Vigor2710e/ne Series User`s Guide i
Contents
1. A System Status Quick Start Wizard a Online Status Model Name Vigor2710ne Series a Firmware Version beta_0824 Internet Access Build Date Time Nov 2 2009 19 35 28 LAN ADSL Firmware Version 3431301_A Hardware Annex A NAT Applications LAN WAN 1 PESES MAC Address 00 50 7F 00 00 00 Link Status Disconnected sina ovement ala 1st IP Address 192 168 1 1 MAC Address 00 50 7F 00 00 01 SE 1st Subnet Mask 255 255 255 0 Connection PPPoE DHCP Server Yes IP Address z Reg DNS 194 109 6 66 Default Gateway Application Note FAQ i EE Product Registration Wireless LAN MAC Address 00 50 7F 00 00 00 Frequency Domain Europe Firmware Version 2 2 0 0 SSID DrayTek Main screen for user mode operation simple configuration Note The home page will change slightly in accordance with the type of the router you have 4 Goto System Maintenance page and choose Administrator Password User Password System Maintenance gt gt Administrator Password Setup Administrator Password Or System Maintenance gt gt User Password User Password Username Old Password New Password Confirm Password 5 Enter the login password the default is blank on the field of Old Password Type the new password in New Password and Confirm Password fields Then click OK to continue 6 Now the password has been changed Next time use the new password to access the Web C2. iz SSID Channel Channel 6 2437MHz Packet OVERDRIVE C Tx Burst Note The same technology must also be supported in clients to boost WLAN performance C Hide SSID C Long Preamble Hide SSID prevent SSID from being scanned Long Preamble necessary for some older 802 11b devices only lowers performance Enable Wireless LAN Check the box to enable wireless function Vigor2710e ne Series User s Guide 100 Dr ay Te k Mode Index 1 15 SSID Channel Packet OVERDRIVE Dray Tek At present the router can connect to Mixed 11b 11g 11g Only 11b Only Mixed 11g 11n 11n Only and Mixed 11b 11g 11n stations simultaneously Simply choose Mix 11b 11g 11n mode Mixed 11b 11g lin 11b Only 11g Only Tin Only 11b 119 Mixed 1b 11 q In Note You should also set RADIUS Server simultaneously if 11g Only 11b Only or 11n Only mode is selected Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications gt gt Schedule setup The default setting of this filed is blank and the function will always work Means the identification of the wireless LAN SSID can be any text numbers or various special characters The default SSID is DrayTek We suggest you to change it Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected channel is
3. 4 9 1 Dial out Trigger Click Diagnostics and click Dial out Trigger to open the web page The internet connection e g PPPoE PPPoA etc is triggered by a package sending from the source IP address Diagnostics gt gt Dial out Trigger Dial out Triggered Packet Header Refresh HEX Format 00 00 00 00 00 00 00 00 00 00 00 00 00 00 UU 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 UU 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 UU UU 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 UU Decoded Format 0 0 0 0 gt 0 0 0 0 Pr O len 0 0 Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the package Refresh Click it to reload the page Dray Te k 121 Vigor2710e ne Series User s Guide 4 9 2 Routing Table Click Diagnostics and click Routing Table to open the web page Diagnostics gt gt View Routing Table Current Running Routing Table Refresh Key C connected 5 static EK RIP default private KE 192 168 1 0 255 255 255 0 is directly connected LAN Refresh Click it to reload the page 4 9 3 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mappi
4. Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf of the entire internal hosts Enhance security of the internal network by obscuring the IP address There are many attacks aiming victims based on the IP address Since the attacker cannot be aware of any private IP addresses the NAT function can protect the internal network On NAT page you will see the private IP address defined in RFC 1918 Usually we use the 192 168 1 0 24 subnet for the router As stated before the NAT facility can map one or more IP addresses and or service ports into different specified services In other words the NAT function can be achieved by using port mapping methods Below shows the menu items for NAT H Port Redirection H DMZ Host H Open Ports 4 3 1 Port Redirection Port Redirection is usually set up for server related service inside the local network LAN such as web servers FTP servers E mail servers etc Most of the case you need a public IP address for each server and this public IP address domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public
5. WAN Index Enable Aux WAN IP Private IP E 192 168 1 66 192 168 1 10 Vigor2710e ne Series User s Guide 70 Dr ay Te k 4 3 3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applications Common application of Open Ports includes P2P application e g BT KaZaA Gnutella WinMX eMule and others Internet Camera etc Ensure that you keep the application involved up to date to avoid falling victim to any security exploits Click Open Ports to open the following page NAT gt Open Ports Open Ports Setup Setto Factory Default Index Comment Aux WAN IP Local IP Address Status 1 x 2 x 3 x 4 x A x 6 x I x E x 9 x 10 x lt lt 1 10 11 40 gt gt Next gt gt Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service Local IP Address Display the private IP address of the local host offering the service Status Display the state for the corresponding entry X or V is to represent the Inactive or Active state To add or edit port settings click one index number on the page The index entry setup page will pop up In each index entry you can specify 10 port ranges for diverse services NAT gt gt Open Ports gt Edit Open Ports Index No 1 Enable Open Ports Co
6. Applications gt IGMP IGMP C Enable IGMP Proxy IGMP Proxy is to act as a multicast proxy for hosts on the LAN side Enable IGMP Proxy if you will access any multicast group But this function take no affect when Bridge Mode is enabled L Enable IGMP Snooping Enable IGMP Snooping multicast traffic is only forwarded to ports that have members of that group Disable IGMP snooping multicast traffic is treated in the same manner as broadcast traffic Refresh Working Multicast Groups Index Group ID Enable IGMP Proxy Check this box to enable this function The application of multicast will be executed through WAN port or PVC Use the drop down list to choose the interface Enable IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP snooping will make multicast traffic treated in the same manner as broadcast traffic Group ID This field displays the ID port for the multicast group The available range for IGMP starts from 224 0 0 0 to 239 255 255 254 P1 to P4 It indicates the LAN port used for the multicast group Refresh Click this link to renew the working multicast group status If you check Enable IGMP Proxy all the multicast groups will be listed and all the LAN ports P1 to P4 are available for use 4 7 Wireless LAN This function is used for ne models only 4 7 1 Basic Concepts Over recent years the mar
7. Dr ay Tek 73 Vigor2710e ne Series User s Guide Stateful Packet Inspection SPI Stateful inspection is a firewall architecture that works at the network layer Unlike legacy static packet filtering which examines a packet based on the information in its header stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection Denial of Service DoS Defense The DoS Defense functionality helps you to detect and mitigate the DoS attack The attacks are usually categorized into two types the flooding type attacks and the vulnerability attacks The flooding type attacks will attempt to exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning if you set up Syslog server Also the Vigor router monitors the traffic Any abnormal traffic flow violating the pre defined parameter such as the number of thresholds is identified as an attack and the Vigor router will
8. Default MAC Address Specify a MAC Address MAC Address 50 zF um Joo Jor DNS Server IP Address Primary IP Address l Secondary IP Address MPoA RFC1483 2684 Click Enable for activating this function If you click Disable this DSL Modem Settings Dray Tek function will be closed and all the settings that you adjusted in this page will be invalid Set up the DSL parameters required by your ISP These are vital for building DSL connection to your ISP Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVCs Select M PVCs Channel means no selection will be chosen Encapsulating Type Drop down the list to choose the type provided by ISP VPI Type in the value provided by ISP VCI Type in the value provided by ISP Modulation Drop down the list to choose a proper modulation for the router 53 Vigor2710e ne Series User s Guide RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function Bridge Mode If you choose Bridged IP as the protocol you can check this box to invoke the function The router will work as a bridge modem WAN IP Network This group allows you to obtain an IP address automatically and Settings allows you type in IP address manually Obtain an IP address automatically Click this button to obtain the I
9. EA Broadband Network Tasks bg Gg 8 General gt Wei _ LA Create a new connection R Disconnected gl Set up a home or small EZ WAN Miniport PPPOE Internet Gateway office network Status Connected _ Dial up Duration 00 19 06 See Also gh test Speed 100 0 Mbps J Network Troubleshooter ZEN S schter ek xa ay Tek ISDN PRP Activ Chef Internet Internet Gateway Mu Computer Other Places Internet Gateway wi e vf J D Control Panel TE Ip Broadband Connection on N Router a My Network Places a Packets E My Documents lt Sent 404 Fad My Computer Received 1 115 BBE LAN or High Speed Internet Local 4rea Connection Enabled fe a Realtek RTL6139 810x Family Details Network Connections System Folder The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router The application will also learn the external IP address and configure port mappings on the router Subsequently such a facility forwards packets from the external ports of the router to the internal ports used by the application 2 IP Broadband Connection on Router Properties Advanced Settings i General Services Connect to the Internet using Select the services running on your network that Internet users can access IP Broadband Connection on Houter Ftp Example men
10. EE TDG OD CCI eege 90 EE TOC AON eege 91 lee ten samen nee Mee eee E E eee oer ee ene ee ee eae 92 A6 Dynamic Bt LE 92 ADe CO NS eene 94 E Rn EE 96 ee El 98 4 7 Wireless LAN ccestncxde sassennsectendianensetocedesuedeiasscbesedadeadeowsexhews n sae denesadentddotnedeneasebacsdedanessedabenncteusts 98 Bil A aS ee 98 4 2 Generdl oy e D 100 Vigor2710e ne Series User s Guide viii Dr ay Te k Eeer 103 4 7 4 Access GOMUM e E 104 EE Een 105 4 7 6 Advanced Geitmg NEEN 107 4 7 7 NMM Configuration E 108 4 7 8 AP Discovery cccccseeccccseeeeeeceeeeeecseeeeeeneeeeeseaseeessaeeeesaaeeeeesaueessaaaeeeeseaueessageeessaeeeeenaages 110 aaee Een tzin e pi BEE 111 4 8 System RE le Man Te 112 4 8 1 Systeri AUS sonsetcze oseedeeuessescedr saeGssseraecene suasssecatactece sedeasanassessouestasmecpansesseessaeteupesaecseies 112 AOL E eege EE 113 4 8 3 Administrator Hasswond ne 114 4 8 4 Configuration Backup ENEE ENNEN 114 485 Syslog Mail VOI EE 116 4 8 6 Time and A RE 118 4 8 7 ENN Le un E 119 A 8 8 REDOOL SY SCI E 120 4 8 9 Firmware Upgrade E 120 AO TIAGO ce E E E E E A E E E E 121 49 1 Diaoul ee re E 121 BO ROUN Ee 122 AS SARP Cache Ee 122 AADAC call ec 0 eE ee ee ee ee ee ee 123 Ae e CR E EE 123 AO NG CIAO ler E 124 PO TRACES el ME 125 Eelef 125 Tr OUDIE SHO MING EEN 127 5 1 Checking If the Hardware Status Is OK orNot 127 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 00000 n 128 5
11. Hms Maximum ms Average Ams D Documents and Settings fae gt _ Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time lt Ims TTL 255 will appear If the line does not appear please check the IP address setting of your computer For MacOs Terminal 1 2 3 4 Double click on the current used MacOs on the desktop Open the Application folder and get into Utilities Double click Terminal The Terminal window will appear Type ping 192 168 1 1 and press Enter If the link is OK the line of 64 bytes from 192 168 1 1 icmp_seq 0 ttl 255 time xxxx ms will appear Vigor2710e ne Series User s Guide 130 Dr ay Te k AHA Terminal bash Lost logi s Sot don 3 B224118 on ttypi Welcome to Darwin Vigorla draytekd ping 192 165 1 1 PING 192 166 1 1 192 168 1 1 56 dota bytes 64 bytes from 192 168 1 1 64 bytes from 192 166 1 1 64 bytes from 197 166 11 Lemp segs trl 255 tinesb 755 me LCmp ze trl 255 tife B 697 me icmp_sege2 tihl 255 tine B 716 mg from 192 1661 2 from 192 165 1 1 icp ses 2 ttl 255 tinesh 731 me icmp seg 4 ttl 255 Lime 72 ME 192 168 1 1 ping stati tic E pockets transmitted 5 packets received DN pocket loss round trip minfava may H DO Ad 12240 mb we Vipnrig grmetek P 5 4 Checking If the ISP Settings are OK or Not Click Internet Access group and then check whether the ISP settings are se
12. s Guide Private IP Port Pseudo Port Peer IP Port Interface Refresh 4 9 6 Ping Diagnosis It indicates the source IP address and port of local PC It indicates the temporary port of the router used for NAT It indicates the destination IP address and port of remote host It displays the representing number for different interface Click it to reload the page Click Diagnostics and click Ping Diagnosis to pen the web page Diagnostics gt gt Ping Diagnosis Ping Diagnosis Result Ping to IP Address Run Clear Vigor2710e ne Series User s Guide Clear Use the drop down list to choose the destination that you want to ping Type in the IP address of the Host IP that you want to ping Click this button to start the ping work The result will be displayed on the screen Click this link to remove the result on the window 124 Dray Tek 4 9 7 Trace Route Click Diagnostics and click Trace Route to open the web page This page allows you to trace the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen Diagnostics gt gt Trace Route Trace Route Host IP Address fs Result Clear Protocol Use the drop down list to choose the interface that you want to ping through Host IP Address It indicates the IP address of the host Run Click this button to start route tracing wor
13. 11 131735 60654 UDF menmegr 192 168 29 11 7824 13251 UDF This connection allows you to connect to the Internet through a menmsgr 192 169 29 11 2789 63231 TCP shared connection on another computer Show icon in notification area when connected Settings The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating the UPnP function gt Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches gt Non privileged users can control some router functions including removing and adding port mappings The UPnP function dynamically adds port mappings on behalf of some UPnP aware applications When the applications terminate abnormally these mappings may not be removed 3 5 Wireless LAN This function is used for ne models 3 5 1 Basic Concepts Over recent years the market for wireless communications has enjoyed tremendous growth Wireless technology now reaches or is capable of reaching virtually every location on
14. 3 Pinging the Router from Your Computer 130 5 4 Checking If the ISP Settings are OK orhNot 131 5 5 Backing to Factory Default Setting If Necessary cccceeeeeeeeeeeeeeeeeeeeeeeeaaaaeeeeeeeeeeeeeeeeees 132 5 6 Contacting Your Dealer 133 Dray Te k ix Vigor2710e ne Series User s Guide Preface Vigor2710e series is an ADSL router It integrates IP layer QoS NAT session bandwidth management to help users control works well with large bandwidth The object based design used in SPI Stateful Packet Inspection firewall allows users to set firewall policy with ease By the way DoS DDoS prevention strengthens the security outside and control inside Object based firewall is flexible and allows your network be safe Vigor2710e series provides two level management to simplify the configuration of network connection The user operation allows user accessing into WEB interface via simple configuration However if users want to have advanced configurations they can access into WEB interface through administration operation 1 1 Web Configuration Buttons Explanation Several main buttons appeared on the web pages are defined as the following S Save and apply current settings Cancel Cancel current settings and recover to the previous saved settings SE Clear all the selections and parameters settings including selection from drop down list All the values must be reset with factory default settings Add Add new settings
15. DDNS setup menu check Enable Dynamic DNS Setup Applications gt gt Dynamic DNS Setup Dynamic DNS Setup Set to Factory Default H Enable Dynamic DNS Setup Force Update Accounts Index Domain Name Active 1 x 2 x A x OK Clear All Set to Factory Default Clear all profiles and recover to factory settings Enable Dynamic DNS Setup Check this box to enable DDNS function Index Click the number below Index to access into the setting page of DDNS setup to set account s Domain Name Display the domain name that you set on the setting page of DDNS setup Active Display if this account is active or inactive View Log Display DDNS log status Force Update Force the router updates its information to DDNS server 3 Select Index number 1 to add an account for the router Check Enable Dynamic DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Password fest Dr ay Tek 31 Vigor2710e ne Series User s Guide Applications gt gt Dynamic DNS Setup zz Dynamic DNS Account Setup Index 1 Enable Dynamic DNS Account Service Provider dyndns org www dyndns org Service Type Domain Name dyndns info ka Login Name Fassword C Wildcards C Backup MX Mail Extender Enable Dynamic Check this box to enable the current account If you d
16. Factory Default Clear all profiles Click the number under Index column for settings in detail Dr ay Tek 91 Vigor2710e ne Series User s Guide Objects Setting gt gt Service Type Group Setup Profile Index 1 Name Volt Available Service Type Objects Selected Service Type Objects 1 SIP 2 RTP Name Type a name for this profile Available Service Type All the available service objects that you have added on Objects Objects Setting gt gt Service Type Object will be shown in this box Selected Service Type Click gt gt button to add the selected IP objects in this box Objects 4 6 Applications Below shows the menu items for Applications H Dynamic DNS H Schedule H UPnP P IGMP 4 6 1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP It means that the public IP address assigned to your router changes each time you access the Internet The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the D
17. Guide 48 Dr ay Te k Admin Mode Operation This chapter will guide users to execute advanced full configuration through admin mode operation 1 Open a web browser on your PC and type http 192 168 1 1 The window will ask for typing username and password 2 Please type admin admin on Username Password for administration operation Now the Main Screen will appear Be aware that Admin mode will be displayed on the bottom left side Vigor2710e ne Dray Tek ADSL2 2 Router Quick Start Wizard e Online Status Model Name Vigor2710ne Series wg Firmware Version beta_0824 Internet Access Build Date Time Nov 2 2009 19 35 28 LAN ADSL Firmware Version 3431301_A Hardware Annex A NAT Firewall LAN WAN 1 Objects Setting MAC Address 00 50 7F 00 00 00 Link Status Disconnected Applications ist IP Address 192 168 1 1 MAC Address 00 50 7F 00 00 01 Wireless LAN System Maintenance Diagnostics System Status ist Subnet Mask 255 255 255 0 Connection PPPoE DHCP Server Yes IP Address DNS 194 109 6 66 Default Gateway Application Note Wireless LAN MAC Address 00 50 7F 00 00 00 Product Registration Frequency Domain Europe Firmware Version 2 2 0 0 SSID DrayTek All Rights Reserved 4 1 Internet Access Quick Start Wizard offers user an easy method to quick setup the connection mode for the router Moreover if you want to adjust more settings for different WAN modes please
18. IP address from external users to the mapping private IP address port of the server Vigor2710e ne Series User s Guide 66 Dr ay Te k internet Destined to 220 135 240 207 Port 213 a PART The port redirection can only apply to incoming traffic To use this function please go to NAT page and choose Port Redirection web page The Port Redirection Table provides 20 port mapping entries for the internal hosts NAT gt gt Port Redirection Port Redirection Setto Factory Default Service Name Public Port Private IP Status 1 x x A x A x A x B x x a x d x 10 x lt lt 1 10 11 20 gt gt ext gt gt Press any number under Index to access into next page for configuring port redirection Dray Tek 67 Vigor2710e ne Series User s Guide NAT gt gt Port Redirection Index No 1 C Enable Mode Service Name Protocol WAN IP Public Port Private IP Private Port single ili NA Note In Range Mode the End IP will be calculated automatically once the Public Port and Start IP have been entered Enable Mode Service Name Protocol WAN IP Public Port Private IP Private Port Check this box to enable such port redirection setting Two options Single and Range are provided here for you to choose To set a range for the specific service select Range In Range mode if the public port start port and end port and the starting IP of private IP had been entered
19. IPs subnet masks is allowed List IP Indicate an IP address allowed to login to the router Subnet Mask Represent a subnet mask allowed to login to the router Default Ports Check to use standard port numbers for the Telnet and HTTP servers User Defined Ports Check to specify user defined port numbers for the Telnet HTTP and FTP servers Dr ay Tek 119 Vigor2710e ne Series User s Guide 4 8 8 Reboot System The Web Configurator may be used to restart your router Click Reboot System from System Maintenance to open the following page System Maintenance gt gt Reboot System Reboot System Do you want to reboot your router Using current configuration Using factory default configuration If you want to reboot the router using the current configuration check Using current configuration and click OK To reset the router settings to default values check Using factory default configuration and click OK The router will take 5 seconds to reboot the system Note When the system pops up Reboot System web page after you configure web settings please click OK to reboot your router for ensuring normal operation and preventing unexpect errors of the router in the future 4 8 9 Firmware Upgrade Before upgrading your router firmware you need to install the Router Tools The Firmware Upgrade Utility is included in the tools The following web page will guide you to upgrade firmware by using an example Note that thi
20. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright If not it means that there is something wrong with the hardware status Simply back to 1 3 Hardware Installation to execute the hardware installation again And then try again 127 Vigor2710e ne Series User s Guide 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings After trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK For Windows The example is based on Windows XP As to the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Goto Control Panel and then double click on Network Connections Webatork Connections 2 Right click on Local Area Connection and click on Properties i Disable A Status KW Repair Bridge Connections Create Shortcut Rename Properties E 3 Select Internet Protocol TCP IP and then click Properties ethO Properties General Authentication Advanced Connect using E9 ASUSTeK Broadcom 440k 10 100 Ir LU Configure This connection uses the following items iw Si Client for Microsoft Networks w File and Printer Sharing tor Microsoft Networks wi e Packet Scheduler pms I
21. Route Setup Static Route Configuration setto Factory Default View Routing Table Index Destination Address Status Index Destination Address Status 1 77 6 777 z F77 i 27 a 77 a P7 A 9 5 10 ER Status v Active x Inactive Empty Index The number 1 to 10 under Index allows you to open next page to Destination Address Status set up Static route Displays the destination address of the static route Displays the status of the static route Set to Factory Default Clear all profiles Dray Tek 63 Vigor2710e ne Series User s Guide Viewing Routing Table Displays the routing table for your reference Diagnostics gt gt View Routing Table Current Running Routing Table Refresh Key C connected S static R RIP default private a C 192 168 1 0 255 255 255 0 is directly connected lt Add Static Routes to Private and Public Networks Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the router works properly use the Main Router to surf the Internet create a private subnet 192 168 10 0 using an internal Router A 192 168 1 2 create a public subnet 211 100 88 0 via an internal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway
22. Series User s Guide 110 Dr ay Te k 4 7 9 Station List Station List provides the knowledge of connecting wireless clients now along with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Wireless LAN gt gt Station List Station List Status MAC Address Associated with Status Codes Connected No encryption Connected WEP Connected WPA Connected WPAZ Blocked by Access Control Connecting Fail to pass 802 1X or WPA PSK authentication TS DD P Om Note After a station connects to the router successfully it may be turned off without notice In that case it will still be on the list until the connection expires Add to Access Control Client s MAC address o i Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control Dray Te k 111 Vigor2710e ne Series User s Guide 4 8 System Maintenance For the system setup there are several items that you have to know the way of configuration Status Administrator Password Configuration Backup Syslog Time setup Reboot System Firmware Upgrade Below shows the menu items for System Maintenance H System Status H TR 069 H Administrator Pa H Configuration Bat P Reboot System H Firmware Upgrade 4 8 1 System
23. Status The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the current running firmware version or firmware related information from this presentation System Status Model Name Firmware Version Build Date Time Vigor2710ne Series beta_0624 Nov 2 2009 19 35 26 ADSL Firmware Version 3431301 A Hardware Annex A 8 LAN MAC Address ist IP Address ist Subnet Mask 00 50 7F 00 00 00 192 168 1 1 255 255 255 0 DHCP Server Yes DNS 194 109 6 66 Model Name Firmware Version Build Date Time ADSL Firmware Version LAN MAC Address 1 IP Address 1 Subnet Mask DHCP Server DNS WAN Vigor2710e ne Series User s Guide a WANT Link Status Disconnected MAC Address 00 50 7F 00 00 01 Connection PPPoE IP Address o Default Gateway a Li Wireless LAN 00 50 7F 00 00 00 MAC Address Frequency Domain Europe Firmware Version 2 2 0 0 SSID DrayTek Display the model name of the router Display the firmware version of the router Display the date and time of the current firmware build Display the ADSL firmware version Display the MAC address of the LAN Interface Display the IP address of the LAN interface Display the subnet mask address of the LAN interface Display the current status of DHCP server of the LAN interface
24. Such function is available for the wireless station with WPS supported It is the simplest way to build connection between wireless network clients and vigor router Users do not need to select any encryption mode and type any long encryption passphrase to setup a wireless client every time He she only needs to press a button on wireless client and WPS will connect for client and router automatically There are two methods to do network connection through WPS between AP and Stations pressing the Start PBC button or using PIN Code On the side of Vigor 2710 series which served as an AP press WPS button once on the front panel of the router or click Start PBC on web configuration interface On the side Dr ay Tek 105 Vigor2710e ne Series User s Guide of a station with network card installed press Start PBC button of network card PBC WLAN Card DE If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router PIN Code WLAN Card Le wi M Define a PIN Code of Station PIN Code For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN gt gt Security you will see the following message box Microsoft Internet Explorer A Ws only supports in WRAAWPAG PSE Mode Please click OK and go back Wireless LAN gt gt Security to choose WPA PSK or WPA2 PS
25. User s Guide 132 Dr ay Te k System Maintenance zz Reboot System Reboot System Do you want to reboot your router Using current configuration Using factory default configuration OK Hardware Reset While the router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration Factory Reset After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 6 Contacting Your Dealer If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support draytek com 133 Vigor2710e ne Series User s Guide Dray Tek
26. act of God or subjected to abnormal working conditions The warranty does not cover the bundled or licensed software of other vendors Defects which do not significantly affect the usability of the product will not be covered by the warranty We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes Web registration is preferred You can register your Vigor router via http www draytek com Due to the continuous evolution of DrayTek technology all routers will be regularly upgraded Please consult the DrayTek web site for more information on newest firmware tools and documents http www draytek com Vigor2710e ne Series User s Guide iv Dr ay Te k European Community Declarations Manufacturer DrayTek Corp Address No 26 Fu Shing Road HuKou Township HsinChu Industrial Park Hsin Chu Taiwan 303 Product Vigor2710e ne Series Router DrayTek Corp declares that Vigor2710e ne Series of routers are in compliance with the following essential requirements and other relevant provisions of R amp TTE Directive 1999 5 EEC The product conforms to the requirements of Electro Magnetic Compatibility EMC Directive 2004 108 EC by complying with the requirements set forth in EN55022 Class B and EN55024 Class B The product conforms to the requirements of Low Voltage LVD Directive 2006 95 EC by comply
27. activate its defense mechanism to mitigate in a real time manner The below shows the attack types that DoS DDoS defense function can detect 1 SYN flood attack 9 SYN fragment 2 UDP flood attack 10 Fraggle attack 3 ICMP flood attack 11 TCP flag scan 4 Port Scan attack 12 Tear drop attack 5 IP options 13 Ping of Death attack 6 Land attack 14 ICMP fragment 7 Smurf attack 15 Unknown protocol 8 Trace route Below shows the menu items for Firewall bk General H Dos Defense H URL Content Filter Vigor2710e ne Series User s Guide 74 Dr ay Te k 4 4 2 General Setup General Setup allows you to adjust settings of IP Filter and common options Here you can enable or disable the Call Filter or Data Filter Under some circumstance your filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log settings and Accept large incoming fragmented UDP or ICMP packets Click Firewall and click General Setup to open the general setup page Firewall gt gt General Setup General Setup Call Filter Enable Start Filter Set Disable Data Filter Enable Start Filter Set Disable Actions for default rule Application Action Profile Log Filter Pass Accept large incoming fragmented UDP or ICMP packets for some games ex CS Call Filter Check Enable to activate the Call Filter function Assign a start filter set for the Call Filter D
28. content filtering facility operates properly on a web page that you visited before Enable Restrict Web Check the box to activate the function Feature Java Check the checkbox to activate the Block Java object function The Vigor router will discard the Java objects from the Internet ActiveX Check the box to activate the Block ActiveX object function Any ActiveX object from the Internet will be refused Compressed file Check the box to activate the Block Compressed file function to prevent someone from downloading any compressed file The following list shows the types of compressed files that can be blocked by the Vigor router zip rar arj ace cab sit Executable file Check the box to reject any downloading behavior of the executable file from the Internet e g exe com SCT pif bas bat inf reg Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will be of great value to provide the blocking mechanism that filters out the multimedia files downloading from web pages Accordingly files with the following extensions will be blocked by the Vigor router mov mp3 Pm ra au WMV wav asf mpg mpeg avi Fam Enable Excepting Four entries are available for users to specify some specific IP Subnets addresses or subnets so t
29. go to WAN group and click the Internet Access link 4 1 1 Basics of Internet Protocol IP Network IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address to identify its location on the network To avoid address conflicts IP addresses are publicly registered with the Network Information Centre NIC Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP IP local area networks LANs such as host PCs under the management of a router since they do not need to be accessed by the public Hence the NIC has reserved certain addresses that will never be registered publicly These are known as private IP addresses and are listed in the following ranges From 10 0 0 0 to 10 255 255 255 From 172 16 0 0 to 172 31 255 255 From 192 168 0 0 to 192 168 255 255 What are Public IP Address and Private IP Address Dr ay Tek 49 Vigor2710e ne Series User s Guide As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address
30. hitp192 168 1 1doc WIp las htn Sr WAN IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool V mais v IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address Default MAC Address Type in MAC address for the router You can use Default MAC Address or specify another MAC address for your necessity MAC Address Type in the MAC address for the router manually DNS Server IP Type in the primary IP address for the router If necessary type in Address secondary IP address for necessity in the future Vigor2710e ne Series User s Guide 20 Dr ay Te k 3 2 LAN Local Area Network LAN is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP General Setup 3 2 1 Basics of LAN The most generic function of Vigor router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding Inter
31. option for Active Mode is selected in WAN gt gt General Setup page IP Address From ISP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Notice that this setting is available for WANI only Type the additional WAN IP address and check the Enable box Then click OK to exit the dialog ZC WAN IP Alias Windows Internet Explorer ole SS htps192 1665 1 LdocW pAbas hin NW WAN IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool v zen vV Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MAC address for the router manually After finishing all the settings here please click OK to activate them Vigor2710e ne Series User s Guide 18 Dr ay Te k 3 1 3 MPoA MPoA is a specification that enables ATM services t
32. router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding Internet DHCP Server Public IP Address Private Subnet Router IP Addres In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address As a part of the public subnet the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside Therefore the router should be set as the gateway for public hosts Vigor2710e ne Series User s Guide 60 Dr ay Te k Internet Public IP Address 220 135 240 207 Private Subn What is Routing Information Protocol RIP Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform f
33. same Internet connection via Vigor wireless router The General Settings will set up the information of this wireless network including its SSID as identification located channel etc Internet SSID Draytek i Channel 6 Mode WEP only TETRAN 192 168 1 1 Security Overview Real time Hardware Encryption Vigor Router is equipped with a hardware AES encryption engine so it can apply the highest protection to your data without influencing user experience Complete Security Standard Selection To ensure the security and privacy of your wireless communication we provide several prevailing standards on market WEP Wired Equivalent Privacy is a legacy method to encrypt each frame transmitted via radio using either a 64 bit or 128 bit key Usually access point will preset a set of four keys and it will communicate with each station using only one out of the four keys WPA Wi Fi Protected Access the most dominating security mechanism in industry is separated into two categories WPA personal or called WPA Pre Share Key WPA PSK and WPA Enterprise or called WPA 802 1x In WPA Personal a pre defined key is used for encryption during data transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Dr ay Tek 99 Vigor2710e ne Series User s Guide Since WEP has been proved vulnerable you may consider
34. sets of SSID for different usage In default the first set of SSID will be enabled You can hide it for your necessity This option is to define the length of the sync field in an 802 11 packet Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble Check it to use Long Preamble if needed to communicate with this kind of devices 38 Dray Tek 3 5 3 Security By clicking the Security Settings a new web page will appear so that you could configure the settings of WEP and WPA Wireless LAN gt Security Settings Security Settings Mode WPA Dray Tek WPA Encryption Mode l T Pre Shared Key PSK Type 8 63 ASCII character or 64 Hexadecimal digits leading by Ox for example cfigsOl1a 2 or Ox655abcd WEP Encryption Mode Key 1 ire Key 2 Key 3 Key 4 ee For 64 bit WEP key Type 5 ASCII character or 10 Hexadecimal digits leading by Ox for example AB312 or 0x4142333132 For 128 bit WEP key Type 13 ASCII character or 26 Hexadecimal digits leading by Ox for example 0123456789abc or 0x30313233343536373839414243 There are several modes provided for you to choose Mode Disable Disable Turn off the encryption mechanism WEP lt Accepts only WEP clients and the encryption key should be entered in WEP Key WPA PSK Accept
35. the surface of the earth Hundreds of millions of people exchange information every day via wireless communication products The Vigor ne model a k a Vigor wireless router is designed for maximum flexibility and efficiency of a small office home Any authorized staff can bring a built in WLAN client PDA or notebook into a meeting room for conference without laying a clot of LAN cable or drilling holes everywhere Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access The Vigor wireless routers are equipped with a wireless LAN interface compliant with the standard IEEE 802 1 1n protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology to lift up data rate up to 150 Mbps Hence you can finally smoothly enjoy stream music and video Vigor2710e ne Series User s Guide 34 Dr ay Te k Note The actual data throughput will vary according to the network conditions and environmental factors including volume of network traffic network overhead and building materials In an Infrastructure Mode of wireless network Vigor wireless router plays a role as an Access Point AP connecting to lots of wireless clients or Stations STA All the STAs will share the same Internet connection via Vigor wireless router The General Settings will set up the information of this wireless network including its SSID a
36. the IP Object drop down list to choose the object that you want Click Edit to access into the following dialog to choose a suitable service type gt Service Type Edit Windows Internet Explorer http192 166 1 1 doceiptstedt hin service Type Edit Service Type User defined Protocol Source Port Destination Port Service Group or Service Object or Service Object or Service Object To set the service type manually please choose User defined as the Service Type and type them in this dialog In addition if you want to use the service type from defined groups or objects please choose Group and Objects as the Service Type User defined ser defined Group and Objects Protocol Specify the protocol s which this filter rule will apply to Source Destination Port when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this service type when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type gt the port number greater than this value is available lt the port number less than this value is available for this 78 Dr ay Tek Fragments Filter Branch to other Filter Set SysLo
37. the local network http 192 168 1 13 80 Therefore you need to change the router s http port to any one other than the default port 80 to avoid conflict such as 8080 This can be set in the System Maintenance gt gt Management You then will access the admin screen of by suffixing the IP address with 8080 e g http 192 168 1 1 8080 instead of port 80 Vigor2710e ne Series User s Guide 68 Dr ay Tek System Maintenance gt Management Management Setup Management Access Control Management Port Setup C Allow management from the Internet User Define Ports Default Ports FTP Server Telnet Port Default 23 HTTP Server HTTP Port Default 80 Telnet Server 7 FTP Port 21 Default 21 Disable PING from the Internet Access List List i Subnet Mask 4 3 2 DMZ Host As mentioned above Port Redirection can redirect incoming TCP UDP or other traffic on particular ports to the specific private IP address port of host in the LAN However other IP protocols for example Protocols 50 ESP and 51 AH do not travel on a fixed port Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or
38. the traffic will be separated and arbitrated using on of two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that in General Setup you may specify one set for call filter and one set for data filter to execute first Firewall gt gt General Setup General Setup Call Filter 2 Enable Start Filter Set Set t Die able Data Filter Enable Start Filter Set 42 e O Disable Actions for default rule Firewall gt gt Fitter Setup Application Action Profile Log Filter Poss a Fiker Setup Set to Factory Default Comments Set Comments Accept large incoming fragmented UDP or IOMP packets for some games ex C Default Cail Filter 7 Default Data Filter A 2 OK 19 1 12 Firewall zx Filter Setup zs Edit Fiher Se Liber Set Comments Detauly sem Fi Active Comments Marve Lip Move Down kel Block NetBeans Chow YP Dawn UP Lbewoall r E Filter Sel xx Eet E Wier Hale d up Filter Set 1 Rule 1 up La Check ta enable the Filner Rule Comments Block MatBics Li ue mdeni 1 15 Schedule Setup Mert Filter Sa Dirac ti n LAM gt WAN w Cig Ti s ll L OK l Je SS ij Cancel J Eource IF Any Ede Cestnaben IP Any Et Service Type TCP UDP Port from 137 139 to any Ed Frapanta Deet ani S Application Act
39. under serious interference If you have no idea of choosing the frequency please select Auto to let system determine for you Channel Channel E 2437MHz wl Auto Channel 1 2412MHz Channel 2 241 MHz Channel 3 2422MH2 Channel A 24447 MHz Channel 5 24s hMHz Channel 6 24437 MHz Channel 7 A44 7 Channel 6 24447 MHz Channel 9 2452M1Hz Channel 10 2457 MHz Channel 11 2462hMH2 Channel 12 2467 MHz Channel 13 247 2M1Hz This feature can enhance the performance in data transmission about 40 more by checking Tx Burst It is active only when both sides of Access Point and Station in wireless client invoke this function at the same time That is the wireless client must support this feature and invoke the function too Note Vigor N61 wireless adapter supports this function Therefore you can use and install it into your PC for 101 Vigor2710e ne Series User s Guide Hide SSID Long Preamble Vigor2710e ne Series User s Guide matching with Packet OVERDRIVE refer to the following picture of Vigor N61 wireless utility window choose Enable for TxBURST on the tab of Option igor N61 802 11n Wireless USB Adapter Utility Configuration Status Upton General Setting Advance Setting Auto launch when Windows start up C Disable Radio C Remember mini status position Fragmentation Threshold 2346 C Auto hide mini status RTS Threshold 2347 C Set mini status always on top Renee 8
40. 02 11b gn 24GH v C Enable IP Setting and Proxy Setting in Profile Ad hoc Channel 1 v C Grup Roaming Pe Power Save Mode Tx Burst WLAN type to connect Infrastructure and Ad hoc network Infrastructure network only O Adhoc network only C Automatically connect to non preferred networks Rate Control It controls the data transmission rate through wireless connection Upload Check Enable and type the transmitting rate for data upload Default value is 30 000 kbps Download Type the transmitting rate for data download Default value is 30 000 kbps Check it to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN Depending on the wireless utility the user may only see the information except SSID or just cannot see any thing about Vigor wireless router while site surveying The system allows you to set four sets of SSID for different usage In default the first set of SSID will be enabled You can hide it for your necessity This option is to define the length of the sync field in an 802 11 packet Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble Check it to use Long Preamble if needed to communicate with this kind of devices 102 Dray Tek 4 7 3 Security By clicking the Security Se
41. AN link of Channel 3 4 or 5 to configure your router WAN gt Multi PVCs gt PVC Channel 3 WAN for Router borne Application Enable Disable DSL Modem Settings PPPoE PPPoA Client ISP Access Setup Management ze QoS Type UBR we Protocol PPPoA v MUX MPoA RFC1483 2664 Obtain an IP address automatically Encapsulation ISP Name Username Password i i Required for some ISPs Router Name Domain Name PPP Authentication Always On Idle Timeout IP Address From ISP Fixed IP Yes Fixed IP Address WAN for Router borne Application Enable Disable DSL Modem Settings Vigor2710e ne Series User s Guide Ee second s No Dynamic IP Specify an IP address IP Address Subnet Mask Gateway IP Address DNS Server IP Address Primary IP Address Secondary IP Address OK Choose the router service for channel 3 4 or 5 Management It can be specified for general management Web configuration telnet TRO069 If you choose Management the configuration for this PVC will be effective for Web configuration telnet TRO69 VoIP It can be specified for VoIP only If you choose VoIP the configuration for this PVC will be effective for VoIP data transmitting and receiving Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid Set up the DS
42. Changing Password No matter user mode operation or admin mode operation please change the password for the original security of the router 1 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password 2 Please type admin admin on Username Password for administration operation Otherwise do not type any word both username and password are Null for user operation on the window and click Login on the window 3 Now the Main Screen will appear Vigor2710e ne i Dray Tek ADSL2 2 Router d System Status Quick Start Wizard a Online Status Model Name Vigor2710ne Series a Firmware Version beta_0824 Internet Access Build Date Time Nov 2 2009 19 35 28 LAN ADSL Firmware Version 3431301_A Hardware Annex A NAT Firewall LAN WAN 1 pas moot MAC Address 00 50 7F 00 00 00 Link Status Disconnected SE ist IP Address 192 168 1 1 MAC Address 00 50 7F 00 00 01 System Maintenance 4 ist Subnet Mask gt 255 255 255 0 Connection PPPoE Diagnostics DHCP Server Yes IP Address Sere DNS 194 109 6 66 Default Gateway I Application Note Wireless LAN FAQ MAC Address 00 50 7F 00 00 00 Product Registration Frequency Domain Europe Firmware Version 2 2 0 0 SSID DrayTek All Rights Reserved Main screen for admin mode operation full configuration Vigor2710e ne Series User s Guide 6 Dr ay Te k Vigor2710e7ne E Dray Tek ADSL2 2 Router
43. DNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org Www no ip com www dtdns com www changeip com www dynamic nameserver com You should visit their websites to register your own domain name for the router Enable the Function and Add a Dynamic DNS Account 1 Assume you have a registered domain name from the DDNS provider say hostname dyndns org and an account with username test and password test 2 Inthe DDNS setup menu check Enable Dynamic DNS Setup Vigor2710e ne Series User s Guide 92 Dr ay Te k Dray Tek Applications gt gt Dynamic DNS Setup Dynamic DNS Setup Setto Factory Default Enable Dynamic DNS Setup Force Update Accounts Index Ta Set to Factory Default Domain Name Active x x x Clear all profiles and recover to factory settings Enable Dynamic DNS Setup Check this box to enable DDNS function Index Domain Name Active View Log Force Update Click the number below Index to access into the setting page of DDNS setup to set account s Display the domain name that you set on the setting page of DDNS setup Display if this account is active or inactive Display DDNS log status Force the router updates its information to DDNS server Select Index number to add an account for
44. Diagnostics and click Ping Diagnosis to pen the web page Diagnostics gt gt Ping Diagnosis Ping Diagnosis Ping to 1P Address o Result Clear Ping to Use the drop down list to choose the destination that you want to ping IP Address Type in the IP address of the Host IP that you want to ping Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to remove the result on the window 3 7 3 Trace Route Click Diagnostics and click Trace Route to open the web page This page allows you to trace the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen Diagnostics gt gt Trace Route Trace Route Host IP Address fs Result Clear Host IP Address It indicates the IP address of the host Run Click this button to start route tracing work Clear Click this link to remove the result on the window Vigor2710e ne Series User s Guide 46 Dr ay Te k 3 8 Support Area When you click the menu item under Support Area you will be guided to visit www draytek com and open the corresponding pages directly Application Note FAQ Product Registration Click Support Area gt gt Application Note the following web page will be displayed Dray Tek wh x English Login G0 About DrayTek Products Support Education Partners Contact Us Home gt Support gt Applic
45. Display the assigned IP address of the primary DNS 112 Dray Tek Link Status MAC Address Connection IP Address Default Gateway Wireless LAN MAC Address Frequency Domain Firmware Version SSID 4 8 2 TR 069 Display current connection status Display the MAC address of the WAN Interface Display the connection type Display the IP address of the WAN interface Display the assigned IP address of the default gateway Display the MAC address of the wireless LAN It can be Europe 13 usable channels USA 11 usable channels etc The available channels supported by the wireless products in different countries are various It indicates information about equipped WLAN miniPCi card This also helps to provide availability of some features that are bound with some WLAN miniPCi Display the SSID of the router This device supports TR 069 standard It is very convenient for an administrator to manage a TR 069 device through an Auto Configuration Server e g VigorACS System Maintenance gt TR 069 Setting ACS and CPE Settings ACS Server On ACS Server URL Username Password CPE Client Enable Disable URL Port Username Password Periodic Inform Settings Disable Enable Interval Time ACS Server On Dray Tek PO Se Im OK Choose the interface for the router connecting to ACS server Internet 113 Vigor2710e ne Series User s Guide ACS Server URL User
46. IP LLC 1483 Routed IP LLC 1483 Bridged IP VC Mux 1483 Routed IP VC Mux IPoA Cancel Now you have to select an appropriate WAN connection type for connecting to the Internet through this router according to the settings that your ISP provided VPI VCI Protocol Encapsulation Fixed IP IP Address Dray Tek Stands for Virtual Path Identifier It is an 8 bit header inside each ATM cell that indicates where the cell should be routed The ATM is a method of sending data in small packets of fixed sizes It is used for transferring data to client computers Stands for Virtual Channel Identifier It is a 16 bit field inside ATM cell s header that indicates the cell s next destination as it travels through the network A virtual channel is a logical connection between two end devices on the network Select an IP mode for this WAN interface There are several available modes for Internet access such as PPPoE PPPoA Bridged IP and Routed IP Frotocol Encapsulation 1483 Bridged IP LLC Oo PPPoE LLO SNAP PPPoE WC Mis PPPoA LLC SNAF PPPoA WC Ms 1463 Bridged IP LLG Fixed IP IP Address Subnet Mask 1463 Routed IP LLC 1453 Bridged IP VC Mux 1453 Routed IP VC Mux ol 1453 Bridged IP ob Default Gateway Primary DNS Click Yes to specify a fixed IP for the router Otherwise click No Dynamic IP to allow the router choosing a dynamic IP If you choose No the following IP Address Subnet Mask an
47. Internet Games etc Destined to Internet 220 135 240 207 Protocol Any Port Any l es sf s tk i E A LLLA The inherent security properties of NAT are somewhat bypassed if you set up DMZ host We suggest you to add additional filter rules or a secondary firewall Click DMZ Host to open the following page Dray Tek 69 Vigor2710e ne Series User s Guide NAT gt DMZ Host Setup DMZ Host Setup WAN Private IP MAC Address of the True IP DMZ Host oo loo oo No foo oo Note When a True IP DMZ host ts turned on it will force the router s WAN connection to be always on If you previously have set up WAN Alias for PPPoE PPPoA or MPoA mode you will find them in Aux WAN IP for your selection NAT gt DMZ Host Setup DMZ Host Setup WAN Index Enable Aux WAN IP Private IP Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host F weg LV 142 168 1 10 142 168 1 15 When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting NAT gt gt DMZ Host Setup DMZ Host Setup
48. K mode and access WPS again Below shows Wireless LAN gt gt WPS web page Vigor2710e ne Series User s Guide 106 Dr ay Te k Wireless LAN gt WPS Wi Fi Protected Setup Enable WPS Wi Fi Protected Setup Information WPS Status SSID Authentication Mode Device Configure Configure via Push Button Configure via Client PinCode E SS Senn ae oe eng E ne AuUTHentication Mode LY DU 1 ID Configured DrayTek Disable PSK LA Le VAIO A AIR ca Wy D Ar WY P A Note WPS can help your wireless client automaticaly connect to the Access point WPS is Disabled WPS is Enabled Waiting for WPS requests from wireless clients Enable WPS WPS Status SSID Authentication Mode Configure via Push Button Configure via Client PinCode 4 7 6 Advanced Setting Check this box to enable WPS setting Display related system information for WPS If the wireless security encryption function of the router is properly configured you can see Configured message here Display the SSID1 of the router WPS is supported by SSID1 only Display current authentication mode of the router Only WPA2 PSK and WPA PSK support WPS Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You n
49. L parameters required by your ISP These are vital for building DSL connection to your ISP VPI Type in the value provided by ISP VCI Type in the value provided by ISP QoS Type Select a proper QoS type for the channel Protocol Select a proper protocol for this channel There are three options PPPoE PPPoA and MPoA for you to select The following settings will be changed according to the protocol selected here Encapsulating Type Drop down the list to choose the type provided by ISP 56 Dr ay Tek ISP Access Setup IP Address from ISP Obtain an IP address automatically Specify an IP address DNS Server IP Address Dray Tek Enter your allocated username password and authentication parameters according to the information provided by your ISP If you want to connect to Internet all the time you can check Always On ISP Name Type in the name of ISP Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action This setting is active only when the Always On option is note selected Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Fixed IP Address Type a fixed IP address Click this button to obtain the IP add
50. Multiplexer SDLAM To choose PPPoE or PPPOA as the accessing protocol of the internet please select PPPoE PPPoA from the Internet Access menu The following web page will be shown Vigor2710e ne Series User s Guide 50 Dr ay Te k Internet Access gt gt PPPoE PPPoA PPPoE PPPoA Client Mode PPPoE PPPoA Client Enable Disable DSL Modem Settings Multi PVC channel Channel 1 var Encapsulating Type LLC SNAP ze ISP Access Setup ISP Name Username Password PPP Authentication PAP or CHAP se Always On Idle Timeout o Second s Protocol PPPoE ka IP Address From ep __WAN IP Alias Modulation Multimode Fixed IP O Yes No Dynamic IP Doo L For Wired LAN L For Wireless LAN Note If this box is checked while using the PPPoA protocol the router will behave like a modem which only serves the PPPoE client on the LAN MAC Address Setting Default MAC Address Specify a MAC Address MAC Address 50 zF 00 00 Jor Index 1 15 in Schedule Setup tL tL II Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid DSL Modem Settings Set up the DSL parameters required by your ISP These are vital for building DSL connection to your ISP Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi P
51. P address Vigor2710e ne Series User s Guide 62 Dr ay Te k Primary IP Address You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server If your ISP does not provide it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field Secondary IP Address You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provide it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status System Status System Uptime 0 37 7 LAN Status IP Address KR 192 168 1 1 4906 3908 If both the Primary IP and Secondary IP Address fields are left empty the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connection There are two common scenarios of LAN settings that stated in Chapter 4 For the configuration examples please refer to that chapter to get more information for your necessity 4 2 3 Static Route Go to LAN to open setting page and choose Static Route LAN gt Static
52. P Address 211 100 88 0 Subnet Mask Gateway IP Address Network Interface 4 Go to Diagnostics and choose Routing Table to verify current routing table Diagnostics gt gt View Routing Table Current Running Routing Table Refresh Rey C connected 5 static R RIP default private 192 168 10 0 255 255 255 0 via 192 168 2 2 LAN 192 168 1 0 7 255 255 255 0 is directly connected LAN 2 11 100 86 0 255 255 255 0 via 192 168 1 3 LAN Dray Tek S Vigor2710e ne Series User s Guide 4 3 NAT Usually the router serves as an NAT Network Address Translation router NAT is a mechanism that one or more private IP addresses can be mapped into a single public one Public IP address is usually assigned by your ISP for which you may get charged Private IP addresses are recognized only among internal hosts When the outgoing packets destined to some public server on the Internet reach the NAT router the router will change its source address into the public IP address of the router select the available public port and then forward it At the same time the router shall list an entry in a table to memorize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s public IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes
53. P address automatically Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned Specify an IP address Click this radio button to specify some data WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Notice that this setting is available for WANI only Type the additional WAN IP address and check the Enable box Then click OK to exit the dialog WAH IP Alias Windows Internet Explorer SS httpl92 160 1 LdocW pAbas hin WAN IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool y v IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address Default MAC Address Type in MAC address for the router You can use Default MAC Address or specify another MAC address for your necessity MAC Address Type in the MAC address for the router manually DNS Server IP Type in the primary IP address for the router If necessary type in Address secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them Vigor2710e ne Series User s Guide 54 Dr ay Te k 4 1 4 Multi PVCs This router allows you to create multi PVCs for different data transferring for usi
54. Preamble Hide SSID prevent SSID from being scanned Long Preamble necessary for some older 802 11b devices only lowers performance Enable Wireless LAN Check the box to enable wireless function Mode At present the router can connect to Mixed 11b 11g 11g Only 11b Only Mixed 11g 11n 11n Only and Mixed 11b 11g 11n stations simultaneously Simply choose Mix 11b 11g 11n mode Mixed 11b 11g 11n ze Mixed 1b 11 q In Vigor2710e ne Series User s Guide 36 Dr ay Te k SSID Channel Packet OVERDRIVE Hide SSID Dray Tek Means the identification of the wireless LAN SSID can be any text numbers or various special characters The default SSID is DrayTek We suggest you to change it Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected channel is under serious interference If you have no idea of choosing the frequency please select Auto to let system determine for you Auto Channel 1 2412MHz Channel 2 241 MHz Channel 3 2422MH2 Channel A 24447 MHz Channel 5 24s hMHz Channel 6 24437 MHz Channel 7 A44 7 Channel Channel 6 2447 MHz Channel 9 2452 MHz Channel 10 2457 MHz Channel 11 2462hMH2 Channel 12 2467 MHz Channel 13 247 2M1Hz This feature can enhance the performance in data transmission about 40 more by checking Tx Burst It is active only when both sides of Access Point and Station in wireless cli
55. Protocols 50 ESP and 51 AH do not travel on a fixed port Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc Destined to internet 220 135 240 207 Protocol Any Port lt gt a ile lle RE zb E OK The inherent security properties of NAT are somewhat bypassed if you set up DMZ host We suggest you to add additional filter rules or a secondary firewall Click DMZ Host to open the following page NAT gt DMZ Host Setup DMZ Host Setup WAN Private IP MAC Address of the True IP DMZ Host Note When a True IP DMZ host is turned on it will force the router s WAN connection to be always on If you previously have set up WAN Alias for PPPoE PPPoA or MPoA mode you will find them in Aux WAN IP for your selection Dray Tek 27 Vigor2710e ne Series User s Guide NAT gt DMZ Host Setup DMZ Host Setup WAN Index Enable Aux WAN IP Private IP Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically po
56. Pv6 Address fe80 0000 0000 0000 020a 95ff fe8d 72e4 Configure IPv6 E dd Click the lock to prevent further changes Assist me Apply Now 129 Vigor2710e ne Series User s Guide 5 3 Pinging the Router from Your Computer The default gateway IP address of the router is 192 168 1 1 For some reason you might need to use ping command to check the link status of the router The most important thing is that the computer will receive a reply from 192 168 1 1 If not please check the IP address of your computer We suggest you setting the network connection as get IP automatically Please refer to the section 5 2 Please follow the steps below to ping the router correctly For Windows L 2 4 Open the Command Prompt window from Start menu gt Run Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear o Command Prompt Microsoft Windows HP Version 5 1 2688 CC Copyright 1985 2001 Microsoft Corp D Documents and Settings faerping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Ping statistics for 192 168 1 1 Packets Sent 4 Received 4 Lost A Rx loss Approximate round trip times in milli seconds Minimum
57. R Dr ay Tek 3 Vigor2710e ne Series User s Guide 1 3 Hardware Installation Before starting to configure the router you have to connect your devices correctly 1 Connect the ADSL interface to the external ADSL splitter with an ADSL line cable for all models 2 Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect one end of the power adapter to the router s power port on the rear panel and the other side into a wall outlet 4 Power on the device by pressing down the power switch on the rear panel The system starts to initiate After completing the system test the ACT LED will light up and start blinking Here we take Annex A model as an example for describing hardware installation Land Line Jack POTS Splitter or Microfilter VAUUUA Power Adapter Vigor2710e ne Series User s Guide 4 Dr ay Te k 2 Configuring Basic Settings For using the router properly it is necessary for you to change the password of web configuration for security and adjust primary basic settings 2 1 Two Level Management This chapter explains how to setup a password for an administrator user and how to adjust basic advanced settings for accessing Internet successfully For user mode operation do not type any word on the window and click Login for the simple web pages for configura
58. Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection Get Your Public IP Address from ISP In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE Point to Point Protocol over Ethernet PPPoE connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator This implementation provides users with significant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system And your IP address DNS server and other related information will usually be assigned by your ISP Below shows the menu items for Internet Access b PPPoE PPPoA P Mo RFC1483 2684 b Multi PVCs 4 1 2 PPPoE PPPoA PPPoA included in RFC1483 can be operated in either Logical Link Control Subnetwork Access Protocol or VC Mux mode As a CPE device Vigor router encapsulates the PPP session based for transport across the ADSL loop and your ISP s Digital Subscriber Line Access
59. VCs Select M PVCs Channel means no selection will be chosen VPI Type in the value provided by ISP VCI Type in the value provided by ISP Encapsulating Type Drop down the list to choose the type provided by ISP Protocol Drop down the list to choose the one provided by ISP If you have already used Quick Start Wizard to set the protocol then it is not necessary for you to change any settings in this group Modulation Drop down the list to choose a proper modulation for the router PPPoE Pass through The router offers PPPoE dial up connection Besides you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router When PPPoA protocol is selected the PPPoE package transmitted by PC will be transformed into PPPoA package and sent to WAN server Thus the PC can access Internet through such direction For Wired LAN If you check this box PCs on the same network can use another set of PPPoE session different with the Host PC to access into Internet For Wireless LAN If you check this box PCs on the same Vigor2710e ne Series User s Guide Dray Tek a ISP Access Setup IP Address From ISP Vigor2710e ne Series User s Guide wireless network can use another set of PPPoE session different with the Host PC to access into Internet Enter your allocated username password and authentication parameters according to the information provided by your ISP If you want
60. WPA2 or WPA2 only Pre Shared Key PSK Either 8 63 ASCII characters 103 Vigor2710e ne Series User s Guide such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde WEP 64 Bit For 64 bits WEP key either 5 ASCII characters such as 12345 or 10 hexadecimal digitals leading by Ox such as 0x4142434445 128 Bit For 128 bits WEP key either 13 ASCII characters such as ABCDEFGHIJKLM or 26 hexadecimal digits leading by Ox such as Ox4142434445464748494A4B4C4D Encryption Mode DA Dm All wireless devices must support the same WEP encryption bit size and have the same key Four keys can be entered here but only one key can be selected at a time The keys can be entered in ASCII or Hexadecimal Check the key you wish to use 4 7 4 Access Control For additional security of wireless access the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client Only the valid MAC address that has been configured can access the wireless LAN interface By clicking the Access Control a new web page will appear as depicted below so that you could edit the clients MAC addresses to control their access rights Wireless LAN gt gt Access Control Access Control Setto Factory Default Enable Access Control Policy MAC Address Filter Index Attribute MAC Address Client s MAC Address z Attri
61. and Network Tasks Dag hinet Disconnected SA WARM Miniport PPPOE Dial up LA Create anew connection D Set up a home or small office network See Also test J Network Troubleshooter WAT Disconnected i K DrayTek ISDN PPP Other Places Internet Gateway D Control Pane Je IP Broadband Connection on J My Network Places Sar Enabled Lj My Documents aan E 4 My Computer LAN or High Speed Internet i Local Area Connection Enabled Ci Realtek RTLG139 810x Family Details Network Connections System Folder S IP Broadband Connection on Router Status IEN r General Intemel Gateway Status Connected Duration 00 19 06 Speed 100 0 Mbps Activity Interet Internet Gateway Mu Computer Packets Sent 404 iad Received 1 115 BBE Close The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router The application will also learn the external IP address and configure port mappings on the router Subsequently such a facility forwards packets from the external ports of the router to the internal ports used by the application Dray Tek 33 Vigor2710e ne Series User s Guide Advanced Settings WEE EEN TS ET Cy General Services L BS Select the services running on your network that Internet users can access O Ftp Exarnple menmesar 192 168 29
62. arameters of Access Point Aifsn CWMin CWMax Txop ACM AckPolicy AC_BE m R AC_BK E AC_VI m R AC_vO R m WMM Parameters of Station Aifsn CWMin CWMax Txop ACM AC_BK 10 L Ac S OK WMM Capable To apply WMM parameters for wireless data transmission please click the Enable radio button APSD Capable The default setting is Disable Aifsn It controls how long the client waits for each data transmission Please specify the value ranging from 1 to 15 Such parameter will influence the time delay for WMM accessing categories For the service of voice or video image please set small value for AC_VI and AC_VO categories As to the service of e mail or web browsing please set large value for AC_BE and AC_BK categories CWMin CWMax CWMin means contention Window Min and CWMax means contention Window Max Please specify the value ranging from 1 to 15 Be aware that CWMax value must be greater than CWMin or equals to CWMin value Both values will influence the time delay for WMM accessing categories The difference between AC_VI and AC_VO categories must be smaller however the difference between AC_BE and AC_BK categories must be greater Txop It means transmission opportunity For WMM categories of AC_VI and AC_VO that need higher priorities in data transmission please set greater value for them to get highest transmission opportunity Specify the value ranging from Oto 65535 ACM It is an abbreviation of Admission Control Mandatory It can re
63. ata Filter Check Enable to activate the Data Filter function Assign a start filter set for the Data Filter Filter Select Pass or Block for the packets that do not match with the filter rules Log For troubleshooting needs you can specify the filter log and or CSM log here by checking the box The log will be displayed on Draytek Syslog window Some on line games for example Half Life will use lots of fragmented UDP packets to transfer game data Instinctively as a secure firewall Vigor router will reject these fragmented packets to prevent attack unless you enable Accept large incoming fragmented UDP or ICMP Packets By checking this box you can play these kinds of on line games If security concern is in higher priority you cannot enable Accept large incoming fragmented UDP or ICMP Packets Dr ay Tek 75 Vigor2710e ne Series User s Guide 4 4 3 Filter Setup Click Firewall and click Filter Setup to open the setup page Firewall gt gt Filter Setup Filter Setup Set to Factory Default Set Comments Set Comments 1 Default Call Filter E KA Default Data Filter a SS 4 10 J 11 6 12 To edit or add a filter click on the set number to edit the individual set The following page will be shown Each filter set contains up to 7 rules Click on the rule number button to edit each rule Check Active to enable the rule Firewall gt gt Filter Setup gt gt Edit Filter Set Filter Set 1 Comments Defau
64. ation Notes Application Notes Latest Application Application Notes 01 How to use Windows Disk Management to format the USB Disk 2009 09 09 Latest Application 02 How to make a call between ATA24 without IP PBX or SIP server 2009 08 25 General 03 Vigor Router to NETGEAR with IPSec tunnel 2009 07 20 Dual WAN 04 SSL VPN Tunnel 2009 07 16 Ve 05 How to Access the Computers and Shared Files via Samba Protocol 2009 06 18 Endaia pees 06 SSL Web Proxy 2009 06 18 IP Filter Firewall 07 How to use VNC and RDP via SSL VPN 2009 06 18 ace 08 Vigor2950 Host to LAN VPN with LDAP Authentication 2009 06 01 gt Host to LAN VPN 09 How to build LAN to LAN IPSec VPN by using X 509 Certificate 2009 03 31 SE te Viger Click Support Area gt gt FAQ the following web page will be displayed L Dr ay Tek hk English Login E About DrayTek Products Support Education Partners Contact Us Home gt Support gt FAQ 01 What types of 3G modem cellphone are compatible with Vigor router 2009 10 01 Latest FAQ 02 How to use PRTG monitors network traffic Vigor Router 2009 09 22 Basic 03 What is Powerline Networking 2009 09 15 Advanced 04 What are the benefits of networking devices found at home 2009 09 15 NAT 05 What is the maximum wire length that powerline technology can communicate over 2009 09 15 hii 06 Is VigorPlug s powerline technology co
65. ault MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MAC address for the router manually Index 1 15 in Schedule Setup You can type in four sets of time 52 Dr ay Tek schedule for your request All the schedules can be set previously in Applications Schedule web page and you can use the number that you have set in that web page After finishing all the settings here please click OK to activate them 4 1 3 MPoA MPoA is a specification that enables ATM services to be integrated with existing LANs which use either Ethernet token ring or TCP IP protocols The goal of MPOA is to allow different LANs to send packets to each other via an ATM backbone To use MPoA as the accessing protocol of the Internet select MPoA mode The following web page will appear Internet Access gt gt MPoA RFC1483 2664 MPoA RFC1463 2664 Mode MPoA RFC1463 2664 DSL Modem Settings Multi PVC channel Encapsulation VPI VCI Modulation RIP Protocol C Enable RIP Bridge Mode L Enable Bridge Mode Enable Disable Channel we Multimode WAN IP Network Settings Obtain an IP address automatically Router Name Domain Name Required for some ISPs Specify an IP address IP Address WAN IP Alias 0 0 0 0 Subnet Mask 0 0 0 0 Gateway IP Address 0 0 0 0 MAC Address Setting
66. bility Such channel can increase the performance for data transit Guard Interval It is to assure the safety of propagation delays and reflections for the sensitive digital data If you choose auto as guard interval the AP router will choose short guard interval increasing the wireless performance or long guard interval for data transmit based on the station capability Aggregation MSDU Aggregation MSDU can combine frames with different sizes It is used for improving MAC layer s performance for some brand s clients The default setting is Enable 4 7 7 WMM Configuration WMM 1s an abbreviation of Wi Fi Multimedia It defines the priority levels for four access categories derived from 802 1d prioritization tabs The categories are designed with specific types of traffic voice video best effort and low priority data There are four accessing categories AC BE AC_BK AC_VI and AC_VO for WMM APSD automatic power save delivery is an enhancement over the power save mechanisms supported by Wi Fi networks It allows devices to take more time in sleeping state and consume less power to improve the performance by minimizing transmission latency Such function is designed for mobile and cordless phones that support VoIP mostly Vigor2710e ne Series User s Guide 108 Dr ay Te k Wireless LAN gt gt WMM Configuration WMM Configuration Set to Factory Default WMM Capable Enable Disable APSD Capable Enable Disable WMM P
67. ble P1 P2 P3 P4 Service Type Add Tag 1 et des EEN 3 kl A d ad D Note 1 Channel 1 to 2 are reserved for Nat Route use 2 P1 is reserved for Nat Route use Enable Check this box to enable that channel Only channel 3 to 8 can be set in this page for channel to 2 are reserved for NAT using P1 to P4 It means the LAN port 1 to 4 Check the box to designate the LAN port for channel 3 to 8 Service Type Normally service type is used for the service of video stream eg IPTV It can divide the packets from remote control and from video stream into different PVC In general the protocol used by remote control is IGMP Mormal Normal Normal It means that the PVC can accept all packets except IGMP IGMP It means that the PVC can accept packets of IGMP only Add Tag To identify the usage of PVC check this box to invoke this setting And type the number for VLAN ID number Click Clear to remove all the configurations in this page if you do not satisfy it When you finish the configuration please click OK to save and exit this page Or click Cancel to abort the configuration and exit this page Dr ay Tek 59 Vigor2710e ne Series User s Guide 4 2 LAN Local Area Network LAN is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP Static Route 4 2 1 Basics of LAN The most generic function of Vigor
68. bute C s Isolate the station from LAN OK Enable Access Control Select to enable the MAC Address filter for wireless LAN Policy Select to enable any one of the following policy Choose Activate MAC address filter to type in the MAC addresses for other clients in the network manually Vigor2710e ne Series User s Guide 104 Dr ay Te k Choose Isolate WLAN from LAN will separate all the WLAN stations from LAN based on the MAC Address list Policy Actwate MAC address filter ze Activate MAC address filter Isolate WI AN fram LAN MAC Address Filter Display all MAC addresses that are edited before Client s MAC Address Manually enter the MAC address of wireless client Attribute s Isolate the station from LAN select to isolate the wireless connection of the wireless client of the MAC address from LAN Add Add a new MAC address into the list Delete Delete the selected MAC address in the list Edit Edit the selected MAC address in the list Cancel Give up the access control set up OK Click it to save the access control list Clear All Clean all entries in the MAC address list 4 7 5 WPS WPS Wi Fi Protected Setup provides easy procedure to make network connection between wireless station and wireless access point vigor router with the encryption of WPA and WPA2 Wireless Card Installed Connection viaWPS SE Station set SSID and lt gt Encryption WPA WPA2 lt u gt PIN Code Note
69. confirm your settings VPI 0 WCI 33 Protocol Encapsulation PPPoE LLC Fixed IP No Primary DNS Secondary DNS Click Finish Then the system status of this protocol will be shown 2 4 3 1483 Bridged IP Click 1483 Bridged IP as the protocol Type in all the information that your ISP provides for this protocol Quick Start Wizard Connect to Internet VPI VCI Protocol Encapsulation Fixed IP Oves No Dynamic IP Address Subnet Mask Default Gateway Primary DNS Second DNS Dray Tek 11 Vigor2710e ne Series User s Guide Click Next for viewing summary of such connection Quick Start Wizard Please confirm your settings VPI VCI Protocol Encapsulation Fixed IP 0 33 1483 Bridge LLC No Primary DNS Secondary DNS Click Finish Then the system status of this protocol will be shown 2 4 4 1483 Routed IP Click 1483 Routed IP as the protocol Type in all the information that your ISP provides for this protocol Quick Start Wizard Connect to Internet VPI VCI Protocol Encapsulation Fixed IP O ves IP Address No Dynamic IP Subnet Mask Default Gateway Primary DNS Second DNS Vigor2710e ne Series User s Guide 12 Dray Tek After finishing the settings in this page click Next to see the following page Quick Start Wizard Please confirm your settings VPT 0 VCI a3 Protocol Encapsulation 1483 Route VCMUX Fixed IP No Primar
70. d Default Gateway will not be changed Assign an IP address for the protocol that you select 9 Vigor2710e ne Series User s Guide Subnet Mask Assign a subnet mask value for the protocol of Routed IP and Bridged IP Default Gateway Assign an IP address to the gateway for the protocol of Routed IP and Bridged IP Primary DNS Assign an IP address to the primary DNS Second DNS Assign an IP address to the secondary DNS 2 4 2 PPPoE PPPoA PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share a common connection PPPoE is used for most of DSL modem users All local users can share one PPPoE connection for accessing the Internet Your service provider will provide you information about user name password and authentication mode If your ISP provides you the PPPoE connection please select PPPoE for this router The following page will be shown Quick Start Wizard Set PPPoE PPPoA Cancel User Name Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password Vigor2710e ne Series User s Guide 10 Dr ay Te k Click Next for viewing summary of such connection Quick Start Wizard Please
71. ddress 192 168 1 1 DNS Server IP Address Primary IP Address Secondary IP Address Type in private IP address for connecting to a local private network Default 192 168 1 1 Type in an address code that determines the size of the network Default 255 255 255 0 24 DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so 22 Dr ay Tek it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network If you want to use another DHCP server in the network other than the Vigor Router s you can let Relay Agent help you to redirect the DHCP request to the specified location Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Start IP Address Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the Ist IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Gateway IP Address Enter a value of the gateway IP address for the DHCP server The
72. direction There are eight WAN IP alias that can be selected and used for port redirection The default setting is All which means all the incoming data from any port will be redirected to specified range of IP address and port Specify which port can be redirected to the specified Private IP and Port of the internal host If you choose Range as the port redirection mode you will see two boxes on this field Simply type the required number on the first box The second one will be assigned automatically later Specify the private IP address of the internal host providing the service If you choose Range as the port redirection mode you will see two boxes on this field Type a complete IP address in the first box as the starting point and the fourth digits in the second box as the end point Specify the private port number of the service offered by the internal host Check this box to activate the port mapping entry you have defined Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction Vigor2710e ne Series User s Guide 26 Dr ay Tek 3 3 2 DMZ Host As mentioned above Port Redirection can redirect incoming TCP UDP or other traffic on particular ports to the specific private IP address port of host in the LAN However other IP protocols for example
73. e when you activate the fraggle attack defense all broadcast UDP packets coming from the Internet are blocked Therefore the RIP packets from the Internet might be dropped Check the box to activate the Block TCP flag scan function Any TCP packet with anomaly flag setting is dropped Those scanning activities include no flag scan FIN without ACK scan SYN FINscan Xmas scan and full Xmas scan Check the box to activate the Block Tear Drop function Many machines may crash when receiving ICMP datagrams packets that exceed the maximum length To avoid this type of attack the Vigor router is designed to be capable of discarding any fragmented ICMP packets with a length greater than 1024 octets Check the box to activate the Block Ping of Death function This attack involves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets The Vigor routers will block any packets realizing this attacking activity Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped 82 Dr ay Tek Dray Tek Block Unknown Protocol Warning Messages Check the box to activate the Block Unknown Protocol function Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer However the protocol types greater than 100 are reserved and undefined at this
74. e Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time protocol Server IP Address Type the IP address of the time server Time Zone Select the time zone where the router is located Automatically Update Interval Select a time interval for updating from the NTP server Click OK to save these settings Vigor2710e ne Series User s Guide 118 Dr ay Te k 4 8 7 Management This page allows you to manage the settings for access control access list port setup and SNMP setup System Maintenance gt Management Management Setup Management Access Control Management Port Setup O Allow management from the Internet User Define Ports Default Ports FTP Server Telnet Port Default 23 HITE Sener HTTF Port Default 80 TEREE SEN FTP Port Default 21 Disable PING from the Internet Access List List IP Subnet Mask Allow management from the Enable the checkbox to allow system administrators to Internet login from the Internet There are several servers provided by the system to allow you managing the router from Internet Check the box es to specify Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three
75. e the over the air data protection and or privacy on your wireless network The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same tme Separate the Wireless and the Wired LAN WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons To isolate Dr ay Tek 35 Vigor2710e ne Series User s Guide means neither of the parties can access each other To elaborate an example for business use you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage For a more flexible deployment you may add filters of MAC addresses to isolate users access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of their connection Below shows the menu items for Wireless LAN 3 5 2 General Setup By clicking the General Settings a new web page will appear so that you could configure the SSID and the wireless channel Please refer to the following figure for more information Wireless LAN gt gt General Setup General Setting IEEE 602 11 Enable Wireless LAN Mode Mixed 11b 11g 11n SSID Channel Channel 6 2437MHz a Packet OVERDRIVE C Tx Burst Note The same technology must also be supported in clients to boost WLAN performance C Hide SSID C Long
76. ect M PVCs Channel means no selection will be chosen Encapsulating Type Drop down the list to choose the type provided by ISP VPI Type in the value provided by ISP VCI Type in the value provided by ISP Modulation Drop down the list to choose a proper modulation for the router Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function If you choose Bridged IP as the protocol you can check this box to invoke the function The router will work as a bridge modem This group allows you to obtain an IP address automatically and 19 Vigor2710e ne Series User s Guide Settings allows you type in IP address manually Obtain an IP address automatically Click this button to obtain the IP address automatically Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned Specify an IP address Click this radio button to specify some data WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Notice that this setting is available for WANI only Type the additional WAN IP address and check the Enable box Then click OK to exit the dialog ZC WAN IP Alias Windows Internet Explorer Sleds SS
77. eed to setup WPS within two minutes Please input the PIN code specified in wireless client you wish to connect and click Start PIN button The WLAN LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes This page allows users to set advanced settings such as operation mode channel bandwidth guard interval and aggregation MSDU for wireless data transmission Dray Tek 107 Vigor2710e ne Series User s Guide Wireless LAN gt Advanced Setting HT Physical Mode Operation Mode Mixed Mode Green Field Channel Bandwidth 20 20 40 Guard Interval long auto Aggregation MSDU A MSDU Disable Gi Enable Operation Mode Mixed Mode the router can transmit data with the ways supported in both 802 1 1a b g and 802 11n standards However the entire wireless transmission will be slowed down if 802 11g or 802 11b wireless client is connected Green Field to get the highest throughput please choose such mode Such mode can make the data transmission happening between 11n systems only In addition it does not have protection mechanism to avoid the conflict with neighboring devices of 802 1 1a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving between the AP and the stations 20 40 the router will use 20Mhz or 40Mhz for data transmission and receiving according to the station capa
78. eless access the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client Only the valid MAC address that has been configured can access the wireless LAN interface By clicking the Access Control a new web page will appear as depicted below so that you could edit the clients MAC addresses to control their access rights Wireless LAN gt Access Control Access Control Setto Factory Default Enable Access Control Policy MAC Address Filter Index Attribute MAC Address Client s MAC Address Attribute C s Isolate the station from LAN Edit Cance Enable Access Control Select to enable the MAC Address access control feature Policy Select to enable any one of the following policy Choose Activate MAC address filter to type in the MAC addresses for other clients in the network manually Choose Isolate WLAN from LAN will separate all the WLAN stations from LAN based on the MAC Address Vigor2710e ne Series User s Guide 40 Dr ay Te k MAC Address Filter Attribute Add Delete Edit Cancel OK Clear All 3 5 5 Station List list Policy Actwate MAC address filter ze Activate MAC address filter Isolate WI AN fram LAN Display all MAC addresses that are edited before Four buttons Add Remove Client s MAC Address Manually enter the MAC address of wireless client s select to isolate the wir
79. eless connection of the wireless chent of the MAC address from LAN Add a new MAC address into the list Delete the selected MAC address in the list Edit the selected MAC address in the list Give up the access control set up Click it to save the access control list Clean all entries in the MAC address list Station List provides the knowledge of connecting wireless clients now along with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Wireless LAN gt Station List Station List Status Status Codes Connected No encryption Connected WEP Connected WPA Connected WPA Blocked by Access Control Connecting Fail to pass 802 1 or WPA PSK authentication TS D P Om CH MAC Address Associated with Note After a station connects to the router successfully it may be turned off without notice In that case it will still be on the list until the connection expires Add to Access Control Client s MAC address Refresh Dray Tek OOOO Click this button to refresh the status of station list 41 Vigor2710e ne Series User s Guide Add Click this button to add current typed MAC address into Access Control 3 6 System Maintenance For the system setup there are several items that you have to know the way of configuration Status Administrator Password Configura
80. ensuiunsunntaidmanaa tanandinsaipsaunlaicaa dosnt A E E 21 SAAE Dee Ee e E o EE 22 NAT E seectasedeseaseasasacaesesctaemeuessaceauaaasevseseseanseazae 24 Se Porn TSC ICC OM eege 24 SR Ke 27 EE 29 3 4 Applications narecpetcanaavavetsunesencinadtedsiaveteieessencintenartinastessiaceidingeisveseaddienuiadedaunreriinelincaawdecsasnted 30 3 4 1 Dynamic DNS E 30 A RT E 32 OO CNS cS LAN ER 34 SN Re CONC 2 eee en One en eee eee ee eee eee 34 SE 91 E EE 36 Dray Te k Vil Vigor2710e ne Series User s Guide SE E 39 3 5 4 Access ONO EE 40 Be AOU MENS E 41 gp SV Ee VAIS I ue Cccp sca cone E E E EEE EE 42 OT STON EE 42 RR AS oy ON EE 43 326G WUC and RE 44 OA ICD OOU OY SUC IN E 44 r SPANOS CS E 45 OY fee eB T DIE EE 45 3 7 2 Ping IAGO SIS E 46 2 MAGS ROUE rrie E N a 46 BO UPOO ANTE E 47 Admin Mode Operation c cccccesseccesseccessecceneecesseeeenseesenseesenseeseasesonneesensesseneens 49 Tia Il 214g 2 CCOO E 49 4 1 1 Basics of Internet Protocol HihNetwork 49 Ae ll cl le EE 50 AA Mrs IV eege 53 E ee 55 OZ MAIN ME 60 D SE eg EAN aeai a EE E AE E A E E AE E A NE 60 EE UE e DEE 62 42a oe ROUTE EEN 63 e CR KREE 66 BOA Kegel te IO ME 66 ARTE RO E 69 BOI ON E 71 NSW EEN 73 4 4 1 Basics for Furewall 73 44 2 General Setup ccccccdssccis snccenesacetsenstacsteenctesswecsecesnouedss sunshade dhetellewsueosdcssnest undweedeceaswenteh onde 75 E ME 76 Ee RE 81 e LFA OM IVE File Ie eene 84 EIERE 87 ao RT 87 Te TEEN 89
81. ent invoke this function at the same time That is the wireless client must support this feature and invoke the function too Note Vigor N61 wireless adapter supports this function Therefore you can use and install it into your PC for matching with Packet OVERDRIVE refer to the following picture of Vigor N61 wireless utility window choose Enable for TxBURST on the tab of Option igor N61 802 11n Wireless USB Adapter Utility General Setting Advance Setting Auto launch when Windows start up C Disable Radio C Remember mini status position Fragmentation Threshold f 83 4B C Avto hide mini status RTS Threshold 2347 C Set mini status always on top RECH 902 11b gin 2 4GH C Enable IP Setting and Proxy Setting in Profile Ad hoc Channel 1 v C Grup Roaming katoo Power Save Mode Disable v Tx Burst Disable V WLAN type to connect Infrastructure and Ad hoc network Infrastructure network only O Adhoc network only C Automatically connect to non prefered networks Check it to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN Depending on the wireless utility the user 37 Vigor2710e ne Series User s Guide Long Preamble Vigor2710e ne Series User s Guide may only see the information except SSID or just cannot see any thing about Vigor wireless router while site surveying The system allows you to set four
82. er will take 5 seconds to reboot the system Note When the system pops up Reboot System web page after you configure web settings please click OK to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future Vigor2710e ne Series User s Guide 44 Dr ay Te k 3 7 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router Below shows the menu items for Diagnostics P DHCP Table H Ping Diagnosis H Trace Route 3 7 1 DHCP Table The facility provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page Diagnostics gt gt View DHCP Assigned IP Addresses DHCP IP Assignment Table Refresh DHCP server Running Index IP Address MAC Address Leased Time HOST ID 1 152 168 1 10 00 0EF 6 24 D5 A1 0 00 09 180 usger 6a0els2ce8 Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the host ID name of the specified PC Refresh Click it to reload the page Dr ay Tek 45 Vigor2710e ne Series User s Guide 3 7 2 Ping Diagnosis Click
83. ers Login 60 Contact Us Home gt Support gt FAQ FAQ Latest FAQ 01 What types of 3G modem cellphone are compatible with Vigor router 2009 10 01 02 How to use PRTG monitors network traffic Vigor Router 2009 09 22 03 What is Powerline Networking 2009 09 15 04 What are the benefits of networking devices found at home 2009 09 15 05 What is the maximum wire length that powerline technology can communicate over 2009 09 15 06 Is VigorPlug s powerline technology compatible with other home networking technologies 2009 09 15 including phone line powerline and RF 07 Will Powerline technology interfere with ADSL services 2009 09 15 08 How does Powerline networking handle co interference between two adjacent homes 2009 09 15 using powerline technology How is eavesdropping prevented FAQ Latest FAQ Basic Advanced NAT VPN DHCP Wireless VoIP QoS ISDN Click Support Area gt gt Product EE the following web page will be displayed Dray Tek English About DrayTek Products Support Education Login so Partners Contact Us Home gt Dray Tek Member Drav Tek Member Dear DrayTek new amp existing users For enhancing the users satisfaction level while utilizing our site and receiving even better service from DrayTek we have designed this membership page Please complete the membership registration and then register your product s Already a DrayTek Me
84. feature of UPnP on the router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router It is more reliable than requiring a router to work out by itself which ports need to be opened Further the user does not have to manually set up port mappings or a DMZ UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice video and messaging features Applications gt gt UPnP UPnP C Enable UPnP Service Enable Connection control Service Enable Connection Status Service Note If you intend running UPnP service inside your LAN you should check the appropriate service above to allow control as well as the appropriate UPnP settings Enable UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service After setting Enable UPNP Service setting an icon of IP Broadband Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activated The NAT Traversal of UPnP enables the multimedia features of your applications to operate This has to manually set up port mappings or use other similar methods The screenshots below show examples of this facility Vigor2710e ne Series User s Guide 96 Dr ay Te k Address S Network Connections F IP Broadband Connection on Router Status
85. for specified item Edit Edit the settings for the selected item Delete Delete the selected item with the corresponding settings Note For the other buttons shown on the web pages please refer to Chapter 4 for detailed explanation Dr ay Tek 1 Vigor2710e ne Series User s Guide 1 2 LED Indicators and Connectors Before you use the Vigor router please get acquainted with the LED indicators and connectors first 1 2 1 For Vigor2710e gt LED Status Explanation ACT Blinking The router is powered on and running S Activity normally The router is powered off tans DSL On The router is ready to access Internet wem through DSL link Blinking Slowly The modem is ready Quickly The connection is training The port is connected ee LAN The port is disconnected 1 2 3 4 Ce The data is transmitting eg CSM The profile s of URL Web Content Filter application can be enabled from Firewall gt gt URL Content Filter Interface Description DSL Connecter for accessing the Internet through ADSL2 2 LAN 1 4 Connecters for local networked devices Factory Restore the default settings Usage Turn on the C router Press the button and keep for more than 10 seconds Then the router will restart with the factory default configuration ON OFF Power switch PWR Connecter for a power adapter HOFF PWR Vigor2710e ne Series User s Guide 2 Dr ay Te k 1 2 2 For Vig
86. for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router Internet j Set Router C E Static Route 192 168 1 1 1 Goto LAN page and click General Setup select Ist Subnet as the RIP Protocol Control Then click the OK button Note There are two reasons that we have to apply RIP Protocol Control on Ist Subnet The first is that the LAN interface can exchange RIP packets with the neighboring routers via the Ist subnet 192 168 1 0 24 The second is that those Vigor2710e ne Series User s Guide 64 Dray Tek hosts on the internal private subnets ex 192 168 10 0 24 can access the Internet via the router and continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Check the Enable box Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK LAN gt Static Route Setup Index No 1 Enable Destination IP Address 192 165 10 0 Subnet Mask Gateway IP Address Network Interface OK 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which regulates all packets destined to 211 100 88 0 will be forwarded to 192 168 1 3 LAN gt Static Route Setup Index No 2 Enable Destination I
87. g Dray Tek profile Service Group Object Use the drop down list to choose the one that you want Specify the action for fragmented packets And it is used for Data Filter only Don t care No action will be taken towards fragmented packets Unfragmented Apply the rule to unfragmented packets Fragmented Apply the rule to fragmented packets Too Short Apply the rule only to packets that are too short to contain a complete header Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Further Match A packet matching the rule and that does not match further rules will be dropped Pass If No Further Match A packet matching the rule and that does not match further rules will be passed through If the packet matches the filter rule the next filter rule will branch to the specified filter set Select next filter rule to branch from the drop down menu Be aware that the router will apply the specified filter rule for ever and will not return to previous filter rule any more For troubleshooting needs you can specify the filter log and or CSM log here Check the corresponding box to enable the log function Then the filter log and or CSM log will be shown on Draytek Syslog window 79 Vigor2710e ne Series User s Guide Example As stated before all
88. g information from the router 117 Vigor2710e ne Series User s Guide E DrayTek Syslog 3 6 1 Gateway IP Fixed TX Packets TX Rate ae Gee E Een LAN Status TX Packets RX Packets WAN IP Fixed RX Packets RX Rate ee en E 0 0 Firewall Log VPN Log User Access Log Call Log WAN Log Others Network Information Net State On Line Routers Host Name vivian IP Address Mask MAC NIC Description SiS 900 Based PCI Fast Ethernet Adapter Packet Sc 192 166 1 1 255 255 2 00 50 7F 54 6 KEE MAC Address 00 1 1 D8 E4 58 CE Default Geteway 192 168 1 1 IP Address 197 168 1 10 w DHCP Server 192 168 1 1 Subnet Mask a a a UL SES Mon Jan 22 Lease Obtained 01 28 23 2007 o gt 168 95 1 1 DNS Servers Lease Expires Thu Jan 25 01 28 23 2007 ADSL Status 4 8 6 Time and Date It allows you to specify where the time of the router should be inquired from System Maintenance gt gt Time and Date Time Information 2000 Jan 1 Sat 0 37 36 Current System Time Time Setup Use Browser Time Use Internet Time Client Server IP Address Po Time Zone GMT 12 00 Eniwetok Kwajalein Enable Daylight Saving F Automatically Update Interval Current System Time Click Inquire Time to get the current time Use Browser Time Select this option to use the browser time from the remote administrator PC host as router s system time Us
89. hat they can be free from the URL Access Control To enable an entry click on the empty checkbox named as ACT in front of the appropriate entry Time Schedule Specify what time should perform the URL content filtering facility Vigor2710e ne Series User s Guide 86 Dr ay Te k 4 5 Objects Settings For IPs in a range and service ports in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address 4 5 1 IP Object You can set up to 192 sets of IP Objects with different conditions Objects Setting gt IP Object IP Object Profiles Index FeREBRB ESE rPePrerPeepee Name Index SEEBBRBEREBEBRBEEBE EE A A ook GA M Set to Factory Default 33 64 65 96 97 128 129 160 161 192 gt gt Clear all profiles Click the number under Index column for settings in detail Objects Setting gt gt IP Object Profile Index 1 Setto Factory Default Name Next gt gt Name Interface Address Type Start IP Address End IP Address Subnet Mask Invert Selection Dray Tek 87 Vigor2710e ne Series User s Guide Name Interface Address Type Sta
90. hows the menu items for Applications p Dynamic DNS H UPnP 3 4 1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP It means that the public IP address assigned to your router changes each time you access the Internet The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Vigor2710e ne Series User s Guide 30 Dr ay Tek Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org www no ip com www dtdns com www changeip com www dynamic nameserver com You should visit their websites to register your own domain name for the router Enable the Function and Add a Dynamic DNS Account 1 Assume you have a registered domain name from the DDNS provider say hostname dyndns org and an account with username test and password test 2 Inthe
91. id DNS Account check the box you will see a check mark appeared on the Active column of the previous web page in step 2 Service Provider Select the service provider for the DDNS account Service Type Select a service type Dynamic Custom or Static If you choose Custom you can modify the domain that is chosen in the Domain Name field Domain Name Type in one domain name that you applied previously Use the drop down list to choose the desired domain Login Name Type in the login name that you set for applying domain Password Type in the password that you set for applying domain 4 Click OK button to activate the settings You will see your setting has been saved The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get more detailed information from their websites Disable the Function and Clear all Dynamic DNS Accounts In the DDNS setup menu uncheck Enable Dynamic DNS Setup and push Clear All button to disable the function and clear all accounts from the router Delete a Dynamic DNS Account In the DDNS setup menu click the Index number you want to delete and then push Clear All button to delete the account 3 4 2 UPnP The UPnP Universal Plug and Play protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT rou
92. ing traffic To use this function please go to NAT page and choose Port Redirection web page The Port Redirection Table provides 20 port mapping entries for the internal hosts NAT gt gt Port Redirection Port Redirection Setto Factory Default Service Name Public Port Private IP 1 x 2 x 2 x 4 x J x 6 x F x ER x 9 x 10 x lt lt 1 10 11 20 gt gt Next gt gt Press any number under Index to access into next page for configuring port redirection Dray Tek 25 Vigor2710e ne Series User s Guide NAT gt gt Port Redirection Index No 1 C Enable Mode Service Name Protocol WAN IF Public Port Private IP Private Port single ili NA Note In Range Mode the End IP will be calculated automatically once the Public Port and Start IP have been entered Enable Mode Service Name Protocol WAN IP Public Port Private IP Private Port Active OK Cancel Check this box to enable such port redirection setting Two options Single and Range are provided here for you to choose To set a range for the specific service select Range In Range mode if the public port start port and end port and the starting IP of private IP had been entered the system will calculate and display the ending IP of private IP automatically Enter the description of the specific network service Select the transport layer protocol TCP or UDP Select the WAN IP used for port re
93. ing with the requirements set forth in EN60950 1 Regulatory Information Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device may accept any interference received including interference that may cause undesired operatio
94. ion Profile Sepp Filter Black bnmediataly O Branch ro Other Filter Set Co Uwe Cancel Vigor2710e ne Series User s Guide 80 Dr ay Te k 4 4 4 DoS Defense As a sub functionality of IP Filter Firewall there are 15 types of detect defense function in the DoS Defense setup The DoS Defense functionality is disabled for default Click Firewall and click DoS Defense to open the setup page Firewall gt gt DoS defense Setup DoS defense Setup C Enable DoS Defense Enable SYN flood defense Threshold so packets sec Timeout io sec Enable UDP flood defense Threshold hso packets sec Timeout ho sec Enable ICMP flood defense Threshold so packets sec Timeout ho sec Enable Port Scan detection Threshold hso packets sec Block IP options Block TCP flag scan Block Land Block Tear Drop Block Smurf Block Ping of Death Block trace route Block ICMP fragment Block SYN fragment Block UnknownProtocol Block Fraggle Attack po o Enable Dos Defense Check the box to activate the DoS Defense Functionality Enable SYN flood Check the box to activate the SYN flood defense function Once defense detecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By defa
95. ity for URL Access Control is higher than Restrict Web Feature If the web content match the setting set in URL Access Control the router will execute the action specified in this field and ignore the action specified under Restrict Web Feature Black List block those Click this button to restrict accessing into the corresponding matching keyword webpage with the keywords listed on the box below White List pass those Click this button to allow accessing into the corresponding matching keyword webpage with the keywords listed on the box below Keyword The Vigor router provides 8 frames for users to define keywords Dray Tek and each frame supports multiple keywords The keyword could be a noun a partial noun or a complete URL string Multiple keywords within a frame are separated by space comma or semicolon In addition the maximal length of each frame is 32 character long After specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noticed that the more simplified the blocking keyword list the more efficiently the Vigor router perform 85 Vigor2710e ne Series User s Guide Prevent web access Check the box to deny any web surfing activity using IP address from IP address such as http 202 6 3 2 The reason for this is to prevent someone dodges the URL Access Control You must clear your browser cache first so that the URL
96. k Clear Click this link to remove the result on the window 4 10 Support Area When you click the menu item under Support Area you will be guided to visit www draytek com and open the corresponding pages directly Application Note FAQ Product Registration Click Support Area gt gt Application Note the following web page will be displayed Dray Tek SHEA English Login G0 About DrayTek Products Support Education Partners Contact Us Home Support Application Notes Application Notes Latest Application Application Notes 01 How to use Windows Disk Management to format the USB Disk 2009 09 09 Latest Application 02 How to make a call between ATA24 without IP PBX or SIP server 2009 08 25 General 03 Vigor Router to NETGEAR with IPSec tunnel 2009 07 20 Dual WAN 04 SSL VPN Tunnel 2009 07 16 Bandwidth Management 05 How to Access the Computers and Shared Files via Samba Protocol 2009 06 18 IP Filter Firewall 06 SSL Web Proxy 2009 06 18 l USB 07 How to use VNC and RDP via SSL VPN 2009 06 18 VPN 08 Vigor2950 Host to LAN VPN with LDAP Authentication 2009 06 01 T i g PR 7a gt Host to LAN VPN 09 How to build LAN to LAN IPSec VPN by using X 509 Certificate 2009 03 31 Teleworker to Vigor Dr ay Tek 125 Vigor2710e ne Series User s Guide Click HEES EE the following web page will be EES Sp r English Droit About DrayTek Products Support Education Partn
97. ket for wireless communications has enjoyed tremendous growth Wireless technology now reaches or is capable of reaching virtually every location on the surface of the earth Hundreds of millions of people exchange information every day via wireless communication products The Vigor ne model a k a Vigor wireless router 1s designed for maximum flexibility and efficiency of a small office home Any authorized staff can bring a built in WLAN client PDA or notebook into a meeting room for conference without laying a clot of LAN cable or drilling holes everywhere Wireless LAN enables high Vigor2710e ne Series User s Guide 98 Dr ay Te k mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access The Vigor wireless routers are equipped with a wireless LAN interface compliant with the standard IEEE 802 11n protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology to lift up data rate up to 150 Mbps Hence you can finally smoothly enjoy stream music and video Note The actual data throughput will vary according to the network conditions and environmental factors including volume of network traffic network overhead and building materials In an Infrastructure Mode of wireless network Vigor wireless router plays a role as an Access Point AP connecting to lots of wireless clients or Stations STA All the STAs will share the
98. l then it is not necessary for you to change any settings in this group Modulation Drop down the list to choose a proper modulation for the router PPPoE Pass through The router offers PPPoE dial up connection Besides you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router When PPPoA protocol is selected the PPPoE package transmitted by PC will be transformed into PPPoA package and sent to WAN server Thus the PC can access Internet through such direction For Wired LAN If you check this box PCs on the same network can use another set of PPPoE session different with the Host PC to access into Internet For Wireless LAN If you check this box PCs on the same Dr ay Tek 17 Vigor2710e ne Series User s Guide wireless network can use another set of PPPoE session different with the Host PC to access into Internet ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your ISP If you want to connect to Internet all the time you can check Always On Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action This setting is active only when the Active on demand
99. l hosts Enhance security of the internal network by obscuring the IP address There are many attacks aiming victims based on the IP address Since the attacker cannot be aware of any private IP addresses the NAT function can protect the internal network On NAT page you will see the private IP address defined in RFC 1918 Usually we use the 192 168 1 0 24 subnet for the router As stated before the NAT facility can map one or more IP addresses and or service ports into different specified services In other words the NAT function can be achieved by using port mapping methods Below shows the menu items for NAT H Port Redirection P DMZ Host Open Ports 3 3 1 Port Redirection Port Redirection is usually set up for server related service inside the local network LAN such as web servers FTP servers E mail servers etc Most of the case you need a public IP address for each server and this public IP address domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server Vigor2710e ne Series User s Guide 24 Dr ay Te k internet Destined to 220 135 240 207 Port 213 a PART The port redirection can only apply to incom
100. le Disable ISP Access Setup ISP Name DSL Modem Settings Username Password PPP Authentication PAP or CHAP Encapsulating Type LLC SNAP ze Always On Protocol PPPoE ka Idle Timeout o second s Modulation Multimode k IP Address From ep 1 WAN IP Alias PPPoE Pass through Fixed IP Yes No Dynamic IP L For Wired LAN Fixed IP Address Ir L For Wireless LAN Note If this box is checked while using the PPPoA MAC Address Setting protocol the router will behave like a modem GG Default MAC Address which only serves the PPPoE client on the LAN l Specify a MAC Address MAC Address Jao Jm foo oo Jon Index 1 15 in Schedule Setup cl LI tL tL OK Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid DSL Modem Settings Set up the DSL parameters required by your ISP These are vital for building DSL connection to your ISP Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVCs Select M PVCs Channel means no selection will be chosen VPI Type in the value provided by ISP VCI Type in the value provided by ISP Encapsulating Type Drop down the list to choose the type provided by ISP Protocol Drop down the list to choose the one provided by ISP If you have already used Quick Start Wizard to set the protoco
101. lishing a WAN e g DSL Cable connection There are two common scenarios of LAN settings that stated in Chapter 4 For the configuration examples please refer to that chapter to get more information for your necessity Dr ay Tek 23 Vigor2710e ne Series User s Guide 3 3 NAT Usually the router serves as an NAT Network Address Translation router NAT is a mechanism that one or more private IP addresses can be mapped into a single public one Public IP address is usually assigned by your ISP for which you may get charged Private IP addresses are recognized only among internal hosts When the outgoing packets destined to some public server on the Internet reach the NAT router the router will change its source address into the public IP address of the router select the available public port and then forward it At the same time the router shall list an entry in a table to memorize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s public IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf of the entire interna
102. lt Call Filter Filter Rule Active Comments Move Up Move Down Block NetBios Down O UP Down O UP Down O UP Down O UP Down 6 O UP Down d UP Next Filter Ger Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Move Up Down Use Up or Down link to move the order of the filter rules Next Filter Set Set the link to the next filter set to be executed after the current filter run Do not make a loop with many filter sets To edit Filter Rule click the Filter Rule index button to enter the Filter Rule setup page Vigor2710e ne Series User s Guide 76 Dr ay Te k Firewall gt gt Edit Filter Set gt gt Edit Filter Rule Filter Set 1 Rule 1 Check to enable the Filter Rule Comments Block NetBios Index 1 15 in Schedule Setup 7 Direction LAN gt WAN sw Service Type TCP UDP Port from 137 139 to any Fragments Dont Care Application Action Profile Syslog Filter Block Immediately F Branch to Other Filter Set Check to enable the Check this box to enable the filter rule Filter Rule Comments Enter filter set comments description Maximum length is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval
103. mber Just sign in below Want to become a DrayTek Member Click Create Account and then fill out the membership form Forgot username or password Click Forgot Username Password Benefits for DrayTek Members Receiving e news letters about latest firmware version for your purchased products Software and firmware available online for download Chances to win prizes Many more benefits only for DrayTek members are coming soon Vigor2710e ne Series User s Guide 126 Sign up Forgot Password Dray Tek Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration Please follow sections below to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 1 Checking If the Hardware Status Is OK or Not Follow the steps below to verify the hardware status l 3 Dray Tek Check the power line and WLAN LAN cable connections Refer to 1 3 Hardware Installation for details Turn on the router
104. mber of received packets at the LAN interface Displays the physical connection Ethernet of this interface Displays the name set in WAN1 WAN web page Displays the type of WAN connection eg PPPoE Displays the total uptime of the interface Displays the IP address of the WAN interface Displays the IP address of the default gateway Displays the total transmitted packets at the WAN interface Displays the speed of transmitted octets at the WAN interface Displays the total number of received packets at the WAN interface Displays the speed of received octets at the WAN interface Note The words in green mean that the WAN connection of that interface is ready for accessing Internet the words in red mean that the WAN connection of that interface is not ready for accessing Internet 2 6 Saving Configuration Each time you click OK on the web page for saving the configuration you can find messages showing the system interaction with you Ready indicates the system is ready for you to input settings Settings Saved means your settings are saved once you click Finish or OK button Vigor2710e ne Series User s Guide 14 Dray Tek User Mode Operation This chapter will guide users to execute simple configuration through user mode operation 1 Open a web browser on your PC and type http 192 168 1 1 The window will ask for typing username and password 2 Do not type any word both username and password a
105. megr 192 169 29 11 131 35 60654 UDP menmegr 192 168 2911 7824 13251 UDP This connection allows you to connect to the Internet through a menmegr 192 168 29 11 8789 63231 TCP shared connection on another computer Settings Show icon in notificahon area when connected The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating the UPnP function gt gt Dray Tek Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches Non privileged users can control some router functions including removing and adding port mappings 97 Vigor2710e ne Series User s Guide The UPnP function dynamically adds port mappings on behalf of some UPnP aware applications When the applications terminate abnormally these mappings may not be removed 4 6 4 IGMP IGMP is the abbreviation of Internet Group Management Protocol It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups
106. mment WAN IP End Port 4500 d UDP ze 500 Lal a fe A ul 3 3 A d Ve el oi d eels 9 5 l Eis amp t o o S m FF TI 3 f gt ca a ca amp co STEER G i R t lte FT DI E H 3 in OK Cancel Vigor2710e ne Series User s Guide Dray Tek i Enable Open Ports Comment WAN Interface Local Computer Choose PC Protocol Start Port End Port Vigor2710e ne Series User s Guide Check to enable this entry Make a name for the defined network application service Specify the WAN interface that will be used for this entry Enter the private IP address of the local host or click Choose PC to select one Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Specify the transport layer protocol It could be TCP UDP or none for selection Specify the starting port number of the service offered by the local host Specify the ending port number of the service offered by the local host 72 Dr ay Tek 4 4 Firewall 4 4 1 Basics for Firewall While the broadband users demand more bandwidth for multimedia interactive applications or distance learning security has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized o
107. more detailed information from their websites Disable the Function and Clear all Dynamic DNS Accounts In the DDNS setup menu uncheck Enable Dynamic DNS Setup and push Clear All button to disable the function and clear all accounts from the router Delete a Dynamic DNS Account In the DDNS setup menu click the Index number you want to delete and then push Clear All button to delete the account 4 6 2 Schedule The Vigor router has a built in real time clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say business hours The schedule is also applicable to other functions You have to set your time before set schedule In System Maintenance gt gt Time and Date menu press Inquire Time button to set the Vigor router s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Applications gt gt Schedule Schedule Setto Factory Default Index Status Index Status 1 x 9 x 2 x 10 x A x 11 x 4 x 12 x A xX 13 X 6
108. mpatible with other home networking technologies 2009 09 15 sua including phone line powerline and RF Wireless 07 Will Powerline technology interfere with ADSL services 2009 09 15 VoIP 08 How does Powerline networking handle co interference between two adjacent homes 2009 09 15 Qos using powerline technology How is eavesdropping prevented ISDN Dr ay Tek 47 Vigor2710e ne Series User s Guide Click Support Area gt gt Product Registration the following web page will be displayed Dr ay Te k English Login Go About DrayTek Products Support Education Partners Contact Us Home gt Dray Tek Member Drav Tek Member Dear DrayTek new amp existing users Sign up Forgot Password For enhancing the users satisfaction level while utilizing our site and receiving even better service from DrayTek we have designed this membership page Please complete the membership registration and then register your product s Already a DrayTek Member Just sign in below Want to become a DrayTek Member Click Create Account and then fill out the membership form Forgot username or password Click Forgot Username Password Benefits for DrayTek Members Receiving e news letters about latest firmware version for your purchased products Software and firmware available online for download Chances to win prizes Many more benefits only for DrayTek members are coming soon Vigor2710e ne Series User s
109. n Please visit http www draytek com user AboutRegulatory php This product is designed for DSL POTS and 2 4GHz WLAN network throughout the EC region and Switzerland with restrictions in France Please see the user manual for the applicable networks on your product Dray Te k v Vigor2710e ne Series User s Guide Vigor2710e ne Series User s Guide vi Dr ay Te k Table of Contents 4 EE ee 1 1 1 Web Configuration Buttons Explanation ccccccccccccccececeseeeeeeeeeeeseeeeeeeeeeeesseaeaseeeeeesssaaaaeees 1 1 2 LED Indicators and Connectors cccceeeecccceeceeseeeeeeeeeeeeeeeeseeeeeeeeesseeeeeeeeeeessuaeaeeeseeeesssaaaeeses 2 2A FOr leie ere KE 2 VE FOr VIGO 2 TONG oori E a EE E aE A T ESEE 3 1 Hardware Potalla OR EE 4 Configuring Basic Settings cccssccsssseecesseeeeseecenseeeenseseseeseeseeseeseesensessones 5 2 1 Two Level Management 5 2 2 Accessing Web te 5 2 3 Changing Password cccccceccesseeeeceeeeeeeeaeeseceeeeseaseeeeeeeeeeeseaeeeseeeeeeeessseaaseeeeessseaeeeeeeeeeseeeaas 6 2A UNG Star W2 e BE 8 2 4 1 Adjusting Protocol Encapsulation cccccccsscscccecsseeseeeeeeeeeeeeeeeeaeseeeeeseaeeeesseaeeeesensaeeeees 9 2AL2 E EN 10 24 3 1483 Bridged RE 11 244 1483 ROUA EE 12 e ie EE 13 2 6 SAVING CGopnfguraton 14 User Mode Rn e E 15 Se lat 15 3 1 1 Basics of Internet Protocol HiNetwork 15 ENEE ee 16 SMPO EE 19 EAN eee ee eee eee ee ee ee ee ee 21 SALBI SICS Ol EA N aa tenont
110. n 1 00 00 34 Vigor DoS iemp_flood Block 10s 192 168 1 115 gt 192 168 1 1 PR 1G4cemp len 20 60 icmp 0 8 lt ADSL Status 83 Vigor2710e ne Series User s Guide 4 4 5 URL Content Filter To provide an appropriate cyberspace to users Vigor router equips with URL Content Filter not only to limit illegal traffic from to the inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionable keywords URL keyword blocking facility will decline the HTTP request to that web page thus can limit user s access to the website You may imagine URL Content Filter as a well trained convenience store clerk who won t sell adult magazines to teenagers At office URL Content Filter can also provide a job related only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent users from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may ri
111. name Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information CPE Client It is not necessary for you to type them Such information is useful for Auto Configuration Server Enable Disable Sometimes port conflict might be occurred To solve such problem you might want to change port number for CPE Please click Enable and change the port number Periodic Inform Settings The default setting is Enable Please set interval time or schedule time for the router to send notification to CPE Or click Disable to close the mechanism of notification 4 8 3 Administrator Password This page allows you to set new password System Maintenance gt gt Administrator Password Setup Administrator Password OK Old Password Type in the old password The factory default setting for password is admin New Password Type in new password in this filed Confirm Password Type in the new password again When you click OK the login window will appear Please use the new password to access into the web configurator again 4 8 4 Configuration Backup Backup the Configuration Follow the steps below to backup your configuration 1 Goto System Maintenance gt gt Configuration Backup The following windows will be popped up as shown below Vigor2710e ne Series User s Guide 114 Dr ay Te k System Maintenance zz C
112. net DHCP Server Public IP Address Private Subnet Router IP Addres In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address As a part of the public subnet the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside Therefore the router should be set as the gateway for public hosts Dray Tek 21 Vigor2710e ne Series User s Guide Public IP Address 220 135 240 207 Router IP Internet ee What is Routing Information Protocol RIP Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other 3 2 2 General Setup This page provides you the general settings for LAN Click LAN to open the LAN settings page and choose General Setup LAN gt General Setup Ethernet TCP IP and DHCP Setup LAN IP Network Configuration For NAT Usage IP Address DHCP Server Configuration Enable Server Disable Server Start IP Address 192 166 1 10 Subnet Mask 255 255 255 0 IP Pool Counts IP Address Subnet Mask DHCP Server Configuration Vigor2710e ne Series User s Guide Gateway IP A
113. ng Simply go to Internet Access and select Multi PVC Setup page General The system allows you to set up to four channels which are ready for choosing as the first PVC line that will be used as multi PVCs WAN gt Multi PVCs Multi PVCs General ATM QoS Port based Bridge Channel Enable VPI VC QoS Type Protocol Encapsulation 7 o 2 o 1483 Bridged IP LLC Note VPI VCI must be unique for each channel OK Enable Check this box to enable that channel The channels that you enabled here will be shown in the Multi PVC channel drop down list on the web page of Internet Access Though you can enable eight channels in this page yet only one channel can be chosen on the web page of Internet Access VPI Type in the value provided by your ISP VCI Type in the value provided by your ISP QoS Type Select a proper QoS type for the channel Protocol PERDE Encapsulation Choose a proper type for this channel The types will be different according to the protocol setting that you choose 1403 Route IP LLC 1483 Bridged IP LLG 1483 Route IP LLC VC MUA VC MUX 1403 Bridged IP VWC Mux 1403 Routed IP VC Mux IPoA 1453 Bridged IPMRoE LLOSSNAP Dr ay Tek 55 Vigor2710e ne Series User s Guide WAN link for Channel 3 4 5 are provided for router borne application such as TR069 and VoIP The settings must be applied and obtained from your ISP For your special request please contact with your ISP and then click W
114. ng between an Ethernet hardware address MAC Address and an IP address Diagnostics gt gt View ARP Cache Table Ethernet ARP Cache Table Clear Refresh IP Address MAC Address 152 168 1 10 00 0EF A6 24 D5 Al Refresh Click it to reload the page Clear Click it to clear the whole table Vigor2710e ne Series User s Guide 122 Dr ay Te k 4 9 4 DHCP Table The facility provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page Diagnostics gt gt View DHCP Assigned IP Addresses DHCP IP Assignment Table Refresh DHCP server Running Index IP Address MAC Address Leased Time HOST ID 1 192 168 1 10 00 0E A6 2A D5 Al 0 00 095 800 user 6adelbeced Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the host ID name of the specified PC Refresh Click it to reload the page 4 9 5 NAT Sessions Table Click Diagnostics and click NAT Sessions Table to open the list page Diagnostics gt gt NAT Sessions Table NAT Active Sessions Table Refresh Peer IP Port Interface Dr ay Tek 123 Vigor2710e ne Series User
115. ning Threshold rate the Vigor router will send out a warning By default the Vigor router sets the threshold as 150 packets per second Check the box to activate the Block IP options function The Vigor router will ignore any IP packets with IP option field in the datagram header The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series of Internet addresses routing messages etc An eavesdropper outside might learn the details of your private networks Check the box to enforce the Vigor router to defense the Land attacks The Land attack combines the SYN attack technology with IP spoofing A Land attack occurs when an attacker sends spoofed SYN packets with the identical source and destination addresses as well as the port number to victims Check the box to activate the Block Smurf function The Vigor router will ignore any broadcasting ICMP echo request Check the box to enforce the Vigor router not to forward any trace route packets Check the box to activate the Block SYN fragment function The Vigor router will drop any packets having SYN flag and more fragment bit set Check the box to activate the Block fraggle Attack function Any broadcast UDP packets received from the Internet is blocked Activating the DoS DDoS defense functionality might block some legal packets For exampl
116. ntemet Protocol TCPYIP Install Lliairretall Properties Description Transmission Control Hrotocoldlntemet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected Motty me when this connection has limited or no connectivity Vigor2710e ne Series User s Guide 128 Dr ay Te k 4 Select Obtain an IP address automatically and Obtain DNS server address automatically Internet Protocol TCP IP Properties General _Altemate Configuration i You can get IF settings assigned automatically d your network supports this capability Othenvise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically C 3 Use the following IP address For MacOs l 2 Dray Tek Double click on the current used MacOs on the desktop Open the Application folder and get into Network On the Network screen select Using DHCP from the drop down list of Configure IPv4 ean i _ Network _ A e E Show All Displays Sound Network Startup Disk Location Automatic Show Built in Ethernet CH Proxies Ethernet IP Address 192 168 1 10 Renew DHCP Lease Subnet Mask 255 255 255 0 DHCP Client ID If required Router 192 168 1 1 DNS Servers Optional Search Domains Optional I
117. ntify with the values from your ISP if you choose Specify an IP address Internet Access gt gt MPoA RFC1463 2664 MPoA RFC1483 2684 Mode MPoA RFC1483 2684 Enable Disable WAN IP Network Settings Obtain an IP address automatically 1483 Bridged IP LLC E Required for some ISPs DSL Modem Settings Encapsulation Specify an IP address WAN IP Alias VCI 88 IP Address 0 0 0 0 Modulation Multimode Subnet Mask RIP Protocol Gateway IP Address C Enable RIP MAC Address Setting Bridge Mode Default MAC Address C Enable Bridge Mode Specify a MAC Address MAC Address so vF joo Joo for DNS Server IP Address Primary IP Address Secondary IP Address 5 5 Backing to Factory Default Setting If Necessary Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Warning After pressing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of factory default is null Software Reset You can reset the router to factory default via Web page Go to System Maintenance and choose Reboot System on the web page The following screen will appear Choose Using factory default configuration and click OK After few seconds the router will return all the settings to the factory settings Vigor2710e ne Series
118. o be integrated with existing LANs which use either Ethernet or TCP IP protocols The goal of MPoA is to allow different LANs to send packets to each other via an ATM backbone To use MPoA as the accessing protocol of the Internet select MPoA mode The following web page will appear Internet Access gt gt MPoA RFC1463 2664 MPoA RFC1483 2664 Mode MPoA RFC1463 2664 DSL Modem Settings Encapsulation VPI VCI Modulation RIP Protocol C Enable RIP Bridge Mode C Enable Bridge Mode Enable Disable Multimode ka WAN IP Network Settings Obtain an IP address automatically Router Name Domain Name Required for some ISPs Specify an IP address IP Address WAN IP Alias 0 0 0 0 0 0 0 0 0 0 0 0 Subnet Mask Gateway IP Address MAC Address Setting Default MAC Address Specify a MAC Address MAC Address E ze kon Joo 01 DNS Server IP Address Primary IP Address Secondary IP Address MPoA RFC1483 2684 Click Enable for activating this function If you click Disable this DSL Modem Settings RIP Protocol Bridge Mode WAN IP Network Dray Tek function will be closed and all the settings that you adjusted in this page will be invalid Set up the DSL parameters required by your ISP These are vital for building DSL connection to your ISP Multi PVC channel The selections displayed here are determined by the page of Internet Access Multi PVCs Sel
119. onfiguration Backup Configuration Backup Restoration Restoration Select a configuration file a Click Restore to upload the file Click Backup to download current running configurations as a file Backup 2 Click Backup button to get into the following dialog Click Save button to open another dialog for saving configuration as a file File Download i You are downloading the File config cfg From 192 166 1 1 Would wou like to open the file or save it to your computer Always ask before opening this type of file 3 In Save As dialog the default filename is config cfg You could give it another name by yourself my Documents F d My Computer Mu Recent Emy Network Places Documents S IS COM Like felt Eelst C TeleDanmark 2 v2k2_232_config_1 v2k6_250_config_1 My Documents Mu Computer File name config v My Network Save as type Configuration file w f 4 Click Save button the configuration will download automatically to your computer as a file named config cfg The above example is using Windows platform for demonstrating examples The Mac or Linux platform will appear different windows but the backup function is still available Dray Te k 115 Vigor2710e ne Series User s Guide Note Backup for Certification must be done independently The Configuration Backup does not include information of Certificate Restore Configuration 1 Goto System Maintenance gt gt C
120. onfiguration Backup The following windows will be popped up as shown below System Maintenance gt gt Configuration Backup Configuration Backup Restoration Restoration Select a configuration file Fees Click Restore to upload the file iBackup 2 Click Browse button to choose the correct configuration file for uploading to the router 3 Click Restore button and wait for few seconds the following picture will tell you that the restoration procedure is successful 4 8 5 Syslog Mail Alert SysLog function is provided for users to monitor router There is no bother to directly get into the Web Configurator of the router or borrow debug equipments System Maintenance gt gt SysLog Mail Alert Setup SysLog Mail Alert Setup Mail Alert Setup SysLog Access Setup I gress Enable leen Server IP Address fs Destination Port 514 Enable syslog message Return Path fr Firewall Log C Authentication User Access Log User Name fr wl Call WAN Log Enable E Mail Alert Router DSL information DoS Attack Enable Syslog Access Check Enable to activate function of syslog Syslog Server IP The IP address of the Syslog server Destination Port Assign a port for the Syslog protocol Enable syslog message Check the box listed on this web page to send the corresponding message of firewall User Access Call WAN Router DSL information to Syslog Vigor2710e ne Series User s Guide 116 D
121. onfigurator for this router Dray Tek 7 Vigor2710e ne Series User s Guide Username Copyright DrayTek Corp All Rights Reserved Dray Tek 2 4 Quick Start Wizard VW Notice Quick Start Wizard for user operation is the same as for administrator s operation If your router can be under an environment with high speed NAT the configuration provide here can help you to deploy and use the router quickly The first screen of Quick Start Wizard is entering login password After typing the password please click Next Quick Start Wizard Enter login password Please enter an alpha numeric string as your Password Max 23 characters ania Sd Finish Cancel In the Quick Start Wizard you can configure the router to access the Internet with different protocol modes such as PPPoE PPPoA Bridged IP or Routed IP The router supports the Vigor2710e ne Series User s Guide 8 Dr ay Te k 2 4 1 Adjusting Protocol Encapsulation In the Quick Start Wizard you can configure the router to access the Internet with different protocol modes such as PPPoE PPPoA Bridged IP or Routed IP The router supports the ADSL WAN interface for Internet access Quick Start Wizard Connect to Internet VPI VCI Fixed IP IP Address Subnet Mask Default Gateway Primary DNS Second DNS Protocol Encapsulation Auto detect PPPoE LLC SNAP PPPoE LLC SNAP PPPoE VC MUX PPPoA LLC SNAP PPPoA VC MUX 1483 Bridged
122. only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications gt gt Schedule setup The default setting of this filed is blank and the function will always work Direction Set the direction of packet flow LAN gt WAN WAN gt LAN It is for Data Filter only For the Call Filter this setting is not available since Call Filter is only applied to outgoing traffic Source Destination IP Click Edit to access into the following dialog to choose the source destination IP or IP ranges gt IP Address Edit Windows Internet Explorer http 192 168 1 1doc ipfipedthtn IP Address Edit Address Type Group and Objects Start IP Address booo End IP Address Subnet Mask Invert Selection IP Group or IP Object or IP Object None 1 RD Department or IP Object 2 Finanical Dept 3 HR Department To set the IP address manually please choose Any Address Single Address Range Address Subnet Address as the Address Type Dr ay Tek 77 Vigor2710e ne Series User s Guide Service Type Vigor2710e ne Series User s Guide and type them in this dialog In addition if you want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type Group and Objects Any Address single Address Range Address subnet Address Group and Objects From the IP Group drop down list choose the one that you want to apply Or use
123. or each other What is Static Route When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP What are Virtual LANs You can group local hosts by physical ports and create up to 4 virtual LANs To manage the communication between different groups please set up rules in Virtual LAN VLAN function and the rate of each Internet f gt gt MN uh Dray Tek 61 Vigor2710e ne Series User s Guide 4 2 2 General Setup This page provides you the general settings for LAN Click LAN to open the LAN settings page and choose General Setup LAN gt gt General Setup Ethernet TCP IP and DHCP Setup LAN IP Network Configuration DHCP Server Configuration For NAT Usage Enable Server Disable Server IP Address 192 168 1 1 Start IP Address 192 168 1 10 Subnet Mask IP Pool Counts Gateway IP Address 192 168 1 1 DNS Server IP Address Primary IP Address fo Secondary IP Address fo OK IP Address Type in private IP address for connecting to a local private network Default 192 168 1 1 Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 DHCP Server DHCP stands for Dynamic Host Configuration Protocol The Configuration router by facto
124. or2710ne Status Explanation i m ACT Blinking The router is powered on and running Activity normally The router is powered off On The router is ready to access Internet through DSL link Blinking Slowly The modem is ready Quickly The connection is training The port is connected LAN 1 2 3 4 The port is disconnected Bray Tek one The data is transmitting Wireless access point is ready DSL 4 Vigor2710ne SE It will blink while wireless traffic goes through WPS On The WPS is on The WPS is off Blinking Waiting for wireless client sending requests for connection about two minutes On Press this button for 2 seconds to wait for client device making network connection through WPS When the LED lights up the WPS will be on The WPS is off Blinking Waiting for wireless client sending requests for connection about 2 minutes WPS Button Interface Description WLAN Press the button once to enable WLAN LED on or disable WLAN LED off wireless connection DSL Connecter for accessing the Internet through ADSL2 2 LAN 1 4 Connecters for local networked devices Factory Restore the default settings Usage Turn on the router Press the button and keep for more than 10 seconds Then the router will restart with the factory default configuration ON OFF Power switch PWR Connecter for a power adapter ON HOFF PW
125. ot place the router in a damp or humid place e g a bathroom The router should be used in a sheltered area within a temperature range of 5 to 40 Celsius Do not expose the router to direct sunlight or other heat sources The housing and electronic components may be damaged by direct sunlight or heat sources Do not deploy the cable for LAN connection outdoor to prevent electronic shock hazards Keep the package out of reach of children When you want to dispose of the router please follow local regulations on conservation of the environment We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials we will at our discretion repair or replace the defective products or components without charge for either parts or labor to whatever extent we deem necessary tore store the product to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be offered solely at our discretion This warranty will not apply if the product is modified misused tampered with damaged by an
126. oup Objects Setting gt IP Group IP Group Table Setto Factory Default Index Name Index Name S GA K ka Ia Iho A jm mo no M l e mo fae fo eo les A ei L e K a fe a feo leo Il SSEEKRERSpeppbr bot Set to Factory Default Clear all profiles Click the number under Index column for settings in detail Objects Setting gt gt IP Group Profile Index 1 Interface Available IP Objects Selected IP Objects 1 RD Department 2 Financial Dept 3 HR Department ES A Name Type a name for this profile Maximum 15 characters are allowed Interface Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box Selected IP Objects Click gt gt button to add the selected IP objects in this box Dr ay Tek 89 Vigor2710e ne Series User s Guide 4 5 3 Service Type Object You can set up to 96 sets of Service Type Objects with different conditions Objects Setting gt Service Type Object Service Type Object Profiles set to Factory Default Index Name Index Name ee ee REE eem e e e bat A A La Fb 33 64 65 96 gt gt Next gt gt Set to Factory Default Clear all profiles Click the number under Index column for settings in detail Objects Setting gt Service Type Object Setup Profile Index 1 Name Protocol So
127. p up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host F niao fa OX 130 168 1 10 130 168 1 18 When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting NAT gt gt DMZ Host Setup DMZ Host Setup WAN Index Enable Aux WAN IP Private IP 1 192 168 1 66 192 168 1 10 Vigor2710e ne Series User s Guide 28 Dr ay Te k 3 3 3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applications Common application of Open Ports includes P2P application e g BT KaZaA Gnutella WinMX eMule and others Internet Camera etc Ensure that you keep the application involved up to date to avoid falling victim to any security exploits Click Open Ports to open the following page NAT gt Open Ports Open Ports Setup setto Factory Default Index Comment Aux WAN IP Local IP Address Status L X 2 x 3 x 4 x 5 x 6 x T x a x E x 10 x lt lt 1 10 11 20 gt gt Next gt gt Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service Local IP Address Display the p
128. r d F 4 Se zc j ZE oOo C 00 a F ee E l WW j pa d A d L T A WF i l f ADSL2 2 Router _ Your reliable networking solutions partner User s Guide V1 0 Vigor2710e ne Series User s Guide ii Dr ay Te k Vigor2 10e ne Series ADSL2 2 Router User s Guide Version 1 0 Date 01 12 2009 Dray Te k iii Vigor2710e ne Series User s Guide Copyright Information Copyright Declarations Trademarks Copyright 2009 All rights reserved This publication contains information that is protected by copyright No part may be reproduced transmitted transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders The following trademarks are used in this document Microsoft is a registered trademark of Microsoft Corp kt Windows Windows 95 98 Me NT 2000 XP Vista and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Inc Other products may be trademarks or registered trademarks of their respective manufacturers Safety Instructions and Approval Safety Instructions Warranty Be a Registered Owner Firmware amp Tools Updates Read the installation guide thoroughly before you set up the router The router is a complicated electronic unit that may be repaired only be authorized and qualified personnel Do not try to open or repair the router yourself Do n
129. r ay Te k Enable Alert Setup Check Enable to activate function of mail alert Send a test e mail Make a simple test for the e mail address specified in this page Please assign the mail address first and click this button to execute a test for verify the mail address is available or not SMTP Server The IP address of the SMTP server Mail To Assign a mail address for sending mails out Return Path Assign a path for receiving the mail from outside Authentication Check this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following l 2 Dray Tek Just set your monitor PC s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD After installation click on the Router Tools gt gt Syslog from program menu 2 About Router Tools ER Firmware Uperade Utility fay Router Tools 73 5 1 jo Uninstall Router Tools 3 5 1 Visit DrayTek Web Site From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrievin
130. re Null for user operation on the window and click Login on the window Now the Main Screen will appear Be aware that User mode will be displayed on the bottom left side ADSL2 2 Router Vigor2710e7ne 3 Dray Tek Quick Start Wizard Online Status Model Name Vigor2710ne Series System Status Firmware Version beta_0824 Internet Access Build Date Time Nov 2 2009 19 35 28 LAN ADSL Firmware Version 3431301_A Hardware Annex A NAT Applications LAN WAN 1 Wireless LAN MAC Address 00 50 7F 00 00 00 Link Status Disconnected System Maintenance 1st IP Address 192 168 1 1 MAC Address 00 50 7F 00 00 01 Diagnostics 1st Subnet Mask 255 255 255 0 Connection PPPoE DHCP Server Yes IP Address EE DNS 194 109 6 66 Default Gateway Application Note Product Registration Wireless LAN MAC Address 00 50 7F 00 00 00 Frequency Domain Europe Firmware Version 2 2 0 0 SSID DrayTek All Rights Reserved 3 1 Internet Access Quick Start Wizard offers user an easy method to quick setup the connection mode for the router Moreover if you want to adjust more settings for different WAN modes please go to WAN group and click the Internet Access link 3 1 1 Basics of Internet Protocol IP Network IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address to identify its location on the network To avoid address conflicts IP addresse
131. rent status of DHCP server of the LAN interface DNS Display the assigned IP address of the primary DNS WAN Vigor2710e ne Series User s Guide 42 Dr ay Te k Link Status MAC Address Connection IP Address Default Gateway Wireless LAN MAC Address Frequency Domain Firmware Version SSID 3 6 2 User Password Display current connection status Display the MAC address of the WAN Interface Display the connection type Display the IP address of the WAN interface Display the assigned IP address of the default gateway Display the MAC address of the wireless LAN It can be Europe 13 usable channels USA 11 usable channels etc The available channels supported by the wireless products in different countries are various It indicates information about equipped WLAN miniPCi card This also helps to provide availability of some features that are bound with some WLAN miniPCi Display the SSID of the router This page allows you to set new password for user operation System Maintenance gt gt User Password User Password Username Old Password New Password Confirm Password Old Password New Password Confirm Password Type in the old password The factory default setting for password is blank Type in new password in this filed Type in the new password again When you click OK the login window will appear Please use the new password to access into the web configurator again Dra
132. ress automatically Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned Click this radio button to specify some data IP Address Type in the private IP address Subnet Mask Type in the subnet mask Gateway IP Address Type in gateway IP address Type in the primary IP address for the router If necessary type in secondary IP address for necessity in the future 57 Vigor2710e ne Series User s Guide ATM QoS Such configuration is applied to upstream packets Such information will be provided by ISP Please contact with your ISP for detailed information WAN gt Multi PVCs Multi PVCs General ATM Ooz Port based Bridge Channel QoS Type PCR SCR MBS Note 1 Set 0 means default value 2 PCR max ADSL Up Speed 53 8 QoS Type Select a proper QoS type for the channel according to the information that your ISP provides PCR It represents Peak Cell Rate The default setting is 0 SCR It represents Sustainable Cell Rate The value of SCR must be smaller than PCR MBS It represents Maximum Burst Size The range of the value is 10 to 50 Port based Bridge General page lets you set the first PVC As to set the second PVC line please click the Port based Bridge tab to open Bridge configuration page Vigor2710e ne Series User s Guide 58 Dr ay Te k WAN gt gt Multi PVCs Multi PVCs General ATM Ooz Port based Bridge Channel Ena
133. rivate IP address of the local host offering the service Status Display the state for the corresponding entry X or V is to represent the Inactive or Active state To add or edit port settings click one index number on the page The index entry setup page will pop up In each index entry you can specify 10 port ranges for diverse services Dr ay Tek 29 Vigor2710e ne Series User s Guide NAT gt Open Ports gt gt Edit Open Ports Index No 1 Enable Open Ports Comment WAN IP Local Computer Protocol UDP Hy G el Gel d LU ET DI lt rt pz CH 4500 4500 rt End Port Protocol Start Port End Port Enable Open Ports Comment WAN Interface Local Computer Choose PC Protocol Start Port End Port 3 4 Applications Check to enable this entry Make a name for the defined network application service Specify the WAN interface that will be used for this entry Enter the private IP address of the local host or click Choose PC to select one Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Specify the transport layer protocol It could be TCP UDP or none for selection Specify the starting port number of the service offered by the local host Specify the ending port number of the service offered by the local host Below s
134. rt IP Address End IP Address Subnet Mask Invert Selection Type a name for this profile Maximum 15 characters are allowed Choose a proper interface WAN LAN or Any Interface For example the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN or any IP address If you choose LAN as the Interface here and choose LAN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule page Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet Address if this object contains one subnet for IP address Select Any Address if this object contains any IP address Type the start IP address for Single Address type Type the end IP address if the Range Address type is selected Type the subnet mask if the Subnet Address type is selected If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen Below is an example of IP objects settings Objects Setting gt gt IP Object IP Object Profiles Index D r ie i i Vigor2710e ne Series User s Guide Name RD Department Financial Dept HR Department 88 Dray Tek 4 5 2 IP Group This page allows you to bind several IP objects into one IP gr
135. ry default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It 1s highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network If you want to use another DHCP server in the network other than the Vigor Router s you can let Relay Agent help you to redirect the DHCP request to the specified location Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Start IP Address Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the Ist IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Gateway IP Address Enter a value of the gateway IP address for the DHCP server The value is usually as same as the 1st IP address of the router which means the router is the default gateway DNS Server DNS stands for Domain Name System Every Internet host must Configuration have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent I
136. s are publicly registered with the Network Information Centre NIC Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP IP local area networks LANs such as host PCs under the management of a router since they do not need to be accessed by the public Hence the NIC has reserved certain addresses that will never be registered publicly These are known as private IP addresses and are listed in the following ranges From 10 0 0 0 to 10 255 255 255 From 172 16 0 0 to 172 31 255 255 From 192 168 0 0 to 192 168 255 255 Dr ay Tek 15 Vigor2710e ne Series User s Guide What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection Get Your Public IP Address from ISP In ADSL deployment the PPP Point
137. s example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www draytek com or local DrayTek s web site and FTP site is ftp draytek com Click System Maintenance gt gt Firmware Upgrade to launch the Firmware Upgrade Utility System Maintenance gt gt Firmware Upgrade Web Firmware Upgrade Select a firmware file i Click Upgrade to upload the file TFITP Firmware Upgrade from LAN Current Firmware Version beta_0824 Firmware Upgrade Procedures Click OK to start the TFTP server Open the Firmware Upgrade Utility or other 3 party TFTP client software Check that the firmware filename is correct Click Upgrade on the Firmware Upgrade Utility to start the upgrade After the upgrade is compelete the TFTP server will automatically stop running Bw Ne Do you want to upgrade firmware Vigor2710e ne Series User s Guide 120 Dr ay Te k Click OK The following screen will appear Please execute the firmware upgrade utility first System Maintenance gt gt Firmware Upgrade A TFTF server is running Please execute a Firmware Upgrade Utility software to upgrade router s firmware This server will be closed by itself when the firmware upgrading finished 4 9 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router Below shows the menu items for Diagnostics
138. s identification located channel etc Internet SSID Draytek i Channel 6 e Mode WEP only RW ua 192 168 1 1 Security Overview Real time Hardware Encryption Vigor Router is equipped with a hardware AES encryption engine so it can apply the highest protection to your data without influencing user experience Complete Security Standard Selection To ensure the security and privacy of your wireless communication we provide several prevailing standards on market WEP Wired Equivalent Privacy is a legacy method to encrypt each frame transmitted via radio using either a 64 bit or 128 bit key Usually access point will preset a set of four keys and it will communicate with each station using only one out of the four keys WPA Wi Fi Protected Access the most dominating security mechanism in industry is separated into two categories WPA personal or called WPA Pre Share Key WPA PSK and WPA Enterprise or called WPA 802 1x In WPA Personal a pre defined key is used for encryption during data transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhanc
139. s only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clients and the encryption key should be entered in PSK Mixed WPA WPA2 PSK Accepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automatically negotiated via 802 1x authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde Type Select from Mixed WPA WPA2 or WPA2 only Pre Shared Key PSK Either 8 63 ASCII characters Oo 9 Vigor2710e ne Series User s Guide such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde WEP 64 Bit For 64 bits WEP key either 5 ASCII characters such as 12345 or 10 hexadecimal digitals leading by Ox such as 0x4142434445 128 Bit For 128 bits WEP key either 13 ASCII characters such as ABCDEFGHIJKLM or 26 hexadecimal digits leading by Ox such as Ox4142434445464748494A4B4C4D Encryption Mode B4 Bit All wireless devices must support the same WEP encryption bit size and have the same key Four keys can be entered here but only one key can be selected at a time The keys can be entered in ASCII or Hexadecimal Check the key you wish to use 3 5 4 Access Control For additional security of wir
140. sk bringing threat to your system For example an ActiveX control object is usually used for providing interactive web feature If malicious code hides inside it may occupy user s system For example if you add key words such as sex Vigor router will limit web access to web 29 99 sites or web pages such as www sex com www backdoor net images sex p_386 html Or you may simply specify the full or partial URL such as www sex com or sex com Also the Vigor router will discard any request that tries to retrieve the malicious code Click URL Content Filter to open the setup page Vigor2710e ne Series User s Guide 84 Dr ay Te k Firewall gt URL Content Filter Content Filter Setup Black List block those matching keyword White List pass those matching keyword No ACT Keyword No ACT Keyword EC L k 2 BD C SJ esen E 3 GR E Ed dE NEG Note that multiple keywords are allowed to specify in the blank For example hotmail yahoo msn Prevent web access from IP address LJ Enable Restrict Web Feature Java ActiveX Compressed files Executable files Multimedia files Cookie Proxy C Enable Excepting Subnets No Act IP Address Subnet Mask ee Time Schedule Index 1 15 in Schedule Setup Note Action and Idle Timeout settings will be ignored Enable URL Access Enable URL Access Control Check the box to activate URL Control Access Control Note that the prior
141. strict stations from using specific category class if it is checked AckPolicy Uncheck default value the box means the AP router will answer the response request while transmitting WMM packets Dr ay Tek 109 Vigor2710e ne Series User s Guide through wireless connection It can assure that the peer must receive the WMM packets Check the box means the AP router will not answer any response request for the transmitting packets It will have better performance with lower reliability 4 7 8 AP Discovery Vigor router can scan all regulatory channels and find working APs in the neighborhood Based on the scanning result users will know which channel is clean for usage Also it can be used to facilitate finding an AP for a WDS link Notice that during the scanning process about 5 seconds no client is allowed to connect to Vigor This page is used to scan the existence of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Wireless LAN gt gt Access Point Discovery Access Point List BSSID Channel SSID Scan See Statistics Note During the scanning process 5 seconds no station is allowed to connect with the router Scan It is used to discover all the connected AP The results will be Shown on the box above this button Statistics It displays the statistics for the channels used by APs Vigor2710e ne
142. t correctly P PPPoE PPPoA b MPoA RFC1483 27684 For PPPoE PPPoA Users 1 Check if the Enable option is selected 2 Check if Username and Password are entered with correct values that you got from your ISP Internet Access gt gt PPPoE PPPoA PPPoE PPPoA Client Mode ISP Access Setup PPPoE PPPoA Client Enable Disable ISP Name DSL Modem Settings Se Username Password PPP Authentication PAP or CHAP Encapsulating Type LLC SNAP E S PE Always On Protocol PPPoE Idle Timeout o second s Modulation Multimode WAN IP Alias IP Address From ISP Fixed IP Yes No Dynamic IP PPPoE Pass through C For Wired LAN C For Wireless LAN Note If this box is checked while using the PPPoA MAC Address Setting protocol the router will behave like a modem Default MAC Address which only serves the PPPoE client on the LAN Specify a MAC Address MAC Address 50 re Um Joo Jo Index 1 15 in Schedule Setup Fixed IP Address 131 Vigor2710e ne Series User s Guide Dray Tek For MPoA Users 1 Check if the Enable option is selected 2 Check if all parameters of DSL Modem Settings are entered with correct value that provided by your ISP Especially check if the encapsulation is selected properly or not it should be the same with the setting on Quick Start Wizard 3 Check if IP Address Subnet Mask and Gateway are set correctly must ide
143. ters the major feature of UPnP on the router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router It is more reliable than requiring a router to work out by itself which ports need to be opened Further the user does not have to manually set up port mappings or a DMZ UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice video and messaging features Vigor2710e ne Series User s Guide 32 Dr ay Te k Applications zz UPnP Enable UPNP Service UPnP C Enable UPnP Service Enable Connection control Service Enable Connection Status Service OK Note If you intend running UPnP service inside your LAN you should check the appropriate service above to allow control as well as the appropriate UPnP settings Cancel Accordingly you can enable either the Connection Control Service or Connection Status Service After setting Enable UPNP Service setting an icon of IP Broadband Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activated The NAT Traversal of UPnP enables the multimedia features of your applications to operate This has to manually set up port mappings or use other similar methods The screenshots below show examples of this facility Address Network Connections Broadb
144. the router Check Enable Dynamic DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Password fest Applications gt gt Dynamic DNS Setup zz Dynamic DNS Account Setup Index 1 Enable Dynamic DNS Account Service Provider Service Type Domain Name Login Name Password C Wildcards C Backup MX Mail Extender Enable Dynamic DNS Account Service Provider Service Type dyndns org www dyndns org dyndns into v Check this box to enable the current account If you did check the box you will see a check mark appeared on the Active column of the previous web page in step 2 Select the service provider for the DDNS account Select a service type Dynamic Custom or Static If you choose Custom you can modify the domain that is chosen in the Domain Name field 93 Vigor2710e ne Series User s Guide Domain Name Type in one domain name that you applied previously Use the drop down list to choose the desired domain Login Name Type in the login name that you set for applying domain Password Type in the password that you set for applying domain 4 Click OK button to activate the settings You will see your setting has been saved The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get
145. the system will calculate and display the ending IP of private IP automatically Enter the description of the specific network service Select the transport layer protocol TCP or UDP Select the WAN IP used for port redirection There are eight WAN IP alias that can be selected and used for port redirection The default setting is All which means all the incoming data from any port will be redirected to specified range of IP address and port Specify which port can be redirected to the specified Private IP and Port of the internal host If you choose Range as the port redirection mode you will see two boxes on this field Simply type the required number on the first box The second one will be assigned automatically later Specify the private IP address of the internal host providing the service If you choose Range as the port redirection mode you will see two boxes on this field Type a complete IP address in the first box as the starting point and the fourth digits in the second box as the end point Specify the private port number of the service offered by the internal host Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction For example the built in web configurator in the router is with default port 80 which may conflict with the web server in
146. there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will be applied Once The schedule will be applied just once Weekdays Specify which days in one week should perform the schedule Example Suppose you want to control the PPPoE Internet access connection to be always on Force On from 9 00 to 18 00 for whole week Other time the Internet access connection should be disconnected Force Down Office a 2 gu 2i Hour f d d Force On sj P E Mon Sun 9 00 am to 6 00 pm 1 Make sure the PPPoE connection and Time Setup is working properly Dr ay Tek 95 Vigor2710e ne Series User s Guide 2 Configure the PPPoE always on from 9 00 to 18 00 for whole week Configure the Force Down from 18 00 to next day 9 00 for whole week 4 Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre defined in the schedule profiles 4 6 3 UPnP The UPnP Universal Plug and Play protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the major
147. time Therefore the router should have ability to detect and reject this kind of packets We provide Syslog function for user to retrieve message from Vigor router The user as a Syslog Server shall receive the report sending from Vigor router which is a Syslog Client All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon Look for the keyword DoS in the message followed by a name to indicate what kind of attacks is detected System Maintenance gt gt SysLog Mail Alert Setup SysLog Mail Alert Setup Mail Alert Setup SysLog Access Setup Enable Test e mail account Enable SMTP Server Server IP Address ao Mail To Destination Port D I Enable syslog message Return Path Firewall Log CT Authentication User Access Log User Name v Cog Password WAN Log Enable E Mail Alert DoS Attack Router DSL information i DrayTek Syslog 3 7 0 Controls 192 168 1 1 wel WAN Status Gateway IP Fixed TX Packets TX Rate Vigor Series 2634 1634 28 a Tx Packets RX Packets WAN IP Fixed RX Packets RX Rate 4175 3668 172 16 3 229 2558 126 LAN Status Firewall Log VPN Log User Access Log CallLog WAN Log Others Network Information Net State Traffic Graph Time Host Message Jan 1 00 00 42 Vigor Dos syn_flood Block 10s 192 168 1 115 10605 gt 192 168 1 1 23 PR 6 tep len 20 40 5 394375 Ja
148. tion Yet for admin mode operation please type admin admin on Username Password and click Login for full configuration 2 2 Accessing Web Page 1 Make sure your PC connects to the router correctly VW Notice You may either simply set up your computer to get IP dynamically R from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password Username Password Copyright DrayTek Corp All Rights Reserved Dray Tek 3 For user s operation do not type any word on the window and click Login for the simple web pages for configuration Yet for administrator s operation please type admin admin on Username Password and click Login for full configuration VW Notice If you fail to access to the web configuration please go to Trouble Shooting for detecting and solving your problem 4 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configuration system will logout after 5 minutes without any operation Change the setting for your necessity Dr ay Tek 5 Vigor2710e ne Series User s Guide Auto Logout w Auto Logout 2 3
149. tion Backup Syslog Time setup Reboot System Firmware Upgrade Below shows the menu items for System Maintenance P Reboot System 3 6 1 System Status The System Status provides basic network settings of Vigor router web page will change according to the route you have It includes LAN and WAN interface information Also you could get the current running firmware version or firmware related information from this presentation System Status Model Name Vigor2710ne Series Firmware Version beta 0624 Build Date Time Nov 2 2009 19 35 26 ADSL Firmware Version 3431301_A Hardware Annex A LAN WAN 1 MAC Address 00 50 7F 00 00 00 Link Status Disconnected ist IP Address 192 168 1 1 MAC Address 00 50 7F 00 00 01 ist Subnet Mask 255 255 255 0 Connection PPPoE DHCP Server Yes IP Address Dace DNS 194 109 6 66 Default Gateway Taaa E Wireless LAN MAC Address 00 50 7F 00 00 00 Frequency Domain Europe Firmware Version 2 2 0 0 SSID DrayTek Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build ADSL Firmware Version Display the ADSL firmware version LAN MAC Address Display the MAC address of the LAN Interface 1 IP Address Display the IP address of the LAN interface 1 Subnet Mask Display the subnet mask address of the LAN interface DHCP Server Display the cur
150. to Point style authentication and authorization is required for bridging customer premises equipment CPE Point to Point Protocol over Ethernet PPPoE connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator This implementation provides users with significant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system And your IP address DNS server and other related information will usually be assigned by your ISP Below shows the menu items for Internet Access P PPPoE PPPOA H MPoA RFC1483 2684 3 1 2 PPPoE PPPoA PPPoA included in RFC1483 can be operated in either Logical Link Control Subnetwork Access Protocol or VC Mux mode As a CPE device Vigor router encapsulates the PPP session based for transport across the ADSL loop and your ISP s Digital Subscriber Line Access Multiplexer SDLAM To choose PPPoE or PPPoA as the accessing protocol of the internet please select PPPoE PPPoA from the Internet Access menu The following web page will be shown Vigor2710e ne Series User s Guide 16 Dr ay Te k Internet Access gt gt PPPoE PPPoA PPPoE PPPoA Client Mode PPPoE PPPoA Client Enab
151. to connect to Internet all the time you can check Always On Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action This setting is active only when the Active on demand option for Active Mode is selected in WAN gt gt General Setup page Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Notice that this setting is available for WANI only Type the additional WAN IP address and check the Enable box Then click OK to exit the dialog ZC WAN IP Alias Windows Internet Explorer ole SS htps192 1665 1 LdocW pAbas hin NW WAN IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool v zen vV Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Def
152. ttings a new web page will appear so that you could configure the settings of WEP and WPA Wireless LAN gt gt Security Settings Security Settings Mode WPA Dray Tek WPA Encryption Mode WEP For 64 bit WEP key Pre Shared Key PSK Encryption Mode TKIP Type 8 63 ASCII character or 64 Hexadecimal digits leading by Ox for example cfgsOla 2 or Ox65S5abcd Type 5 ASCII character or 10 Hexadecimal digits leading by Ox for example AB312 or Ox4142333132 For 126 bit WEP key Type 13 ASCII character or 26 Hexadecimal digits leading by Ox for example 0123456789abc or 0x30313233343536373839414243 OK Mode Disable Disable Turn off the encryption mechanism WEP lt Accepts only WEP clients and the encryption key should be entered in WEP Key WPA PSK Accepts only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clients and the encryption key should be entered in PSK Mixed WPA WPA2 PSK Accepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automatically negotiated via 802 1x authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde Type Select from Mixed WPA
153. ult the threshold and timeout values are set to 50 packets per second and 10 seconds respectively Enable UDP flood Check the box to activate the UDP flood defense function Once defense detecting the Threshold of the UDP packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout The default setting for threshold and timeout are 150 packets per second and 10 seconds respectively Enable ICMP flood Check the box to activate the ICMP flood defense function Similar defense to the UDP flood defense function once if the Threshold of ICMP packets from Internet has exceeded the defined value the router will discard the ICMP echo requests coming from the Internet The default setting for threshold and timeout are 50 packets per second and 10 seconds respectively Enable PortScan Port Scan attacks the Vigor router by sending lots of packets to Dr ay Tek 81 Vigor2710e ne Series User s Guide detection Block IP options Block Land Block Smurf Block trace router Block SYN fragment Block Fraggle Attack Block TCP flag scan Block Tear Drop Block Ping of Death Block ICMP Fragment Vigor2710e ne Series User s Guide many ports in an attempt to find ignorant services would respond Check the box to activate the Port Scan detection Whenever detecting this malicious exploration behavior by monitoring the port scan
154. urce Port Destination Port Name Type a name for this profile Protocol Specify the protocol s which this profile will apply to Source Destination Port Source Port and the Destination Port column are available for TCP UDP protocol It can be ignored for other protocols Vigor2710e ne Series User s Guide 90 Dr ay Te k The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type gt the port number greater than this value is available lt the port number less than this value is available for this profile Below is an example of service type objects settings Objects Setting gt Service Type Object Service Type Object Profiles Index Name i SIP EA RTP q 4 5 4 Service Type Group This page allows you to bind several service types into one group Objects Setting gt gt Service Type Group Service Type Group Table Setto Factory Default Group Name Group Name 1f e ee REE e me p e bat GA Ka Ka MA Jha Ibo Jha Ibo Jha IND o b k ja KPSEBBABBEBBEBE amp Set to
155. using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the over the air data protection and or privacy on your wireless network The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same time Separate the Wireless and the Wired LAN WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons To isolate means neither of the parties can access each other To elaborate an example for business use you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage For a more flexible deployment you may add filters of MAC addresses to isolate users access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of their connection Below shows the menu items for Wireless LAN H Station List 4 7 2 General Setup By clicking the General Settings a new web page will appear so that you could configure the SSID and the wireless channel Please refer to the following figure for more information Wireless LAN gt gt General Setup General Setting IEEE 602 11 Enable Wireless LAN Mode Mixed 11b 119 11n Index 1 15 in Schedule Setup
156. utsiders It also restricts users in the local network from accessing the Internet Furthermore it can filter out specific packets that trigger the router to build an unwanted outgoing connection Firewall Facilities The users on the LAN are provided with secured protection by the following firewall facilities User configurable IP filter Call Filter Data Filter Stateful Packet Inspection SPI tracks packets and denies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection IP Filters Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filter is applied to all traffic all of which should be outgoing It will check packets according to the filter rules If legal the packet will pass Then the router shall initiate a call to build the Internet connection and send the packet to Internet Data Filter When there is an existing Internet connection Data Filter is applied to incoming and outgoing traffic It will check packets according to the filter rules If legal the packet will pass the router The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively Outgoing Traffic
157. value is usually as same as the 1st IP address of the router which means the router is the default gateway DNS Server DNS stands for Domain Name System Every Internet host must Configuration have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Primary IP Address You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server If your ISP does not provide it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field Secondary IP Address You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provide it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status System Status System Uptime 0 37 7 IP Address TX Patre RA Pace 192 168 1 1 4906 3908 If both the Primary IP and Secondary IP Address fields are left empty the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by estab
158. x id x E x 15 x a x Status vw Active x Inactive Set to Factory Default Clear all profiles and recover to factory settings Index Click the number below Index to access into the setting page of schedule Status Display if this schedule setting is active or inactive You can set up to 15 schedules To add a schedule please click any index say Index No 1 The detailed settings of the call schedule with index are shown below Vigor2710e ne Series User s Guide 94 Dr ay Te k Applications gt gt Schedule Index No 1 Enable Schedule Setup Start Date yyyy mm dd 2000 1 Start Time hh mm Duration Time hh mm Idle Timeout lo minute s max 255 0 for default How Often Once Weekdays LJ Sun Mon Tue Wed Thu Fri LJ Sat OK Enable Schedule Setup Check to enable the schedule Start Date yyyy mm dd Specify the starting date of the schedule Start Time hh mm Specify the starting time of the schedule Duration Time hh mm Specify the duration or period for the schedule Action Specify which action Call Schedule should apply during the period of the schedule Force On Force the connection to be always on Force Down Force the connection to be always down Enable Dial On Demand Specify the connection to be dial on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once
159. y DNS Secondary DNS Click Finish Then the system status of this protocol will be shown 2 5 Online Status The online status shows the system status WAN status ADSL Information and other status related to this router within one page If you select PPPoE PPPoA as the protocol you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page Online status for PPPoE Online Status System Status System Uptime 0 14 53 LAN Status Primary DNS 194 109 6 66 Secondary DNS 168 95 1 1 IP Address TX Packets RX Packets 192 168 1 1 1242 1094 WAN 1 Status gt gt Dial PPPoE Enable Line Name Mode Up Time Yes ADSL PPPoE 00 00 00 IP GW IP TX Packets TX Rate Bps RX Packets RX Rate Bps D 0 0 0 Message PPP Shutdown ADSL Information ADSL Firmware Version 3431301_A ATM Statistics TX Cells RX Cells TX CRC errs RX CRC errs 0 D 0 0 ADSL Status Mode State Up Speed Down Speed SNR Margin Loop Att dra READY 0 0 A 0 Detailed explanation is shown below Primary DNS Displays the IP address of the primary DNS Secondary DNS Displays the IP address of the secondary DNS LAN Status IP Address Displays the IP address of the LAN interface Dr ay Tek 13 Vigor2710e ne Series User s Guide TX Packets RX Packets WANI Status Line Name Mode Up Time IP GW IP TX Packets TX Rate RX Packets RX Rate Displays the total transmitted packets at the LAN interface Displays the total nu
160. y Tek 43 Vigor2710e ne Series User s Guide 3 6 3 Time and Date It allows you to specify where the time of the router should be inquired from System Maintenance gt gt Time and Date Time Information Current System Time 2000 Jan 1 Sat 1 0 23 Inquire Time Time Setup Use Browser Time GG Use Internet Time Client Server IP Address pool_ntp arg Time Zone GMT Greenwich Mean Time Dublin Enable Daylight Saving Automatically Update Interval Current System Time Click Inquire Time to get the current time Use Browser Time Select this option to use the browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Server IP Address Type the IP address of the time server Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to activate daylight saving function Such feature is useful for some areas Automatically Update Interval Select a time interval for updating from the NTP server Click OK to save these settings 3 6 4 Reboot System The Web Configurator may be used to restart your router for using current configuration Click Reboot System from System Maintenance to open the following page System Maintenance gt gt Reboot System Reboot System Do you want to reboot your router Using current configuration OK Click OK The rout
Download Pdf Manuals
Related Search