Draytek Vigor2912 Owner's manual

  • Hello! I am an AI chatbot trained to assist you with the Draytek Vigor2912 Owner's manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Vigor2912 Series User’s Guide
ii
Vigor2912 Series User’s Guide
iii
Vigor2912 Series
Dual-WAN Security Router
User’s Guide
Version: 2.0
Firmware Version: V3.8.5
(For future update, please visit DrayTek web site)
Date: December 15, 2017
Vigor2912 Series User’s Guide
iv
Intellectual Property Rights (IPR) Information
Copyrights
© All rights reserved. This publication contains information that is protected by
copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval
system, or translated into any language without written permission from the copyright
holders.
Trademarks
The following trademarks are used in this document:
Microsoft is a registered trademark of Microsoft Corp.
Windows, Windows 95, 98, Me, NT, 2000, XP, Vista, 7 and Explorer are
trademarks of Microsoft Corp.
Apple and Mac OS are registered trademarks of Apple Inc.
Other products may be trademarks or registered trademarks of their respective
manufacturers.
Safety Instructions and Approval
Safety
Instructions
Read the installation guide thoroughly before you set up the router.
The router is a complicated electronic unit that may be repaired only be
authorized and qualified personnel. Do not try to open or repair the router
yourself.
Do not place the router in a damp or humid place, e.g. a bathroom.
The router should be used in a sheltered area, within a temperature range of +5 to
+40 Celsius.
Do not expose the router to direct sunlight or other heat sources. The housing and
electronic components may be damaged by direct sunlight or heat sources.
Do not deploy the cable for LAN connection outdoor to prevent electronic shock
hazards.
Keep the package out of reach of children.
When you want to dispose of the router, please follow local regulations on
conservation of the environment.
Warranty
We warrant to the original end user (purchaser) that the router will be free from any
defects in workmanship or materials for a period of two (2) years from the date of
purchase from the dealer. Please keep your purchase receipt in a safe place as it serves
as proof of date of purchase. During the warranty period, and upon proof of purchase,
should the product have indications of failure due to faulty workmanship and/or
materials, we will, at our discretion, repair or replace the defective products or
components, without charge for either parts or labor, to whatever extent we deem
necessary tore-store the product to proper operating condition. Any replacement will
consist of a new or re-manufactured functionally equivalent product of equal value, and
will be offered solely at our discretion. This warranty will not apply if the product is
modified, misused, tampered with, damaged by an act of God, or subjected to abnormal
working conditions. The warranty does not cover the bundled or licensed software of
other vendors. Defects which do not significantly affect the usability of the product will
not be covered by the warranty. We reserve the right to revise the manual and online
documentation and to make changes from time to time in the contents hereof without
obligation to notify any person of such revision or changes.
Be a Registered
Owner
Web registration is preferred. You can register your Vigor router via
http://www.DrayTek.com.
Firmware & Tools
Updates
Due to the continuous evolution of DrayTek technology, all routers will be regularly
upgraded. Please consult the DrayTek web site for more information on newest
firmware, tools and documents.
http://www.DrayTek.com
Vigor2912 Series User’s Guide
v
European Community Declarations
Manufacturer: DrayTek Corp.
Address: No. 26, Fu Shing Road, Hukou Township, Hsinchu Industrial Park, Hsinchu County, Taiwan 303
Product: Vigor2912 Series Router
DrayTek Corp. declares that Vigor2912 Series of routers are in compliance with the following essential
requirements and other relevant provisions of R&TTE 1999/5/EC, ErP 2009/125/EC and RoHS 2011/65/EU
.
The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by
complying with the requirements set forth in EN55022/Class B and EN55024/Class B.
The product conforms to the requirements of Low Voltage (LVD) Directive 2006/95/EC by complying with the
requirements set forth in EN60950-1.
This product is designed for 2.4GHz WLAN network throughout the EC region.
Regulatory Information
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part
15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio communications. However,
there is no guarantee that interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by turning the equipment off and
on, the user is encouraged to try to correct the interference by one of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and
(2) This device may accept any interference received, including interference that may cause undesired operation.
This equipment complies with RFCC radiation exposure limits set forth for an uncontrolled environment.
The antenna/transmitter should be kept at least 20 cm away from human body.
Please visit http://www.draytek.com for more detailed information.
Vigor2912 Series User’s Guide
vi
Vigor2912 Series User’s Guide
vii
T
T
a
a
b
b
l
l
e
e
o
o
f
f
C
C
o
o
n
n
t
t
e
e
n
n
t
t
s
s
Introduction...................................................................................................1
1.1 Web Configuration Buttons Explanation................................................................................. 2
1.2 LED Indicators and Connectors.............................................................................................. 3
1.2.1 Vigor2912/Vigor2912F......................................................................................................3
1.2.2 Vigor2912n/Vigor2912Fn.................................................................................................. 5
1.3 Hardware Installation .............................................................................................................. 7
1.4 Accessing Web User Interface................................................................................................8
1.5 Changing Password................................................................................................................ 9
1.6 Web Console, Config Backup & Exit..................................................................................... 10
1.6.1 Web Console.................................................................................................................. 10
1.6.2 Config Backup ................................................................................................................ 11
1.6.3 Logout............................................................................................................................. 11
1.7 Online Status......................................................................................................................... 12
1.7.1 Physical Connection.......................................................................................................12
1.7.2 Virtual WAN.................................................................................................................... 14
1.8 Saving Configuration............................................................................................................. 14
Quick Setup.................................................................................................15
2.1 Quick Start Wizard ................................................................................................................ 15
2.1.1 For WAN1 (Ethernet/Fiber) / WAN2 (Ethernet).............................................................. 17
2.1.2 For WAN2 (Wireless)...................................................................................................... 26
2.1.3 For WAN3 (USB)............................................................................................................35
2.2 Service Activation Wizard...................................................................................................... 37
2.3 VPN Client Wizard ................................................................................................................ 39
2.4 VPN Server Wizard............................................................................................................... 45
2.5 Wireless Wizard.................................................................................................................... 50
2.6 Registering Vigor Router....................................................................................................... 53
Tutorials and Applications.........................................................................55
3.1 How to configure settings for IPv6 Service in Vigor2912...................................................... 55
3.2 How can I get the files from USB storage device connecting to Vigor router?..................... 65
3.3 How to Build a LAN-to-LAN VPN Between Remote Office and Headquarter via IPsec Tunnel
(Main Mode)................................................................................................................................ 68
3.4 How to Optimize the Bandwidth through QoS Technology................................................... 72
3.5 QoS Setting Example............................................................................................................ 76
Vigor2912 Series User’s Guide
viii
3.6 How to use Landing Page Feature ....................................................................................... 80
3.7 How to Create an Account for MyVigor................................................................................. 84
3.7.1 Create an Account via Vigor Router............................................................................... 84
3.7.2 Create an Account via MyVigor Web Site ...................................................................... 88
3.8 How to Configure Certain Computers Accessing to Internet................................................ 92
3.9 How to Block Facebook Service Accessed by the Users via Web Content Filter / URL
Content Filter............................................................................................................................... 96
Advanced Configuration..........................................................................103
4.1 WAN.................................................................................................................................... 103
4.1.1 Basics of Internet Protocol (IP) Network....................................................................... 103
4.1.2 General Setup............................................................................................................... 105
4.1.3 Internet Access............................................................................................................. 110
4.1.4 Multi-VLAN.................................................................................................................... 139
4.2 LAN ..................................................................................................................................... 145
4.2.1 Basics of LAN ............................................................................................................... 145
4.2.2 General Setup............................................................................................................... 147
4.2.3 Static Route.................................................................................................................. 156
4.2.4 VLAN............................................................................................................................. 161
4.2.5 Bind IP to MAC............................................................................................................. 164
4.2.6 LAN Port Mirror............................................................................................................. 166
4.2.7 Web Portal Setup.......................................................................................................... 167
4.3 Load-Balance /Route Policy................................................................................................ 169
4.3.1 General Setup............................................................................................................... 170
4.3.2 Diagnose....................................................................................................................... 180
4.4 NAT ..................................................................................................................................... 182
4.4.1 Port Redirection............................................................................................................ 183
4.4.2 DMZ Host...................................................................................................................... 187
4.4.3 Open Ports.................................................................................................................... 190
4.4.4 Port Triggering.............................................................................................................. 192
4.5 Firewall................................................................................................................................ 195
4.5.1 Basics for Firewall......................................................................................................... 195
4.5.2 General Setup............................................................................................................... 197
4.5.3 Filter Setup ................................................................................................................... 202
4.5.4 DoS Defense ................................................................................................................ 212
4.6 User Management............................................................................................................... 216
4.6.1 General Setup............................................................................................................... 217
4.6.2 User Profile................................................................................................................... 218
4.6.3 User Group................................................................................................................... 222
4.6.4 User Online Status........................................................................................................ 223
4.7 Objects Setting.................................................................................................................... 224
4.7.1 IP Object....................................................................................................................... 225
4.7.2 IP Group ....................................................................................................................... 228
4.7.3 IPv6 Object................................................................................................................... 229
4.7.4 IPv6 Group.................................................................................................................... 231
4.7.5 Service Type Object ..................................................................................................... 232
4.7.6 Service Type Group...................................................................................................... 234
Vigor2912 Series User’s Guide
ix
4.7.7 Keyword Object ............................................................................................................ 235
4.7.8 Keyword Group............................................................................................................. 237
4.7.9 File Extension Object.................................................................................................... 238
4.7.10 SMS/Mail Service Object............................................................................................ 240
4.7.11 Notification Object....................................................................................................... 245
4.7.12 String Object............................................................................................................... 247
4.8 CSM Profile......................................................................................................................... 248
4.8.1 APP Enforcement Profile.............................................................................................. 249
4.8.2 URL Content Filter Profile............................................................................................. 252
4.8.3 Web Content Filter Profile............................................................................................. 257
4.8.4 DNS Filter Profile.......................................................................................................... 261
4.9 Bandwidth Management ..................................................................................................... 263
4.9.1 Sessions Limit............................................................................................................... 263
4.9.2 Bandwidth Limit ............................................................................................................ 265
4.9.3 Quality of Service.......................................................................................................... 267
4.10 Applications....................................................................................................................... 275
4.10.1 Dynamic DNS............................................................................................................. 275
4.10.2 LAN DNS.................................................................................................................... 279
4.10.3 Schedule..................................................................................................................... 282
4.10.4 RADIUS...................................................................................................................... 284
4.10.5 Active Directory/ LDAP............................................................................................... 285
4.10.6 UPnP........................................................................................................................... 288
4.10.7 IGMP........................................................................................................................... 289
4.10.8 Wake on LAN.............................................................................................................. 290
4.10.9 SMS / Mail Alert Service............................................................................................. 291
4.10.10 Bonjour ..................................................................................................................... 293
4.11 VPN and Remote Access.................................................................................................. 296
4.11.1 Remote Access Control.............................................................................................. 297
4.11.2 PPP General Setup .................................................................................................... 298
4.11.3 IPsec General Setup................................................................................................... 300
4.11.4 IPsec Peer Identity...................................................................................................... 302
4.11.5 Remote Dial-in User ................................................................................................... 304
4.11.6 LAN to LAN................................................................................................................. 307
4.11.7 VPN TRUNK Management......................................................................................... 318
4.11.8 Connection Management ........................................................................................... 323
4.12 Certificate Management.................................................................................................... 324
4.12.1 Local Certificate.......................................................................................................... 325
4.12.2 Trusted CA Certificate ................................................................................................ 329
4.12.3 Certificate Backup....................................................................................................... 331
4.13 Wireless LAN .................................................................................................................... 332
4.13.1 Basic Concepts........................................................................................................... 332
4.13.2 General Setup............................................................................................................. 334
4.13.3 Security....................................................................................................................... 337
4.13.4 Access Control............................................................................................................ 339
4.13.5 WPS............................................................................................................................ 340
4.13.6 WDS............................................................................................................................ 344
4.13.7 Advanced Setting........................................................................................................ 347
4.13.8 Station Control............................................................................................................ 350
4.13.9 AP Discovery.............................................................................................................. 351
4.13.10 Airtime Fairness........................................................................................................ 352
4.13.11 Station List................................................................................................................ 354
4.14 SSL VPN........................................................................................................................... 354
4.14.1 General Setup............................................................................................................. 355
Vigor2912 Series User’s Guide
x
4.14.2 SSL Web Proxy .......................................................................................................... 356
4.14.3 SSL Application .......................................................................................................... 357
4.14.4 User Account.............................................................................................................. 360
4.14.5 User Group................................................................................................................. 364
4.14.6 Online User Status...................................................................................................... 366
4.15 USB Application ................................................................................................................ 367
4.15.1 USB General Settings................................................................................................. 367
4.15.2 USB User Management.............................................................................................. 370
4.15.3 File Explorer................................................................................................................ 372
4.15.4 USB Device Status..................................................................................................... 373
4.15.5 Modem Support List.................................................................................................... 374
4.15.6 SMB Client Support List.............................................................................................. 374
4.16 System Maintenance......................................................................................................... 376
4.16.1 System Status............................................................................................................. 376
4.16.2 TR-069........................................................................................................................ 378
4.16.3 Administrator Password.............................................................................................. 381
4.16.4 User Password ...........................................................................................................383
4.16.5 Login Page Greeting................................................................................................... 387
4.16.6 Configuration Backup ................................................................................................. 389
4.16.7 Syslog/Mail Alert......................................................................................................... 392
4.16.8 Time and Date............................................................................................................ 395
4.16.9 SNMP.......................................................................................................................... 397
4.16.10 Management............................................................................................................. 399
4.16.11 Self-Signed Certificate.............................................................................................. 402
4.16.12 Reboot System......................................................................................................... 404
4.16.13 Firmware Upgrade.................................................................................................... 405
4.16.14 Activation.................................................................................................................. 406
4.17 Diagnostics........................................................................................................................ 408
4.17.1 Dial-out Triggering...................................................................................................... 408
4.17.2 Routing Table ............................................................................................................. 409
4.17.3 ARP Cache Table....................................................................................................... 410
4.17.4 IPv6 Neighbour Table................................................................................................. 410
4.17.5 DHCP Table................................................................................................................ 411
4.17.6 NAT Sessions Table................................................................................................... 412
4.17.7 DNS Cache Table....................................................................................................... 413
4.17.8 Ping Diagnosis............................................................................................................ 415
4.17.9 Data Flow Monitor....................................................................................................... 416
4.17.10 Traffic Graph............................................................................................................. 418
4.17.11 Trace Route.............................................................................................................. 419
4.17.12 Syslog Explorer......................................................................................................... 420
4.17.13 IPv6 TSPC Status..................................................................................................... 421
4.17.14 DoS Flood Table....................................................................................................... 422
4.18 External Devices............................................................................................................... 424
Trouble Shooting......................................................................................425
5.1 Checking If the Hardware Status Is OK or Not.................................................................... 425
5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not ................. 426
5.3 Pinging the Router from Your Computer............................................................................. 429
5.4 Checking If the ISP Settings are OK or Not........................................................................ 430
5.5 Problems for 3G Network Connection ................................................................................ 430
Vigor2912 Series User’s Guide
xi
5.6 Backing to Factory Default Setting If Necessary ................................................................ 431
5.7 Contacting DrayTek............................................................................................................. 433
Appendix I: VLAN Applications on Vigor Router ........................................................435
Vigor2912 Series User’s Guide
1
I
I
n
n
t
t
r
r
o
o
d
d
u
u
c
c
t
t
i
i
o
o
n
n
Vigor2912 series is a broadband router which integrates IP layer QoS, NAT
session/bandwidth management to help users control works well with large bandwidth.
By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DES, the
router increases the performance of VPN greatly, and offers several protocols (such as
IPsec/PPTP/L2TP) with up to 16 VPN tunnels.
The object-based design used in SPI (Stateful Packet Inspection) firewall allows users to set
firewall policy with ease. CSM (Content Security Management) provides users control and
management in IM (Instant Messenger) and P2P (Peer to Peer) more efficiency than before.
By the way, DoS/DDoS prevention and URL/Web content filter strengthen the security
outside and control inside. Object-based firewall is flexible and allows your network be safe.
In addition, Vigor2912 series supports USB interface for connecting USB printer to share
printing function or 3G USB modem for network connection.
Vigor2912 series provides two-level management to simplify the configuration of network
connection. The user mode allows user accessing into WEB interface via simple configuration.
However, if users want to have advanced configurations, they can access into WEB interface
through admin mode.
Vigor2912 Series User’s Guide
2
1
1
.
.
1
1
W
W
e
e
b
b
C
C
o
o
n
n
f
f
i
i
g
g
u
u
r
r
a
a
t
t
i
i
o
o
n
n
B
B
u
u
t
t
t
t
o
o
n
n
s
s
E
E
x
x
p
p
l
l
a
a
n
n
a
a
t
t
i
i
o
o
n
n
Several main buttons appeared on the web pages are defined as the following:
Save and apply current settings.
Cancel current settings and recover to the previous saved settings.
Clear all the selections and parameters settings, including selection from
drop-down list. All the values must be reset with factory default settings.
Add new settings for specified item.
Edit the settings for the selected item.
Delete the selected item with the corresponding settings.
Note: For the other buttons shown on the web pages, please refer to Chapter 3, 4 for detailed
explanation.
Vigor2912 Series User’s Guide
3
1
1
.
.
2
2
L
L
E
E
D
D
I
I
n
n
d
d
i
i
c
c
a
a
t
t
o
o
r
r
s
s
a
a
n
n
d
d
C
C
o
o
n
n
n
n
e
e
c
c
t
t
o
o
r
r
s
s
Before you use the Vigor router, please get acquainted with the LED indicators and connectors
first.
1
1
.
.
2
2
.
.
1
1
V
V
i
i
g
g
o
o
r
r
2
2
9
9
1
1
2
2
/
/
V
V
i
i
g
g
o
o
r
r
2
2
9
9
1
1
2
2
F
F
LED Status Explanation
Blinking The router is powered on and running normally. ACT (Activity)
Off The router is powered off.
On The Web Content Filter is active. (It is enabled from
Firewall >> General Setup).
WCF
Off The Web Content Filter is inactive.
QoS
On The QoS function is active.
On The DoS/DDoS function is active. DoS
Blinking It will blink while detecting an attack.
On The port is connected.
Off The port is disconnected.
LAN (P4~P1)
Blinking The data is transmitting.
On Internet connection is ready.
Off Internet connection is not ready.
WAN(W2~W1)
Blinking The data is transmitting.
VPN On The VPN tunnel is active.
On USB device is connected and ready for use. USB
Blinking The data is transmitting.
Vigor2912 Series User’s Guide
4
Interface
Description
PWR
Connecter for a power adapter.
ON/OFF
Power Switch.
USB Connecter for a USB device (for 3G/4G USB Modem or printer).
W1 (Vigor2912) Connecter an ADSL or cable modem for accessing Internet (WAN).
W1 (Vigor2912F) Fiber connection (100Mbps) for accessing the Internet.
W2/P1 Connecter an ADSL or cable modem for accessing Internet (WAN); or
connecter for local network devices (LAN).
This connector is switchable for LAN and WAN connection.
P2~P4 Connecters for local network devices (LAN).
Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is
blinking). Press the hole and keep for more than 5 seconds. When you
see the ACT LED begins to blink rapidly than usual, release the button.
Then the router will restart with the factory default configuration.
Vigor2912 Series User’s Guide
5
1
1
.
.
2
2
.
.
2
2
V
V
i
i
g
g
o
o
r
r
2
2
9
9
1
1
2
2
n
n
/
/
V
V
i
i
g
g
o
o
r
r
2
2
9
9
1
1
2
2
F
F
n
n
LED Status Explanation
Blinking The router is powered on and running normally. ACT (Activity)
Off The router is powered off.
On The Web Content Filter is active. (It is enabled from
Firewall >> General Setup).
WCF
Off The Web Content Filter is inactive.
QoS
On The QoS function is active.
On
Wireless access point is ready.
WLAN
Blinking
It will blink slowly while wireless traffic goes through.
ACT and WLAN LEDs blink quickly and
simultaneously when WPS is working, and will return
to normal condition after two minutes. (You need to
setup WPS within 2 minutes.)
On The port is connected.
Off The port is disconnected.
LAN (P4~P1)
Blinking The data is transmitting.
On Internet connection is ready.
Off Internet connection is not ready.
WAN(W2~W1)
Blinking The data is transmitting.
VPN On The VPN tunnel is active.
On USB device is connected and ready for use. USB
Blinking The data is transmitting.
Vigor2912 Series User’s Guide
6
Interface Description
PWR
Connecter for a power adapter.
ON/OFF Power Switch.
USB Connecter for a USB device (for 3G/4G USB Modem or printer).
W1 (Vigor2912n) Connecter an ADSL or cable modem for accessing Internet (WAN).
W1 (Vigor2912Fn) Fiber connection (100Mbps) for accessing the Internet.
W2/P1 Connecter an ADSL or cable modem for accessing Internet (WAN); or
connecter for local network devices (LAN).
This connector is switchable for LAN and WAN connection.
P2~P4 Connecters for local network devices (LAN).
Wireless LAN
ON/OFF/WPS
Press "Wireless LAN ON/OFF/WPS" button once to wait for client
device making network connection through WPS.
Press "Wireless LAN ON/OFF/WPS" button twice to enable (WLAN
LED on) or disable (WLAN LED off) wireless connection.
Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is
blinking). Press the hole and keep for more than 5 seconds. When you
see the ACT LED begins to blink rapidly than usual, release the button.
Then the router will restart with the factory default configuration.
Vigor2912 Series User’s Guide
7
1
1
.
.
3
3
H
H
a
a
r
r
d
d
w
w
a
a
r
r
e
e
I
I
n
n
s
s
t
t
a
a
l
l
l
l
a
a
t
t
i
i
o
o
n
n
Before starting to configure the router, you have to connect your devices correctly.
1. Connect the cable Modem/DSL Modem/Media Converter to any WAN port of router
with Ethernet cable (RJ-45).
2. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of the router and
the other end of the cable (RJ-45) into the Ethernet port on your computer.
3. Connect one end of the power adapter to the router’s power port on the rear panel, and
the other side into a wall outlet.
4. Power on the device by pressing down the power switch on the rear panel.
5. The system starts to initiate. After completing the system test, the ACT LED will light
up and start blinking.
(For the hardware connection, we take “n” model as an example.)
Vigor2912 Series User’s Guide
8
1
1
.
.
4
4
A
A
c
c
c
c
e
e
s
s
s
s
i
i
n
n
g
g
W
W
e
e
b
b
U
U
s
s
e
e
r
r
I
I
n
n
t
t
e
e
r
r
f
f
a
a
c
c
e
e
1. Make sure your PC connects to the router correctly.
You may either simply set up your computer to get IP dynamically from the router or set
up the IP address of the computer to be the same subnet as the default IP address of
Vigor router 192.168.1.1. For the detailed information, please refer to the later section -
Trouble Shooting of the guide.
2. Open a web browser on your PC and type http://192.168.1.1. The following window
will be open to ask for username and password.
3. Please type “admin/admin” as the Username/Password and click Login.
Notice: If you fail to access to the web configuration, please go to “Trouble
Shooting” for detecting and solving your problem.
4. Now, the Main Screen will appear.
Note: The home page will be different slightly in accordance with the type of the
router you have.
/