi
54. Reset Click this button to clear all the configurations for this page Vigor3300 Series User s Guide 43 44 3 2 2 LAN In the Network group select LAN option The following page for LAN IP DHCP will be shown Network LAN DHCP Relay LAN IP DHCP cert IP Routing IP Configuration IF Address 192 168 1 1 Subnet Mask 255 255 255 0 DHCP Server Status Enable ODisable Relay Agent Start IF 192 168 1 10 End IP 197 166 1 254 Primary DNS Secondary DNS OoOo Lease Time Min Gateway IPfOptional Apply Cancel For LAN IP DHCP In the Vigor3300 Series router there are some IP address settings for the LAN interface The IP address subnet mask is for private users or NAT users The IP address of the default gateway on other local PCs should be set as the Vigor3300 Series server IP address When the DSL connection between the DSL and the ISP has been established each local PC can directly route to the Internet The IP address subnet mask can also be used to connect to other private users PCs On this page you will see the private IP address defined in RFC 1918 Usually we use the 192 168 1 0 24 subnet for the route IP Address Type the IP address for LAN DHCP Subnet Mask Type the subnet mask for the LAN IP DHCP Status Click Enable the DHCP server click Disable to close DHCP server click Relay Agent to close DHCP sever and do the job of DHCP server Corresponding settings for Relay A
55. WAN to check your ISP settings for IP modes 2 Make sure the Active check box has been selected Network WAN Load Balance Backup Edit WANT E WAN2 Ed WANS g WAN4 g For PPPoE Mode Disable Enable I Auto Weight Disable Enable IP Mode PPPoE Not Set Not Set Not Set Active Defat G E amp E G EE Cc 1 Check if Username and Password are entered with correct values that you got from your ISP 2 Check if the setting of Authentication is correct or not You may need to try both PAP and CHAP 132 Vigor3300 Series User s Guide 3 Check if Service Name optional is correct or not It is required by some ISPs BNF Configuration Static ODHCP Configuration PPPoE PPTP Configuration Wiser Mame SS996666 hinet net PPTF Local Address Password PPTP Subnet Mask Authentication PPTP Server Address Service Name Detgct Interval No Reply Count Apply Reset Cancel After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings Basic Status LAN Status EETEHI WANT IP Address 216 168 226 27 MAC Address 00 50 7 f28 60 e8 Primarn DMS 168 495 1 1 secondary OMS Gateway aye eNO Sater RA Packets g5 Ts FParckets 40 Connection Status connected Up Time O days O hours 4 minutes 45 seconds Disconnect For Static Mode 1 Check if the valu
56. WANI WAN WANS Wana The local certificate is active for authentication if the RSA Signature option is selected in the Authentication field These options come from the user certificate file The IP address of the local gateway s public network interface The keyword default can be used to represent the IP Address of the selected WAN Interface The subnet behind the local gateway The IP address of the next hop The keyword default can be used to represent the gateway IP address of the selected WAN Interface The identification number for the remote gateway Turns this function ON or OFF The IP address of the remote client gateway This field is mandatory The setting for 0 0 0 0 is used for the road warrior with a dynamic IP address The subnet behind the remote gateway If the remote gateway IP address is 0 0 0 0 this field can be omitted but you can specify it as 0 0 0 0 32 for clarity For Advanced Configuration Vigor3300 Series User s Guide Click Advanced tab The following page of default configuration will be shown VPN IPSec Tunnel Default IKE Phase1 main mode Key lifetime Proposal IKE Phase2 quick mode Key lifetime Proposal Accepted Proposal Dead Peer Detection Status Delay Timeout 480 minutes des mdS modp768 des sha modp768 v 3des mdS modp768 3des md5 modp1024 wj 60 minutes des nd5 3des nd5 W
57. a small company a separate computer or host in network terms receives requests from users within the private network for access to Web sites or other companies accessible on the public network The DMZ host then initializes sessions for these requests on the public networks However the DMZ host is not able to initiate a session back into the private network It can only forward packets that have already been requested Users of the public network outside the company can access only the DMZ host The DMZ may typically also have the company s Web pages so these could be served to the outside world If an outside user penetrated the DMZ host s security only the Web pages will be corrupted but other company information would not be exposed Vigor3300 Series User s Guide In the Advanced group move to NAT option and choose DMZ Host to get the corresponding page Vigor3300 series VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall QoS VPN VoIP 11 21 38 A M Advanced NAT DMZ Host WAN Interface Private IP Use IP Alias IP Alias 1 WAN 192 168 1 10 Disable 2 3 4 0 5 6 7 8 9 O 10 O 1 Edit Delete Delete All WAN Interface Display the WAN interface chosen for this entry Private IP Display the private IP address of this entry Use IP Alias Display the activation status enable or disable of this DMZ host IP Alias Display the WAN IP address Edit
58. agged WLAN Associated adapter Intel A PR07100 S Desktop Adapter Properties VLAN ID Type a ney number for the YLAN inthe VLAH ID box The VLAN ID must match the VLAN ID configured on the switch Z HOTE 4 VLAN ID of 1 is often reserved Check the i switch documentation for details Vigor3300 Series User s Guide A 3 Applications A 3 1 Four VLANs for Different Departments in A Company A company wants to separate the Engineer Department Sales Department Marketing Department and Other Department to limit their communication with each other to ensure the security In this case we can define four VLANs that are VLAN5 VLAN6 VLAN7 and VLANS The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 is 192 168 3 0 and the subnet of VLAN8 is 192 168 4 0 However each PC in the company does not support 802 1Q 192 168 4 0 SHA N Engineer Sales Varketing Other Department Department Department Department Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS input 5 to VLAN ID In the Member field choose p1 Then choose the Untagged for Frame Tag Operation in p1 Configure the PVID to 5 for the device does not support 802 1Q VLAN 4 Inthe VLAN6 input 6 to VLAN ID In the Member field choose p2 Then choose the Untagged for Frame Tag Operation in p2 Configure
59. ainim vor K A Qu FOCOUOOOS eueen DSL Cabel Fiber Modem 3 If not there must be something wrong with the hardware connection Simply back to 2 1 Hardware Installation to execute the hardware installation And then try again Vigor3300 Series User s Guide 127 4 2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings After trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK For Windows 1 The example is based on Windows XP As to the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Goto Control Panel and then double click on Network Connections Jetwork Connections 2 Right click on Local Area Connection and click on Properties Disable Status Repair Bridge Connections Create Sharkcut Rename Properties 128 Vigor3300 Series User s Guide 3 Select Internet Protocol TCP IP and then click Properties ethO Properties General Authentication Advanced Connect using HM ASUSTeK Broadcom 440x 10 100 Ir This connection uses the following items M El Client for Microsoft Networks W 2l File and Printer Sharing for Microsoft Networks m QoS Packet Scheduler Description Transmission Control Protocol
60. al terminal MGCP Call Agent Address The IP address of the Call Agent server in MGCP MGCP Call Agent Port The UDP port number for the Call Agent server EndPoint Name Style Choose a proper name style for the VoIP settings There are three options for you to choose aaln ip_addr ex aaln 1 1 1 1 1 mac_addr ip_addr ex 000504030201 1 1 1 1 1 aaln mac_addr ex aaln 1 000504030201 aaln ex aaln 1 v3300 draytek com Wild carded RSIP For VoIP phone call with MGCP configuration each port will send RSIP to call agent for notifying that port is initiated or restarted Each endpoint sends its own RSIP Each port must send one RSIP message e g aaln 1 172 16 3 5 to call agent respectively Send only one wild RSIP Only one RSIP message e g aaln 172 16 3 5 will be sent to call agent to indicate all ports are initiated restarted Vigor3300 Series User s Guide 109 3 7 2 Port Settings Port Settings page allows users to set phone number and phone groups for different call receivers For Phone Number VoIP Port Settings Phone Number Group Edit Type Active Group Username Proxy Codec 1 FXS Y 1 1001 G 729A 8kbps FXS 2 1002 G 729A 8kbps FXS y 3 1003 G 729A 8kbps 4 FXS 4 1004 G 729A 8kbps FXS y 5 1005 G 729A 8kbps FXS y 6 1006 G 729A 8kbps p FXS y 7 1007 G 729A 8kbps FXS y 8 1008 G 729A 8kbps Edit Click this button to access into the Edit page for each phone number Ty
61. an be improved by returning to the default settings Try to reset the router by software or hardware Warning After pressing factory default setting you will lose all settings lt you did before Make sure you have recorded all useful settings before you pressing The password of the factory default is null Software Reset You can reset router to factory default via Web page Go to System gt gt Reboot on the web page The following screen will appear Choose Reset to factory default and click Apply After few seconds the router will return all the settings to the factory settings Vigor3300 Series User s Guide 135 System Reboot Apply Hardware Reset While the router is running ACT LED blinking press the RST button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration Factory Reset Omo 0606 Ou Gund C990 ouu tl Odes dos O60 Gru Eeoel HAHI WAMI WAH FI Pi PI Pa LAR me After restore the factory default setting you can configure the settings for the router again to fit your personal request 4 6 Contacting Your Dealer 136 If the router settings are correct at all and the router still does not connect to internet please contact your ISP technical support representative to help you for configuration Also if the router still cannot work correctly please contact your
62. ans to activate the Network Interface Once means only for one time Weekdays means that user can select some weekdays to apply Network Interface Select one specific WAN interface to be applied Click Apply to finish this setting Delete Call Schedule To delete an item click the radio button of the item that you want to delete Then click Delete on the bottom of the page to remove the entry Quick Setup System Network Advanced Firewall Qos VPN VoIP Advanced Call Schedule z Status Date amp Time Action How often Week Option WAN 1 Enable 2000 1 26 00 00 Force On Once VAN 20 Microsoft Internet Explorer x 3 2 Are you sure of deleting this item 4 TE L ox 6 O x 8 9 O 10 1 Edit Delete Delete All 7 2005 All rights reserved DrayTek provides enterprise network solution Vigor3300 Series User s Guide Also users can click Delete All to remove all entries in the table 3 3 WAN Port Mirroring Setup Vigor 3300 Series supports port mirroring function in WAN interfaces Generally speaking this function copies traffic from one or more specific ports to a target port This mechanism helps user track the network errors or abnormal packets transmission without interrupting the flow of data access the network By the way user can apply this function to monitor all traffics which user needs to check There are some advantages supported in this feature Firstly it is more ec
63. as 4 WAN interfaces and Vigor3300 3300B has 3 WAN interfaces that support load balancing This allows the system to reach peak performance and reduces the cost of maintaining a single high speed trunk by sharing the load amongst the multiple WAN interfaces Each interface can be connected to an individual Internet Service Provider The Vigor3300 Series also supports a backup function for WAN interfaces a user can select one WAN interface to be a backup interface If the master interface fails the backup interface will take the place of the master interface immediately Lastly the Vigor3300V has a DMZ function can be applied to any LAN or WAN interface 1 1 1 LED Indicators and Connectors for Vigor3300V r LAN r WAN IDMZ ven OQ Oewnxe O O O Firewwai 1 O PWR acT Qos O O Fx O O Factory Reset P1 P2 P3 P4 Pi P2 P3 P4 Factory Reset Used to restore the default settings Turn on the router ACT LED is blinking Press the hole and hold for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration LED Status Explanation PWR On The router is powered on S omar The router is powered off ACT The system is active The system is hanged VPN The VPN tunnel is launched Off The VPN tunnel is closed Firewall The Firewall function is active Off The Firewall functio
64. ates the IP group information Most cable modem users will use DHCP to get a globally reachable IP address from the cable head end system Different mode will lead different configuration and will be explained in later section Before you connect a broadband access device e g a DSL Cable modem to Vigor3300 Series you need to know what kind of Internet access your ISP provides The following sections introduce four widely used broadband access services Static PPPoE PPTP for DSL DHCP for Cable modem and DMZ In most cases you will get a DSL or cable modem from the broadband access service provider Vigor3300 Series is connected behind the broadband device 1 e DSL cable modem and works as a NAT or IP router for broadband connections Next we will introduce each WAN mode in detailed Static IP Setup It means that the IP group information for WAN interface is manually assigned by the user Static DHCP PPPoE PPTP DMZ TUIE LE Configuration Configuration IP Address 172 16 3 229 Host Name Subnet Mask 255 255 255 0 Domain Name Default Gateway 172 16 3 1 Host Name and Domain Name are required for some ISPs Primary DNS 168 95 1 1 secondary ONS 168 95 192 1 Connection Detection Detect Type Send Htt p Request v Detect Interval sec 10 No Reply Count 2 Detect Destination Host iP or Domain Name
65. ays the packets count received by this tunnel Displays the bytes count received by this tunnel Displays the packets count sent out by this tunnel Displays the bytes count sent out by this tunnel Displays the time duration since the tunnel is established Allows you to refresh current VPN status Allows you to disconnect the select VPN connection 103 3 6 2 PPTP General Setup To configure the general setup please click VPN gt PPTP gt General Setup VPN PPTP General Setup Status Active O Inactive PPTP Authentication PAP v PPTP Encryption User Authentication Local O RADIUS Server Mutual Authentication Enable Disable User Name draytek E Password eooo Apply Cancel Status Sets the function to Active or Inactive PPTP Authentication Allows you to choose an authentication mode to be used The default setting is CHAP PPTP Authentication PaP PAP CHAP WS LHAP MS CHAP V2 PPTP Encryption Allows you to choose an encryption mode to be used If PPTP authentication mode is set to CHAP or PAP PPTP Encryption mode does not need to be set PPTP Authentication PPTP Encryption Ho Encryption HPPE 40 bits MPPE 40 bits 126 bits User Authentication Sets user authentication to Local server or RADIUS server Enable Disable Enables or disables the Mutual Authentication function User Name Type in user name that the other side provides for carrying out mut
66. bas eT 255 0 0 0 vlaniO ipsecO lo qaaqcc Refresh Displays the destination IP address for various routings Displays the default gateway Displays the subnet mask for various routings Displays the status of the routing entries Denoted by eth0 if it is a LAN interface and eth if itis a WAN interface Click Refresh to re display this web page for getting newest routing information Vigor3300 Series User s Guide Select View ARP Cache Table to get the following page Quick Setup System Network Advanced Firewall Qos VPN VoIP 5 51 34 P M IP Address MAC Address Interface 72416 42145 00 0F A46 2A4 D5 BE eth0 L72 LE 2249 00 40 F4 6B 57 61 eth0 L229 N 222 00 11 2F DS D0 2B eth0 172 16 2 88 00 50 7F 28 6E 1D eth0 i72 LE 2 91 00 50 7F 23 48 14 eth0 Refresh DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise networ lu IP Address Displays the IP address for different ARP cache MAC Address Displays the MAC address for different ARP cache Interface Denoted by eth0 if it is a LAN interface and eth1 if it is a WAN interface Refresh Click Refresh to re display this web page for getting newest ARP information Select View DHCP Assignment Table to get the following page Quick Setup System Network Advanced Firewall QoS VPN VoIP 5 53 44 P M System Diagnostic Tools View DHCP Assignment Table Assigned IP MAC Address Tine Left 192 168 1 10 00
67. cket transmitted Displays the source port of the packet transmitted Displays the destination port of the packet transmitted Displays the source IP address of the packet replied Displays the destination IP address of the packet replied Displays the source port of the packet replied Displaysthe destination port of the packet replied Vigor3300 Series User s Guide 3 2 Network Setup For Internet access it is necessary for you to set WAN and LAN interfaces for the router 2 A _ Vigor3300 series s VIGOROUS BROADBAND ACCESS MultiService Security Advanced Firewall QoS VPN VolP 10 19 18 a wan Load Balance Policy System Status a uan Ce Se High Availability Oe Refresh Option Sb Static DHCP Refresh LAN Status waNstatus Model VYigor3300 Hardware Version 1 0 Firmware Version 2 5 7 EN Build Date amp Time Thu May 4 17 18 30 CST 2006 System Uptime 4 days 1 hours 53 minutes 21 seconds CPU Usage 8 3019 Memory Usage 53 4118 Current System Time Mon May 29 10 19 14 2006 3 2 1 WAN and Internet Access Setup The Vigor3300 Series supports four WAN interfaces Static DHCP PPPoE and PPTP which share the same setting page In the Network group please click the WAN option The following page will be shown Note Vigor3300 3300V supports four WAN interfaces yet Vigor3300B supports three WAN interfaces That is WAN4 will be disabled for Vigor3300B e VIGOROUS BROADBAND ACCESS
68. csageseeyacses 124 WROUDIC SMO UNA O iecascesececcen ese cees sean niaaa aa 127 4 1 Checking If the Hardware Status IS OK or Not cccccccccsssssseeeeeeeeeeeeesseeeeeseeeeesseeeeeeeseaas 127 4 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 128 4 3 Pinging the Router from Your Computer ccceeececcceeeeeeeeeeeeeeeeeeeeaeeeeeeeeeeseaaeaeeeeeeeeeseaas 131 4 4 Checking If the ISP Settings Are OK or NOt 000 cccceeeeeeeeeeeeeeeeeeeaaaaeeeeeeeeeeeeeeeeeeeeeeaaaaaas 132 4 5 Backing to Factory Default Setting If Necessary cceeeeeeeee eee eeeeaeeeeeeeeeeeeeeeeeeeeeeeeaaaaaes 135 4 6 Contacting Your Dealer cccccccececcccccceeeessseceeeeeeeeeeesseceeeeeeeseeesseeeeesseueaseeeeeeeessaaageeeeeeeeees 136 Appendix A Application for 802 1 VLAN ccccceesceeeeeeeeseeeeeeeseeneeonseeeseeeaesoneeoeneeeaeees 137 A 1 Block LAN to LAN Communication ccccccccceccceeeeeeeeeeeeeeeaeeeeeeeeeessaeaaeeeeeeeeessaeaseeeeeeeeeeas 137 A 2 How to Check Edit VLAN ID on Your PC cceeccccceeeeseeeseeeeeeeeeseaeeeeeeeesseeeeeeeeeeeeeeseaas 138 PES PROD NIG ANON A E 145 A 3 1 Four VLANs for Different Departments in A Company 0cccccsseeeeeeeeeeeeeeeeeeseeeees 145 A 3 2 Two VLANs for Different Departments in A Company cecccceeseeeeeeeeeeeeseeeeaeeeeees 147 A 3 3 Example for the Companies in the Same Bullding c ccccccccceeceesseseeeeee
69. ct required security protocols It determines the algorithms to use for the services and puts in place any cryptographic keys required to provide the requested services IPSec can be used to protect one or more paths between a pair of hosts between a pair of security gateways or between a security gateway and a host The Vigor3300 Series supports ESP Tunnel mode with IKE for key management Internet Key Exchange IKE Protocol a key protocol in the IPSec architecture is a hybrid protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated Vigor3300 Series User s Guide 93 keying material for use with ISAKMP and for other security associations such as AH and ESP for the IPsec DOI 3 6 1 IPSec The IPSec services can provide access control connectionless integrity data origin authentication rejection of replayed packets that is a form of partial sequence integrity and confidentiality by encryption These objectives are met through the use of two traffic security protocols the Authentication Header AH and the Encapsulating Security Payload ESP and through the use of cryptographic key management procedures and protocols Policy Table To create a VPN IPSec policy click the Policy Table option under the IPSec menu VPN IPSec Policy Table ya Connection paa fair pe Profile nerational ET F pai nae Local Subnet Remote Gateway Remote Subnet Interface Status Operational Status A
70. ction 1 Research WPA aes 2A alae ieee 17216 2152 VAN enable down Initiate 2 0 3 O 4 O 5 6 T O 8 O 3 O 10 1 Refresh lit Delete Delete All Refresh Refresh the page information Edit Configure an entry Clicking this button can guide you accessing into editing page for that IPSec tunnel For detailed information refer to the following section of For Default Configuration Delete Delete a designated entry Delete All Delete all entries in the table 94 Vigor3300 Series User s Guide For Default Configuration To edit or add a policy table please click one of the radio buttons and click Edit The following page of default configuration will be shown VPN IPSec Tunnel Basic Profile Status Enable v Name Research Authentication Preshared Key v Preshared Key PPr Security Protocol ESP w NAT Traversal Enable v Local Gateway WAN Interface WANI Local Certificate Security Gateway default NetworkIP SubnetMask 172 16 3 228 i24 Next hop default Remote Gateway Remote ID DHCP over IPSec OFF w Security Gateway 172 16 2 1 0 0 0 0 for dynamic client Network IP Subnet Mask 172 16 2 15 32 0 0 0 0 32 for dynamic client Apply Cancel Profile Status Set the initialization of IPSec Tunnel with this profile settings Enable Choose th
71. eeaeeeeeeeeesesaeeseeeeeeeeessaas 6 12 Hardware Installation iesas tancnicsctenocedanniccisnencadusiieipstosokaiebiciionet avineddelysadiosubndlsanndiesawaaiaaaeaadeasehetenssgnddeeasiens 8 1 2 1 Detailed Explanation for the CONNECIOS ccccceeeeeccceeeecaeeeeeeeceeeeseaeeeeeeeeeessaeeeeeeeeeeeessaas 9 Configuring Basic Settings cccsssssssessssseessssceesessceesssseesesseesssseesesseeess 11 2 1 Changing I AS SW ONO ncsnrsiecicorsienndaroiei aaia aaan e oddini 11 PAPA UNG EE i cre poet E E ETE EE A E E E A A A E TE 13 2 2 1 Adjusting WAN Connection Mode ccccccccccccceeesseeceeeeeeeeeeeeeeeeeeeeseuaeeeeeeeeessaaaeeeeeeees 13 2 2 2 Static Mode srecesictnessecssctoesdviiessduessctasseesscunesdohadacaenscenscdsnsdesneesaeateds seuadsedesedassacseinedsdeneesddasees 15 22 DACP MOTE a E E A eee ee ee 17 22 APERE eae ee eee ee eee eee ere ene ee 18 Be TE seater E tea dee ong lng deems ede gent etc eee pede eenet dentate 20 Advanced Configuration 0 ces ccnsseensseccnnsscnsasecnnesscnsasecenesscnsesecnuesseasssecnaessonseseece 22 eM SS E S A E A eine EE EA E E E E E E 22 ag ee i 0 P E E S EE O E E E A E E eee ee E 22 Se MMMM E S AEE eateries stent cect os AE AE N N AEE AE AT 26 SAREE Ee e E EE A IEE EEA A E E E EAE ene ET 27 3 4 Access Conto Bere tected ete oaao a ea aN aaa aaa daR naa E 28 3 5 Configuration SOUND coesecccn ci sisi nccedccsicinsctienad dg cated aan i e aN aa Ai aaa a Ri 29 3 1 6 Firmware Upgrade Setup
72. eeeeeeseeeeeeees 149 A 3 4 Example for A Company and Guest ccccccccsssesseccceeeeeeeeesseeeeeeesseaeeseeeeeeessaaeeeseeeees 151 A 3 5 Example for Trunk US Qe ccccccccseeecceeseeeceeseeeccaeeeeseaseeecsaeeeseaseeesesesessaseeessaeees 153 Vigor3300 Series User s Guide 1 Preface The Vigor3300 Series integrates a rich suite of functions including NAT firewall VPN load balance bandwidth management and VoIP capability These products are very suitable for providing multi integrated solutions to SME markets An application scenario for the Vigor3300 Series is depicted in Figure 1 1 which illustrates interconnections among branch offices through the Internet via the Vigor3300 Series routers By combining with an existing PABX an Internet phone from a remote branch can also access any extension number on a local PABX or a traditional phone via PSTN Also by combining load balancing data security and Internet phone features the company can benefit from reducing operation fees _ Backbone Q E IPorATM COAL Coog A Virtual Private Network VPN is an extension of a private network that encompasses links across shared or public networks like an Intranet A VPN enables you to send data between two computers across a shared public Internet network in a manner that emulates the properties of a point to point private link The DrayTek Vigor3300 Series VPN router supports Internet industry standards technology
73. erfaces The interface supports MDI MDIX auto detection of either straight or crossover RJ45 cables These cables are used on WAN LAN and DMZ interfaces Chassis Connections The Vigor3300 Series can be mounted on a rack by using standard brackets in a 19 inch rack or optional larger brackets on 23 inch rack not included The bracket for 19 and 23 inch racks are shown below Attach the brackets to the chassis of a 19 or a 23 inch rack as shown in the Figures 1 8 and 1 9 Repeat the above procedure for the second bracket which attaches the other side of the chassis Vigor3300 Series User s Guide 9 10 After the bracket installation the Vigor3300 Series chassis can be installed in a rack by using four screws for each side of the rack Desktop Type Installation Rubber pads are included with the Vigor3300 Series These rubber pads improve the air circulation and decrease unnecessary rubbing on the desktop Vigor3300 Series User s Guide Configuring Basic Settings For use the router properly it is necessary for you to change the password of web configuration for security and adjust primary basic settings This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully 2 1 Changing Password To change the password for this device you have to access into the web browser with default password first 1 Make sure your comp
74. ernet content and can filter out specific packets which may trigger unexpected outgoing connection such as a Trojan The following sections will explain how to configure the Firewall Users can select General Setup IP Filter DoS and URL Filter options from Firewall menu The DoS facility can detect and mitigate the DoS attacks The URL Filter can block inappropriate websites for SME B a fe Vigor3300 series a VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced VPN VoIP 11 05 27 fe IP Fitter bo General Setup DoS Group Table URL Filter System Status Refresh Option No Refresh vj Refresh LAN Status WAN Status Model VYigor3300 Hardware Yersion 1 0 Firmware Version 2 5 7 EN Build Date amp Time Thu May 4 17 18 30 CST 2006 System Uptime 4 days 1 hours 53 minutes 21 seconds CPU Usage 8 3019 Memory Usage 53 4118 Current System Time Mon May 29 10 19 14 2006 3 4 1 IP Filter First you should create at least one Group in the IP Filter gt gt Group Table Then you can enable the Data Filter and select a Start Filter Group in General Setup The following sections explain IP Filter functions with details General Setup The page allows you to set general settings such as enabling the data filter function and choosing proper filter group Vigor3300 Series User s Guide Firewall General Setup Data Filter Start Filter Group
75. es of IP Address Subnet Mask Gateway IP Address and Primary DNS that you got from ISP are set properly or not If you forget please contact with ISP for getting new ones Static DHCP Piel Cleele ue ira Configuration IP Address 172 16 3 229 Subnet Mask 255 255 255 0 Default Gateway 1723 16 51 Primary DNS 168 95 1 1 Secondary DNS 169 95 192 1 2 If anything wrong please retype correct values and try the network connection again Host Mame Domain Mame OMZ Configuration iHost Mame and Domain Mame are required for some ISPs 3 After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings Vigor3300 Series User s Guide 133 Basic Status LAN Status WAN Status WANT IF Address ASO BIG ioe a MAC Address 00 50 7f28 080 e4 Primary DNS 158 495 1 1 Secondary ONS Gateway 220 130 572 209 Ra Packets fO8 Ts Packets J04 Connection Status connected Up Time 0 days 0 hours 5 minutes seconds For DHCP Mode 1 Check if Host Name optional and Domain Name optional are correct or not Both them are required for some ISPs eulte PPPOE PPTP DMZ een rene Configuration Configuration Default Gateway 721631 Host Name and Domain Name are required for same ISPs 2 If anything wrong please check and retype correct values Then try the network connection again 3 Af
76. es only The network configuration is the same with A 2 1 Please refer to A 2 1 Vigor3300 Series User s Guide A 3 4 Example for A Company and Guest A company wants to separate the Engineer Department Sales Department Marketing Department and guest to limit their communication with any department to ensure the security In this case we can define four VLANs that are VLANS VLAN6 VLAN7 and VLANS8 The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 is 192 168 3 0 and the subnet of VLAN8 is 192 168 4 0 However the notebook of guest does not support 802 1Q 192 168 1 0 192 168 2 0 192 168 3 0 192 168 4 0 auw by Zog LJ amp Engineer Denartme sales Mlarketing Guest SPER Department Department Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS5 VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS type 5 to VLAN ID In the Member field choose p1 Then choose the Tagged for Frame Tag Operation in pl We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of Engineer Department 4 Inthe VLAN6 type 6 to VLAN ID In the Member field choose p2 Then choose the Tagged for Frame Tag Operation in p2 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from Engineer Department 5 Inthe VLAN7 type 7 to VLAN ID In the Member field choose p3 Then cho
77. ete the selected setting or all settings To configure one entry please click Edit to open the following page VoIP Advanced Speed Dial Edit Prefix 03 Strip Length a Append 606 Destination 10 1 1 1 Memo Morno01 Apply Cancel Prefix Assign a prefix for checking the phone number that users dial out If the prefix of the outgoing call matches to the number set in this field that outgoing call can apply the speed dial For example suppose that there are two outgoing calls with phone Vigor3300 Series User s Guide 115 116 Strip Length Append Destination Memo 3 7 5 Miscellaneous numbers of 03654321 and 04556890 In which 03654321 is suitable for this speed dial rule Assign the length of digit to be removed from the original phone number For example suppose the original phone number is 03654321 and the strip length is 2 The first two numbers 03 will be removed and the final phone number becomes 654321 Assign a new number to be added before the phone number after removing length of digit For example suppose the original phone number is 03654321 The strip length is 2 and the append number is 886 Then the final phone number will be 886654321 Assign an IP address for the destination which the SIP message would be sent to A description for this entry This page includes RTP and T 38 Starting Port T 38 Redundancy Number VoIP ToS and FAX Ringing sett
78. ettings set in this page 3 5 2 Incoming Outgoing Class Filter Click the QoS option and choose Incoming Class Filter Outgoing Class Filter QoS Incoming Class Filter Priority Source IP Destination IP Service Type Status DiffServ CodePoint Status Class 1 0 9 0 9 0 9 0 90 90 1 Delete Delete All Vigor3300 Series User s Guide Priority Source IP Destination IP Service Type Status DiffServ CodePoint Status Class Edit Delete Delete All You are allowed to set ten filters The priority for the filter of number is the highest and the priority for number 10 is the lowest Displays the source IP address for the filter Displays the destination IP address for the filter Displays the service type that you choose for the filter Displays the setting for DiffServ CodePoint Displays the class name that you specified for the incoming outgoing class filter Click this button to open the edit page for adjusting the settings Click this button to delete the selected setting or all settings To edit an incoming class filter please choose one of the radio buttons under Priority and click Edit The following page will be shown automatically QoS Incoming Class Filter Source IP Destination IP Service Type Status service Type Protocol Port DiffServ CodePoint Status DiffServ CodePoint Type DiffServ CodePoint Class Source IP Destination IP Service Type Status
79. every 10 seconds VoIP Call History Port Caller Number Call Type 1 5 Incoming 888846 888845 17 01 51 6 Outgoing 888846 38388845 1 Port Number Call Type Caller Number Callee Number Start Time End Time Duration Release Reason Vigor3300 Series User s Guide Number Number Remote Release Remote RTP RTP Codec Packet DTMF Start Time End Time Duration Reason Address i Statistic Type Period VAD Relay O8 5500 FiSep23 9 gays i Sates we Haken a ae aai 17 Ue UU 00h 00m 09s Normal Drop 61 230 213 114 13466 O 2 28 60 Bkbps 270ms O 2FC2833 2005 PL 0 Ji 0 LA 0 PS 143 98 27860 FriSep 23 ae PR 144 ayana 17 02 00 0 days Normal Drop 61 230 213 114 13464 OR 2880 S t dan 20ms Of RFC2833 S a 00h 00m 1 3s orma UFOp ST UAT 290 2s ee VOY 8kbps ums vevo 2005 PL 0 Ji 0 LA U Refresh The port number of VoIP The dialing direction for this call Incoming Outgoing The phone number of the caller The phone number of the receiver The starting time of the call The ending time of the call The duration of the call The reason for the call termination 123 124 Remote RTP Address Remote RTP Port RTP Statistic Codec Type Packet Period VAD DTMF Relay 3 7 11 Status The IP address of remote voice site The used port number of remote voice site The statistic of RTP with abbreviation will be shown in this field e g PS Packets Sent OS Octets Sent PR Packets Received OR Octets
80. face The default value is 102400 kbps 100 Megabit This setting is very important for Vigor3300 Series incoming buffer adjustment If you use a DSL subscriber service with a 2Mbps downstream please set the downstream rate setting with 2Mbps Assign the transmission rate for this WAN interface The default value is 102400 kbps 100 Megabit This setting is very important for Vigor3300 Series outgoing buffer adjustment If you use a DSL subscriber service with a 256Kbps downstream please set the downstream rate setting with 256Kbps Select a connection type for this WAN interface Currently there is only one setting offered for you to choose Fast Ethernet Select connection speed mode for this WAN interface There are auto negotiation full duplex and half duplex of either 10M or 100M speed options for the WAN Interface Select an IP mode for this WAN interface There are four available modes for Internet access Static DHCP PPPoE and PPTP On this page you may configure the WAN interface to use Static fixed IP DHCP dynamic IP address PPPoE or PPTP Most of the cable users will use the DHCP mode to get a globally reachable IP address from the cable host system Vigor3300 Series User s Guide 2 2 2 Static Mode You can manually assign a static IP address to the WAN interface and complete the configuration by applying the settings and rebooting your router Choosing Static as the IP mode you will see the followi
81. firmware from the DrayTek Website www draytek com tw or FTP site tp draytek com on your computer first 2 Connect the RJ45 connector of console cable to the console port on Vigor3300 and the DB9 connector of the console cable to the RS232 port on the PC Vigor3300 Series User s Guide 2 x igg 10 Hyrper et benna Bae ee ice COM1 Properties a x Fort Settings a Bits per second js7e00 Data bits je f Parity None Stop bits ooo H Flow control Restore Defaults The default setting of the console port is baud rate 57600 no parity and 8 bit with 1 stop bit 3 Power on Vigor3300 then press ENTER before the system reboots completely 4 Open Hyper Terminal on the PC Now Vigor3300 can accept a TFTP download and will display the following message ERRER GE KE E RE EE E K E R K E E K K E K K K k k f DrayTek V3300 Bootloader see ae ae fe fe af eae ae ae ae ae ae ae fe ae ak oe ae ae ae ae ak ak kkk Press ENTER key within 5 sec to download image 2 Current LAN IP is 192 168 1 1 New IP Prepare downloading 5 Type the path name of the firmware image and activate the TFTP Client from the PC to download the image The corresponding message is shown as follows TFTP i 192 168 1 1 PUT Vigor3300 image file name Vigor3300 Series User s Guide 31 32 Command Prompt Volume in drive C Uolume Serial Aunber Directory of 2 5 81 772A 61572085 e219 20R
82. for most of DSL modem users All local users can share one PPPoE connection to access the Internet Your service provider will give you the user name password and authentication mode for PPPoE settings VIGOROUS BROADBAND ACCESS 0 Quick Setup System Network Advanced Firewall QoS VPN VoIP 10 50 44 A M Quick Setup WAN MAC Address Default MAC User Defined MAC Downstream Rate 102400 kbps Upstream Rate 102400 kbps Type Fast Ethernet v Physical Mode Auto Negotiation w IP Mode O Static O DHCP PPPoE O PPTP If your ISP provides you the PPPoE Point to Point Protocol over Ethernet connection please select PPPoE for this router to get the following page Enter the username and password provided by your ISP on the web page Static OHCP PPPoE PPTP Configuration Belair eel User Name PPTP Local Address fo Password COC PPTP Subnet Mask fe Authentication PPTP Server Address fo Serice Name Optional User Name Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Authentication Select PAP or CHAP protocol for PPP authentication The default value is PAP Service Name Assign a service name required from ISP service After setting up the WAN interface the user can click Next to setup the LAN interface continuously Vigor3300 Series User s Guide Sue eval Configuration ser Mame Pass
83. gent can be configured in the page of DHCP Relay Agent Start IP Sets the starting IP address of the IP address pool for DHCP server End IP Sets the ending IP address of the IP address pool for DHCP server Primary DNS Sets the private IP address of the primary DNS Vigor3300 Series User s Guide Vigor3300 Series User s Guide Secondary DNS Sets the private IP address of the secondary DNS Lease Time Min Sets a lease time for the DHCP server The time unit is minute Gateway IP Optional Sets a gateway IP address for the DHCP server Click Apply to reboot the system and apply the settings Note If both the Primary and Secondary DNS fields are left empty the router will assign its own IP Address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connection For DHCP Relay Agent This page allows users to specify which subnet that DHCP server is located the relay agent should redirect the DHCP request to Network LAN DHCP Relay LAN IP DHCP IP Routing WAN Interface MANI Relay Agent DHCP Server IP Asse Apply Cancel WAN Interface Choose the WAN interface for applying relay agent DHCP Server IP Address Type the IP address for the DHCP server 45 For IP Routi
84. ging tone Busy tone Congestion tone Low Frequency Hz High Frequency Hz TOn1 10msec TOffl 10msec TOn2 10msec TOff2 10msec 118 Choose the country area that the Vigor3300 located for using VoIP feature Or select User Defined for proprietary settings Finland User Defined Australia SErnany Hong Eong Japan Hetherlands Horway Singapore Taivan UE If User Defined is selected in the Region field users can select one of the supported values If a country is selected this field will display ID type value automatically Caller ID Type DTHF ka Horth America A tone means the phone line is ready to make a call A tone means the call is ringing A tone means the phone line is busy A tone means the network is busy Type the low frequency number in Hertz Type the high frequency number in Hertz Type the duration of the first ring Type the silence duration after the first ring Type the duration of the next continuous ring Type the silence duration after the next continuous ring Vigor3300 Series User s Guide 3 7 7 QoS This Quality of Service QoS function is only for the VoIP feature When this function is enabled the Vigor 3300 Series will set rate limitation for incoming and outgoing transmissions to ensure the best quality of service in VoIP VoIP QoS Disable non guaranteed voice quality higher data throughput Enable guaranteed voice quality normal data
85. h other please check the port box P1 to P4 according to your necessity Vigor3300 Series User s Guide Frame Tag Operation Basically the default settings for tagged or untagged VLAN will be shown automatically when you type VLAN ID Name and check the Active box By the way you can modify the tag operation for each VLAN in this page for obtaining proper control Use the drop down list to choose a tag operation for each port Tagged All the computers behind that port must support VLAN and are tagged with certain VLAN groups with specified ID numbers Untagged All the computers behind that port do not support VLAN feature Note It is recommended to group computers that do not support VLAN feature or support VLAN feature but their Untagged VLAN settings are checked in one port with untagged This device will tag proper port VLAN ID for untagged PC respectively for making them communicating with the router Management Port It can help users to communicate with router still even though configuring the wrong setting in the 802 1Q VLAN tag The management port will lock index 4 We recommend that users enable the management port to fix the fourth VLAN settings unless users want to use the fourth VLAN and ensure the settings are correct You have to set Port VLAN ID for P4 previously before you check Management Port Port VALN ID Type the ID for each port used for identification on VLAN When the tag operation for each port re
86. higher than 40ms Yet the bandwidth request for 40ms is less than 20ms DTMF DTMF Mode InBand Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone OutBand RFC2833 Choose this one then the Vigor will capture the keypad number you pressed and transform it to digital form then send to the other side the receiver will generate the tone according to the digital form it receive This function is very useful when the network traffic congestion occurs and it still can remain the accuracy of DTMF tone SIP INFO Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message DTMF Volume Determine the volume of DTMF voice signal The more the number is set the greater the sound is Call Forwarding Disable Disable forwarding function Call forwarding all calls Forward all incoming calls to the specified SIP URL site Call forwarding busy Forward incoming calls to the specified SIP URL site when this line is busy Call forwarding no answer after Range 1 10 rings Forward incoming calls to the specified SIP URL site after ringing the times that you set here SIP URL Assign a SIP URL site to receive forwarded calls Apply When you finish all the configurations please click this button to activate them For Group It is very important to provide a Group function for voice service with
87. his entry When you finish it click Apply Delete Allows you to remove the selected group Delete All Allows you to remove all of the groups When you finish the configuration please click Apply to invoke it Status This page displays some relevant information about PPTP connection It will refresh automatically every 10 seconds VPN PPTP Status 6 Index Remote IP Assigned IP User Byte In Byte Out Up Tine 1 61 31 162 252 192 158 1 224 3300 1280 T4 11 Refresh Disconnect Index Displays the index number of the tunnel Remote IP Displays remote IP address of the tunnel Assigned IP Displays IP address assigned by Vigor3300 User Displays user account of this tunnel Byte In Displays the bytes count received by this tunnel Byte Out Displays the bytes count sent out by this tunnel Uptime Displays the time duration since the tunnel is established Refresh Allows you to refresh current VPN PPTP status Disconnect Allows you to disconnect the select VPN PPTP connection Vigor3300 Series User s Guide 3 7 VoIP Setup Voice over Internet Protocol VoIP is a technology that allows you to make telephone calls using a broadband Internet connection instead of a regular or analog phone line The Vigor3300 Vigor3300V provides cost effective voice solution for SME customers which can be explained with the following diagram RADIUS Data NMS Server Base Server aD lt Alarm message gt an
88. his page allows you to set a simple way to dial a specific number Up to 150 numbers can be stored in Vigor3300V VoIP Speed Dial Speed Dial Phone Number Speed Dial Destination Memo 1 1001 1001 iptel org dial 1 3 4 5 Example 101 101 iptel org Apply Cancel Clear This Page Speed Dial Phone Number Type the phone number to be used as quick dial Speed Dial Destination Type the destination address of the dial Memo Type a description for the specified number Apply Click this button to activate the page settings Clear This Page Click this button to remove all the settings in this page Vigor3300 Series User s Guide 3 7 4 Advanced Speed Dial Speed dial allows users to call out with simple buttons instead of dialing long numbers To set a speed dial with specified settings please open the following page VoIP Advanced Speed Dial Prefix Strip Length Append Destination Memo io co a 0 0 0 0 0 0 0 0 0 _ Co 1 Edit Delete Delete All Prefix Displays the prefix number of the entry Strip Length Displays the strip length of the entry Append Displays the appended number of the entry Destination Displays the IP address of the destination of the entry Memo Displays the brief description stated in memo field of the entry Edit Click this button to access into the editing page of the speed dial Delete Delete All Click this button to del
89. hree for managing the system Management Port Default Ports Use the default ports for HTTP and Telnet if you choose HTTP and Telnet as management methods Vigor3300 Series User s Guide User Defined Ports Or you can assign new port numbers for HTTP Telnet and SSH respectively PING Restriction Disable PING from the LAN Choose this function to reject all ICMP packets from LAN side Disable PING from the WAN Choose this function to reject all ICMP packets from WAN side 3 1 5 Configuration Setup Most of the settings can be saved locally as a configuration file and can be applied to another router The Vigor3300 Series supports the restore and upload functions of the configuration files In the System group click the Configuration Setup option And you can see the following page VIGOROUS BROADBAND ACCESS Quick Setup System Network Advanced Firewall QoS VPN VoIP 9 45 17 A M System Configuration Restore Select a configuration file Apply Backup Backup configuration file Push Backup button Backup Select a Configuration File Please click the Browse button to find out the location of the configuration file to be uploaded to the router and click Apply Backup Configuration File Download the configuration file to a local host The default Push Backup Button file name is v3300 cfg Vigor3300 Series User s Guide 29 30 3 1 6 Firmware Upgrade Setup Vigor3300 Series al
90. icrosoft Internet Explorer A You can download only when the status is Request Generated After you click the Download button the system will guide you to save the downloaded file newreq_RD computer_1 pem to a place that you assign File Download ix Desktop Some hes can ham pour computer If the hle information below Ej my Documents E v2800v y looks suspicious or you do mol fully trust the source do not open or EG Y My Computer E2VPN_200tunnel save this file Sl My Network Places Network Connections 2 5 3_Rc4 File name mewreg_3300CA_1 pem an Fike ype Desktop 2900 tg 13300 From 192 168 1 1 ec dg kapers pic My Documents C SmartBits would you like to open the file or save it to your computer 95 ae S lt e eo i File name r Always ask before opera thas p of file Save as type Toimport a user certificate that you saved previously please click index number one with the status of Request Generated and click the Import button If not you might see the following dialog to warn you Microsoft Internet Explorer You can import only when the statis is Request Genrated After you click the Import button the system will guide you to import a saved file to a place that you want VPN IPSec User Certificate 1 Import Import User Certificate Apply Cancel To delete a user certificate please click the index number that you want to delete and click
91. ies User s Guide Enable O Enable Apply Cancel There are five options for incoming calls from remote ends Choose either one of them to set the barring class Deny only calls from deny list ka Allow all incoming calls Allow only calls from allow list Allow only calls from speed dial entries le eny only calls from deny list all incoming calls 121 122 Match Method Speed Dial Entries Allow List Allow all incoming calls All incoming calls from remote ends are accepted by this router Allow only calls from allow list Only the calls listed in the Allow List page will be accepted by this router Allow only calls from speed dial entries Only the calls listed in the speed dial entries will be accepted by this router Deny only calls from deny list The calls listed on Deny List page will not be accepted by this router And others calls are accepted Deny all incoming calls All incoming calls from remote ends are not accepted by this router Name Enable or Disable this function to take value of Speed Dial Phone Number to be checked IP Domain Enable or Disable this function to take the value of Speed Dial Destination to be checked Type the range to be checked The default value is from 1 to 150 The Vigor3300 Series supports up to 30 entries in the Allow List table When you choose Allow only calls from allow list as the Barring Class only the people listed in this
92. in a company Customers can simultaneously call the same phone number When the Vigor3300 gets a phone call which is configured in the first port of a group from Internet it will ring all available ports belonging to this group to provide voice service at the same time It is easier for the customer to remember just one phone number corresponding to the company By enabling this function the 4 or 8 port VoIP will use the first enabled port phone setting on the table as their phone number Up to 8 groups can be configured and assigned a specific phone line Each phone line must be unique and cannot be overlapped as shown below Vigor3300 Series User s Guide 113 114 VoIP Port Settings Group O Disable Enable Group Port 1 2 3 4 5 6 7 1 O OO O 2 3 O OO O 4 OO O 6 T O O O O O O O 8 incomming Call Rings Rings all ports in the group O Rings the first available port Default Group Apply Cancel Rings all ports in the group Click this radio button to make all ports in the same group ringing while receiving incoming calls Rings the first available Click this radio button to make the first available port in the port same group ringing while receiving incoming calls Default Group Click this button to return to the factory group settings 3 7 3 Speed Dial T
93. in the IPSec Table Operational Status reflects the current status of the tunnel UP means the IPSec tunnel has been established DOWN means no tunnel existing or termination status of the tunnel 98 Vigor3300 Series User s Guide If user expects the local gateway to act as the IKE initiator 1 e emit the first IKE main mode message user can click the hyperlink Initiate to start the IKE negotiation or set admin status to be always on to automatically restart IKE negotiation During the negotiation you can press Refresh to show the latest status of all policies Log At any time you can click VPN gt Log to monitor the VPN tunnel status The log is helpful for solving some setting problems The system will keep the 100 most recent messages Click Clear to clear the log VPN IPSec Log Date Time Description 04 37 06 12 08 connection 1_Research is deleted 2 O4 36 47 12 08 connection 1_Research is added Date Time It displays the date and time for the operation of IPSec Description It displays the results of the IPSec operation Refresh It allows you to refresh the whole table Clear It allows you to clear all the table information Trust CA This page allows you to set up the CA configuration Click the VPN gt gt IPSec gt gt Trust CA option It can make users loading double key certificate issued by trusted CA server VPN IPSec Trust CA Name Issuer 0 0 0 910 01 0 6 10 O 1 Upload De
94. ings VoIP Miscellaneous RTP Starting Port 13456 T 38 Starting Port 49170 T 38 Redundancy number 1 Range 0 4 Dialing Completion Timeout 4 sec Range 1 60 VoIP ToS ox al A Ia rity Reversal as Callee T FXO auto disconnection if no packet is received in 3 FXS Ringing minutes fRange 1 60 O no auto disconnection Ringing Frequency 25 HZ Ringing Cadence On 2000 msec Ringing Cadence Off 4000 msec RTP Starting Port T 38 Starting Port T 38 Redundancy Number Dialing Completion Apply Cancel The starting port number for RTP protocol packet The default setting is 13456 The starting port number for T 38 protocol packet The default setting is 49170 The redundancy number how many payloads attaching to the tail of the packet for T 38 protocol The default value is 1 Users might dial with incomplete phone number and wait for Vigor3300 Series User s Guide Timeout several seconds but not finish the complete dialing The system will force to dial the incomplete number after the time you set in this field to finish that call For example the phone number is 03654321 and the dialing completion timeout is set to 4 secs The user dials with 036 and stops to dial After passing through 4 seconds the router will send out that phone call automatically VoIP ToS The ToS value in VoIP protocol packet The default setting is Oxa0 Line Polarity Reversal a
95. ion Service Name PPPoE IP Alias IP Address Assignment Method IPCP Fixed IP Fixed IP Address Connection Detection Detect Interval No Reply Count User Name Password Authentication Service Name Detect Interval No Reply Count Apply Reset DMZ Configuration PPTP Subnet Mask PPTP Server Address No Dynamic IP O Yes Apply Reset Cancel Assign a specific valid user name provided by local ISP Assign a valid password provided by local ISP Select PAP or CHAP protocol according to the feature that your ISP provided for widest compatibility The default value is PAP The password will be encrypted in CHAP but not in RAP Assign a service name required for some ISP services Assign an interval time for detecting if the WAN connection is on or off Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Click this button to clear all the configurations for this page Vigor3300 Series User s Guide PPTP with a DSL Modem Setup The service provider must provide the exact settings for this mode static DHCP PPP
96. ion IP Mode OStatic ODHCP OPPPoE PPTP If your ISP offers you PPTP Point to Point Tunneling Protocol mode please select PPTP for this router Next enter the PPTP Subnet Mask e g 255 255 255 0 PPTP Local Address e g 10 66 99 88 and PPTP Remote Address e g 172 66 99 88 provided by your ISP on the web page Sa ef OHCF PPPoE PPTP Configuration aa User Name Password Authentication PAP Service Mame Optional PPTP Local Address 10 66 99 58 FFTF Subnet Mask 255 255 255 0 hill PPTP Remote Address 172 66 99 86 Next gt gt PPTP Local Address Assign a local IP address of PPTP PPTP Subnet Mask Assign a net mask value for IP address of PPTP PPTP Remote Address Assign a remote IP address of PPTP server After setting up the WAN interface the user can click Next to setup the LAN interface continuously Vigor3300 Series User s Guide Quick Setup LAN LAN IP DHCP IP Configuration IP Address Subnet Mask DHCP Server Status Start IP Engr Primary DNS Secondary DNS Lease Time Min Gateway IP Optional IP Address Subnet Mask Status Start IP End IP Primary DNS DHCP Relay Agent 192 168 1 1 IP Routing 255 255 255 0 Enable O Disable Relay Agent 192 168 1 10 192 168 1 254 lt lt Previous Finish Assign an IP address for the LAN interface Assign the sub
97. irmation dialog box will appear Click OK to delete this entry from the Load Balance Policy table In addition click Delete All in the Load Balance Policy page to delete all of 10 entries on this page To edit an entry select it by clicking the radio button from 1 to 10 Then click the Edit button on the bottom to bring up the following Web page Network Load Balance Policy Edit Protocol TCP Source IP Subnet Mask 192 168 1 128 j 255 255 255 0 DestIP SubnetMask 202 99 99 1 255 255 255 0 Dest Port Range 241 1000 Network Interface VANI v Apply Cancel Protocol Select the desired protocol for the selected entry Source IP Subnet Mask Assign a source IP address and subnet of certain host in LAN for applying load balance policy Dest IP Subnet Mask Assign a destination IP address and subnet of certain host in LAN for applying load balance policy Dest Port Range Assign a destination port number range The port range is from Network Interface 3 2 4 High Availability 1 to 65535 Select an interface WANI to WAN4 to be forwarded to The High Availability HA feature refers to the awareness of component failure and the availability of backup resouces The complexity of HA is determined by the availability needs and the tolerance of system interruptions Systems that provides nearly full time availability typically have redundant hardware and software that makes the system avai
98. is one to invoke this profile manually In addition to select Enable you have to click Initiate under the page of VPN IPSec Tunnel Policy Table Always On Choose this one to invoke this profile automatically by the system for every 30 seconds Disable Choose this one to inactivate this profile Frofile Status Enable Always On Name The name for VPN connection ex VPN1 The maximum length of name is 20 characters including spaces Authentication The authentication to be used by PreShared Key or RSA Signature Authentication Preshared Key Preshared Fey RSA Signature PreShared Key The shared key for peer identification The maximum length is 40 characters including spaces Vigor3300 Series User s Guide 95 Security Protocol NAT Traversal WAN Interface Local Certificate Security Gateway Network IP Subnet Mask Next Hop Remote ID DHCP over IPSEC Security Gateway Network IP Subnet Mask AH Specify the IPSec protocol for the Authentication Header protocol The data will be authenticated but not be encrypted ESP Specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted and authenticated Security Protocol Click Enable to let multi IPSec tunnels passing through this router Click Disable to close this function MAT Traversal Enable The WAN interface to be used WAN Interface WAHI
99. kets from the Internet exceeds the user defined threshold value the router will be forced to randomly discard the subsequent UDP packets within the user defined timeout period The default setting for threshold and timeout are 300 packets per second and 10 seconds respectively Enable ICMP Flood Activates the ICMP flood defense function If the amount of Defense ICMP echo requests from the Internet exceeds the user defined threshold value the router will discard the subsequent echo requests within the user defined timeout period The default setting for threshold and timeout are 300 packets per second and 10 seconds respectively Enable Port Scan Detection Activates the Port Scan detection function Port scan sends packets with different port numbers to find available services which respond The router will identify it and report a warning message if the port scanning rate in packets per second exceeds the user defined threshold value The default threshold is 300 pps packets per second Vigor3300 Series User s Guide Enable Block IP Options Activates the Block IP options function The router will ignore any IP packets with IP option field appearing in the datagram header Enable Block Land Activates the Block Land function A Land attack occurs when an attacker sends spoofed SYN packets with identical source address destination addresses and port number as those of the victim Enable Block Smurf Activates the Block Smurf
100. lable despite failures The high availability of the V3300 Series is designed to avoid single points of failure When failures occur the failover process moves processing performed by the failed component the Vigor3300 Series User s Guide Master to the backup component the Slave This process remains system wide resources recovers partial of failed transactions and restores the system to normal within a matter of microseconds Take the following picture as an example The left V3300 Series is regarded as Master device the right V3300 Series is regarded as Slave device When Master V3300 Series is broken down the Slave device could replace the Master role to take over all jobs as soon as possible However once the original Master is working again the Slave would be changed to original role to stand by WAN Internet Vigor3300V Master Router Configurations LAN IP 192 168 1 1 LAN MAC 00 30 7F 0A 0B 01 High Availability Enable Group Number 1 Role Master Virtual IP 192 168 1 3 Vigor3300V Slave Router Configurations LAN IP 192 168 1 2 LAN MAC 00 30 7F 0A 0B 02 High Availability Enable Group Number 1 Role Slave Virtual IP 192 168 1 3 Virtual MAC 00 00 5E 00 01 01 Virtual MAC 00 00 5E 00 01 01 Master and Slave must have the same Group Number and Virtual IP Virtual MAC will be generated automatically by assigned Group Number Host Network Configuration
101. le to active this function MX stands for Mail Exchanger Mail Exchangers are used for directing mail to specific servers other than the one a hostname points at Assign an email address Click Apply to finish these settings and return to previous page Note 1 The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get more detailed information from their websites 2 Backup MX provides a secondary mail server to hold your e mail if your main email server go offline for any reason Once you go back online your email will be delivered to you Vigor3300 Series User s Guide 3 3 6 Call Schedule Setup These call schedule profiles will control the up or down time of the router s dialer or connection manager In order to do the proper call schedule function a user must have to setup time function and arrange schedules for specified Internet access profile or LAN to LAN profile Vigor3300 Series support lots of profiles for call schedule usage In the Advanced group click the Call Schedule option You will get the following page Advanced Call Schedule Status Date amp Time Action How often Week Option WAN Enable 2006 4 15 00 00 Force On Once WAN 1 Delete Delete All Status Display the activation status enable or disable for this entry Date amp Time Display the start date and time for this schedule Action Display the action that this schedule adopts How often
102. les are matched Note It is recommended placing pass rules in pass group and block ones be in block group Next Group Name It indicates the next filter group If the option Block if no further match or Pass if no further match of Block or Pass parameter is selected the unmatched packets will be compared with rules in Next Group The option None must be chosen while Block or Pass is selected as Block or Pass Apply Click this button to return to IP Filter Table setting page The new added rule information will be displayed on this page too Refer to the following graphic Firewall IP Filter Table Group Name Next Group Name none Comment Skip this group Add Rule Apply Cancel IP Filter Table Index SourcelP Subnet Mask Port uu Subnet Mask Port Protocol Direction Block Active EE E E E AE ee R E E E Te NAE E z LAN to Block late ea take Aaa pa iaaea A a a A a E g l aa e aa a i aa ba aaa a A g E B a 1 192 1 1 192 1 l Wes LAN immediately Edit Rule Delete Rule 3 4 2 DoS The DoS function helps to detect and mitigates DoS attacks These include flooding type attacks and vulnerability attacks Flooding type attacks attempt to use up all your system s resources while vulnerability attacks try to paralyze the system by offending the vulnerabilities of the protocol or operation system In the Firewall group click the DOS option You will see the following page The DoS Defe
103. lete View To upload a new Trust CA please select any one of the entry and click the Upload button The following page will appear Vigor3300 Series User s Guide 99 100 VPN IPSec Trust CA 1 Upload Upload CA Certificate i Browse Upload File User Certificate Apply Cancel This page allows you to set up the CA configuration to generate user s certificate Click the VPN gt gt IPSec gt gt User Certificate option VPN IPSec User Certificate F status 1 import OK 2 Import OK 3 O Import OK 4 oO Empty 5 Empty 6 O Ermpty T O Ernpty 8 O Empty 9 O Empty 10 Empty Generate Download Import Delete View Nam 3300CA_0804 S300CA_RD3 3300CA_attel Issuer iC TWWST Hsin ChwL Houkof0 DrayteWOUSRDACN prestofemailAddress pchogadraytek com_tw f TWwfST HSin Chu L HoukoldeDrayieWOU ROSiCNepresiofemailAddress pchogmaraviek corm ty iC TWwfST Hsin ChuwL Houkol0 DrayteWOUSRD3CN presto emailAddress pchog draytek com tw 1 Generate Download import Delete View Generate a new entry for user certification Download a certification file generated from router to be stored in local host Import a certificated file from the local host Delete an assigned entry Show configuration of the assigned entry Vigor3300 Series User s Guide To generate a user certificate please click one radio button to select the entry and click the Generate button
104. list can call this router VoIP Incoming Call Barring Allow List Name 1 Torn John Example John Name IP Domain Deny List IP Domain 192 168 1 6 iptel org 192 168 1 1 or iptel org 123456 Apply Cancel The name or number in the allow list The IP address or domain name to be allowed If the peer is registered in SIP proxy server use the domain name of the SIP proxy server Otherwise use the static IP address or DDNS domain name The Vigor3300 Series supports up to 30 entries in the Deny List table When you choose Deny only calls from deny list as the Barring Class people listed in this list cannot call this router Vigor3300 Series User s Guide VoIP Incoming Call Barring Deny List Name 1 James 2 Steven 4 5 Example John Name IP Domain 3 7 10 Call History IP Domain 1172 16 3 221 arctel com 192 168 1 1 or iptel org 123456 Apply Cancel The name or number in the deny list The IP address or domain name to be denied If the peer is registered in SIP proxy server use the domain name of the SIP proxy server Otherwise use the static IP address or DDNS domain name This page lists the call history through Vigor3300 You can click Refresh to get the latest history information for these VoIP phones Besides this page refreshes automatically
105. lock or Pass Next Group Mame Apply Cancel 4 Now you will get the following page Firewall IP Filter Table Group Name Next Group Name Block w Comment Group for block rules Add Rule Apply Cancel IP Filter Table Index Source IP Subnet Mask Port DestinationIP Subnet Mask Port Protocol Direction Block Active i any 2592A any any protocol LAN to LAN Block immediately Edit Rule Delete Rule A 2 How to Check Edit VLAN ID on Your PC Not all the network cards support VLAN features If you cannot sure if the network card of your computer supports tagged VLAN or not please do the following steps to check or edit VLAN ID on your PC 1 Goto Control Panel and then double click on Network Connections Jetwork Connections 138 Vigor3300 Series User s Guide 2 Right click on Local Area Connection and click on Status Disable i Repair Bridge Connections Create Shortcut Delete Rename Properties On the following dialog click Properties 4 Local Area Connection Status General Connection Status Duration Speed Activity Sent i Receved Packets ag Vigor3300 Series User s Guide 139 140 4 Click Configure to access into next screen T Local Area Connection Properties General Authentication Advanced Connect using E3 Intel R PRO 100 5 Desktop Adapter This connection use
106. lows users to upgrade firmware through a Web interface In the System group click the Firmware Upgrade option You can see the following page then Before you execute the firmware upgrade please download the newest firmware from Draytek s website www draytek com or FTP site ftp draytek com on the computer first System Firmware Upgrade Caution After an upgrade procedure a rebootis required Current Version Vigor3s300 2 5 7 1 EN Location Local O Remote Firmware Browse TFTP Server IP Remote File Name i i Apply Cancel Caution Displays a caution for your reference Current Version Displays current firmware version that you are using Location Local means upgrade firmware from browser Remote means upgrade firmware from a remote TFTP server Firmware Specify the location of the firmware file if you want to upgrade the firmware locally TFTP Server IP If you want to upgrade the firmware of this router from remote side please type the IP address of the TFTP server Remote File Name The default filename will be shown here If you have use another name to save the firmware file please type the new name in this field Apply After finished your selection please click Apply to execute the firmware upgrade Firmware Upgrade from a Console Port Firmware upgrade can be done from a console port too The following example was run on a Windows environment 1 Download the newest
107. n Console Provided for technician use LAN P1 P4 Connecter for local networked devices WAN DMZ WANI WAN3 Connecter for remote networked devices Vigor3300 Series User s Guide 5 1 1 3 LED Indicators and Connectors for Vigor3300B act amp amp O LNK Q Attack ay O i00m PwrR aos O Fox WAN2 WAN3 WAN P1 P2 P3 P4 LAN Status Explanation PWR On The router is powered on Off The router is powered off ACT On Blinking The system is active S mh The system is hanged Attack The Attack function 1s active The Attack function is inactive Qos The QoS function is active S mh The QoS function is inactive The Ethernet link is established on corresponding port Off No Ethernet link is established ee 100M On It means that a normal 100 Mbps connection is aran LE through its corresponding port re It means that a normal 10 Mbps connection is through its corresponding port FDX It means a full duplex connection on corresponding port It means a half duplex connection on corresponding port Z 7N il 5 LNK The Ethernet link is established LAN Blinking The data transmission is done through the 1 2 3 4 corresponding port No Ethernet link is established 100M On It means that a normal 100Mbps connection is through its corresponding port It means that a normal 10Mbps connection is through its corresponding port Vigor3300 Series User s Guide
108. n is inactive QoS The QoS function is active S mh The QoS function is inactive 2 Vigor3300 Series User s Guide Explanation _ Status i Off LAN 100 On 1 2 3 4 Off i Off mfo WAN DMZ Blinking 1 2 3 4 Off i Off The Ethernet link is established on corresponding port No Ethernet link is established It means that a normal 100 Mbps connection is through its corresponding port It means that a normal 10 Mbps connection is through its corresponding port It means a full duplex connection on corresponding port It means a half duplex connection on corresponding port The Ethernet link is established The data transmission is done through the corresponding port No Ethernet link is established It means that a normal 100Mbps connection is through its corresponding port It means that a normal 10Mbps connection is through its corresponding port It means a full duplex connection on corresponding port It means a half duplex connection on corresponding port pa 7 Interface WAN DMZ p1 p2 P3 P4 Description Console LAN P1 P4 WAN DMZ P1 P4 FXS FXO Vigor3300 Series User s Guide Provided for technician use Connecter for local networked devices Connecter for remote networked devices Connecter for telephone set Connecter for FXS interface of PABX 1 1 2 LED Indicators and Connectors for Vigor3300 act vP
109. net mask for the LAN interface Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Assign the start IP address of the IP pool that DHCP server can use for clients in LAN Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN Type the IP address for primary DNS When you finished the above required settings please click Finish A system reboot page will appear Vigor3300 Series User s Guide 21 3 Advanc ed Configuration After finished basic configuration of the router you can access Internet with ease For the user who wants to adjust more setting for suiting his her request please refer to this chapter for getting detailed information about the advanced configuration of this router 3 1 System setup For the system setup there are several items that you have to know the way of configuration Status Time Setup Syslog Setup Access Control Setup Reboot and Firmware Upgrade Setup Diagnostic Tools and Configuration Setup Quick Setup Network Advanced Firewall Qos VPN VoIP 15 58 52 Status Time System Pay sys cccssancssssunusessessnsssssssunesssessuteesesssnnessee Access Control Refresh Option Change Password Refresh Configuration Basic Str Firmware Upgrade WAN Status Model J Reboot 300 Hardware Veri Diagnostic Tools d Firmware Yersion 2 5 7 EN Build Date amp Time Thu Ma
110. ng This page allows users to type in secondary IP address for connecting to a subnet You can set IP routing for each WAN interface respectively Network LAN LAN IP DHCP WANT1 Status IP Address Subnet Mask WAN2 Status IP Address Subnet Mask WANS Status IP Address Subnet Mask WAN4 Status IP Address Subnet Mask Status IP Address DHCP Relay Agent IP Routing Enable O Disable 10 1 1 3 255 255 255 0 O Enable Disable O Enable Disable Subnet Mask LAN Interface O Enable Disable Apply Cancel Click Enable or Disable to activate or close the IP routing of specific WAN interface Type an IP address for the WAN interface WANI WAN2 WAN3 WAN4 Type the subnet mask for the WAN interface WANI WAN2 WAN3 WAN4 Select a proper LAN interface for WAN interface WANI WAN2 WAN3 WAN4 Note Vigor3300V supports four WAN interfaces yet Vigor3300 Vigor3300B support three WAN interfaces That is WAN4 will be disabled for Vigor3300 Vigor3300B Vigor3300 Series User s Guide 3 2 3 Load Balance Policy Vigor3300 Series supports a load balancing function It can assign traffic with protocol type IP address for specific host a subnet of hosts and port range to be allocated in WAN interface User can assign traffic category and force it to go to dedicate network interface based
111. ng page Static DHCP PPPoE PPTP Henne rem Configuration IP Address 172 16 3229 Host Mame OoOo Subnet Wask E5 J55 255 0 Domain Mame fo Default Gateway 172 165 3 1 Host Mame and Domain Name are required for same ISPs Primary DNS 166 951 14 Secondary ONS 169 95 192 1 IP Alias List 1 10 1 1 100 2 3 0 1 1 109 4 Po 5 J 5i in a Fa All the settings here are set by privately Your ISP will not provide these settings IP Address Assign a private IP address to the WAN interface Subnet Mask Assign a subnet mask value to the WAN interface Default Gateway Assign a private IP address to the gateway Primary DNS Assign a private IP address to the primary DNS Secondary DNS Assign a private IP address to the secondary DNS IP Alias List Assign other IP addresses to be bound to this interface This setting is optional If you have typed addresses here you can see and choose it in later web page settings e g Advanced gt gt NAT gt gt Port Redirection DMZ Host Thirty two IP addresses settings are allowed at one time After setting up the WAN interface the user can click Next to setup the LAN interface continuously Vigor3300 Series User s Guide 15 16 Quick Setup LAN IP DHCP IP Configuration IP Address Subnet Mask DHCP Server Status Start IF End IP Primary DNS Secondary DNS Lease Time Min Gateway IP Optional IP Address Subnet Mask Statu
112. nse Engine inspects each incoming packet against the attack signature database Any packet that may paralyze the host in the security zone is blocked The DoS Defense Engine also monitors traffic behavior Any anomalous situation violating the DoS configuration is reported and the attack is mitigated Vigor3300 Series User s Guide 81 Firewall DoS LJ Enable SYN flood defense Threshold 300 Packetsisec Timeout 10 see J Enable UDP flood defense Threshold 200 Packetsisec Timeout jio eee LJ Enable ICMP flood defense Threshold 300 Packetsisec Timeout jio ewe LJ Enable Port Scan detection Threshold o Packetsisec C Block IF options C Block TCF flag scan Block Land C Block Tear Drop C Block Smurf C Block Ping of Death C Block trace route C Block ICMP fragment Cl Block SYN fragment Cl Block Unknown Protocol Cl Block Fraggle Attack Apply Cancel DoS Defense Enables or disables the DoS Defense function The default value is Disable Enable SYN Flood Defense Activates the SYN flood defense function If the amount of TCP SYN packets from the Internet exceeds the user defined threshold value the router will be forced to randomly discard the subsequent TCP SYN packets within the user defined timeout period The default setting for threshold and timeout are 300 packets per second and 10 seconds respectively Enable UDP Flood Defense Activates the UDP flood defense function If the amount of UDP pac
113. oE PPTP DMZ Configuration Configuration Configuration User Name draytek geen eces 10 0 0 2 Password re PPTP Subnet Mask 255 255 255 0 Authentication PAP v PPTP Server Address 10 0 0 1 service Name PPPoE IP Alias Enable IP Address Assignment Method IPCP Fixed IP No Dynamic IP O Yes Fixed IP Address Connection Detection Detect Interval 10 No Reply Count 2 Apply Reset Cancel User Name Assign a specific valid user name provided by local ISP Password Assign a valid password provided by local ISP Authentication Select PAP or CHAP protocol for widest compatibility The default value is PAP The password will be encrypted in CHAP but not in RAP Service Name Assign a service name required for some ISP services PPTP Local Address Assign a local IP address PPTP Subnet Mask Assign a subnet mask value of IP address PPTP Remote Address Assign a remote IP address of PPTP server Detect Interval Assign an interval time for detecting if the WAN connection is on or off No Reply Count Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Apply Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router
114. oIP 9 58 57 a Status a Syslog B Access Control Refresh Optio R Change Password Sy Configuration EEL Statf y Firmware Upgrade Model lt Reboot Hardware Ver i Diagnostic Tools Refresh WAN Status 3 Firmware Version 2 5 7 EN Build Date amp Time Thu May 4 17 18 30 CST 2006 System Uptime 4 days 1 hours 26 minutes 13 seconds CPU Usage 15 7895 Memory Usage 53 2983 Current System Time Mon May 29 09 52 39 2006 lt 5 The following screen will appear VIGOROUS BROADBAND ACCESS PR Aha A RAD se lal ni Quick Setup System Network Advanced Firewall VPN 10 01 40 System Change Password Old Password New Password Confirm Password Apply Cancel 6 Enter the login password 1234 on the field of Old Password Type a new one in the field of New Password and retype it on the field of Confirm Password Then click Apply to continue 12 Vigor3300 Series User s Guide 7 Now the password has been changed Next time use the new password to access the Web Configurator for this router 8 Next you will see the login screen after clicking Apply Please use new password to re enter the system configuration Connect to 1 7 16 2 2275 Login to vigor 3300 User name f draytek Ww Password anes Remember my password 2 2 Quick Setup Quick Setup is designed for configuring your broadband router accessing Internet with simply steps The
115. on the following web page setup VoIP and VPN traffic can also be assigned to specific WAN ports In the Network group click the Load Balance Policy option You will get the following page Vi I MultiService Security Quick Setup System Network Advanced VIGOROUS BROADBAND ACCESS Firewall Qos VPN VoIP 8 52 51 A M Network Load Balance Policy th Protocol Source IP TCP 192 168 1 128 00000000 0 8 Protocol Source IP Subnet Mask Dest IP Subnet Mask Dest Port Start Dest Port End Network Interface Edit Vigor3300 Series User s Guide Subnet Mask Dest IP ZITAT Dest Port Dest Port Subnet Mask Start End Network Interface 202 99 99 1 FielaWreeLs we Lila iT 241 1000 YAN Edit Delete Delete All Displays the protocol used for this entry Displays the source IP address specified for this entry Displays the subnet mask address specified for the source IP of this entry Displays the destination IP address specified for this entry Displays the subnet mask address specified for the destination IP of this entry Displays the start point specified in the Dest Port Range for this entry Displays the end point specified in the Dest Port Range for this entry Displays the interface specified for this entry Click this button to open the edit page for adjusting the settings 47 48 Delete Delete All Click this button to delete the selected setting or all settings A conf
116. on with each other to ensure the security Many employees of the company use some switches supported 802 1Q VLAN to expand the network In this case we can define four VLANs that are VLANS VLAN6 VLAN7 and VLANS8 Each LAN port is Trunk port which supports multiple VLAN The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 LAN 192 168 1 0 192 168 2 0 192 168 3 0 192 168 4 0 VLANS VLANS VLANS VLANS VLANG YLANG VLA N YLANG VLAN LAN LAN VLAN VLANS LAN LA NS VLANS ie bo t aum byrne aum byrne auw by FAR 502 10 502 10 Switch Trunk Swatch Oooo ja Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS input 5 to VLAN ID In the Member field choose p1 p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the switch 4 Inthe VLAN6 type 6 to VLAN ID In the Member field choose p1 p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from switch 5 Inthe VLAN7 type 7 to VLAN ID In the Member field choose p1 p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore
117. only in LAN site User can select some ports to add into a VLAN group In one VLAN group the port number can be single one or more The purpose of VLAN is to isolate traffic between different users and it can provide better security application Vigor3300 Series User s Guide For Port Base VLAN In the Advanced group click the LAN VLAN option There are two VLAN settings offered here for you to configure If you click Disable no configuration can be completed Please choose Port Base VLAN to open the following page Advanced LAN VLAN Setting O Disable Port Base VLAN 902 10 VLAN Port Base P1 p2 P3 P4 VLANO O O dl VLANI a F C VLAN2 O oO oO VLAN3 O O d Apply Reset Cancel P1 P4 Check the box to make the computer connecting to the port being grouped in the specified VLAN Be aware that each port can be grouped in different VLAN at the same time only if you check the box For example if you check the boxes of VLANO P1 and VLANI P1 you can make P1 to be grouped under VLANO and VLAN simultaneously VLAN 0 3 This router allows you to set 4 groups of virtual LAN Apply After finishing the settings please click Apply Reset In addition you can click Reset to reset the VLAN setting as default A dialog will be prompted for you to ask confirmation Click OK Vigor3300 Series User s Guide 69 For 802 1Q VLAN Another way to set VLAN is based on 802 1Q Please choose 802 1Q VLAN to open the following page This
118. onomical without other detecting equipments to be set up Secondly it may be able to view traffic on one or more ports within a VLAN at the same time Thirdly it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port Last it is more convenient and easy to configure in user s interface In the Advanced group click the WAN Port Mirroring option You will see the following page MultiService Security Quick Setup System Network Advanced Firewall QoS VPN VoIP 7 17 35 P M Advanced WAN Port Mirroring O Disable Enable Mirroring Port Port 1 Mirrored Portis Port Port 2 Port 3 Port 4 Apply Cancel Enable Disable Click Disable to disable this function Click Enable to activate this function Mirroring Port Select a port to view traffic sent from mirrored ports Mirrored Port s Click which ports are necessary to be mirrored After finishing the settings please click Apply Vigor3300 Series User s Guide 67 3 3 8 LAN Port Mirroring Setup Port mirror can be applied for the users in LAN It has the same mechanism like WAN port mirroring In the Advanced group click the LAN Port Mirroring option I J VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall QoS VPN VoIP 7 22 17 P M Advanced LAN Port Mirroring O Disable Enable Mirroring Part Port 3 Mirrored Port s Port1 Port 2 Part3 Port 4
119. or Slave Virtual IP Assign an IP address as a virtual IP Click Apply to reboot the system and apply the settings 3 2 5 Static DHCP This page can assign static IP address for specified clients in LAN GE Vi d VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall Qos VPN VoIP 9 07 22 A M Network Static DHCP a MAC Address Assign IP Address 010 0 0 0 0 00 0 Co 1 Delete Delete All DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise network solution MAC Address Displays the MAC address of the static DHCP server Assign IP Address Displays the IP address of the static DHCP server Vigor3300 Series User s Guide Edit Click this button to open the edit page for adjusting the settings Delete Delete All Click this button to delete the selected setting or all settings A confirmation dialog box will appear Click OK to delete this entry from the Load Balance Policy table In addition click Delete All in the Load Balance Policy page to delete all of 10 entries on this page To edit an entry select it by clicking the radio button from 1 to 10 Then click the Edit button on the bottom to bring up the following Web page Network Static DHCP Edit MAC Address See AE A HKKK 21 56 59 45 42 36 Assign IP Address 172 165 2268 Apply Cancel MAC Address Type the MAC Address for the host that you want to set as
120. orts the following providers www dynsns org www no ip com www dtdns com www changeip com www ddns cn You should visit their websites for registering your own domain name on the router Vigor3300 Series User s Guide In the Advanced group click DDNS option You will get the following page Quick Setup System Network Advance Firewall Qos VPN VoIP 1 52 04 P M Advance DDNS Domain Name Server Provider Server Type Active Status 1 dyndns org dynamic disable Not Connected 2 dyndns org dynamic disable Not Connected 3 dyndns org dynamic disable Not Connected 4 dyndns org dynamic disable Not Connected 3 dyndns org dynamic disable Not Connected 6 dyndns org dynamic disable Not Connected Z dyndns org dynamic disable Not Connected 8 dyndns org dynamic disable Not Connected 9 dyndns org dynamic disable Not Connected 10 dyndns org dynamic disable Not Connected Refresh DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise network solution Domain Name Display the domain name set for the entry Service Provider Display the service provider that supports DDNS Service Type Display the service type for the entry Active Display the activation status disable or enable for this entry Status Display the connection status of this entry Click Refresh to re display the whole page information To modify DDNS setting click an entry number to get into edit mode
121. ose the one you need Type the port number for this filter There are three options Basic Only the DiffServ CodePoint Type field can be configured Advanced Only the DiffServ CodePoint field can be configured None No field is allowed to be configured There are twenty one types supported precendence precendence precendence precendence precendence precendence precendence CLASS 1 Low Drop CLASS 1fMediunm Drop CLASS 1iHigh Drops CLASS 2 Low Drop CLASS Medium Drop CLASS 2 High Drop CLASS 3 Low Dropit CLASS 3fMedium Drop CLASS 3iHigh Dropi CLASS 4fLow Drop CLASS 4 Mediunm Drop CLASS 4iHigh Drop CLASS The number by hex mode to be applied Choose a filtering condition to be applied All the class names set in Incoming Outgoing Class Setup page will be displayed in this field Vigor3300 Series User s Guide 3 6 VPN and Remote Access Setup This page allows you to setup the configuration of VPN and Remote Access to create a virtual private network for security in the Internet a AN Vigor3300 series p VIGOROUS BROADBAND ACCESS MultiService Security F Quick Setup System Network Advanced Firewall QoS VoIP 4 33 09 P M Gis IPSec bo Policy Table Bs PPTP a Log System Status Trust CA a a i aa aaa a User Certificate aia Refresh Option No Refresh v Refresh E Status AN status wanstatus Model Vigor3s300 Hardware Version 1 0 Fi
122. ose the Tagged for Frame Tag Operation in p3 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of Engineer Department Vigor3300 Series User s Guide 151 152 6 In the VLAN8 type 8 to VLAN ID In the Member field choose p4 Then choose the Untagged for Frame Tag Operation in p4 We should configure the PVID to 8 because the device does not support 802 1Q VLAN Advanced LAN VLAN Setting Disable Port Base VLAN 902 1 VLAN Port Base 802 10 VLAN VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation P4 Tagged Tagged Tagged Untagged Port Setting P1 p2 P3 P4 Port VLANID 5 6 7 6 Apply Reset Cancel After applying the settings the web page will be redirected to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure After rebooting the tagged ports will communicate with 802 1Q tagged devices only The network configuration is the same with A 2 1 Please refer to A 2 1 part Vigor3300 Series User s Guide A 3 5 Example for Trunk Usage A company wants to separate the Engineer Department Sales Department Marketing Department and other departments to limit their communicati
123. ost Office Protocol ver 3 POPS TSF 110 Metwork Mews Transfer Protocol MTP TCP 114 Point to Point Tunneling Protocol PATAY TCP Whee pcANYVWHEREdata TCP 5631 pcANyVWHERE stat Le 5632 win TCR S900 3 3 3 RADIUS Setup A RADIUS Remote Authentication Dial In User Service is a security authentication client server protocol widely used by Internet service providers on other remote access service A RADIUS is the most common means of authenticating and authorizing dial up and tunneled network users The built in RADIUS client function allows you to extend the remote dial in user accounts to the RADIUS server Your user accounts will not be limited by built in accounts in VPN gt gt PPTP gt gt User Profile It also lets you centralize remote access authentication for network management Radius is a server for remote user authentication and accounting Its primary use is for Internet Service Providers though it may as well be used on any network that needs a centralized authentication and or accounting service A Radius supports a wide variety of authentication schemes A user supplies his authentication data to the server either directly by answering the terminal server s login password prompts or using PAP of CHAP protocols The Vigor 3300 Series support Radius client function A user can configure some authentication information to do an authentication with Radius server In Vigor3300 Series it is only applied by VPN gt PPTP function
124. pe Displays the type of the VoIP connection Active Displays the status active or not for the VoIP connection Group Displays the group number of the VoIP connection Username Displays the username that you typed for the VoIP connection Proxy Displays the proxy information that you set on VoIP gt gt Protocol page for the VoIP connection Codec Displays the codec settings for the VoIP connection When you click Edit the following page will appear for you to configure Vigor3300 Series User s Guide VoIP Port Settings Port1 Edit Port 1 FXS Disable Enable Username Password Display Name Authentication ID Proxy Server VolP IP Address Hotline Hotline Number to Internet Hotline Number to PBX PSTN FXO Manual Disconnection Codec Preferred Codec Single Codec Codec Rate Codec VAD CAS Microphone Gain Speaker Gain FAX FAX Mode FAX Bypass Codec FAX Bypass Codec Rate DTMF DTMF Mode DTMF Volume Call Forwarding Disable O Call forwarding all calls Call forwarding busy 1001 1001 1001 undef ined proxy 1 v G O 7294 27h f 5 kbps 20 Mlms Disable Enable Range 32 31 Range 32 31 Tea 8 Relay xi ims InBand OutBand RFC2933 27 SIP INFO Cisco w Range O0 31 O Call forwarding no answer after rings Range 1 10 SIP URL
125. peration in p1 and p2 We can ignore the PVID Port VLAN because 802 1q tag will be inserted to the frame from the PC of Engineer Department 4 Inthe VLAN6 type 6 to VLAN ID In the Member field choose p3 and p4 Then choose Tagged for Frame Tag Operation in p3 and p4 We can ignore the PVID Port VLAN because 802 1q tag will be inserted to the frame from other departments Vigor3300 Series User s Guide 147 Advanced LAN VLAN Setting O Disable Port Base VLAN 802 1 VLAN Port Base VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation 5 6 P Pi 3 VLAN li O O Tagged Tagged v Untagged Tagged v 4 VLANB 8 O O O CO Tagged Tagged Tagged v Untagged w C Enable management port for P4 Port Setting P1 P2 P3 P4 Port VLANID 5 E 7 8 Apply Reset Cancel After applying the settings the web page will be redirected to reboot web page User can it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure After rebooting the tagged ports will communicate with 802 1Q tagged devices only In the Network setting type the subnet 192 168 1 0 to LAN For example the VLANS5 LAN IP is 192 168 1 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 1
126. presenting for different computers connected to this router is marked by untagged to avoid conflict occurred the system will apply the ID listed in these boxes automatically for each port P1 to P4 to ensure proper and correct network operation 3 3 10 SNMP The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devices There is a set of protocols for managing complex networks SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth A SNMP managed network consists of three key components managed devices agents and network management systems NMSs A managed device is a network node that contains an SNMP agent and that resides in a managed network Managed devices collect and store management information and make this Vigor3300 Series User s Guide 71 T2 information available to NMSs by using SNMP Managed devices sometimes called network elements can be routers and access servers switches and bridges computers hosts or printers This function is to define a community string name An agent is a network management software module that resides in a managed device An agent has local knowledge of management information and translates that information in
127. re are two phases of quick setup one is WAN configuration and the other is LAN configuration 2 2 1 Adjusting WAN Connection Mode In the Quick Setup group you can configure the router to access the Internet with different modes such as Static DHCP PPPoE or PPTP modes For most users Internet access is the primary application The router supports the Ethernet WAN interface for Internet access The following sections will explain in more detail the various broadband access configurations All settings in this section will be applied in the first WAN1 interface e VIGOROUS BROADBAND ACCESS Quick Setup System Network Advanced Firewall Qos VPN VoIP 11 44 43 A M Quick Setup WAN MAC Address Default MAC User Defined MAC Downstream Rate 102400 kbps Upstream Rate 102400 kbps Type Fast Ethernet v Physical Mode Auto Negotiation w IP Mode Static ODHCP OPPPoE O PPTP Static DHCP PPPoE PPTP Configuration Configuration Now you have to select an appropriate WAN connection type for connecting to the Internet through this router according to the settings that your ISP provided Vigor3300 Series User s Guide 13 14 MAC Address Downstream Rate Upstream Rate Type Physical Mode IP Mode Router Default Use the default Mac address stored originally in router User Definition Use a MAC address defined by the user Assign the downstream rate for this WAN inter
128. remote end does not support such Codec the VoIP communication will be failed Codec Rate Type the rate value to be applied on this port Codec VAD Enable or Disable VAD Voice Activity Detection It can detect whether the voice activity is progressing or not If not RTP packets transmission will be stopped for saving more bandwidth Microphone Gain The gain value while transmitting voice The default value is 0 The range is from 32 to 31 Speaker Gain The gain value while receiving voice The default value is 0 The range is from 32 to 31 FAX Mode The FAX function mode There are three options Transparent FAX will be transmitted via voice channel no fax relay and no Codec change will be involved T 38 Relay Using T 38 Fax Relay This is the default value Bypass Once FAX is detected the Codec will automatically switch to a high bit rate type G 711a u or G 726 to make sure FAX can transmit successfully If this option is selected the Vigor3300 will apply these two following settings FAX Bypass Codec and FAX Bypass Codec Rate FAX Bypass Codec Select one option to be applied if FAX mode is configured as Bypass mode G 711U0 PCHU b4kbps w G P110fPCHU 64kbps a riii PCHA 64kbps Vigor3300 Series User s Guide FAX Bypass Codec Rate Select one option 20 or 40 to be applied if FAX mode is configured as Bypass mode The stability for the faxing result of documents with codec rate 20ms is
129. rface will be regarded as breaking down This function is available when Detect Type is set with Send PING or Send Http Request Sets other IP addresses binding in this interface You can set up to 32 sets of IP alias settings If you have typed addresses here you can see and choose it in later web page settings e g Advanced gt gt NAT gt gt Port Redirection DMZ Host Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Click this button to clear all the configurations for this page Vigor3300 Series User s Guide DHCP Client Setup If the WAN interface is set as a DHCP client the Vigor3300 Series will ask for IP network settings from the DHCP server or DSL modem automatically It is not necessary for users to manually configure the router Son een z 72163229 255 255 2550 hziesi besti fres 96 1921 Static DHCP PPPoE PPTP ert rite Configuration IP Address Subnet Mask Default Gateway Primary DMS Secondary DNS Connection Detection Host Mame E E fHost Name and Domain Mame are required for some ISFS Domain Mame Detect Type Send Http Request w Detect Destination Host HP or Domain Mame 172 16 3 56 IP Alias List T oo Dd bo Detect Type Detect Interval sec No Reply Count Detect Destination Host IP or Domain Name Vigor330
130. rmware Version 2 5 6 2 EN Build Date amp Time Mon Nov 28 14 29 17 CST 2005 System Uptime 8 days 7 hours 50 minutes 27 seconds CPU Usage 10 1307 Memory Usage 59 1026 Current System Time Fri Dec 16 08 30 34 2005 A Virtual Private Network VPN is an extension of a private network that encompasses links across shared or public networks like the Intranet A VPN enables you to send data between two hosts across a shared or public network in a manner that emulates the properties of a point to point private link There are two types of VPN connections remote dial in access and LAN to LAN connection The Remote dial In Access facility allows a remote access node a NAT router or a single computer to dial into a VPN router through the Internet to access the network resources of the remote network The LAN to LAN Access facility connects two independent LANs for mutual sharing of network resources For example the head office network can access the branch office network and vice versa The VPN technology implemented in the Vigor3300 Series of broadband security routers supports Internet industry standards to provide customers with interoperable VPN solutions such as X 509 and DHCP over Internet Protocol Security IPSec This VPN feature is only supported for Vigor 3300 Vigor3300V routers IPSec is the security architecture for IP networks IPSec provides security services at the IP layer by enabling a system to sele
131. rotocol will block any packets with unknown protocol types Click Apply to apply the settings when you finish the configuration 3 4 3 URL Filter The Internet contains a wide range of offenses or illegal materials Unlike traditional media the Internet does not have any obvious tools to segregate materials based on URL strings or content URL content filtering systems are seen as tools that would provide the cyberspace equivalent of the physical separations that are used to limit access to particular materials By Vigor3300 Series User s Guide 83 rating a site as objectionable and refusing to display it on user s browser URL content filter can prevent employee on SME from accessing inappropriate Internet resources Instead of traditional firewall inspects packets based on the fields of TCP IP headers the URL content filter checks the URL strings or the payload of TCP IP packets Y Welcome to DrayTek Mozilla 0 x File Edit View Go Bookmarks Tools Window Help 4 2 3 E asma t Home cf Bookmarks The Mozilla Organization ff Latest Builds The URL content filter in the series of broadband security routers inspects every URL string in the HTTP requestt If the entire or part of the URL string for instance http www draytek com as shown above matches any activated rule the first and the following associate HTTP request will be blocked The system will discard any request which tries to retrieve the maliciou
132. rt the IEEE 802 10 specification When you configure the WYLAN SoS Packet Tagging i automatically enabled T HOTE After creating the VLAN the adapter associated withthe WYLAN briefly loses network connectivity Vigor3300 Series User s Guide 141 7 In New VLAN dialog please type a number in the box of VLAN ID Here 5 is entered The corresponding VLAN Name will appear automatically Next click OK to create it New VLAN VLAN Name VLAN z Untagged VLAN WLAN ID Enter the number of the SLAN assigned to the adapter in the VLAH ID box This VLAN ID number is also configured on the switch Adapters with VLANs must be connected to network devices that support IEEE 802 10 oS Packet Tagging IEEE 8021 pra is automatically enabled on the adapter You can enter multiple YLAN Ibs by entering two or more IDs separated by commas For example ta Oe ee a DD ce ee dle e sleim cancel _ 8 After you click OK the system will configure for the VLAN settings Please wait for Fr several seconds Hew VLAN WYLAN Name VLAN z Untagged VLAN WLAN ID m D Configuring Please walt Cancel 142 Vigor3300 Series User s Guide 9 When the configuration is finished the new VLAN settings with ID number and name will appear on previous dialog Desktop Adapter Properties Click OK to exit this dialog Intel R PRO 100 S Desktop Adapter Properties I Boot Agent Driver Resource
133. rver Trap server port Display the port number used for the trap server Edit Allow users to edit the selected SNMP traps settings Delete Delete All Remove one all the selected SNMP traps settings A dialog will be prompted for you to ask confirmation Click OK To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Vigor3300 Series User s Guide Quick Setup System Network Advanced Firewall Qos VPN VoIP EMS SNMP Traps Edit Trap server Trap community Trap server port Trap server Trap community Trap server port Apply Vigor3300 Series User s Guide 192 168 1 100 public 2048 Apply Cancel Assign an IP address of trap server Assign a community string for Trap packet using Assign a port number for Trap server using Click Apply to save this setting and return the previous page 75 3 4 Firewall Setup The firewall controls the allowance and denial of packets through the router The Firewall Setup in the Vigor 3300 Series mainly consists of packet filtering Denial of Service DoS and URL Universal Resource Locator content filtering facilities These firewall filters help to protect your local network against attack from outsiders A firewall also provides a way of restricting users on the local network from accessing inappropriate Int
134. s Start IP End IP Primary DNS LAN DHCP Relay Agent IP Routing 192 168 11 255 255 255 0 Enable O Disable Relay Agent 192 168 1 10 192 168 1 254 1440 lt lt Previous Finish Assign an IP address for the LAN interface Assign the subnet mask for the LAN interface Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Assign the start IP address of the IP pool that DHCP server can use for clients in LAN Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN Type the IP address for primary DNS When you finished the above required settings please click Finish A system reboot page will appear Click Apply to activate the static mode configuration Vigor3300 Series User s Guide 2 2 3 DHCP Mode DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet If you choose DHCP mode the DHCP server of your ISP will assign a dynamic IP address for Vigor3300 automatically It is not necessary for you to assign any setting Host Name and Domain Name are required for some ISPs Simply click Next to setup LAN interface VIGOROUS BROADBAND ACCESS Quick Setup System Network Advanced Firewall Qos VPN VoIP 12 04 09 A M Quick Setup WAN MAC Address Default MAC User Defined MAC foc
135. s supports ten port numbers to be blocked In the Advanced group click Port Block option You will get the following page e VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall QoS VPN VoIP 8 50 15 P M Advanced Port Block Index Status Port Number 13 Disable Enable Fi Disable Enable 3 Disable Enable 4 Disable O Enable 5 Disable Enable 6 Disable O Enable 7 Disable O Enable 8 Disable Enable 9 Disable O Enable 10 Disable O Enable Apply Cancel Index The number of each entry Status User can Disable or Enable this port to be blocked Port Number Assign a port number to be blocked in system Click Apply to finish this setting The default port setting for V3300B and 3300B is 135 3 3 5 DDNS Setup The Dynamic DNS function allows the router to update its online WAN IP address which assigned by ISP or other DHCP server to the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet DDNS is more popular on dynamic IP users who typically receive dynamic frequently changing IP addresses from their service provider Before you set up the Dynamic DNS function you have to subscribe free domain names from the Dynamic DNS service providers The router provides up to ten accounts for the function and supp
136. s _ VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall Qos VPN VoIP 5 25 12 P M System is rebooting please wait 69 seconds left lf your current interface or management port configuration has been changed please access with the new URL DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise network solution Vigor3300 Series User s Guide 33 3 1 8 Diagnostic Tools In some cases a user may need to know some information about the router such as static or dynamic databases or other routing information The Vigor3300 Series supports four functions Routing Table ARP Cache Table DHCP Assignment Table and NAT Active Sessions Table for the user to review such information In the System group click the Diagnostic Tools option cae Reboot EE Diagnostic Tools H views Routing Table View ARP Cache Table view DHCP Assignment Table a View MAT Active Sessions Table Select View Routing Table to get the following page Vigor3300 series Quick Setup System MultiService Security Network S BROADBAND ACCESS Advanced Firewall Qos VPN VoIP 5 48 44 P M System Diagnostic Tools View Routing Table Destination Gateway Subnet Mask Flags Interface Refresh 34 Destination Gateway Subnet Mask Flags Interface eth0 1721620 Te Ae Ae x 1 1 2 Tx Fs 0 0 0 0 356 955 9550 Pit
137. s obtained via DHCP client IP 192 168 1 11 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 3 ARP Table 192 168 1 3 00 00 5E 01 01 01 If Master Activated 192 168 1 1 00 00 5E 01 01 01 192 168 1 2 00 50 7F 0A 0B 02 If Slave Activated 192 168 1 1 O0 50 7F 0A 0B 01 192 168 1 2 00 00 5E 01 01 01 j BE Host Network Configurations obtained via DHCP client IF 192 168 1 12 Subnet Mask 255 255 255 Default Gateway 192 168 1 3 ARF Table 192 168 1 3 00 00 S5E 01 01 01 f Master Activated 192 168 1 1 00 00 5E 01 01 01 192 168 1 2 00 50 7F 0A 0B 02 If Slave Activated 192 168 1 1 O00 S50 7F O0A 0B 01 192 168 1 2 00 00 5E 01 01 01 In the Network group click the High availability option Vigor3300 Series User s Guide 49 50 VIGOROUS BROADBAND ACCESS Se tS Quick Setup System Network Advanced Firewall Qos VPN VoIP 6 28 02 P M Network LAN High Availability High Availability O Disable Enable Group Number 1 Range 1 255 Role Master Virtrual IP 192 168 1 3 Apply Cancel DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise network solution High Availability Disables or enables this function When the master device fails down the slave device will take its work over Group Number Assign a group number The range is from 1 to 255 PCs on the same group in LAN can support for each other Role Select a role for this device as Master
138. s Check this box to generate line polarity reversal while the Callee Answer remote user picks up the phone call FXO auto disconnection if Determine the time length for the FXO disconnecting no packet is received in X automatically when there is no packet received minutes Ringing Frequency Please select a proper setting as the ringing frequency Ringing Cadence On Determines the length of the ringing time for incoming calls Ringing Cadence Off Determines the length for the incoming calls to stop ringing 3 7 6 Tone Settings This setting is provided for fitting the telecommunication custom for the local area of the router installed Wrong tone settings might cause inconvenience for users To set the sound pattern of the phone set simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TOff1 TOn2 and TOff2 mean the cadence of the tone pattern TOn1 and TOn2 represent sound on TOffl and TOff2 represent the sound off VoIP Tone Settings Region Finland v Caller ID Type snari TOn1 TOff1 TOn2 TOff2 Cle as a Tone Classfication Low Frequency Hz High Frequency Hz 10msec 10msec 10msec 10msec Dial tone Ringing tone Busy tone Congestion tone Apply Cancel Vigor3300 Series User s Guide 117 Region Caller ID Type Dial tone Rin
139. s E E E EE E A POE EAS T PE E N A E 76 SA LDO eaa E E E E 81 SAS URE PIO oer n E E A S 83 3 5 Quality Of OTIC Se ND sashes ceansasteceaeme secu EE EEEE AEEA 88 3 5 1 Incoming Outgoing Class Setup cc cceecceccecccseesseeeeeeeeesseeeeeeeeeeeesseeeeeeeeeessssaeaseeeeeees 90 3 5 2 Incoming Outgoing Class Filter cee ccccseeecceeeeeeeeeeeeeeeeeeeeseseeeeeeeeeeaseeeseaeeeeesssseaeeeees 90 3 6 VPN and Remote Access Setup ccccccccsessecccceeeceeeeeceeeeeseaeeeeseeeeeessseeeaeeeeeeesseeeseeeeeeeeesaaas 93 CP OE oa a evan nde E A E aatensmaondaeanadesenantie seca sadlacaenaatesanesadsenauie 94 2 ea aastreste saree nse se osetia nanaeadeuane E E E E 104 S WOU SOI ate ctcc eres ee aes a aloe te sapiens ea cusueaee eee ueeme ape ssesusceaseeseoactee 107 id Ar ONO CO citer E E E E E 107 Re PON INOS ea ice gah eect sete E E EA AEE 110 sO Pee a Dda E eitncia ares ewan tose vanteeee ou aetinanm scetseniooesieues 114 3 7 4 Advanced Speed Dial cccccccsssssscccceeeceeeeeeeceeeeceeeseeceeeeeeeaeeaeeeeeeesessaaeeeeeeeessaagsases 115 3 7 9 PIS GS NS OIG ar tycteateetinn ict usetrce tein tna ET RR 116 LLO TONS SC MNS pete ces pected E EEN E EEE 117 SWAT Oo ee en nee en eee ee ee ee 119 a o NAT TAN SES Alcea atest eestor ieee an akin asin EE 120 ts IN MMIC el AU IN stato se E EE eaeewencoacess 121 Oe aI US LON ee E ceretinne ace d E asus tendoe cea eatentotensses ce 123 OT WO ry MU E E soc a sain E E EEE case ge actec EE E E E E E cae
140. s Power Management General Link Advanced Teaming LANs intel Virtual LANs VLANs associated with this adapter VLAN Name Status VLANE Enabled Remove Modify Allows you to configure up to 64 virtual LANs YLANE for an 4 adapter Adapters with LANS must be connected to network devices that support the IEEE 602 10 specification When you configure the WYLAN SoS Packet Tagging is automatically enabled GEA NOTE After creating the VLAN the adapter associated withthe VLAN briefly loses network connectivity 10 Now the Desktop Adapter VLAN dialog will appear as follows Please click OK Intel R PRO 100 S Desktop Adapter VLAN VLANS P PF X General Settings Advanced Driver Intel R PR07100 5 Desktop Adapter WLAN YLANS Device type Network adapters Manufacturer Intel Location Unknown Device status This device is working properly IF vou are having problems with this device click Troubleshoot to start the troubleshooter Device usage Use this device enable w Vigor3300 Series User s Guide 143 144 11 Next time if you want to check VLAN setting again please open Settings tag to modify it Intel R PRO 100 S Desktop Adapter VLAN VLANS P 7 lt General Settings Advanced Driver intel z Virtual LAN Settings WLAN ID Remove WLAN VLAN Hame LANE Unt
141. s code Notice that you must clear your browser cache first so that the URL content filter operates properly on a Web page that you visited before The URL content filter consists of the following functions URL Access Control SurfControl Restrict Web Feature and Filter Schedule URL Access Control The URL Access Control controls Web site access by inspecting the URL string against user defined keywords In the Firewall group click the URL Filter option You will see the following page Vigor3300 Series User s Guide Firewall URL Filter O Disable Enable URL Access Access Control by Keyword Restrict Web Feature Filter Schedule Block websites with Matching keywords Allow websites with matching keywords Keyword List Keyword Add Edit Delete ura ara ema i wad Block Direct IP Web Access Block Direct IP Web Access Exception List Enable Exception List PAddress StubetMask _ Eclit Delete Exception List Enable Disable Keyword Keyword List Block Direct IP Web Access Enable Exception List IP Address Subnet Mask Exception List SurfControl Apply Cancel Disable or Enable URL Filter function The keyword s used to filter URLs Keywords can be partial words or complete URLs The router will reject any Website which whole or partial URL matches any keywords The list of keywords Deny any Web surfing activity that directly uses
142. s page until you click Refresh button Ho Refresh Ww Ho Retresh Every 10 Seconds Every 20 Seconds Every 30 Seconds Vigor3300 Series User s Guide 125 126 Vigor3300 Series Users Guide Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration Please follow below sections to check your basic installation stage by stage Checking if the hardware status is OK or not Checking if the Network Connection Settings on your computer is OK or not Pinging the Router from your computer Vv Y V WV Checking if the ISP Settings are OK or not gt Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact with your dealer for advanced help 4 1 Checking If the Hardware Status Is OK or Not Follow the steps below to verify the hardware status 1 Check if the power line and WLAN LAN cable connections is OK If not refer to 2 1 Hardware Installation for reconnection 2 Turn on the router Make sure the ACT LED blinks once per second and the correspondent WAN LAN LED is bright p LAN y WAN DMZ g vPN iN ae o 100 o o o bA oF pw act vee Fox e P1 P2 P3 P4 P1 P2 P3 P4 Power Cable Vigor3300V i a ta a m M E 7 ooo meme oeee
143. s the following items F Client for Microsoft Networks File and Printer Sharing for Microsoft Networks QoS Packet Scheduler Internet Protocol TCP IP Install Uninstall Description Allows pour computer to access resources on a Microsoft network C Show icon in notification area when connected Notify me when this connection has limited or no connectvity On this dialog box locate VLANSs tag and click on it If you cannot find out VLANs tag that means your network card does not support VLAN feature Intel R PRO 100 Desktop Adapter Properties _BootAgent Driver Resources Power Management General Link Advanced Teaming VLANs BEF Intel R PR07100 5 Desktop Adapter Device type Network adapters Manuracturer Intel Location FCI Slot 2 PCI bus 2 device 10 function 0 Device status This device is working properly IF you are having problems with this device click Troubleshoot to start the troubleshooter Device usage Use this device enable w Vigor3300 Series User s Guide 6 In this screen there is no VALN existed You can create a new one Please click the New button Boot Agent Diver Resources General Link Advanced intel Virtual LANs VLANs associated with this adapter VLAN Name New A Allows you to configure up to 64 virtual LANs YLANE for an adapter Adapters with YLANs must be connected to network devices that suppo
144. ses from the ISP by Static PPPoE or DHCP mechanism The Vigor3300 Series assigns private network IP addresses according to RFC 1918 protocol and translates the private network addresses to a globally routable IP address so that local hosts can communicate with the router and access the Internet In the Advanced group click the NAT option e VIGOROUS BROADBAND ACCESS Quick Setup System Network Firewall Qos VPN VoIP 5 05 35 P M ta T MAT Ha p Advanced Static Route F ER yy Address b z Network Imertace hit iy Oe De gt Mask A Ure ER Vel Known Poris Lisi ror 2 h Ca 2 amp A LAS 4 t Edt Delete Delete All There are four functions that NAT provides Port Redirection Address Mapping DMZ Host and Well Known Parts List Port Redirection Port Redirection means port forwarding It may be used to expose internal servers to the public domain or open a specific port to internal hosts Internet hosts can use the WAN IP address to access internal network services such as FTP WWW and etc The internal FTP server is running on the local host addressed as 192 168 1 2 When other users send this type of request to your network through the Internet the router will direct these requests to an appropriate host inside A user can also translate the port to another port by configuration For example port number with 1024 can be transferred into IP address of 192 168 1 100 of LAN The packet is forwarded to a specific
145. signed as Master interface if Backup function is enabled Sets this WAN interface as a slave interface Sets this WAN interface as VoIP default interface Most users will use their routers primarily for Internet access The Vigor3300 Series supports broadband Internet access and provides multiple WAN interfaces The following sections will give a detailed illustration to broadband access methods Click the Edit icon to bring up the WAN configuration page for the corresponding interface Network WAN WAN1 Fast Ethernet MAC Address Default MAC User Defined MAC Downstream Rate 102400 kbpsi Upstream Rate 102400 kbps Type Physical Mode IP Mode Static DHCP PPPoE OPPTP Oomz Default MAC Uses the default Mac address User Defined MAC Uses a MAC address defined by users If you select this item you Downstream Rate Upstream Rate Type Physical Mode have to type the MAC address in the box below Sets downstream rate for this WAN interface The default value is 102400 kbps 100 Megabit Sets transmission rate for this WAN interface The default value is 102400 kbps 100 Megabit Sets connection type for this WAN interface Sets connection speed mode There are five options including Auto negotiation full duplex half duplex 10M and 100M Vigor3300 Series User s Guide IP Mode Sets an IP Mode with Static fixed IP DHCP dynamic IP address PPPoE PPTP or DMZ and cre
146. static DHCP server Assign IP Address Type the IP address for that host Apply After finishing the configuration please click this button to invoke these settings 3 3 Advanced Setup In the Advanced menu there are several items offered here for you to adjust for the router s Vi VIGOROUS BROADBAND ACCESS MultiService Security Firewall QoS VPN 10 00 54 Sy Static Route Gs NAT gt System Status T Raus a Port Block Refresh Option amp DDNS Call Schedule Basic Status LAN Status lle WAN Port Mirroring Model Vigor3300 LAN Port Mirroring Hardware Version 1 0 LAN VLAN Firmware Version 2 SNMP gt Build Date amp Time Fri Apr 14 19 00 13 CST 2006 System Uptime 7 days 21 hours 47 minutes 42 seconds CPU Usage 7 5138 Memory Usage FET e Current System Time Wed May 3 09 58 23 2006 Vigor3300 Series User s Guide 51 52 3 3 1 Static Route Setup When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other methods You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP This function allows users to assign static routing information In the Advanced group choose Static Route You will get the following page Quick Setup System Network Advanced Firewall Qos VPN VoIP 4 58 48 P M Advanced Static Route
147. t Redirection Edit 1 Protocol Tce Public Port Range 200 e00 Private IP 192 168 3 100 Private Port Range 200 e00 Use IP Alias Disable O Enable WAN Interface VANI IP Alias iit Apply Cancel Comment Assign a name for this entry The maximum is 20 characters Vigor3300 Series User s Guide 55 56 Protocol Public Port Range Private IP Private Port Range Use IP Alias WAN Interface IP Alias Assign the transport layer protocol with TCP or UDP Assign a port range from starting to end public port number The port range is from 1 to 65535 Assign a local IP address to be transferred into Assign a port range from starting to end private port number Disable option uses IP address of WAN interface Enable option uses IP alias addresses It is a pull down window user can select one specific WAN interface It is a pull down window user can select one specific IP address assigned in IP Alias group of WAN interfaces Click Apply to reboot the system and apply the settings Note The port forwarding function could redirect the Internet traffic which has the destination port within the public port range and has the same IP address as WAN Interface or IP Alias that you set Please redirect only the ports that you have to forward rather than forward all ports Otherwise the intrinsic firewall type security of NAT facility will be affected By the
148. ter finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings Basic Status LANStatus EET WANT IF Address 172 1610040 MAC Address 00 50 7f28 860e5 Primary DNS 172 16 100 1 Secondary OMS Gateway pees HE 9 Rs Packets 96 Ts Packets 100 Connection Status connected Wp Time O days 0 hours 4 minutes 61 seconds 134 Vigor3300 Series User s Guide For PPTP Mode 1 Check if the settings of Username and Password are correct or not 2 Check if the setting of Authentication is correct or not You may need to try both PAP and CHAP 3 Check if the value of PPTP Local Address PPTP Subnet Mask and PPTP Remote Address are correct or not tatio DHP Bid ele DMZ Configuration Bett ieee Configuration UserName PPTP Local Address 10 0 0 150 PPTP Serer Address 1000137 Authentication PAP li Serice Mame 4 After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings Basic Status LANStatus E WANT IP Address 661 230 208 202 MAC Address 00 50 72 00er Primary DNS 194 109 56 66 Secondary ONS 194 958 0 1 Gateway 661 230 208 245 Rs Packets 34i TA Packets of Connection status connected Up Time O days O hours 4 minutes 39 seconds Disconnect 4 5 Backing to Factory Default Setting If Necessary Sometimes a wrong connection c
149. ter group already it cannot be deleted To add a new group please click Add on the Group Table page to access into the following page In this page you can type in new group name and decide the next group name Also you can type in your comment for such group After you click Apply the new group will be added and you will see it from the drop down menu of Start Filter Group Firewall IP Filter Table Next Group Mame Apply Cancel Group Name Type in the name of the group Next Group Name Select next group to filter packets Comment Type in your comment or description for the group To edit a select group please click the number link to open the following page You can change the next group name and modify the comment for your necessity When you finish the modification simply click Apply Firewall IP Filter Table Next Group Name Comment sroup for pass rules Add Rule Apply Cancel Besides you can add new filter rule for the group On the edit page of IP Filter Table click the Add Rule button The following page will be shown Vigor3300 Series User s Guide Firewall IP Filter Add Filter Rule Filter Condition Active Source Destination Group Mame Protocol Direction Fragment Action Block or Pass Mext Group Mame Source IP Subnet Mask Source Port Vigor3300 Series User s Guide IF 392 168 1 7 7 Subnet ask 7 255 255 255 0 pot between v 100 o
150. the port number is between the Start Port and End Port It means the destination IP address for this filter rule Placing 6og e the symbol before a particular IP address will prevent this rule from being applied to that IP address It is equal to the logical NOT operator It means the subnet mask for the destination IP It means the port for the destination IP It means the filter group for the current rule It is the protocol s for this filter rule Protocali any protocol w The direction of packet flow VPN In is for incoming packets VPN Out is for outgoing packets and Any is for both directions WAN to LAH w WAN to LAN It is the response to fragmented packets There are three options as below Fragment do not care unftragment fragment Do not care Specifies no fragment options Unfragment Applies the rule to unfragment packets Fragmented Applies the rule to fragmented packets The action to be taken when packets match the rule There are four options Block or Fass Block immediately w Block immediately Pass ilnmediately Block if no further match Pass 1f no further match Block immediately Block the packet immediately Vigor3300 Series User s Guide Pass immediately Pass the packet immediately Block if no further match means to locks the packet if no further rules are matched Pass if no further match means to passes the packet if no further ru
151. throughput Advanced QoS Link Fragmentation and interleaving Disable Enable Link Fragmentation and Interleaving Vigor3300 Series User s Guide For uplink bandwidth 768 kbps Apply Cancel Click this button to disable QoS function The voice quality cannot be quaranteed and the data throughput will be higher Click this button to invoke QoS function The voice quality can be good and the data throughput will be lower Each packet size is determined by the bandwidth of WAN interface The smaller the bandwidth is the smaller the packet will be Such activity can reduce the time delay of packet transmitting Meanwhile the VoIP packets will be inserted in the front of queue of signal for transmitting quickly and obtaining best audio quality Please check this box to invoke this function shrinking the packet for fast sending 119 3 7 8 NAT Traversal NAT traversal is a challenge that all Service Providers looking to deliver public IP based voice and multimedia services must solve The goal of this function is to provide secure connection to subscribers behind NAT Network Address Translation devices and Firewalls Overcoming this traversal problem will lead to widespread deployment of profitable voice and multimedia over IP services to any subscriber with broadband connection VoIP NAT Traversal NAT Traversal Disable Manual ly Input NAT IP Address Auto Discover NAT IP Address S
152. tings Vigor3300 Series User s Guide 2 28 3 1 4 Access Control This page allows you to determine which services HTTP Telnet SSH is used for the user to access Vigor3300 Series In addition you can also limit some hosts to access Vigor3300 Series with specified IP address In the System group click the Access Control option You will get the following page c_ Vi VIGOROUS BROADBAND ACCESS MultiService Security Quick Setup System Network Advanced Firewall Qos VPN VoIP 9 28 10 A M System Access Control Management Method Allow Management Wlethod HTTP Telnet 1885H Management Access Control Allow Wlanagement fram the War Enable User Defined WAN IF Disable i Enable Allowed IP O00000 Allowed IP3 O00000 Management Fort Default Ports HTTP Ported Telnet Portes User Defined Parts HTTP Port fo Telnet Fart ba SSH Port b2 PING Restriction d Disable PING from the LAN O Disable PING from the WAN Apply Cancel Management Method There are three management methods provided here for you to choose for your router Check HTTP Telnet SSH for the router Allow Management from Disable Disable the management from the WAN interface the WAN Enable All Enable all management through HTTP Telnet SSH from the WAN interface Enable User Defined WAN IP System can be managed by these three IP addresses via WAN Allowed IP1 to 3 Type in IP address up to t
153. to a form compatible with SNMP An NMS executes applications that monitor and control managed devices NMSs provide the bulk of the processing and memory resources required for network management One or more NMSs must exist on any managed network In the Advanced group click the SNMP option There are two items for SNMP SNMP Community and SNMP Traps SNMP Community Generally speaking NMSs which are within the community exist within the same administrative domain VIGOROUS BROADBAND ACCESS MultiService Security i Quick Setup System Network Advanced Firewall QoS VPN VoIP 7 44 46 P M EMS SNMP Community Community Hostimask Max Access t 3 c t g O 10 1 Edit Delete Delete All Community Display the community string used for the specified entry Host mask Display the mask address for the host Max Access Display the authority read only or read write for this entry Edit Allow users to edit the selected SNMP community settings Delete Delete All Remove one all the selected SNMP community settings A dialog will be prompted for you to ask confirmation Click OK To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Vigor3300 Series User s Guide Advanced SNMP SNMP Community Edit Community Hostimask Max ACCESS Community Host mask Vigor3300
154. to provide customers with open interoperable VPN solutions such as X 509 DHCP over Internet Protocol Security IPSec up to 200 tunnels and Point to Point Tunneling Protocol PPTP Internet Telephony also known as Voice over Internet Protocol VoIP is a technology that allows you to make telephone calls using a broadband Internet connection instead of a regular analog phone line Combining a PABX with a V3300V allows you to call anyone who has an Internet phone or a traditional telephone number including local long distance mobile and international numbers Internet Telephony offers features and services that are unavailable with a traditional phone at no additional cost Because Internet Telephony requires strictly minimal packet delay and jitter since voice quality is intolerant of packet loss the Vigor3300V integrates VoIP feature with QoS and packet loss concealment mechanisms to effectively transport high priority voice traffic over IP with low latency Another feature is Vigor3300 Series User s Guide T 38 fax relay By enabling and configuring fax rate on a dial peer the originating and the terminating V3300V can enter fax relay transfer mode By using the T 38 function customers can also save on fax expenses Lastly by enabling the load balance feature on multiple WAN ports lease lines can be replaced to provide a cost effective method for network infrastructure 1 1 LED Indicators and Connection The Vigor3300V h
155. ual authentication whenever you want Password Type in password that the other side provides for carrying out mutual authentication whenever you want When you finish the configuration please click Apply to invoke it Group Table To create a VPN PPTP group table click the Group Table option under the PPTP menu Vigor3300 Series User s Guide VPN PPTP Group Table Group Start IP A 192 166 1244 s Ld ce E Start IP Subnet Mask Accessed IP Subnet Mask Authentication Subnet Mask Accessed IP Subnet Mask Cis SY Cid ay Type the starting IP address The default group value is 192 168 1 224 28 Select the value of subnet mask for the Start IP Type the accessed IP address Select the value of subnet mask for the Accessed IP This page allows you to set up to 30 sets of accounts for authentication VPN PPTP Authentication User Name 61 9 9 9 0 9 0 9 0 8 User Name User Password Group Edit Vigor3300 Series User s Guide Group 1 Edit Delete Delete All The user name for this entry The password for this entry The group for this entry Allows you to edit the selected group Type in user name and password then choose a proper group A B C or D that configured in PPTP gt gt Group Table for this entry Next click Apply 105 VPN PPTP Authentication Edit Group Apply Cancel Type username password and choose proper group for t
156. um ms Maximum Ams Average Ams D Documents and Settings fae gt _ Type ping 192 168 1 1 and press Enter It the link is OK the line of Reply from 192 168 1 1 bytes 32 time lt Ims TTL 25 will appear If the line does not appear please check the IP address setting of your computer For MacOs Terminal l 2 Double click on the current used MacOs on the desktop Open the Application folder and get into Utilities Double click Terminal The Terminal window will appear Type ping 192 168 1 1 and press Enter It the link is OK the line of 64 bytes from 192 168 1 1 icmp_seq 0 ttl 255 time xxxx ms will appear Vigor3300 Series User s Guide 131 Last login Sat Jan 3 82 24 16 on ttypl Welcome to Darwin Vigori draytek ping 192 168 1 1 PING 192 168 1 1 192 168 1 1 56 data bytes 64 bytes from 192 168 1 1 64 bytes from 192 168 1 1 64 bytes from 192 168 1 1 64 bytes from 192 168 1 1 64 bytes from 192 168 1 1 AC 192 168 1 1 ping statistics 5 packets transmitted 5 packets received 8 packet loss Terminal bash 80x24 icmp_seq 8 ttl 255 time 0 755 ms icmp_seq 1 ttl 255 time 6 697 ms icmp_seg 2 ttl 255 time 6 716 ms icmp_seg 3 ttl 255 time s8 731 ms icmp_seg 4 ttl 255 time 8 72 ms round trip min avg max 8 697 8 723 6 755 ms Vigor1d draytek J 4 4 Checking If the ISP Settings Are OK or Not 1 Goto the web configuration GUI http 192 168 1 1 click Network gt gt
157. uter connects to the router correctly Notice You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of this guide 2 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password Please type default values on the window for the first time accessing The default value for user name is draytek and the password is 1234 Next click OK Connect to 172 16 2 225 Login to Vigor 3300 User name G draytek Password ETT Remember my password Vigor3300 Series User s Guide 11 3 Now the Main Screen will pop up a VIGOROUS BROADBAND ACCESS Pp wR Aha AD M 2 La hh Quick Setup System Network Advanced Firewall QoS VPN VoIP 9 57 04 System Status Refresh Option No Refresh v Refresh LAN Status WAN Status i Model Vigor3300 Hardware Version 1 0 Firmware Yersion 2 5 7 EN Build Date amp Time Thu May 4 17 18 30 CST 2006 System Uptime 4 days 1 hours 26 minutes 13 seconds CPU Usage 15 7895 Memory Usage 53 2983 Current System Time Mon May 29 09 52 39 2006 lt 4 Goto System page and choose Change Password A VIGOROUS BROADBAND ACCESS Quick Setup Network Advanced Firewall QoS VPN V
158. way user can click Delete to remove one current existed NAT entry in the Advanced NAT Port Redirection page and click Delete All to remove all entries Vigor3300 Series User s Guide Address Mapping If you have a group of static IP addresses then you can use the address mapping feature to multiple open ports hosts in the Vigor3300 Series of broadband security routers The following session will show you how to setup address mapping feature In the Advanced group move to NAT option and choose Address Mapping to get the corresponding page Quick Setup System Network Advanced Firewall Qos VPN VoIP 5 22 35 P M viel aed AB eh Dns uh aa Protocol Public IP Private IP Mask 1 2 3 4 0 5 6 7 8 2 O 10 1 Edit Delete Delete All Protocol Display the protocol used for this address mapping Public IP Display the public IP address selected for this entry Private IP Display the private IP set for this address mapping Mask Display the subnet mask selected fro this address mapping Edit Allow users to edit the selected address mapping settings Delete Delete All Remove one all the selected address mapping settings To edit an item click the radio button of the item that you want to modify Then click Edit on Quick Setup System Network Advanced Firewall QoS VPN VoIP 8 09 12 P M 1 Protocol TCP i Public IP 10 1 1 100 Private IP 20 1 1 1 Subnet Mask 24
159. word Authentication Semice Mame Optional IP Address Subnet Mask Status Start IP End IP Primary DNS PPPoE PPTP Configuration 88991234 hinet net PPTP Local Address 10 66 99 88 leone CU E PPTP Server Address 172 66 99 84 inet ooo Next gt gt Assign an IP address for the LAN interface Assign the subnet mask for the LAN interface Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Assign the start IP address of the IP pool that DHCP server can use for clients in LAN Assign the end IP address of the IP pool that DHCP sever can use for clients in LAN Type the IP address for primary DNS When you finished the above required settings please click Finish A system reboot page will appear Click Apply to activate the PPPoE mode configuration Vigor3300 Series User s Guide 19 20 2 2 5 PPTP This mode lets user get the IP group information by a DSL modem with PPTP service from ISP Your service provider will give you user name password and authentication mode for a PPTP setting VIGOROUS BROADBAND ACCESS eee sn eee ees Quick Setup System Network Advanced Firewall Qos VPN VoIP 10 50 44 A M MAC Address Default MAC User Defined MAC Downstream Rate 102400 kbps Upstream Rate 102400 kbps Type Fast Ethernet v Physical Mode Auto Negotiat
160. work interface chosen in this page Subnet Mask Assign a value of subnet mask for destination IP address Click Apply to reboot the system and apply the settings Delete the Static Route Select the radio button of the item that you want to delete and click Delete on the bottom of the page The following web page will be displayed Quick Setup System Network Advanced Firewall Qos VPN VoIP 11 39 42 A M Network Interface Destination IP Gateway IP Mask 1 LAN 10 1 1 50 192 168 1 100 i24 20 Microsoft Internet Explorer x 3 2 re you sure of deleting this item 4 TE 6 O 7 Q 8 O 9 10 1 Edit Delete Delete All DrayTek Corp 1997 2005 All rights reserved DrayTek provides enterprise network solution Click OK to delete the entry in static route table Users can click Delete All to remove all entries in static route table Vigor3300 Series User s Guide 53 54 3 3 2 NAT Setup NAT Network Address Translation is a method of mapping one or more IP addresses and or service ports into different specified services It allows the internal IP addresses of many computers on a LAN to be translated to one public address to save costs and resources of multiple public IP addresses It also plays a security role by obscuring the true IP addresses of important machines from potential hackers on the Internet The Vigor 3300 Series is NAT enabled by default and gets one globally routable IP addres
161. y 4 17 18 30 CST 2006 System Uptime 2 days 2 hours 8 minutes 22 seconds CPU Usage 100 0000 Memory Usage 52 3266 Current System Time Thu May 18 15 58 19 2006 3 1 1 Status The online Status function provides some useful system information on the current status of the Vigor3300 Series A user can observe the system status on this Web page and determine which setting needed to be changed in corresponding web pages In the System group click the Status option The online Status Web page contains three parts Basic Status LAN Status and WAN Status Refresh Option You can choose to automatically refresh the Web page information There are four options given as shown below No Refresh Static information page Every 10 Seconds Refreshes the page every 10 seconds Every 20 Seconds Refreshes the page every 20 seconds Every 30 Seconds Refreshes the page every 30 seconds Vigor3300 Series User s Guide Basic Status General status of this router will be displayed on Basic Status page System Status Refresh Option Basic Status LAN hodel Hardware Version Firmware Version Build DateTime System Uptime CPL Usage Memory Usage Current System Time Model Hardware Version Firmware Version Build Date amp Time System Uptime CPU Usage Memory Usage Current System Ti LAN Status Status WAN Status PO Vigors300 1 0 2 5 7 1 EM Mon Jun 5 18 09 36 CST 2006 O days 4 hours 9 minutes
162. ymmetric Media Disable symmetric RTP and T 38 NAT Status Disable Manually Input NAT IP Address Auto Discovery NAT IP Address 120 NAT IP Address Semi auto need to config NAT STUN Local Port STUN Server Address Full a uto no need to config NAT fonly for SIP 3476 stun fwdnet net STUN Server Port 3476 Enable symmetric RTP and T 38 NAT Type NWA Local IP Address 172 16 3 229 WAN IP Address 172 16 3 229 Apply Cancel Disables this function The feature is used if Vigor3300 has a public WAN IP address and not behind a NAT router NAT IP Address Type the IP address to be used as the NAT IP address The feature is used when Vigor 3300V is behind a NAT router and the NAT router uses a static WAN IP address This value is the same as the WAN IP of the front NAT router It is used when Vigor3300 is behind a NAT router and the NAT router uses a dynamic WAN IP address such as a DHCP or PPPoE client The Vigor3300 requires a STUN server for this option The STUN Simple Traversal of UDP through NATs server is an implementation of the STUN protocol that enables STUN functionality in SIP based systems It is an application layer protocol that can determine the public IP and nature of a NAT device sitting between the STUN client and STUN server Semi auto need to config NAT If you click this function the user needs to configure NAT information
Download Pdf Manuals
Related Search