UG-Vigor3300Vplus-V1..
Contents
1. anal vigor 3300 pps Mu ok he Your reliable networking solutions partner User s Guide V1 1 Dray Te k ii Vigor3300V Series User s Guide Vigor3300 V Multi WAN Security Router User s Guide Version 1 1 Firmware Version V2 6 3 Date 23 08 2010 Vigor3300V Series User s Guide iii Dray Te k Copyright Information Copyright Declarations Trademarks Copyright 2010 All rights reserved This publication contains information that is protected by copyright No part may be reproduced transmitted transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders The following trademarks are used in this document Microsoft is a registered trademark of Microsoft Corp e Windows Windows 95 98 Me NT 2000 XP Vista and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Inc Other products may be trademarks or registered trademarks of their respective manufacturers Safety Instructions and Approval Safety Instructions Warranty Be a Registered Owner Firmware amp Tools Updates Dray Tek Read the installation guide thoroughly before you set up the router The router is a complicated electronic unit that may be repaired only be authorized and qualified personnel Do not try to open or repair the router yourself Do not place the router in a damp or hu2. 300 600 Seconds Seconds 5060 Allow registrations Timeout for an RTP stream Default expires VoIP SIP local port Apply Dray Tek Apply Cancel Click Enable to enable the SIP ALG function Set the listen incoming SIP message port range 1 65535 Set the starting value of RTP port range used by SIP ALG range 1 65535 For example if you set 7070 as RTP port start value the SIP ALG will use 7070 including 7070 and port value after for RTP transmission Limit the registration condition for the clients in LAN Anyone All the SIP devices under NAT can finish the registration through SIP ALG Register from Specify a network segment for registration Only the IP addresses within the same segment are allowed to do registration If there is no data transmitted within the time such RTP stream will be discarded Set the expire time for SIP ALG to send out SIP message Type the port number for SIP protocol for VoIP The default value is 5060 Click Apply to save the setting and go to System Reboot to reboot the device for activating the setting 148 Vigor3300V Series User s Guide 4 4 Firewall Setup The firewall controls the allowance and denial of packets through the router The Firewall Setup in the Vigor 3300 Series mainly consists of packet filtering Denial of Service DoS and URL Universal Resource Locator content filtering facilities These firewall filters hel
3. Preshared Key Security Protocol ESP v NAT Traversal Enable Netbios Naming Packet Block Local Gateway WAN Interface VAN1 Local Certificate Security Gateway default Network IP Subnet Mask i Next hop default Remote Gateway Remote ID DHCP over IPSec OFF Security Gateway C0 0 0 0 for dynamic client Network IP SubnetMask i C0 0 0 0132 for dynamic client Apply Cancel Profile Status Set the initialization of IPSec Tunnel with this profile settings Enable Choose this one to invoke this profile manually In addition to select Enable you have to click Initiate under the page of VPN IPSec Tunnel Policy Table Always On Choose this one to invoke this profile automatically by the system for every 30 seconds Disable Choose this one to inactivate this profile Profile Status Enable w Enable Disable Always On Name The name for VPN connection ex VPN1 The maximum length of name is 20 characters including spaces Authentication The authentication to be used by PreShared Key or RSA Signature Authentication Preshared Key Freshared Fey RSA Signature PreShared Key The shared key for peer identification The maximum length is 40 characters including spaces Security Protocol AH Specify the IPSec protocol for the Authentication Header protocol The data will be authenti
4. Private Port Range Use IP Alias Public IP Vigor3300V Series User s Guide O Disable Enable Test 88 120 192 168 1 69 92 124 WAN Interface OIP Alias O ALL VANI v Apply Cancel Enable or disable this function Assign a name for this entry The maximum is 20 characters Assign the transport layer protocol with TCP or UDP Assign a port range from starting to end public port number The port range is from 1 to 65535 Assign a local IP address to be transferred into Assign a port range from starting to end private port number Disable option uses IP address of WAN interface Enable option uses IP alias addresses Determine which channel will be used to perform port redirection port forwarding Wan interface port redirection will be done via WAN IP IP Alias port redirection will be done via WAN IP alias ALL port redirection will be done via WAN IP or WAN IP alias 131 Dray Tek WAN Interface It is a pull down window user can select one specific WAN interface IP Alias It is a pull down window user can select one specific IP address assigned in IP Alias group of WAN interfaces Click Apply to reboot the system and apply the settings Note The port forwarding function could redirect the Internet traffic which has the destination port within the public port range and has the same IP address as WAN Interface or IP Alias that you set Please redirect only the por
5. Disable Enable Apply Cancel Port Click Enable to activate this port or Disable to close this port Default SIP Accounts Use the drop down list to choose one item as the default SIP account VoIP IP Address The interface is used to apply VoIP traffics There are two options WAN and LAN VPN If LAN VPN is selected VoIP can be applied through a VPN tunnel to create a high security voice phone Hotline Hotline Number to Internet Pre set a phone number to make the port dialing out to Internet automatically Hotline Number to PBX Pre set a phone number to make the port dialing out to PBX automatically FXO Manual Disconnection Click Disconnect to disconnect this phone line manually Vigor3300V Series User s Guide 203 Dray Tek Codec CAS FAX DTMF Dray Tek Preferred Codec It can be applied on this port Vigor3300 supports five Codecs The default setting is G 729A You can choose another one as preferred Codec for outgoing calls G 729A 8kbps M G 1L1U PCHO 64kbps G 711 i PCHA b4k bps G 7294 Skbps G 723 1 63kbps G 726 32kbps Single Codec If you checked this box only preferred codec will be used for outgoing and incoming calls And if the remote end does not support such Codec the VoIP communication will be failed Codec Rate Type the rate value to be applied on this port Codec VAD Enable or Disable VAD Voice Activity Detection It can detect wheth
6. EEE WANT IP Address 172 716 100 710 MAC Address 00 50 7f28 860e5 Primary DNS 172 16 100 1 Secondary OMS Gateway 172 168 100 1 Rs Packets 96 Ta Packets 100 Connection Status connected Wp Time O days 0 hours 4 minutes 61 seconds For PPTP Mode 1 Check if the settings of Username and Password are correct or not 2 Check if the setting of Authentication is correct or not You may need to try both PAP and CHAP 3 Check if the value of PPTP Local Address PPTP Subnet Mask and PPTP Remote Address are correct or not static DHCP Bid ieee DMZ Configuration Beat hee Configuration User Mame draytek FFTF Local Address 10 0 0 150 Authentication PPTP Server Address 10 0 0 137 4 After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings Basic Status LAN Status EEE WANT IP Address 61 2350 208 202 MAC Address OOO recone Primary OMS 194 109 6 66 Secondary ONS 194 958 0 1 Gateway 661 230 208 245 Rs Packets 34i Ts Packets of Connection status connected Up Time O days O hours 4 minutes 39 seconds Disconnect Dray Te k 226 Vigor3300V Series User s Guide 5 5 Backing to Factory Default Setting If Necessary Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Q Warning After pressing factory default set
7. others oo e Apply Cancel Clear All Disable Enable Click Disable to close this setting Click Enable to activate this setting Index It represents the number for each queue Class Name Please type the name for each queue Bandwidth Please type the usage percentage for each queue Apply Click this button to apply all the settings set in this page Vigor3300V Series User s Guide 163 Dray Te k 4 5 2 Incoming Outgoing Class Filter Click the QoS option and choose Incoming Class Filter Outgoing Class Filter QoS Incoming Class Filter Priority Source IP Destination IP Service Type Status DiffServ CodePoint Status Class 1 2 O 3 O 4 5 O 6 O 7 O 8 O g O 10 O 1 Delete Delete All Priority You are allowed to set ten filters The priority for the filter of number 1 is the highest and the priority for number 10 is the lowest Source IP Display the source IP address for the filter Destination IP Display the destination IP address for the filter Service Type Status Display the service type that you choose for the filter DiffServ CodePoint Status Display the setting for DiffServ CodePoint Class Display the class name that you specified for the incoming outgoing class filter Edit Click this button to open the edit page for adjusting the settings Delete Delete All Click this button to delete the selected setting or all settings To edit an incoming class filter please choose one of the radio butto
8. VoIP Status Refresh Option No Refresh v Refresh caustatus Cal Caller Callee start time RemoteRTP_ RemoteRTP rrp i Packet yay DIME 1 1 Idle 2 1 Idle 3 1 Idle 4 1 Idle 5 1 Idle 5 2 Idle 6 1 Idle 6 2 Idle 7 1 Idle 7 2 Idle 8 1 Idle 8 2 Idle PS Packets Sent OS Octets Sent PR Packets Received R Octets Received PL Packets Lost Jl Interarrival Jitter Estimate ms LA Avg TX Delayfims Refresh Option You can click Refresh to get the latest status information for these VoIP phones In addition you can set the time interval of refreshing Use the drop down list of Refresh Option to choose an automatic refreshing setting If you choose No Refresh the system will not refresh this page until you click Refresh button Ho Refresh wt Refresh Ho Retresh Every 10 Seconds Every 20 Seconds Every 30 Seconds Call Status The calling status Call Type The dialing direction for this call ncoming Outgoing Caller Number The phone number of the caller Callee Number The phone number of the receiver Start Time The starting time of the call Remote RTP Address The IP address of the remote voice site Remote RTP Port The used port number of the remote voice site Codec Type The Codec mode used for this phone call Packet Period The period of time for sampling on voice signal VAD The status of VAD DTMF Relay The status of DTMF Vigor3300V Series User s Guide 217 Dray Tek
9. VolP IP Address WAN v 5 Set Port 2 Port 8 one by one in turn Type Port 1 Port 4 are ISDN NT Port 5 Port 8 are ISDN TE Active Port 1 Port 8 are all active v Enable SIP Account Accounts of Port Port 8 Codec Port 1 Port 8 all prior use G 729A 8kbps Vigor3300V Series User s Guide 57 Dray Te k Dray Tek VoIP Port Settings Type ISDN NT ISDN NT ISDN NT ISDN NT ISDN TE ISDN TE ISDN TE ISDN TE Active SIP Account V 1 i 3 1001 1002 1003 1004 1005 1006 1007 1008 Supplemental EENE Hotline Mic Spk Gain FAX Codec DTMF 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 Check the VoIP Status Please enter the VoIP Status SIP Status page first and wait one or two minutes The time depends on SIP Server s response speed and the network condition OK means the registration is successful Failed means the registration is failed VoIP SIP Status Refresh Option Aa wN a H o N O Register Status No Refresh 9 10 11 12 13 14 15 16 v Refresh Register Status Register Status Register Status 17 25 18 26 19 27 20 28 21 29 22 30 23 31 24 32 Next please enter VoIP Status Port Status This page will display ca
10. Load Balance Backup Edit IP Mode Active Default Route Load Balance Dray Tek Disable O Enable Disable O Enable Auto Weight Backup Master IP Mode Active Default Route Load Balance Weight Backup Slave VolP Static Not Set Not Set Not Set Apply Cancel Enables or disables the WAN load balance function The Auto Weight option becomes available if Enable mode is selected Load Balance allows the router distributing data in and out of the Internet by using different WAN interfaces at the same time Enables or disables backup function for WAN interfaces If you enable this function the backup master backup slave will execute the job of master slave device when the master slave device fails to work Open the configuration page of this WAN interface Display current mode of this WAN interface There are five options Static DHCP PPPoE PPTP and DHCP Activates closes this WAN interface Set this WAN interface as default route interface Adds this WAN interface to the load balance group 108 Vigor3300V Series User s Guide Weight Set the weight load 10 90 for this WAN interface for load balance This selection is available only when Auto Weight is unchecked Backup Master Set this WAN interface as a master interface WANI must be assigned as Master interface if Backup function is enabled Backup Slave Set this WAN interface as a slave interface VoIP Set this WAN interface
11. Adapters with LANS must be connected to network devices that support the IEEE 602 10 specification When you configure the WYLAN SoS Packet Tagging is automatically enabled GEA NOTE After creating the VLAN the adapter associated vith the VLAN briefly loses network connectivity 10 Now the Desktop Adapter VLAN dialog will appear as follows Please click OK Intel R PRO 100 S Desktop Adapter VLAN VLANSP PF X General Settings Advanced Driver Intel R PR07100 5 Desktop Adapter WLAN YLANS Device type Network adapters Manufacturer Intel Location Unknown Device status This device is working properly IF vou are having problems with this device click Troubleshoot to start the troubleshooter Device usage Use this device enable w Dray Te k 28 Vigor3300V Series User s Guide Next time if you want to check VLAN setting again please open Settings tag to modify it Intel R PRO 100 S Desktop Adapter VLAN VLAN5P 7 X General Settings Advanced Driver intel Virtual LAN Settings WLAN ID Remove WLAN VLAN Hame LANE Untagged WLAN Associated adapter Intel A PR01100 S Desktop Adapter Properties WLAN ID Type a new number for the Y LAN inthe VLAH ID box The VLAN ID must match the VLAN ID configured on the switch a HOTE amp VLAM ID of 1 is often reserved Check t
12. Disable Choose this one to inactivate this profile Type a name for this group LAN subnet of this device LAN subnet of the remote client Specify which tunnel will be included in this trunk You can choose up to four tunnels at one time Determine how many flow rates can pass through on this tunnel For example type 1 for tunnel and type 4 for tunnel 2 If such device has 5 packets needing to send to the remote subnet it will send 4 packets through tunnel 2 and 1 packet through tunnel 1 Check this box to enable VPN tunnel backup Choose the master and salve roles for this backup configuration After finish the configuration click Apply to apply the group table setting Log At any time you can click VPN gt gt IPSec gt gt Log to monitor the VPN tunnel status The log is helpful for solving some setting problems The system will keep the 100 most recent messages Click Clear to clear the log VPN IPSec Log Refresh Clear Date Time Description 1 04 37 06 12 08 connection 1_Research is deleted 2 04 36 47 12 08 connection 1_Research is added Refresh Clear Dray Tek 180 Vigor3300V Series User s Guide Date Time It displays the date and time for the operation of IPSec Description It displays the results of the IPSec operation Refresh It allows you to refresh the whole table Clear It allows you to clear all the table information Trust CA This page allows you to set up the CA configu
13. Porti FxS _ 888829 ipte _ G 729a Suppose the number of PBX s Outside Line is 12345678 One Inside Line is connected to a telephone with the extension 101 If you want to use PSTN from the extension you must firstly press 0 and then dial the phone number The FXO Port5 on the 3300V is connected to PBX s Inside Line with the number 102 The number of another PSTN line is 87654321 About VoIP basic settings please refer to VoIP Example 1 Basic configuration and registration Start to dial by using telephones Phone 1 calls Phone 2 gt Press extension 102 After getting through you will hear the dial tone then press the VoIP number 888833 Phone 1 calls Phone 3 gt Press extension 102 After getting through you will hear the Dial tone then press the VoIP number 888829 Phone 2 calls Phone 1 gt Press 888835 After getting through you will hear the Dial tone then press the extension 101 Phone 2 calls Phone 4 gt Press 888835 After getting through you will hear the Dial tone Press outside line 0 then press 87654321 Phone 3 calls Phone 1 gt Press 888835 After getting through you will hear the Dial tone then press the extension 101 Phone 3 call Phone 4 gt Press 888835 After getting through you will hear the Dial tone Press outside line 0 then press 87654321 Phone 4 calls Phone 2 gt Press 12345678 After getting through you will hear the auto reply from the PBX then press the e
14. UNIS IOS os tersetspsteccntctvns oeasicistrs EE E A T d gsejensaneiesaceseee 14 2r e PN MOG seee EE E E E E E 17 DO FOES e a A E E A E E E 18 ZO E A A E EE E A E O E E 21 Chapter 3 Applications cccsssccssssescesseseessesceseeseseeseeseeseesseeoaneesoaseesonseesonseesensessonness 23 3 1 Appli ation MOF 802 1 VLAN a anscussmnatanasannseuanenasaaniaasiancniud dupe iaa reaa dania a A eena iniiai 23 3 1 1 Block LAN to LAN Communication 2 0 0 cccccccccccceeeceeaeeeeeeeeeeeeesaeeeeceeeeesseeeaeeeeeeeeeessaaaeeeeeeess 23 3 1 2 How to Check Edit VLAN ID on Your PC 0 0 0 cccccceeeeeceeceeeeeceeeeeeeeeeesesseeeeeeeeeesseaaaeeeeeeeseaaas 24 3 1 3 Four VLANs for Different Departments in A COMPANY cc cccecccccseeeeeeeeeeeeeeeeeeaeeeeeeeaaaees 30 3 1 4 Two VLANs for Different Departments in A Company cccccceeeceeceeeeeeeeecueeeeeeeeaeaeeeesaaaees 32 3 1 5 Example for the Companies in the Same Building ccccccssseecceeeeesseeseeeeeeeeeeeseeseeeeeeeeeaas 34 3 1 6 Example for A Company and GUEST ccceccccccccceeeeeeeeeeeeeeeeeseeseeeeeeeessseeseeeeeeessaaeeeeeeeeeeesaaas 36 3 1 7 Example TOF Trunk Usage vevesscnsavesiandcsastsnnsiasauceinbssvansesasdoansnhortanduseseunieisadadsieduantstauaimcnsaancentegs 38 D2 AD ON CallOll OEN P a E E E E N A 40 a NG EXO ane E E E ace is E A E EE EA EAN 40 3 2 2 Practical Application of FXS card with PBX cccccccccsseeeeeeeeeeseeeeeseeeeeeeeeseaeeeeseaeeeeeessaaees
15. and click Edit The following page will be shown automatically Vigor3300V Series User s Guide 161 Dray Te k Firewall IM P2P Blocking Edit Action Allow Disallow IM Cl MSN CI Yahoo Messenger cea C AM O aa C iChat Fi Google Talk CI Web IM httipvwww e messenger net CL Web MSN hitpwebmessenger msn com VoIP C Skype P2P Protocol Applications C SoulSeek SoulSeek O eDonkey eDonkey eMule Shareaza C FastTrack Kaza iMesh Cl Gnutella BearShare Limewire Shareaza Foxy Cl BitTorrent BitTorrent BitSpirit BitComet Apply Cancel Source IP Specify an IP address for Vigor router to perform IM P2P blocking Subnet Mask Type the subnet mask for the IP address specified Action Choose Allow to make the packet passing through Choose Disallow to block the packet in or out IM VoIP P2P Check the boxes for different applications filtering by this rule 4 5 Quality of Service Setup The QoS Quality of Service guaranteed technology in the Vigor 3300 Series allows the network administrator to monitor analyze and allocate bandwidth for various types of network traffic in real time and or for business critical traffic Thus timing sensitive applications will not be impacted by web surfing traffic or other non critical applications such as file transfer Without QoS guaranteed control there would be virtually no way to prioritize users services or guarantee allocation of finite bandwidth resources to network or serve
16. 5 5 5 5 Firewall Off i QoS Off LNK i LAN 1 2 3 4 Off 100 jo Off a Vigor3300V Series User s Guide WAN DMZ 1 2 3 4 Hi Explanation The router is powered on The router is powered off The router is powered on and running normally The router is not ready or failed The WAN connection is ready It will blink while transmitting data VPN tunnel is up and down VPN tunnel is closed The Firewall function is active The Firewall function is inactive The QoS function is active The QoS function is inactive The Ethernet link is established on corresponding port No Ethernet link is established It means that a normal 100 Mbps connection is through its corresponding port It means that a normal 10 Mbps connection is through its corresponding port It means a full duplex connection on corresponding port It means a half duplex connection on corresponding port The Ethernet link is established The data transmission is done through the corresponding port No Ethernet link is established It means that a normal 1OOMbps connection is through its corresponding port It means that a normal 1OMbps connection is through its cea port It means a full duplex connection on corresponding port It means a half duplex connection on corresponding port i Dray Tek For the router supports functions of FXS FXO ISDN S0 TE ISDN ALL TE modules that are opti
17. D Prefix Add 886 SIP IP Address draytek com Inter Digit TimeOut 4 Memo Dial to Taiwan Match String Set the pattern of a dialplan entry It is composed by digits 0 9 and special symbols which includes dot brackets hyphen letter X and letter T The letter X means any digit The dot symbol means repeat of the previous symbol Dray Te k 206 Vigor3300V Series User s Guide Min Length Max Length Prefix Strip Prefix Add SIP IP Address Inter Digit TimeOut Memo Vigor3300V Series User s Guide The brackets and hyphen are used for a range of digits The letter T means waiting for timeout value while matches this pattern Matched string ex 9011x T maximum 63 characters Set the minimum length of digits range 0 63 default 0 Set the Maximum length of digits range 0 63 default 32 Set the number of prefix digits to strip range 0 63 For example if you set 1 here Vigor3300V will delete the first digit of the phone number If you set a number in Prefix Add Vigor3300V will use that one instead Set the Prefix string to be added 1 none maximum 63 char For example if you set 886 here Vigor3300V will delete the digit of the phone number based on the setting on Prefix Strip and use 886 instead Set the Remote SIP IP address or domain name Type 0 for non specific address Override the inter digits timeout range 1 60 sec default 4 sec Even if you
18. Diagnostic Tools Data Flow Monitor Disable O Enable Refresh Seconds 10 vl Index IP Address TX rate Kbps RX rate Kbps NAT sessions Action Hote Refresh 1 Click Block to prevent specified PC from surfing Internet for 5 minutes OO 2 The IP blocked by the router will be shown in red and Action column will display the expire time left Disable Enable Click Enable to invoke this function Index Display the number of the data flow IP Address Display the IP address of the monitored device TX rate kbps Display the transmission speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Dray Te k 106 Vigor3300V Series User s Guide Sessions Display the session number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock the device with the IP address will be blocked in five minutes The remaining time will be shown on the session column Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Click Refresh to re display this web page for getting newest routing information 4 2 Network Setup Quick Setup offers user an easy method to quick setup the connection mode for the router Moreover if you want to adjust more settings for different WAN modes please go to Network Basic of Internet
19. Different modules will have different web page configurations Therefore this page will change slightly based on the modules installed on your router If there is no ISDN or VoIP module installed it is not necessary for you to access into this page for configuration VoIP Port Settings Edit Type Active SIP Account 1 ISDN NT V 14 1001 2 ISDN TE V 2 1002 3 ISDN NT V 3 1003 4 ISDN TE V 4 1004 5 FXO V 5 1005 FXO V 6 1006 7 FXO V 7 1007 8 FXO V 8 1008 Edit Type Active SIP Account Supplemental Service Hotline Mic Spk Gain FAX Codec DTMG Supplemental EnS Hotline Mic Spk Gain FAX Codec DTMF 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 0 0 Transparent G 729A RFC2833 Click this button to access into the Edit page for each phone number Display the type of the VoIP connection e g ISDN NT ISDN TE FXO and FXS It depends on the modules you have installed to the router Display the status active or not for the VoIP connection Display the SIP account index number and username Display the supplemental service mode for the VoIP connection Display the hotline is established or not Display the microphone gain value and speaker gain value Display the FAX mode setting e g Transparent for the VoIP connection Display the c
20. Generally speaking this function copies traffic from one or more specific ports to a target port This mechanism helps manager track the network errors or abnormal packets transmission without interrupting the flow of data access the network By the way user can apply this function to monitor all traffics which user needs to check Dray Te k 140 Vigor3300V Series User s Guide There are some advantages supported in this feature Firstly it is more economical without other detecting equipments to be set up Secondly it may be able to view traffic on one or more ports within a VLAN at the same time Thirdly it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port Last it is more convenient and easy to configure in user s interface Click Advanced gt gt WAN Port Mirroring You will see the following page Advanced WAN Port Mirroring Disable Enable Mirroring Port Por tol K Mirrored Ports Port 1 Port 2 Port 3 Port 4 Apply Cancel Enable Disable Click Disable to disable this function Click Enable to activate this function Mirroring Port Select a port to view traffic sent from mirrored ports Mirrored Port s Click which ports are necessary to be mirrored After finishing the settings please click Apply Vigor3300V Series User s Guide 141 Dray Tek 4 3 8 LAN Port Mirroring Setup Port mirror can be applied for the users in LAN It has the same mechanism like WAN port
21. Registration Direct IP Call Call with each other without registration Connect a telephone into 3300V s Port 1 and 2910V s Port 1 respectively They can call with each other directly with IP addresses if only 3300V and 2910V both have public IP addresses and have set up the Phone Numbers Below shows a scenario architecture graph 220 135 240 207 wees Seen T see were 61 31 167 135 Router Taiwan Phone 1 German Phone 2 Vigor3300V Series User s Guide 61 Dray Te k Configuration table WAN IP Port Number Phone Proxy Codec Number 3300V 220 135 240 207 Portl FXS 888833 G 729A 2910V 61 31 167 135 Port 1 FXS 888829 G 729A Furthermore do NOT enable the Outbound Proxy feature when you set up 3300V and 2910V to use Direct IP Call It is not active in the Example 1 please see Figure 30 2 shown below Otherwise even if you dial the IP address the call will be sent to the SIP Proxy Server still Besides if the SIP Proxy Server doesn t forward the call to remote VoIP user s WAN IP you can t do this action VoIP Protocol VoIP gt gt SIP Accounts Select Protocol SIP O MGCP SIP Account Index No 1 MGCP Profile Name test sd air ET Configuration Register via LAMAVPN CI mat SIP Local Port 5060 SIP Port SU60 Domain Realm iptel org Outbound Proxy Active Proxy ite Proxy Address Proxy perot 1 C iptel iptel org J Act as outbound proxy 2 q fwg fwd pulver com
22. SIP Status This page displays the registration status for SIP accounts VoIP SIP Status Refresh Option No Refresh v Refresh z Register Status Register Status Register Status Register Status 1 9 17 25 2 10 18 26 3 11 19 27 4 12 20 28 2 13 21 29 6 14 22 30 7 15 23 31 8 16 24 32 Refresh Option You can click Refresh to get the latest status information for these VoIP phones In addition you can set the time interval of refreshing Use the drop down list of Refresh Option to choose an automatic refreshing setting If you choose No Refresh the system will not refresh this page until you click Refresh button Ho Refresh w Refresh Ho Retresh Every 10 Seconds Every 20 Seconds Every 30 Seconds Register Status The status of registering in proxy server 4 7 13 Config Activate After configuring VoIP settings please open VoIP gt gt Config Activate to access into the following page Then click Apply to activate VoIP configuration VoIP Configure Activate Warming The action may cause all of the VolP calls disconnected Please confirm you really want to execute Configure Activate right now Apply Cancel Dray Tek 218 Vigor3300V Series User s Guide Chapter 5 Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration Please follow sections below to check your basic i
23. Then choose the Dray Tek Tagged for Frame Tag Operation in p3 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of company C 34 Vigor3300V Series User s Guide 6 Inthe VLAN8 type 8 to VLAN ID In the Member field choose p4 Then choose the Tagged for Frame Tag Operation in p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from company D Advanced LAN VLAN Setting O Disable Port Base VLAN 802 10 VLAN Port Base VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation P1 P2 Tagged Tagged Uv K Tagged Tagged d O O Tagged Tagged bfa fh K Tagged Tagged _ Enable management port for P4 Port Setting p1 p2 P3 P4 Port VLANID 5 6 7 8 Apply Reset Cancel 7 After applying the settings the web page will be redirect to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 8 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 9 The network configuration is the same with A 2 1 Please refer to A 2 1 Vigor3300V Series User s Guide 35 Dray Tek 3 1 6 Example for A Company and Guest A c
24. WAN bd Disable Enable 3 Enter VoIP Port Settings page click the Edit icon of port 1 VoIP Port Settings Edit Type Active SIP Account ene Hotline Mic Spk Gain FAX Codec DTMF 1 FXS V 1 888833 0 0 Transparent G 729A RFC2833 2 FXS V 2 888834 0 0 Transparent G 729A RFC2833 3 FXS V 3 660533 0 0 Transparent G 729A RFC2833 4 FXS V 4 660534 070 Transparent G 729A RFC2833 5 FXO V 5 888835 0 0 Transparent G 729A RFC2833 6 FXO V 6 888836 0 0 Transparent G 729A RFC2833 7 FXO V 7 660525 0 0 Transparent G 729A RFC2833 8 FXO Vv 8 660526 0 0 Transparent 6 7294 RFC2833 4 Enter the Port 1 page This page falls into six sections Portl FXS Display the port type enable or disable the port choose the SIP account and etc VoIP Port Settings Port1 Edit Port 1 FXS Disable Enable Default SIP Accounts 1 888833 v VolP IP Address WAN v Dray Tek 52 Vigor3300V Series User s Guide 5 Set Port 2 Port 8 one by one in turn Type Port 1 Port 4 are FXS Port 5 Port 8 are FXO Active Port 1 Port 8 are all active v Enable SIP Account Accounts of Port Port 8 Codec Port 1 Port 8 all prior use G 729A 8kbps VoIP Port Settings Supplemental Edit Type Active SIP Account Saruce Hotline Mic Spk Gain FAX Codec DTMF 1 FXS V 1 1001 0 0 Transparent G 729A RFC2833 2 FXS V 2 1002 0 0 Transparent G 729A RFC2833 3 FXS V 3 1003 0 0 Transparent G 729A RFC2833 4 FXS V 4 10
25. discard Java objects from the Internet Activates the Block ActiveX object function The router will discard ActiveX object from the Internet Activates the Block Compressed file function to prevent from downloading of any compressed file These following types of compressed files are blocked by the router Zip rar arj ace cab sit Activates the Block Executable file function to prevent from downloading of any executable file The following types of executable files are blocked by the router exe com scr pif bas bat inf reg Activates the Block Cookie function Cookies are used by many websites to create stateful sessions for tracking Internet users which would violate the users privacy The router will filter out all cookies related transmissions Activates the Block Proxy function The router will filter out all proxy related transmissions Activates the Block Multimedia function The router will filter out multimedia from any website 158 Vigor3300V Series User s Guide e Filter Schedule Filter Schedule function controls what times the URL content filter should be active It can specify what times the URL content filtering facility should be active Firewall URL Filter Restrict Web oes Fitter Schedule Schedule jo jrofte 0 Day of Week CjalDays Osun Mmon M Tue Mwea MiThu MFri CO Sat ODisable Enable URL Access Cad Content Filter Always Block
26. s Guide 4 1 5 Configuration Setup Most of the settings can be saved locally as a configuration file and can be applied to another router The Vigor3300V Series supports the restore and upload functions of the configuration files Open System gt gt Configuration You can see the following page System Configuration Restore ic CC CCSdY Backup Backup configuration file Push Backup button Backup Select a Configuration File Please click the Browse button to find out the location of the configuration file to be uploaded to the router and click Apply Backup Configuration File Download the configuration file to a local host The default Push Backup Button file name is v3300 cfg Vigor3300V Series User s Guide 99 Dray Tek 4 1 6 Firmware Upgrade Setup Vigor3300V Series allows users to upgrade firmware through a Web interface Click System gt gt Firmware Upgrade You can see the following page Before you execute the firmware upgrade please download the newest firmware from Draytek s website www draytek com or FTP site ftp draytek com on the computer first System Firmware Upgrade Caution After an upgrade procedure a rebootis required Current Version Vigor3300V series 2 6 3 EN Location Local O Remote Firmware TFTP Server IP Remote File Name Apply Cancel Caution Display a caution for your reference Current Version Display current firmware version t
27. 1 Protocol Incoming Call Barring You have to choose suitable protocol and specify SIP accounts for using VoIP HE Protocal Select Protocol H ty Select Protocol gt SIP Accounts There are two protocols can be used for VoIP SIP and MGCP You should click either one of buttons to set corresponding settings for VoIP phones Be aware that both sides local end and remote end should use same protocol for VoIP phones Dray Tek 190 Vigor3300V Series User s Guide For SIP Configuration VoIP Protocol sip O MGCP SIP MGCP Configuration Configuration Select Protocol SIP Local Port 5060 Outbound Proxy Proxy L Registrar Expires Active Proxy rie Proxy Address Port Registrar Addr Port hoard Domain 1 l o n r r n m 7 2 d Example iptel iptel org iptel org iptel org Proxy User Agent Name Ae DrayTek V3300 1 0 0 2 DrayTek V3300 V 1 0 0 DrayTek V3300 1 0 0 Apply Cancel SIP Local Port Active Outbound Proxy Proxy Name Proxy Address Proxy Port Registrar Address Registrar Port Expires Domain User Agent Name Vigor3300V Series User s Guide Type the port number for SIP protocol The default value is 5060 Click this box to activate this SIP proxy server setting Check this box to enable this function for sending SIP protocol packets to an SIP proxy server Type the name of t
28. 10 59 5 1005 v Default Call Route Default call route to VoIP Dial for route to ISDN TE port ISDN TE port Dial het tor route to VoIP Route to Account Port 1 Apply Cancel Click Enable to activate this port or Disable to close this port Default SIP Accounts Use the drop down list to choose one item as the default SIP account VoIP IP Address The interface is used to apply VoIP traffics There are two options WAN and LAN VPN If LAN VPN is selected VoIP can be applied through a VPN tunnel to create a high security voice phone 198 Vigor3300V Series User s Guide Hotline FXO Codec CAS FAX Vigor3300V Series User s Guide Hotline Number to Internet Pre set a phone number to make the port dialing out to Internet automatically Hotline Number to PBX Pre set a phone number to make the port dialing out to PBX automatically Manual Disconnection Click Disconnect to disconnect this phone line manually Preferred Codec It can be applied on this port Vigor3300 supports five Codecs The default setting is G 729A You can choose another one as preferred Codec for outgoing calls 6 7294 okbps w G 110 PCHU 64kbpa G 711A PCHA b4kbps G 72914 kbps C a L e Dp Single Codec If you checked this box only preferred codec will be used for outgoing and incoming calls And 1f the remote end does not support such Codec the VoIP communication will be failed
29. 1001 none undefined proxy 1 undefined proxy 2 undefined proxy 3 Proxy Server Call without Registration VoIP IP Address Call Forwarding Disable Callforwarding all calls Callforwarding busy Callforwarding no answer after 3 rings Range 1 10 SIP URL 0 Example 8004 iptel ora Call Forwarding Ring Type All Ports All Ports All Ports All Ports All Ports All Ports All Ports All Ports 1234 Delete All Enter the VoIP Speed Dial page and input the first and second group of Speed Dial Phone Number Click Apply to save the settings VoIP Speed Dial 2901 666629 192 166 29 1 2910V_Part1_VPN 2201 6868822 192 166 22 1 2200V_Part1_VPN Pd 9 GSS f Pd Speed Dial Phone Number Speed Dial Destination Memo 1 2 o D 4 s Doo S E Example 101 101 iptel org 70 Apply Cancel Clear This Page Vigor3300V Series User s Guide Configuration Example for Vigor2910V series 1 Open the Web interface of the router and open VoIP menu Dray Tek www draytek com Vigor2910 Series a 3 Dual WAN Security Router Quick Start Wizard Online Status System Status Model Name Firmware Version Build Date Time DrayTek Vigor2910 3 2 1_RC2 Tue Jul 29 18 35 51 48 2008 WAN He oe System o WANT o m is CPU Usage 2 Link Status Connected Firewall Total Memory 16M MAC Address 00 50 7F DD 15 19 O
30. 15 00 10 09 Model Display the model name of the router Hardware Version Display the hardware version of the router Firmware Version Display the firmware version of the router Build Date amp Time Display the date and time of the current firmware build System Uptime Display the amount of time that the router has been online CPU Usage Display the average percentage of the CPU used Memory Size Display the size of the memory of this router Memory Usage Display the percentage of memory used Current System Time Display the current local system time Dray Te k 92 Vigor3300V Series User s Guide LAN Status The status of LAN connection will be displayed in this page Simply click LAN Status tag to get the detailed System Status Refresh Option No Refre LAN1 IP Address 192 168 1 1 MAC Address 00 50 7F 2F C4 05 High Availability Status RX Packets 74 TX Packets 551 IP Address MAC Address High Availability Status RX Packets TX Packets Vigor3300V Series User s Guide w Refresh WAN Status Display the IP address of the LAN interface Display the MAC address of the LAN Interface The High Availability Status is shown when it is enabled in Network gt gt High Availability When there are two Vigor3300V devices in the same LAN one can be set as Master device and the other can be set as Slave device Master It means that Vigor3300V plays the Master role in high availability feature Slave It me
31. 5 2 Please follow the steps below to ping the router correctly For Windows 1 Open the Command Prompt window from Start menu gt Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear w Command Prompt Microsoft Windows HP Version 5 1 2688 C Copyright 1985 2001 Microsoft Corp D Documents and Settings fae gt ping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Ping statistics for 192 168 1 1 Packets Sent 4 Received 4 Lost A loss Approximate round trip times in milli seconds Minimum ms Maximum Ams Average Ams D Documents and Settings fae gt _ 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time lt Ims TTL 255 will appear 4 Ifthe line does not appear please check the IP address setting of your computer For MacOs Terminal Double click on the current used MacOs on the desktop Open the Application folder and get into Utilities Double click Terminal The Terminal window will appear Type ping 192 168 1 1 and press Enter If the link is OK the line of 64 bytes from 192 168 1 1 icmp _seq 0 ttlh 255 time xxxx ms will appear ao i i Dray Te
32. Address 69 14 100 0 Destination Port 1812 Shared Secret Confirm Shared Secret Interface Apply Canes Vigor3300V Series User s Guide 135 Dr ay Te k Enable Disable Click Disable to disable this function Click Enable to activate this function Server IP Address Assign an IP address of a Radius server Destination Port Assign a destination port number used for Radius function Shared Secret Assign a code for authentication to server The RADIUS server and client share a secret which is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret Confirm Shared Secret Confirm the code assigned in Shared Secret field Interface Select one specific WAN interface to be used Click Apply to reboot the system and apply the settings 4 3 4 Port Block The Port Block function provides a user to set lots of proprietary port numbers Packets will be dropped if destination ports both TCP and UCP of packets with these assigned port numbers are on WAN and LAN The advantage of this feature is to filter some unnecessary packets or attacking packets on Internet environment or LAN network Vigor3300 Series supports ten port numbers to be blocked Click Advanced gt gt Port Block You will get the following page Advanced Port Block Index Status Port Number i Disable O Enable Disable O Enable Disable O Enable 4 Disable O Enable Disable
33. BE Router Forti ISDN NT 888829 ISDN Phone 1 Taiwan German _IspN Phone 2 101 Configuration table between 3300V and 2910V wan ip __ Port Number __ Phone Number Proxy _ Codec _ Suppose there are two ISDN lines connected to PBX s Outside Lines The third Outside Line is connected to 3300V s ISDN NT Port1 The Inside Line is connected to a telephone with the extension 101 If the extension wants to dial VoIP using Line 3 you must firstly press 3 and then dial the phone number Dray Te k 80 Vigor3300V Series User s Guide Example of lines connections Bx Phone Number Line3 3 888833 Start to dial by using telephones Phone 1 calls Phone 2 gt Press 3 after hearing the dial tone press VoIP number 888829 Phone 2 calls Phone 1 gt Press 888833 after getting through you will hear the auto reply from the PBX Then press the extension 101 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press This example is the intercommunication with one SIP Proxy Server For the applications of Direct IP Call and Intercommunication with different SIP Proxy Servers please refer to 3 3 3 Example 3 Basic Calling Method The VoIP call can also wok with VPN please refer to 3 3 4 Example 4 VoIP over VPN Also you can set up the Speed Dial entry To accommodate the extension please set up 888829 to 291 888833 to
34. Block only at Apply Cancel Always Block The URL content filtering facility is always active Block only at The URL content filtering facility is active during the specified times from H1 M1 to H2 M2 in one day where H1 and H2 indicate the hours and M1 and M2 represent the minutes Day of Week The URL content filtering facility is active during the specified days of the week The default value is 8 00 to 18 00 from Monday to Friday e Warning Page After the configuration of URL Filter is configured properly an alert page will appear in the browser when an HTTP request is denied Refer to the following graphic St HTTP 420 CF Blocked Mozilla e O5 x File Edit Yiew Go Bookmarks Toole Window Help Ea 4 aa ad E Home ak Bookmarks Pa The Mozilla Oresanization uf Latest Builds id b ar ile ab z What s Related t seamh a TA The requested Web page is denied by system administrator Add Manage Search 4 Hame z Personal Toolbar Folder Please contact with the administrator for further imnmformation z Imported IE Favorites 4 URL Filter License Display the corresponding information for the WCE license Click auth draytek com to authenticate the license and activate the WCF service Vigor3300V Series User s Guide 159 Dr ay Tek Firewall URL Filter License INFO Serial Mumber Start Date Expire Date Activate URL auth dra
35. Card FXS Card PBX Inside Lines Vigor3300V Series User s Guide 41 Dr ay Tek 3 2 2 Practical Application of FXS card with PBX By combining the FXS with headquarters PBX it allows the internal telephones in headquarters to communicate with branch s telephones through the Internet For detailed configuration please refer to VoIP and ISDN examples PBX Outside Lines E T a If cee Telephone Taiwan German Telephone FAX 3 2 3 Practical Application of FXO card with PBX By combining the FXO with headquarters PBX it allows the branch s telephones to connect to Headquarters PBX via the Internet and communicate with the customers via the PBX Another application is that you can call back to the Headquarters from outside and communicate with the branch via the Internet For detailed configuration please refer to VoIP and ISDN examples PBX Outside Lines PBX Inside Line Pagar Thr Telephone Telephone FAX Machine Taiwan German Telephone FAX Machine Dray Tek 42 Vigor3300V Series User s Guide 3 2 4 ISDN NT and TE NT means Network Terminal The ISDN port in NT mode is a port that used to connect general ISDN phones And TE means Terminal Equipment The ISDN port in TE mode is a port that used to connect ISDN line or ISDN PBX ISDN Phone ISON Phone As for the Private Branch Exchange PBX it is more special because it has both ISDN NT and ISDN TE de
36. Codec Rate Type the rate value to be applied on this port Codec VAD Enable or Disable VAD Voice Activity Detection It can detect whether the voice activity is progressing or not If not RTP packets transmission will be stopped for saving more bandwidth Microphone Gain The gain value while transmitting voice The default value is 0 The range is from 32 to 31 Speaker Gain The gain value while receiving voice The default value is 0 The range is from 32 to 31 FAX Mode The FAX function mode There are several options Transparent FAX will be transmitted via voice channel no fax relay and no Codec change will be involved This is the default value T 38 Relay Using T 38 Fax Relay Bypass Once FAX is detected the Codec will automatically switch to a high bit rate type G 711a u or G 726 to make sure FAX can transmit successfully If this option is selected the Vigor3300V will apply these two following settings FAX Bypass Codec and FAX Bypass Codec Rate FAX Bypass Codec Select one option to be applied if FAX mode is configured as Bypass mode Cees G7110 PCM 64kbps G 711A PCMA 64kbps FAX Bypass Codec Rate Select one option 20 or 40 to be applied if FAX mode is configured as Bypass mode The stability for the faxing result of documents with codec rate 20ms is higher than 40ms Yet the bandwidth request for AOms is less than 20ms ve Dray Tek DTMF DTMF Mode InBand Choose this one
37. DHCP Relay Agent IP Routing 192 168 1 3 255 255 255 0 Status Enable ODisable O Relay Agent Start IP 192 168 1 10 End IP 192 168 1 254 Primary DNS Secondary DNS Lease Time Min 1440 Gateway IP Optional IP Address Subnet Mask Status Start IP End IP Primary DNS Secondary DNS Lease Time Min Gateway IP Optional lt lt Previous Finish Type an IP address for the LAN interface Type the subnet mask for the LAN interface Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Type the start IP address of the IP pool that DHCP server can use for clients in LAN Type the end IP address of the IP pool that DHCP sever can use for clients in LAN Type the IP address for primary DNS Type a private IP address to the secondary DNS Set a lease time for the DHCP server The time unit is minute Set a gateway IP address for the DHCP server Next click DHCP Relay Agent tab to set DHCP server if required Quick Setup LAN DHCP Relay l LAN IP DHCP IP Routing Relay Agent WAN Interface WANI DHCP Server IP Address WAN Interface DHCP Server IP Address lt lt Previous Finish Choose the WAN interface for such connection Type an IP address for the DHCP server Next click IP Routing tab to set routing path for each WAN interface if required Vigor3300V
38. Delete Delete All Remove one all the selected DMZ host settings To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Advanced NAT DMZ Host Edit WAN Interface W AN Private IP 20 1 1 1 Use IP Alias Disable Enable IP Alias Apply Cancel WAN Interface Select a WAN interface as the channel for DMZ host Private IP Assign an IP address of DMZ server to be permitted for access from outside Use IP Alias Disable option uses WAN interface Enable option uses IP Alias addresses IP Alias Select an IP address which are set within the list of IP Alias configured in Network gt gt WAN interface Apply Click Apply to reboot the system and apply the settings Common Ports List This page lists common ports used in Internet The information includes service application protocol for that service and port number of that service Dray Te k 134 Vigor3300V Series User s Guide Advanced NAT Common Ports List Service Application Protocol Port Number File Transfer Protocol FTP TCP D SSH Remote Login Protocol ex pcAnvVhere WOOP 22 Telnet nee a Simple Wail Transfer Protocol SMTP TOF 25 Domain Mame Serer DNS IDF aya Wil Server HTTP TCP a0 Post Office Protocol ver 3 POPS hee 110 Metwork Mews Transfer Protocol MMTP TOP 114 Point to Point Tunneling Protocol PRTP Lee ee
39. Guide 25 Dray Tek 5 On this dialog box locate VLANs tag and click on it If you cannot find out VLANs tag that means your network card does not support VLAN feature Intel R PRO 100 S Desktop Adapter Properties f Boot Agent Driver Resources Power Management General Link Advanced Teaming VLANs BEF Intel A PR07100 5 Desktop Adapter Device type Network adapters Manufacturer Intel Location PC Slot 2 PCI bus 2 device 10 function 0 Device status This device is working properly IF you are having problems with this device click Troubleshoot to shart the traubleshooter Troubleshoot Device usage E ze this device enable we 6 In this screen there is no VALN existed You can create a new one Please click the New button Intel R PRO 100 S Desktop Adapter Properties fx Boot Agent Driver Resources Power Management General Link Advanced Teaming VLANs intel Virtual LANs VLANs associated with this adapter VLAN Name Status New A Allows you to configure up to 64 virtual LANs YLANE for an adapter Adapters with YLANs must be connected to network devices that support the IEEE 602 10 specification When you configure the WYLAN SoS Packet Tagging is automatically enabled Ye NOTE After creating the VLAN the adapter associated with the VLAN briefly loses network connectivity Vigor3300V Series User s Guide Dray Tek
40. ISDN TE Port 5 on the 3300V is 12345678 The number of another ISDN line is 87654321 About VoIP basic settings please refer to VoIP Example 2 Basic configuration and registration for ISDN Start to dial by using telephones Phone 1 calls Phone 3 gt Press 888835 After getting through you will hear the dial tone then press the PSTN number 87654321 Phone 2 calls Phone 3 gt Press 888835 After getting through you will hear the Dial tone then press the PSTN number 87654321 Phone 3 calls Phone 2 gt Press 12345678 After getting through you will hear the Dial tone then press the VoIP number 888829 Dray Te k 82 Vigor3300V Series User s Guide Phone 3 calls Phone 1 gt Press 12345678 After getting through you will hear the Dial tone then press the VoIP number 888833 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press Connect PBX s Inside Lines The usage is the same as that of common extension Different PBX has its own settings and required configuration by you By connecting 3300V s ISDN TE Port5 to PBX s Inside Line VoIP is seamlessly integrated to PBX s inside lines and allows you to call not only the VoIP but also the ISDN line and PBX s extension Also the remote user can call you from the ISDN line and PBX s extension 477 ISDN Phone 4 87654321 12345678 Port 5 ISDN TE 888
41. Inthe VLAN6 type 6 to VLAN ID In the Member field choose p3 and p4 Then choose Tagged for Frame Tag Operation in p3 and p4 We can ignore the PVID Port VLAN because 802 1q tag will be inserted to the frame from other departments Dray Te k 32 Vigor3300V Series User s Guide Advanced LAN VLAN Setting O Disable Port Base VLAN 802 10 VLAN Port Base VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation P1 5 6 Od 3 VLAN rg pD O O C Tagged Tagged v Untagged Tagged v 4 VLANB 8 o0 O O CO Tagged Tagged Tagged v Untagged C Enable management port for P4 Port Setting P1 P2 P3 P4 Port VLANID 5 6 BE Apply Reset Cancel 5 After applying the settings the web page will be redirected to reboot web page User can it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 6 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 7 In the Network setting type the subnet 192 168 1 0 to LAN For example the VLANS LAN IP is 192 168 1 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 1 2 to 192 168 1 254 8 In the Network setting type the subnet 192 168 2 0 to LAN2 For example the VLAN6 LA
42. NAT Address Mapping Edit Protocol T CP Public IP 10 1 1 100 Private IP e D i A e Subnet Mask 724 Apply Cancel Protocol Select the transport layer protocol It could be TCP UDP or All for selection Public IP Select an IP address the selections provided here are set in IP Alias List of Network gt gt WAN interface Local host can use this IP to connect to Internet If you want to choose any on of the Public IP settings you must specify some IP addresses in the IP Alias List of the Static DHCP Configuration page first If you did not type in any IP address in the IP Alias List the Public IP setting will be empty in this field When you click Apply a message will appear to inform you Private IP Assign an IP address or a subnet to be compared with the source IP address for incoming packets Subnet Mask Select a value of subnet mask for private IP address Click Apply to reboot the system and apply the settings By the way user can click Delete to remove one current existed NAT entry in the Advanced NAT Address Mapping page and click Delete All to remove all entries DMZ Host In computer networks a DMZ De Militarized Zone is a computer host or small network inserted as a neutral zone between a company s private network and the outside public network It prevents outside users from getting direct access to company network A DMZ is an optional and more secure approach to
43. Now Vigor3300V can accept a TFTP download and will display the following message kkkkkkkkkkkkkkkkk xkkkkkkkkkk k DrayTek V3300 Bootloader kkkkkkkkkkkkkkkkkkkkkkkkkkkk Press ENTER key within 5 sec to download image 2 Current LAN IP is 192 168 1 1 New IP Prepare downloading 5 Type the path name of the firmware image and activate the TFTP Client from the PC to download the image The corresponding message is shown as follows TFTP i 192 168 1 1 PUT Vigor3300 image file name Vigor3300V Series User s Guide 101 Dray Tek Command Prompt TWolume in drive C is POB PCI P 5G Wolume Serial Munber ist 188 AF46 Directory of 2 AS A 26A5 3218 5 2A Aa S all 6 15 2085 P5 4 955 637 6 a11 B27 20R5 41246 A AOTOEXEC DAT 7 CONFIG GYE DIRS Documents and Settings LDI He Inet pub 3974 Packet lesterResult txt pI R Program Filer 4 759 985 UsSKS22455 encaLll i DIRS wine mS Re 14 2 085 ee pe lt DIR gt WIADOWS A Fileate 15 077 di huyteaec 5 Diris 2 1608 312 576 bytes Free GisAtFtp i 192 168 1 1 put c vdkdddob_en adll 6 Now in the Console you will find the following information When Updating flash block at bfX XX XXX appears it means the firmware is under downloading 3300 HyperTerminal MER File Edt ee Cal Trerefer Help Came amp Se oF sector sector sector ac Tor ea tor sec tor sector sector sector sector sector sector sector sector sector sector sector secto
44. URL List items under this host and the host itself will be considered ll items under this hosts particular directory excluding the directory itself will be considered e consic T nsidered Apply Cancel Enable or Disable Content Filter The permitted categories are obtained from the selected a server The forbidden categories are obtained from the selected a server The URL domain name Allow or Deny the selected URL The list of filtered URLs Vigor3300V Series User s Guide Restrict Web Feature This feature blocks malicious codes hidden in Web pages such as Java Applet Active X Cookies Proxy compressed files and executable files It is also able to block all downloads of multimedia files from Web pages in order to control the bandwidth usage 157 Dray Tek Malicious code may be embedded in some executable objects such as ActiveX Java Applet compressed files executable files Proxy and Multimedia For example an ActiveX object with malicious code may gain unlimited access to the system Firewall URL Filter ODisable Enable URL Access Restrict Web na Control Content Filter Filter Schedule Java _ Activex com pressed Files C Cookies C Execution Files CI Prowy CI Multimedia Files Java ActiveX Compressed Files Execution Files Cookie Proxy Multimedia Files Dray Tek Apply Cancel Activates the Block Java object function The router will
45. VLAN ID because 802 1q tag will be inserted to the frame from the switch 6 Inthe VLANS8 type 8 to VLAN ID In the Member field choose p1 p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from some users Advanced LAN VLAN Setting Disable Port Base VLAN 902 10 VLAN Port Base 902 10 VLAN VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation Fi MANS 6 e P4 P1 P2 P3 P4 Enable management port tor P4 EEX ws Port Setting P1 P2 P3 P4 Apply Reset Cancel 7 After applying the settings the web page will be redirected to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 8 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 9 The network configuration is the same with A 2 1 Please refer to A 2 1 part Vigor3300V Series User s Guide 39 Dray Te k 3 2 Application for VoIP 3300V has two expansion slots each slot can be plugged into 4 port VoIP card ISDN NTTE or ISDN TE card The VoIP card involves two kinds of interface FXS and FXO The ISDN NTTE card involves two kinds of interface NT for port 1 and 3 TE or NT user configurable for port 2 and 4 And ISDN TE card involves 4 port TE mode You
46. VPN TRUNK VPN Load Balance Mechanism VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balance tunnel It can assist users to do effective load sharing for multiple VPN tunnels according to real line bandwidth The TCP Session transmitted by using VPN TRUNK VPN Load Balance mechanism will not be lost due to one of VPN Tunnels disconnected Users do not need to reconnect with Vigor3300V Series User s Guide 173 Dray Te k setting TCP UDP Service Port again The VPN Load Balance function can keep the transmission for internal data on tunnel stably To create a VPN IPSec policy for VPN Trunk click the Policy Table option under the IPSec gt gt VPN Trunk menu VPN IPSec VPN Trunk Policy Table z Connection Name Local GRE IP Remote Gateway Remote GRE IP Interface Profile Status Operational Status es 2 3 4 5 6 O 7 O g O 10 O 1 Refresh Edit Delete Delete All Refresh Refresh the page information Edit Configure an entry Clicking this button can guide you accessing into editing page for that IPSec tunnel For detailed information refer to the following section of For Default Configuration Delete Delete a designated entry Delete All Delete all entries in the table Dray Te K 174 Vigor3300V Series User s Guide For Default Configuration To edit or add a policy please click one of the radio buttons and click Edit The following page of default con
47. Vigor 3300 Liser name f draytek Password TED Remember my password Vigor3300V Series User s Guide 11 Dr ay Te k 3 Now the Main Screen will pop up J Vigor3300 Series ecurity m Quick Setup System Network Advanced Firewall Qos VPN VoIP System Status Refresh Option No Refresh v Refresh LAN Status WAN Status Model Vigor3300V series Hardware Version 1 0 Firmware Yersion 2 6 3 EN Build Date amp Time 2010 08 17 14 31 01 System Uptime 0 days 2 hours 6 minutes 34 seconds CPU Usage 26 6845 Memory Size 128 MBytes Memory Usage 25 5701 Current System Time 1983 11 14 23 22 29 4 Goto System page and choose Change Password System Change Password Old Password LIT New Password TIT Confirm Password eeee Dray Tek 15 12 48 Apply Cancel 5 Enter the login password 1234 on the field of Old Password Type a new one in the field of New Password and retype it on the field of Confirm Password Then click Apply to continue 6 Now the password has been changed Next time use the new password to access the Web Configurator for this router Connect to 172 16 2 229 Login to vigor 3300 User name f draytek e Remember my password Dray Tek Vigor3300V Series User s Guide 2 2 Quick Setup Quick Setup is designed for configuring your broadband router accessing Internet with simply steps There a
48. WAN Interface The identification number for the remote gateway Turns this function ON or OFF The IP address of the remote client gateway This field is mandatory The setting for 0 0 0 0 1s used for the road warrior with a dynamic IP address The subnet behind the remote gateway If the remote gateway IP address is 0 0 0 0 this field can be omitted but you can specify it as 0 0 0 0 32 for clarity For Advanced Configuration Click Advanced tab The following page of default configuration will be shown 170 Vigor3300V Series User s Guide VPN IPSec Tunnel Edit IKE Phase Mode Main mode Aggressive mode Peer ID Key Lifetime 480 minutes Proposal des md5 modp768_ _ Mi des sha modp768 3des md5 modp768 M 3des md5 modp1024_ IKE Phase2 quick mode Key Lifetime 60 minutes Proposal des md5 3des md5 lt des v 3des v CI PFS Perfect Forward Secrecy Accepted Proposal ccept all supported proposal v Dead Peer Detection Status O Disable Enable Delay 30 seconds Timeout 120 seconds Apply Cancel Mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange security proposals to create a protected secure channel Main mode is more secure than Aggressive mode since more exchanges are done in a secure channel to set up the IPSec session However the Aggressive mode is faster The default v
49. a firewall and effectively acts as a proxy server as well In a typical DMZ configuration for a small company a separate computer or host in network terms receives requests from users within the private network for access to Web sites or other companies accessible on the public network The DMZ host then initializes sessions for these requests on the public networks However the DMZ host is not able to initiate a session back into the private network It can only forward packets that have already been requested Users of the public network outside the company can access only the DMZ host The DMZ may typically also have the company s Web pages so these could be served to the outside world If an outside user penetrated the DMZ host s security only the Web pages will be corrupted but other company information would not be exposed Vigor3300V Series User s Guide 133 Dray Te k Click Advanced gt gt NAT and choose DMZ Host to get the corresponding page Advanced NAT DMZ Host WAN Interface Private IP Use IP Alias IP Alias 1 WAN 192 168 1 10 Disable 2 3 O 4 O 5 6 7 8 O 3 10 1 Edit Delete Delete All WAN Interface Display the WAN interface chosen for this entry Private IP Display the private IP address of this entry Use IP Alias Display the activation status enable or disable of this DMZ host IP Alias Display the WAN IP address Edit Allow users to edit the selected DMZ host settings
50. addition it also allows users to combine several policies into one group for VPN usage Each group can combine four policies for fitting different requirement of VPN application Simply click VPN gt gt VPN Trunk gt gt Group Table to access into the following page There are ten groups offered for users to configure VPN VPN Trunk Group Table Profile Status Name Local Subnet Remote Subnet i 6 2 4 O O 6 O 7 O O 8 O 10 O 1 Edit Delete Delete All Edit Configure an entry Clicking this button can guide you accessing into editing page for that group For detailed information refer to the following section of For Default Configuration Delete Delete a designated entry Delete All Delete all entries in the table To edit or add a group table please click one of the radio buttons and click Edit The default configuration will be shown as below Vigor3300V Series User s Guide 179 Dray Te k VPN VPN Trunk Group Table Edit Profile Status O Disable Enable Name Local Subnet Remote Subnet Tunnel 1 wi Tunnel 2 Tunnel 3 Tunnel 4 Backup Active Master Oo Kk 0 Profile Status Name Local Subnet Remote Subnet Tunnel 1 Tunnel 4 Weight Active Master Slave Weight Weight Weight Weight l Slave Apply Cancel Set the initialization of IPSec Tunnel with this profile Enable Choose this one to activate this profile
51. addresses from the ISP by Static PPPoE or DHCP mechanism The Vigor3300 Series assigns private network IP addresses according to RFC 1918 protocol and translates the private network addresses to a globally routable IP address so that local hosts can communicate with the router and access the Internet Click Advanced gt gt NAT E NAT H Port Redirection p Address Mapping m DMZ Host Common Ports List There are four functions that NAT provides Port Redirection Address Mapping DMZ Host and Common Ports List Port Redirection Port Redirection means port forwarding It may be used to expose internal servers to the public domain or open a specific port to internal hosts Internet hosts can use the WAN IP address to access internal network services such as FTP WWW and etc The internal FTP server is running on the local host addressed as 192 168 1 2 When other users send this type of request to your network through the Internet the router will direct these requests to an appropriate host inside A user can also translate the port to another port by configuration For example port number with 1024 can be transferred into IP address of 192 168 1 100 of LAN The packet is forwarded to a specific local host if the port number matches that defined in the table Advanced NAT Port Redirection Profile Public Port Public Port Private Port Private Port WAN Sinis Comment Protocol Start End Private IP Start End Publ
52. be forced to randomly discard the subsequent UDP packets within the user defined timeout period The default setting for threshold and timeout are 300 packets per second and 10 seconds respectively Activates the ICMP flood defense function If the amount of ICMP echo requests from the Internet exceeds the user defined threshold value the router will discard the subsequent echo requests within the user defined timeout period The default setting for threshold and timeout are 300 packets per second and 10 seconds respectively Activates the Port Scan detection function Port scan sends packets with different port numbers to find available services which respond The router will identify it and report a warning message if the port scanning rate in packets per second exceeds the user defined threshold value The default threshold is 300 pps packets per second Activates the Block IP options function The router will ignore any IP packets with IP option field appearing in the datagram header Activates the Block Land function A Land attack occurs when an attacker sends spoofed SYN packets with identical source address destination addresses and port number as those of the victim 154 Vigor3300V Series User s Guide Enable Block Smurf Activates the Block Smurf function The router will reject any ICMP echo request destined for the broadcast address Enable Block Trace Route Activates the Block trace route function The router will
53. buffer adjustment If you use a DSL subscriber service with a 2Mbps downstream please set the downstream rate setting with 2Mbps Assign the transmission rate for this WAN interface The default value is 102400 kbps 100 Megabit This setting is very important for Vigor3300 Series outgoing buffer adjustment If you use a DSL subscriber service with a 256Kbps downstream please set the downstream rate setting with 256Kbps Select a connection type for this WAN interface Currently there is only one setting offered for you to choose Fast Ethernet 7 Dray Tek Physical Mode IP Mode 2 2 1 Static Mode Select connection speed mode for this WAN interface There are auto negotiation full duplex and half duplex of either 10M or 100M speed options for the WAN Interface You have to select an appropriate WAN connection type for connecting to the Internet through this router according to the settings that your ISP provided Select an IP mode for this WAN interface There are four available modes for Internet access Static DHCP PPPoE and PPTP On this page you may configure the WAN interface to use Static fixed IP DHCP dynamic IP address PPPoE or PPTP Most of the cable users will use the DHCP mode to get a globally reachable IP address from the cable host system You can manually assign a static IP address to the WAN interface and complete the configuration by applying the settings and rebooting your router Choosing Static as
54. call Ringing tone Busy tone Congestion tone Low Frequency Hz High Frequency Hz TOn1 10msec TOffl 10msec Dray Tek A tone means the call is ringing A tone means the phone line is busy A tone means the network is busy Type the low frequency number in Hertz Type the high frequency number in Hertz Type the duration of the first ring Type the silence duration after the first ring 210 Vigor3300V Series User s Guide TOn2 10msec Type the duration of the next continuous ring TOff2 10msec Type the silence duration after the next continuous ring Tone Timer Determine the timeout for the tone invoked 4 7 7 QoS This Quality of Service QoS function is only for the VoIP feature When this function is enabled the Vigor 3300 Series will set rate limitation for incoming and outgoing transmissions to ensure the best quality of service in VoIP VoIP QoS Disable non guaranteed voice quality higher data throughput Enable guaranteed voice quality normal data throughput Advanced QoS Link Fragmentation and Interleaving For uplink bandwidth 768 kbps Apply Cancel Disable Click this button to disable QoS function The voice quality cannot be guaranteed and the data throughput will be higher Enable Click this button to invoke QoS function The voice quality can be good and the data throughput will be lower Link Fragmentation and Each packet size is determined by the bandwidth
55. call The duration of the call The reason for the call termination The IP address of remote voice site The used port number of remote voice site The statistic of RTP with abbreviation will be shown in this field e g PS Packets Sent OS Octets Sent PR Packets 215 Dray Tek Received OR Octets Received PL Packets Lost JI Interarrival Jitter Estimate ms LA Average TX Delay ms Codec Type The Codec mode used for this phone calling Packet Period The period of time for sampling on voice signal VAD The status of VAD DTMF Relay The status of DTMF 4 7 11 Tone Upload This page allows you to upload tone settings such as G 711a Pin Prompt G 711a Pin Error G 729 Pin Prompt and G 729 Pin Error to Vigor3300 series Click Browse to choose the file and click Apply to upload it VoIP G 711 Tone Upload G 711a Pin Prompt Bowes Apply Cancel VoIP G 711 Tone Upload G 7114a Pin Error E Apply Cancel VoIP G 729 Tone Upload G 729 Pin Prompt Bowes Apply Cancel VoIP G 729 Tone Upload G 729 Pin Erro Apply Cancel When a user wants to dial out via FXO port a sound would be played to ask the user typing PIN code first If the PIN code is correct the user can dial out If not prompt sound of PIN Error would be played Dray Te k 216 Vigor3300V Series User s Guide 4 7 12 Status Port Status This page displays the connection status for VoIP phone calls
56. dynamic Disable Not Connected 3 dyndns org dynamic Disable Not Connected 4 dyndns org dynamic Disable Not Connected 5 dyndns org dynamic Disable Not Connected 6 dyndns org dynamic Disable Not Connected Ti dyndns org dynamic Disable Not Connected amp dyndns org dynamic Disable Not Connected 9 dyndns org dynamic Disable Not Connected 10 dyndns org dynamic Disable Not Connected _Refresh_ Domain Name Display the domain name set for the entry Service Provider Display the service provider that supports DDNS Service Type Display the service type for the entry Active Display the activation status disable or enable for this entry Status Display the connection status of this entry Click Refresh to re display the whole page information To modify DDNS setting click an entry number to get into edit mode Advanced DDNS Setting Status O Disable Enable Interface VANI Server Provider dyndns org www dyndns org h Server Type dynamic w Domain Name abc dyndns org Login Name draytek Login Password eessese Wild Card Disable O Enable Backup Mx Disable O Enable Mail Extender dray draytek com Apply Cancel Status Click Disable to disable this function Click Enable to activate this function Interface Select a specific interface for registering on DDNS server The Interface should be any WAN port on router Server Provider Assign a provider name to support DD
57. for VoIP phone call Such item is available only when a FXO FXS module has been installed onto the router Most users will use their routers primarily for Internet access The Vigor3300V Series supports broadband Internet access and provides multiple WAN interfaces The following sections will give a detailed illustration to broadband access methods Configuring WAN Settings Click the Edit icon from Network gt gt WAN page to bring up the WAN configuration page for the corresponding interface Network WAN WAN1 Fast Ethernet MAC Address Default MAC User Defined MAC Downstream Rate 102400 kbps Upstream Rate 102400 kbps Physical Mode At Tegotiation IP Mode Static ODHCP OPPPoE OPPTF ODMZ MAC Address Default MAC Uses the default Mac address User Defined MAC Uses a MAC address defined by users If you select this item you have to type the MAC address in the box below Downstream Rate Set downstream rate for this WAN interface The default value is 102400 kbps 100 Megabit Upstream Rate Set transmission rate for this WAN interface The default value is 102400 kbps 100 Megabit Type Set connection type for this WAN interface Physical Mode Set connection speed mode There are five options including Auto negotiation full duplex half duplex 10M and 100M IP Mode Set an IP Mode with Static fixed IP DHCP dynamic IP address PPPoE PPTP or DMZ and creates the IP group information Most c
58. group names provided here are Pass and Block Select the first filter group to begin filtering mechanism The group in this list must exist and had been pre configured The system provides three types of filter for you to choose in default The available settings provided here can be added or edited in Firewall gt gt IP Filter gt gt Group Table Vigor3300V Series User s Guide 149 Dray Te k Group Table Group Table allows you to set definitions for different groups of the filters that will be applied for the function of IP filter Firewall IP Filter Group Table IP Filter Group Table Index Group Name Next Group Comment ih Pass Block Group for pass rules O 2 Block none Group for block rules Add Edit Delete Index Allow you to change current IP filter table or add new rule for current group Click the number link to get into the IP filter table page for editing Group Name Display the group name Next Group Display next group name Comment Display the notice for current group Add Allow you to add a new IP filter table Edit Allow you to edit selected IP filter table Delete Allow you to delete selected IP filter table configuration If this entry is assigned as the started filter group already it cannot be deleted To add a new group please click Add on the Group Table page to access into the following page In this page you can type in new group name and decide the next group name Also you can typ
59. k 7 In New VLAN dialog please type a number in the box of VLAN ID Here 5 is entered The corresponding VLAN Name will appear automatically Next click OK to create it New VLAN VLAN Name VLAN 5 Untagged VLAN VLAN ID Enter the number of the SLAN assigned to the adapter in the VLAN ID box This WLAN ID number is also configured on the switch Adapters with VLANs must be connected to network devices that support IEEE 802 10 oS Packet Tagging IEEE 8021 pia is automatically enabled on the adapter You can enter multiple WYLAN IDs by entering two or more IDs separated by commas For example ta Oe ee a ee m ee een cancel 8 After you click OK the system will configure for the VLAN settings Please wait for wt several seconds Hew VLAN WLAN Name VLAN z Untagged VLAN WLAN ID o a Configuring Please wait Cancel Vigor3300V Series User s Guide 27 Dr ay Tek 9 When the configuration is finished the new VLAN settings with ID number and name will appear on previous dialog Desktop Adapter Properties Click OK to exit this dialog Intel R PRO 100 S Desktop Adapter Properties I Boot Agent Driver Resources Power Management General Link Advanced Teaming LANs intel Virtual LANs VLANs associated with this adapter VLAN Name Status VLANE Enabled Remove Modify Allows you to configure up to 64 virtual LANs YLANE for an 4 adapter
60. k 222 Vigor3300V Series User s Guide 8A 8 Terminal bash 80x24 Last login Sat Jan 3 B2 24 16 on ttypl Welcome ta Darwin Vigorla draytekd ping 192 168 1 1 PING 192 168 1 1 192 168 1 1 56 data bytes 64 bytes from 192 165 1 1 tcmp_seq 6 ttl 255 times8 755 ms 64 bytes from 192 165 1 1 icmp_seg 1 ttl 255 times8 697 ms 6 bytes from 192 165 1 1 icmp_seg 2 ttl 255 times6 716 ms 64 bytes from 192 165 1 1 icmp_seg 3 ttl 255 timesh 731 ms 64 bytes from 192 168 1 1 tcmp_seq 4 ttl 255 timesh 72 ms AC 192 168 1 1 ping statistics R packets transmitted 5 packets received 6 packet loss round trip mingaygemax B 6o7 A Y23 A 755 ms Vigoria draytekd J 5 4 Checking If the ISP Settings are OK or Not 1 Goto the web configuration GUI http 192 168 1 1 click Network gt gt WAN to check your ISP settings for IP modes 2 Make sure the Active check box has been selected Network WAN Load Balance Disable Enable F Auto Weight Backup Disable Enable z Edit IP Mode Active Defar WAN1 PPPOE O WAN Not Set E c WAN3 Not Set FE c VVAN4 Not Set Fy 3 Click the Edit icon to open the WAN setting page There are four IP modes Static DHCP PPPoE and PPTP provided by the router Each mode will guide different web page For PPPoE Mode 1 Check if Username and Password are entered with correct values that you got from your ISP 2 Check if the setting of Authentication is correct o
61. mirroring Click Advanced gt gt LAN Port Mirroring Advanced LAN Port Mirroring O Disable Enable Mirroring Port Port 3 Mirrored Port s Port 1 Port 2 Port 3 Port 4 Apply Cancel Enable Disable Click Disable to disable this function Click Enable to activate this function Mirroring Port Select a port to view traffic sent from mirrored ports Mirrored Port s Click which ports are necessary to be mirrored After finishing the settings please click Apply 4 3 9 LAN VLAN Setup Virtual LANs VLANs are logical independent workgroups within a network These workgroups communicate as if they had a physical connection to the network However VLANs are not limited by the hardware constraints that physically connect traditional LAN segments to a network As a result VLANs allow the network manager to segment the network with a logical hierarchical structure VLANs can define a network by application or department For instance in the enterprise a company might create one VLAN for multimedia users and another for e mail users or a company might have one VLAN for its Engineering Department another for its Marketing Department and another for its guest who can only use Internet not Intranet VLANs can also be set up according to the organization structure within a company For example the company president might have his own VLAN his executive staff might have a different VLAN and the remaining employees might have yet
62. modify an existed rule entry Advanced SNMP SNMP Community Edit Community Hostinask Max Access Community Host mask Max Access Apply Dray Tek Read only Readhrite Apply Cancel Type the community string e g public for SNMP Assign a value of subnet mask for host IP address Select the authority as Read only or Read Write Read only means user only can monitor managed devices Read Write means user can control managed devices including change the values of variable stored within managed devices Click Apply to save this setting and return the previous page 146 Vigor3300V Series User s Guide To delete an item click the radio button of the item that you want to delete Then click Delete on the bottom of the page to remove the entry A dialog will be prompted for you to ask confirmation Click OK SNMP Traps In managed network by SNMP protocol agent will send a specific packet as an attention for administrator called Trap Trap is the only PDU Protocol data unit sent by an agent on its own initiative It is used to notify the management station of an unusual event that may demand further attention like a link down Choose SNMP Traps option to see the following page EMS SNMP Traps a Trap Server Trap Community Trap server port e 3 4 5 6 7 8 9 O 10 1 Edit Delete Delete All Trap Server Display the IP address of the trap server Trap Co
63. network connection settings is OK For Windows The example is based on Windows XP As to the examples for other operation El systems please refer to the similar steps or find support notes in www draytek com 1 Goto Control Panel and then double click on Network Connections Jetwork Connections 2 Right click on Local Area Connection and click on Properties Disable Status Repair Bridge Connections Create Sharkcut Rename Properties 3 Select Internet Protocol TCP IP and then click Properties ethO Properties General Authentication Advanced Connect using BS ASUSTek Broadcom 440 10 100 Ir Configure This connection uses the following items El Client tor Microsoft Networks a File and Printer Sharing for Microsoft Networks fm 0s Packet Scheduler Internet Protocol TCP IP Description Transmission Control Protocol lnternet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected Notify me when this connection has limited or no connectivity Dray Tek 220 Vigor3300V Series User s Guide 4 Select Obtain an IP address automatically and Obtain DNS server address automatically Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports thie capability Otherwise
64. of WAN Interleaving interface The smaller the bandwidth is the smaller the packet will be Such activity can reduce the time delay of packet transmitting Meanwhile the VoIP packets will be inserted in the front of queue of signal for transmitting quickly and obtaining best audio quality Please check this box to invoke this function shrinking the packet for fast sending Vigor3300V Series User s Guide 211 Dray Tek 4 7 8 NAT Traversal NAT traversal is a challenge that all Service Providers looking to deliver public IP based voice and multimedia services must solve The goal of this function is to provide secure connection to subscribers behind NAT Network Address Translation devices and Firewalls Overcoming this traversal problem will lead to widespread deployment of profitable voice and multimedia over IP services to any subscriber with broadband connection VoIP NAT Traversal NAT Traversal Disable O Manual ly Input NAT IP Address Auto Discover NAT IP Address Symmetric Media Disable symmetric RTP and T 38 NAT Status Disable Manually Input NAT IP Address Auto Discovery NAT IP Address Dray Tek NAT IP Address Semi auto need to config NAT STUN Local Port STUN Server Address Full a uto no need to config NAT fonly for SIP 3476 stun fwdnet net STUN Server Port 3478 O Enable symmetric RTP and T 38 NAT Type WA Local IP Address 172 16 3 229 WAN
65. org Apply Cancel Clear ThisPage Speed Dial Phone Number Type the phone number to be used as quick dial Speed Dial Destination Type the destination address of the dial Memo Type a description for the specified number Apply Click this button to activate the page settings Clear This Page Click this button to remove all the settings in this page 4 7 4 Dial Plan Dial Plan defines how V3300V handles the outgoing number that the user dials Usually it would be tedious to dial a long digits number Therefore we could establish a dial plan pattern to simplify the dial process Up to 60 dial plan entries can be stored in Vigor3300V Vigor3300V Series User s Guide 205 Dray Te k VoIP Dial Plan Match String pein aa ae Prefix Add SIP IP Address pay Memo 1 2 3 4 O 5 6 O T 8 9 10 1 Delete Delete All Match String Display the pattern of a dial plan entry Min Length Display the minimum length of digits Max Length Display the maximum length of digits Prefix Strip Display the number of prefix digits to strip of the entry Prefix Add Display the prefix string to be added of the entry SIP IP Address Display the IP address of the destination of the entry Time Out Display the inter digits timeout value of the entry Memo Description for this entry Click Edit to modify the dial plan Below shows an example Match String 0x T Min Lenath 4 Max Length 10 Prefix Strip
66. pCANYVWWHEREdata TCP 5631 pcANYVWHERE stat UCF 5632 win C TFP 5900 4 3 3 RADIUS Setup A RADIUS Remote Authentication Dial In User Service is a security authentication client server protocol widely used by Internet service providers on other remote access service A RADIUS is the most common means of authenticating and authorizing dial up and tunneled network users The built in RADIUS client function allows you to extend the remote dial in user accounts to the RADIUS server Your user accounts will not be limited by built in accounts in VPN gt gt PPTP gt gt User Profile It also lets you centralize remote access authentication for network management Radius is a server for remote user authentication and accounting Its primary use is for Internet Service Providers though it may as well be used on any network that needs a centralized authentication and or accounting service A Radius supports a wide variety of authentication schemes A user supplies his authentication data to the server either directly by answering the terminal server s login password prompts or using PAP of CHAP protocols The Vigor 3300V supports Radius client function A user can configure some authentication information to do an authentication with Radius server In Vigor3300 Series it is only applied by VPN gt PPTP function In the Advanced group click the Radius option You will get the following page Advanced RADIUS Disable Enable Server IP
67. range of offenses or illegal materials Unlike traditional media the Internet does not have any obvious tools to segregate materials based on URL strings or content URL content filtering systems are seen as tools that would provide the cyberspace equivalent of the physical separations that are used to limit access to particular materials By rating a site as objectionable and refusing to display it on user s browser URL content filter can prevent employee on SME from accessing inappropriate Internet resources Instead of traditional firewall inspects packets based on the fields of TCP IP headers the URL content filter checks the URL strings or the payload of TCP IP packets Y Welcome to DrayTek Mozilla ioj xj File Edit View Go Bookmarke Tools Window Help 2 3 Em asea A 2 2 ah fo a such 4 Home gf Bookmarks f The Mozila Organization ff Latest Buualds The URL content filter in the series of broadband security routers inspects every URL string in the HTTP request If the entire or part of the URL string for instance http www draytek com as shown above matches any activated rule the first and the Vigor3300V Series User s Guide 155 Dray Te k following associate HTTP request will be blocked The system will discard any request which tries to retrieve the malicious code Notice that you must clear your browser cache first so that the URL content filter operates properly on a Web page that you visit
68. refer to Chapter 4 for detailed explanation 1 2 LED Indicators and Connectors Before you use the Vigor router please get acquainted with the LED indicators and connectors first The displays of LED indicators and connectors for the routers are different slightly The following sections will introduce them respectively If the model of router you have does not support ISDN and or VoIP function simply ignore the relational description Definitions for ISDN Ports Below shows the names that displayed on front panel of the device and the WEB UI of this device ISDN TE Terminal Equipment means an interface for transmitting analog signal through Internet between Switching and router Such interface is also named with ISDN SO extern in Germany ISDN NT Network Terminator is a port that used to connect general phone Such interface is also named with ISDN SO intern in Germany VoIP FXO Foreign exchange office is a port that used to connect to PSTN network VoIP FXS Foreign exchange station is a port that used to connect telephone set Dray Te k 2 Vigor3300V Series User s Guide 1 2 1 For Vigor3300V Vigor3300V DIP DV Description for LED p rm LAN r WAN IDMZ mke S Firewal 100 Q pwr act acs rox Factory Reset Pi P2 P3 P4 Pi P2 P3 P4 LED PWR Power Status Off Blinking Off ACT Activity WAN Blinking VPN Off
69. sections SIP Set up the SIP Server used for registration Ports Set up the account details g f Fa Nee VFN VoIP Router O VolP gt gt SIP Related Functions Setup eee Ward Conlin Siae ene fetii LAH MAT Farew alll SP Poi Peqesirar Proxy Applicai inna WPH and Remele Artes Dam amhaakn l Stun gena Syrem Haintenan te Dil ayn cnt Daiplay Harre Arpon Mare AMHR Gal id User Password After configuration please click OK to save the settings Note Do not set up the Proxy and Stun Server when calling through VPN While in 2200V firmware v2 5 5 4 the Proxy will be active if Use Registrar is enabled So make sure not click Use Registrar Vigor3300V Series User s Guide 73 Dr ay Tek 3 Enter VoIP DialPlan page and the first and second group of Speed Dial Phone Number lt i etn een VelP gt gt DiaiPlan Setup Bulck Sian Wiad Dalias Satis Indes Me 1 lnianej Manca LSH E niis Phone Munir Cag Mim VPM and Remete Accom HIP VEL i Dog miria b Haiii SIP Heledd pueih E CODEC RATP ETA B Woicg 20 Ghat Satiupg Prima Number Syren Maimenaste Diaa ConmSgursiign Di Seu esi Phone imda mambar Display Mana EIF LFI TELEN FIV FOLL YAN aaea Be ee 20 2000 Ports APH RPMS LES Dea 2 0 hang L d i Ph After configuration please confirm that the VPNs are established and they can communicate with each other Please refer to VPN IPSec LAN to LA
70. select required security protocols It determines the algorithms to use for the services and puts in place any cryptographic keys required to provide the requested services IPSec can be used to protect one or more paths between a pair of hosts between a pair of security gateways or between a security gateway and a host The Vigor3300 Series supports ESP Tunnel mode with IKE for key management Internet Key Exchange IKE Protocol a key protocol in the IPSec architecture is a hybrid protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated keying material for use with ISAKMP and for other security associations such as AH and ESP for the IPsec DOI 4 6 1 IPSec The IPSec services can provide access control connectionless integrity data origin authentication rejection of replayed packets that is a form of partial sequence integrity and confidentiality by encryption These objectives are met through the use of two traffic security protocols the Authentication Header AH and the Encapsulating Security Payload ESP and through the use of cryptographic key management procedures and protocols General Setup General Setup allows you to set MTU value for VPN The default number is 1400 VPN IPSec General Setup MTU 1400 lt 1500 Auto connect Enable Disable Apply Cancel MTU The default value is 1400 Auto connect If you click Enable for Auto connect once the packets ma
71. the IP mode you will see the following page IP Mode Static DHCP PPPoE PPTP Configuration Configuration IP Address Subnet Mask Default Gateway Primary DNS Secondary DNS IP Alias List 1k Static ODHCP OPPPoE O PPTP 172 16 3 229 Host Name 255 255 255 0 172 16 3 1 Domain Name Host Name and Domain Name are required for some ISPs 168 95 1 1 168 95 192 1 10 1 1 100 10 1 1 101 10 1 1 102 Next gt gt All the settings here are set by privately Your ISP will not provide these settings IP Address Subnet Mask Default Gateway Primary DNS Secondary DNS IP Alias List Type a private IP address to the WAN interface Type a subnet mask value to the WAN interface Type a private IP address to the gateway Type a private IP address to the primary DNS Type a private IP address to the secondary DNS Type other IP addresses to be bound to this interface This setting 1s optional If you have typed addresses here you can see and choose it in later web page settings e g Advanced gt gt NAT gt gt Port Redirection DMZ Host Thirty two IP addresses settings are allowed at one time After setting up the WAN interface click Next to setup the LAN interface continuously Dray Tek 14 Vigor3300V Series User s Guide Quick Setup LAN LAN IP DHCP IP Configuration IP Address Subnet Mask DHCP Server
72. the router will not send out any message about system log The IP address of the Syslog server If a user assigns an IP address of 0 0 0 0 the Syslog function will be disabled Then the router will not send Syslog packets to the Syslog server Type a port for the Syslog protocol Check this box to record the firewall log Check this box to record the VPN application log Check this box to record the user access log Such information will be seen in Syslog server Check this box to record the VoIP ISDN phone log Check this box to record the connection status log for WAN interface When Vigor3300V runs VoIP program for dialing VoIP phone calls information about VoIP starting restarting registered crashed and etc will be created at the same time Such information will be useful for the administrator to understand the running status of VoIP function and will be helpful for the administrator to solve the problems encountered Syslog protocol usually will classify messages into several levels facilities based on the service types Each facility Local useO Local use7 possesses items and services used generally The administrator can specify any one of the facilities used for VoIP function Such function can assist the administrator to identify which log containing VoIP information 96 Vigor3300V Series User s Guide Local use 6 we Local use 6 Syslog Severity Such feature is used to determine which types of er
73. used to limit user bandwidth Bandwidth Management Fo General Setup Limit Session H Limitation Table General Setup This function allows users to configure general settings for bandwidth management Click Network gt gt Bandwidth Management and then choose General Setup You will get the following page Network Bandwidth Management General Setup Limit Bandwidth Disable Enable Default TX limit 1024 Kbps Default RX limit 1024 kbps Apply Cancel Enable Disable Disables or enables this function Default TX Limit Define the default speed of the upstream for each computer in LAN The default value is 1024 Default RX limit Define the default speed of the downstream for each computer in LAN The default value is 1024 Apply After finishing the configuration please click this button to invoke these settings Limitation Table This function allows users to set limitation for bandwidth Click Network gt gt Bandwidth Management and then choose Limitation Table You will get the following page Dray Te k 124 Vigor3300V Series User s Guide Network Bandwidth Management Limitation Table Start IP 10 Start IP End IP TX Limit RX Limit Edit Delete Delete All End IP TX Limit RX Limit 1 Edit Delete Delete All Display the start IP address of bandwidth Display the End IP address of bandwidth Display the size limit for the transmitted packets Display the size limit for th
74. violating the DoS configuration is reported and the attack is mitigated Vigor3300V Series User s Guide 153 Dr ay Te k Firewall DoS C Enable SYN flood defense LJ Enable UDP flood defense C Enable ICMP flood defense LJ Enable Port Scan detection C Block IF options L Block Land C Block Smurf C Block trace route Cl Block SYN fragment Block Fraggle Attack DoS Defense Enable SYN Flood Defense Enable UDP Flood Defense Enable ICMP Flood Defense Enable Port Scan Detection Enable Block IP Options Enable Block Land Dray Tek Packets sec Timeout jio see Packetsisec Timeout 10 eee Packets sec Timeout j0 see Packets sec Threshold Threshold Threshold Hill Threshold C Block TCP flag scan Block Tear Drop C Block Ping of Death C Block ICMP fragment C Block Unknown Protocol Apply Cancel Enables or disables the DoS Defense function The default value is Disable Activates the SYN flood defense function If the amount of TCP SYN packets from the Internet exceeds the user defined threshold value the router will be forced to randomly discard the subsequent TCP SYN packets within the user defined timeout period The default setting for threshold and timeout are 300 packets per second and 10 seconds respectively Activates the UDP flood defense function If the amount of UDP packets from the Internet exceeds the user defined threshold value the router will
75. you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Use the folowing ONS server addresses ees For MacOs 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure Pv4 0900 __ Network mae y Show All Displays Sound Network Startup Disk Location Automatic Show Built in Ethernet m IP Address 192 168 1 10 Renew DHCP Lease Subnet Mask 255 255 255 0 DHCP Client ID If required Router 192 168 1 1 DNS Servers Optional Search Domains Optional IPv6 Address fe80 0000 0000 0000 020a 95ff fe8d 72e4 Configure IPv6 Sooner re Click the lock to prevent further changes Assist me Apply Now Vigor3300V Series User s Guide 221 Dr ay Te k 5 3 Pinging the Router from Your Computer The default gateway IP address of the router is 192 168 1 1 For some reason you might need to use ping command to check the link status of the router The most important thing is that the computer will receive a reply from 192 168 1 1 If not please check the IP address of your computer We suggest you setting the network connection as get IP automatically Please refer to the section
76. z Profile Status User Name Group 1 2 O 5 O O O 3 10 1 Edit Delete Delete All Profile Status Display status disable or enable for this entry Vigor3300V Series User s Guide 187 Dray Te k User Name Group Edit Delete Delete All The user name for this entry The group for this entry Allow you to edit the selected group Allow you to remove the selected group Allow you to remove all of the groups To add or edit a user profile click Edit for the selected entry VPN User Profile Edit Profile Status Disable Enable UserName i User Password C Enable Mobile One Time Passwords mOTP PIN Code i Secret Group A Profile Status User Name User Password Enable Mobile One Time Password mOTP Group Apply Cancel Click Enable to invoke such entry Type the user name for this entry Type the password for this entry Check this box to make the authentication with mOTP function mOTP Mobile OTP is a free authentication solution for mobile devices like phones PDAs and so on It is based on time synchronous of one time password Such function can authenticate users at routers firewalls web servers access points and etc PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 Choose a proper group A B C o
77. 0 9 0 9 90 6 1 Refresh Edit Delete Delete All Significant fields will be summarized in the IPSec Table Operational Status reflects the current status of the tunnel UP means the IPSec tunnel has been established DOWN means no tunnel existing or termination status of the tunnel If user expects the local gateway to act as the IKE initiator 1 e emit the first IKE main mode message user can click the hyperlink Initiate to start the IKE negotiation or set admin status to be always on to automatically restart IKE negotiation During the negotiation you can press Refresh to show the latest status of all policies VPN Trunk Policy Table VPN trunk includes two features VPN backup and VPN load balance Features of VPN TRUNK VPN Backup Mechanism VPN TRUNK Management is a backup mechanism which can set multiple VPN tunnels as backup tunnel It can assure the network connection not to be cut off due to network environment blocked by any reason gt VPN TRUNK VPN Backup mechanism can judge abnormal situation for the environment of VPN server and correct it to complete the backup of VPN Tunnel in real time gt VPN TRUNK VPN Backup mechanism is compliant with all WAN modes single multi gt The web page is simple to understand and easy to configure Filly compliant with VPN Server LAN Sit Single Multi Network v gt Syslog support please refer to System gt gt SysLog for detailed configuration Features of
78. 04 0 0 Transparent G 729A RFC2833 5 FXO V 5 1005 0 0 Transparent G 729A RFC2833 6 FXO V 6 1006 0 0 Transparent G 729A RFC2833 7 FXO V 7 1007 0 0 Transparent G 729A RFC2833 8 FXO V 8 1008 0 0 Transparent G 729A RFC2833 6 Check the VoIP Status Please enter the VoIP Status SIP Status page first and wait one or two minutes The time depends on SIP Server s response speed and the network condition OK means the registration is successful Failed means the registration is failed VoIP SIP Status Refresh Option No Refresh v Refresh Register Status Register Status Register Status Register Status 1 9 17 25 2 10 18 26 3 11 19 27 4 12 20 28 5 13 21 29 6 14 22 30 7 15 23 31 8 16 24 32 Next please enter VoIP Status Port Status This page will display calling information from Port 1 Port 8 Idle means there is no conversations on Port 1 Port 8 VoIP Status Refresh Option No Refresh v Refresh Call Status aa eee email Start Time eee age RTP RTP Statistic i iaia VAD i 1 1 Idle 2 1 Idle 3 1 Idle 4 1 Idle 5 1 Idle 6 1 Idle 7 1 Idle 8 1 Idle PS Packets Sent OS Octets Sent PR Packets Received OR Octets Received PL Packets Lost Jl Interarrival Jitter Estimate ms LA Avg T Delay ms Vigor3300V Series User s Guide 33 Dray Te k Note This page will automatically refresh based on the setting configured in Refresh Option You may click Refresh button to renew immediately Con
79. 2 1002 2 All Ports 3 0O 1003 1003 3 All Ports 4O 1004 1004 4 All Ports 5 O 1005 1005 5 All Ports 6 1006 1006 6 All Ports 70 100 1007 7 All Ports 8 1008 1008 8 All Ports 1234 Delete Delete All Port Settings This page displays the basic settings for each port Click the Edit icon in the Phone Number page to enter the Edit page Then you can configure this port Vigor3300V Series User s Guide 45 Dr ay Tek VoIP Port Settings Type Active SIP Account pe nee Hotline Mic Spk Gain FAX Codec DTMF 1 ISDN NT V 1 1001 0 0 Transparent G 729A RFC2833 2 ISDN TE V 2 1002 0 0 Transparent G 729A RFC2833 3 ISDN NT V 3 1003 0 0 Transparent G 729A RFC2833 ISDN TE V 4 1004 0 0 Transparent G 729A RFC2833 gt RRR RRA s OR VoIP Port Settings Edit Type Active SIP Account een Hotline Mic SpkGain FAX Codec DTMF 1 E FXS V 1 1001 0 0 Transparent G 729A RFC2833 2 FXS V 2 1002 0 0 Transparent G 729A RFC2833 3 FXS V 3 1003 0 0 Transparent G 729A RFC2833 4 FXS V 4 1004 0 0 Transparent G 729A RFC2833 5 FXO V 5 1005 0 0 Transparent G 729A RFC2833 6 FXO V 6 1006 0 0 Transparent G 729A RFC2833 7 FXO V 7 1007 0 0 Transparent G 729A RFC2833 8 FXO V 8 1008 0 0 Transparent G 729A RFC2833 Port Settings Port Edit Configure related VoIP settings for each port respectively VoIP Port Settings Port1 Edit Port 1 FXS Disable Enable Default SIP Accounts 1 1001 VolP IP Address WAN Hotline Hotline N
80. 2 and Port 4 are switchable between NT and TE mode Port 1 Port 4 are fixed in NT mode if you have installed ISDN All TE module in the router Set the type for Vigor router the same as the one that your ISDN service provider uses P MP Choose this item to specify Point to multipoint telecommunications as ISDN type P P Choose this item to specify Point to point telecommunications as ISDN type MSN Numbers mean that the router is able to accept only number matched incoming calls In addition local ISDN network provider should support MSN services The router provides ten fields for MSN numbers Note that MSN service must be acquired from your local telecom operators 1 10 fields Fill in the portion that is different with the own number If the MSN number of ISDN phone matches with the configured MSN number the ISDN phone will uses default account which matches with MSN number pre configured Example Suppose ISDN phone is connected to Port 5 with MSN number set 51 The router uses the default ten MSN number from 51 59 When a user calls out via ISDN phone the router finds that the MSN number of the ISDN phone matches with the first configured MSN number Then the router will use the SIP account set for MSN number 51 for calling out It determines the default direction for the call route of the router VoIP The router is set by using VoIP call To change VoIP call into ISDN call via ISDN TE port please dial the cha
81. 29 2900V_Port1 j 3 s 4 5 Example 101 101 iptel org Apply Cancel Clear This Page VoIP gt DialPlan Setup Phone Book Index No 1 Loop through None Enable Phone Number Display Name SIP URL olog Dial Gut Account Cd Backup Phone Number J Ov Vigor3300V Series User s Guide Dray Tek 3 3 6 Example 6 Practical Application of FXO Based on the VoIP Example 1 Basic Configuration and Registration we will introduce the practical application of FXO Generally the practical application of FXO falls into the following two sections Connect to PSTN line By connecting 3300V s FXO Port 5 to a PSTN line VoIP is seamlessly integrated to PSTN line and allows you to call not only the remote VoIP user but also the remote PSTN user Also the PSTN user can call the VoIP user Below shows a scenario architecture graph 87654321 12345678 Port5 FXO 888835 Porti FAS 888829 Phone 1 Taiwan Port 1 FXS eerie Pieris 288833 Configuration table between 3300V and 2910V fwanip ___ PortNumber __ Phone Number _ Proxy __ Codec _ The number of the PSTN line connected into the FXO Port 5 on the 3300V is 12345678 The number of another PSTN line is 87654321 About VoIP basic settings please refer to VoIP Example 1 Basic configuration and registration Start to dial by using telephones Phone 1 calls Phone 3 gt Press 888835 After getting through you will hear the dial t
82. 331 You may refer to the figures shown below and VoIP Example 2 Basic Calling Method VoIP Speed Dial Speed Dial Phone Number Speed Dial Destination Memo 1 291 888829 2900V_Port1 j 3 s 4 5 Example 101 101 iptel org Apply Cancel Clear This Page VoIP gt DialPlan Setup Phone Book Index No 1 Loop through None Enable Phone Number Display Name SIP URL olog Dial Gut Account Cd Backup Phone Number Vigor3300V Series User s Guide CO Dray Tek 3 3 8 Example 8 Practical Application of ISDN TE Based on the Example 2 Basic Configuration and Registration for ISDN we will introduce the practical application of ISDN TE Generally the practical application of ISDN TE falls into the following two sections Connect to ISDN line By connecting 3300V s ISDN TE Port 5 to a ISDN line VoIP is seamlessly integrated to ISDN line and allows you to call not only the remote VoIP user but also the remote ISDN user Also the ISDN user can call the VoIP user Below shows a scenario architecture graph ISDN Phone 3 87654321 12345678 Port 5 SDN TE 888835 Port1 ISDN NT 888829 ISDN Phone 1 Taiwan Port11ISDN NT German ISDN Phone 2 888833 Configuration table between 3300V and 2910V WAN IP Port Number Phone Proxy Codec Number 3300V 220 135 240 207 LEQHLGSPNND __11888833 iptel_ _ G 729A The number of the PSTN line connected into the
83. 42 3 2 3 Practical Application of FXO card with PBX ccccccccccsseeeeeceeseeeeeseeeeeeeeeseeeeeeeeeeaeeeeessaaess 42 ee Ae ISDN NT and TE aris sciences vaert anai seats cece a e alai a a N a a a Na aa 43 3 2 5 Practical Application of ISDN NT with PBX s annnsnnnnnnnnnsnnnnnsennnnnsrnnnnensnnnnresnnnrrennnnrresnnrerenne 44 3 2 6 Practical Application of ISDN TE with PBX ccccccccseeeeeeeeeeeseeeeeceeeeeeeeesaeeeeeeeeaeeeeeeeaaaees 44 o VOM DASIC sennetiatesnuvtonsimemupnoeasiveseasatndeseuan E 45 3 3 VoIP and ISDN Examples c ccccccccecccsseeeeecsceseeeesccesneceescaenceesscaseeeeesecesneeenssceseeesscceseeeeses 51 3 3 1 Example 1 Basic Configuration and ReQistration ccccccccsseeeeeecseeeeeeeeeueeseeeeeeeeeeeeeesaaess 51 3 3 2 Example 2 Basic Configuration and Registration for ISDN cc eeccceseeeceeceeeeeeeeeeeeseeeeees 56 3 3 3 Example 3 Basic Calling M thod ccccccccccccceecseeeeeeeeeeeeeeseeeeeeeeeeessaeeseeeeeeeeesesaaeeeeeeeeeaaas 61 3 3 4 Example 4 VoIP over VPN cccceccccccsseeeeeseeeeeeseeeeeeeeeeeeeeueeeseeaeeesseaeeeeseaseeessaeeeesaageeeenaass 68 3 3 5 Example 5 Practical Application Of FXS ccccccccsccececesseeeeeeeseeeeeeseeeeeeeeeeseaeeeeeeeseaseeeeesaess 75 3 3 6 Example 6 Practical Application Of FXO ccccccccccceccsseeeeeeeeeeeeeeeseeeeseeeeeeeeeeeeseaeeeeessaaees 77 3 3 7 Example 7 Practical Application of ISDN NT ee
84. 6 3 4 Applications MAC Address 00 50 7F DD 15 18 Primary DNS VPN and Remote Access ist IP Address 192 168 1 1 Sponda DNS Certificate Management ist Subnet Mask 255 255 255 0 ga ay DHCP Server Yes WAN 2 Voli Primary DNS i Link Status Disconnected ISDN Secondary DNS MAC Address 00 50 7F DD 15 14 Wireless LAN Connection i sss VLAN VolP IP Address USB Application Port 1 2 Default Gateway n System Maintenance SIP registrar i n E Diagnostics Account ID change_me change_me 7 se rea ay A Register Wireless LAN ali eat a Codec MAC Address 00 14 85 08 69 19 In Calls 0 0 Frequency Domain Europe Out Calls 0 0 _ Firmware Version v2 01 10 10 5 4 _ Click SIP Account DialPlan SIP Accounts P Phone Settings Status Configure Port and Port2 by clicking Index number and 2 VoIP gt gt SIP Accounts SIP Accounts List Index Profile Domain Realm Proxy eee Ring Port Status 1 change_me J olP1 vorp2 ISDN 2 change me J oIP1 Dvor ISDN 3 change_me J oIP1 vor ISDN 4 change_me C volPi C volp2 ISDN 5 change_me olP1 L oIP2 JISDN 6 change_me J voIP1 O oIP2 ISDN R success registered on SIP serwer fail to register on SIP serwer NAT Traversal Setting STUN server stun fwdnet net SIP PING interval 150 sec Type relevant SIP Servers used for registration respectively Vigor3300V Series User s Guide 59 Dray Tek VoIP gt gt SIP Accounts SIP Account Index No 1 Prof
85. 729A Suppose there are two PSTN lines connected to PBX s Outside Lines The third Outside Line is connected to 3300V s FXS Port1 The Inside Line is connected to a telephone with the extension 101 If the extension wants to dial VoIP using Line 3 you must firstly press 3 and then dial the phone number Vigor3300V Series User s Guide 75 Dr ay Te k Example of lines connections Bx Phone Number Line3 3 888833 Start to dial by using telephones Phone 1 calls Phone 2 gt Press 3 after hearing the dial tone press VoIP number 888829 Phone 2 calls Phone 1 gt Press 888833 after getting through you will hear the auto reply from the PBX Then press the extension 101 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press This example is the intercommunication with one SIP Proxy Server For the applications of Direct IP Call and Intercommunication with different SIP Proxy Servers please refer to 3 3 3 Example 3 Basic Calling Method The VoIP call can also wok with VPN please refer to 3 3 4 Example 4 VoIP over VPN Also you can set up the Speed Dial entry To accommodate the extension please set up 888829 to 291 888833 to 331 You may refer to the figures shown below and 3 3 3 Example 3 Basic Calling Method VoIP Speed Dial Speed Dial Phone Number Speed Dial Destination Memo 1 291 8888
86. 835 Caer eee i see eee Router Portt ISDN NT i 888829 f ISDN Phone 1 Taiwan ISDN Phone 2 German ISDN Phone 3 101 Port 1 ISDN NT 888833 Vigor3300V Series User s Guide 83 Dray Te k Configuration table between 3300V and 2910V Jane Phone None 3300V 220 135 240 207 RortlUSDN N1DD__1888833 iptel _ G 729A PortS ISDN TE _ 888835 ipte _ G 729A 2910V__ 61 31 167 135 _ Port1GSDN NT _ 888829 ipte _ G 729a Suppose the number of PBX s Outside Line is 12345678 One Inside Line is connected to a telephone with the extension 101 If you want to use PSTN from the extension you must firstly press 0 and then dial the phone number The ISDN TE Port5 on the 3300V is connected to PBX s Inside Line with the number 102 The number of another PSTN line is 87654321 About VoIP basic settings please refer to VoIP Example 2 Basic configuration and registration for ISDN Start to dial by using telephones Phone 1 calls Phone 2 gt Press extension 102 After getting through you will hear the dial tone then press the VoIP number 888833 Phone 1 calls Phone 3 gt Press extension 102 After getting through you will hear the Dial tone then press the VoIP number 888829 Phone 2 calls Phone 1 gt Press 888835 After getting through you will hear the Dial tone then press the extension 101 Phone 2 calls Phone 4 gt Press 888835 After getting through you will hear the Dial tone Press outsid
87. DP 6667 L2TP UDP 1701 NEWS TCP 144 NFS UDP 2049 NNTP TCP 1193 PING IP 1 POP3 TCP 110 PPTP TCP 1723 ql RCHDCTCP 512 REAL AUDIO TCP 7070 RTSP TCP UDP 554 SFTP TCP 115 SMTP TCP 25 SNMP TCP UDP 161 SNMP TRAPS TCP UDP 162 SOL NET TCP 1521 SoH TCP UDP 22 SYSLOG UDP 514 TELNET TCP 23 TFTP UDP 69 FTP TCP 20 21 v There are three options TCP UDP and TCP UDP Choose the one you need lt Type the port range number for source destination port of this filter There are three options Basic Only the DiffServ CodePoint Type field can be io Dray Tek configured Advanced Only the DiffServ CodePoint field can be configured None No field allowed to be configured DiffServ CodePoint Type There are twenty one types supported precendence precendence precendence precendence precendence precendence precendence CLASS 1lfLow Drop CLASS 1f Medium Drop CLASS Lihigh Drops CLASS 2iLov Drop CLASS 2 Medium Drop CLASS High Drop CLASS 3iLoy Dropit CLASS 3 Medium Drop CLASS 3 High Drop CLASS 4 Low Drop CLASS 4 Medium Drop CLASS 4iHigh Drop CLASS DiffServ CodePoint The number by hex mode to be applied Class Choose a filtering condition to be applied All the class names set in Incoming Outgoing Class Setup page will be displayed in this field 4 6 VPN and Remote Access Setup This page allows you to setup the configuration of VPN an
88. Desktop Type Installation Rubber pads are included with the Vigor3300V Series These rubber pads improve the air circulation and decrease unnecessary rubbing on the desktop Vigor3300V Series User s Guide 9 Dr ay Tek Dray Te k 10 Vigor3300V Series User s Guide Chapter 2 Configuring Basic Settings For use the router properly it is necessary for you to change the password of web configuration for security and adjust primary basic settings This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully Be aware that only the administrator can change the router configuration 2 1 Changing Password To change the password for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly 1 Notice You may either simply set up your computer to get IP j dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of this guide 2 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password Please type default values on the window for the first time accessing The default value for user name is draytek and the password is 1234 Next click OK Login to
89. Display Name 291 0 _Portt_iptel Account Number Name 556829 n mep aps C Authentication ID 65686829 Configuration Example for Vigor3300V Enter VoIP Speed Dial page configure relevant settings for 2910V s Portl1 Speed Dial Phone Number type 2901 Speed Dial Destination Cal lee s Number IP type 888829 61 31 167 135 Memo To facilitate ease differentiation please type 2910V_Port1_IP Click Apply to save the settings and finish the configuration VoIP Speed Dial Speed Dial Phone Number Speed Dial Destination Memo 1 2901 58882906 1 31 167 135 2910 _Part1_IP 4 Example 101 101 iptel org Apply Cancel Clear This Page Dray Te k 62 Vigor3300V Series User s Guide Configuration Example for Vigor2910V l Open the Web interface of the router and open VoIP menu wa Vigor2910 Series Dual WAN Security Router Quick Start Wizard System Status Dray Tek www draytek com Online Status Model Name DrayTek Vigor2910 Firmware Version 3 2 1_RC2 WAN Build Date Time Tue Jul 29 18 35 51 48 2008 ne System WAN 1 as CPU Usage 12 Link Status Connected Firewall Total Memory 16M MAC Address OO 50 7F DD 15 19 Objects Setting Memory usage 61 Connection Static IP CSM g IP Address 172 16 3 229 Bandwidth Management LAN Default Gateway 172 16 3 4 Applications MAC Address 00 50 7F DD 15 18 Primary DNS VPN and Rem
90. Do not set Stun Server when calling through VPN STUN server External IP Vigor3300V Series User s Guide 71 Dray Tek Type relevant SIP Servers used for registration respectively Set LAN VPN as Register via for Port and Port2 VoIP gt SIP Accounts SIP Account Index No 1 Profile Name 11 char max Register via LANAVPN C make call without register SIP Port 5060 Domain Realm iptel org 63 char max 3 Proxy iptel arg 63 char mas J Act as outbound proxy Display Name 29170 _Port _iptel 23 char mas Account Number Name 888829 63 char max O Authentication ID 880029 63 char mas Password pees 68 char max Expiry Time eoo sec NAT Traversal Support Ring Port volpi L olIP2 ISDN Ring Pattern After configuration please click OK to save the settings Vigor2910 series will go to VoIP gt gt SIP Account page automatically 2 Open VoIP gt gt DialPlan and click Phone Book Add the first and second group of Speed Dial Phone Number VoIP gt gt DialPlan Setup Phone Book Index Phone number Display Name SIP URL heel Loop through peered ee Status ila 3301 poo0ada1S Default Mone x 2 29201 bode 219 Default None x 3 Default None W 4 Default None Dray Te K 12 Vigor3300V Series User s Guide Configuration Example for Vigor2200V 1 Enter 2200V s Web and click VoIP SIP Related Function page SIP related function of 2200V 2 Setup Port 1 This page falls into two
91. IP Address 172 16 3 229 Apply Cancel Disables this function The feature is used if Vigor3300 has a public WAN IP address and not behind a NAT router NAT IP Address Type the IP address to be used as the NAT IP address The feature is used when Vigor 3300V is behind a NAT router and the NAT router uses a static WAN IP address This value is the same as the WAN IP of the front NAT router It is used when Vigor3300 is behind a NAT router and the NAT router uses a dynamic WAN IP address such as a DHCP or PPPoE client The Vigor3300 requires a STUN server for this option The STUN Simple Traversal of UDP through NATs server 1s an implementation of the STUN protocol that enables STUN functionality in SIP based systems It is an application layer protocol that can determine the public IP and nature of a NAT device sitting between the STUN client and STUN server Semi auto need to config NAT If you click this function the user needs to configure NAT information Full auto no need to config NAT only for SIP If you click this function the user does not configure NAT information STUN Local Port Type the port number of the STUN Server STUN Server Address Type the IP address of the STUN Server 212 Vigor3300V Series User s Guide Symmetric Media 4 7 9 Incoming Call Barring STUN Server Port Type the port number of the STUN server Disable symmetric RTP and T 38 Click thi
92. IP address of the destination that data will be transferred to Packets ready to destination will be sent out through the network interface chosen in this page Subnet Mask Assign a value of subnet mask for destination IP address Apply After finishing the configuration please click this button to invoke these settings Delete the Static Route Select the radio button of the item that you want to delete and click Delete on the bottom of the page The following web page will be displayed Advanced Static Route Network Interface Destination IP Gateway IP Mask 1 LAN 10 1 1 50 192 168 1 100 124 Microsoft Internet Explorer 4re you sure of deleting this item FO 91 ae Via lt QO 1 Edit Delete Delete All Click OK to delete the entry in static route table Users can click Delete All to remove all entries in static route table Vigor3300V Series User s Guide 129 Dray Te k 4 3 2 NAT Setup NAT Network Address Translation is a method of mapping one or more IP addresses and or service ports into different specified services It allows the internal IP addresses of many computers on a LAN to be translated to one public address to save costs and resources of multiple public IP addresses It also plays a security role by obscuring the true IP addresses of important machines from potential hackers on the Internet The Vigor 3300 Series is NAT enabled by default and gets one globally routable IP
93. If not the connection of WAN interface will be regarded as breaking down This function is available when Detect Type is set with Send PING or Send Http Request Set other IP addresses binding in this interface You can set up to 32 sets of IP alias settings If you have typed addresses here you can see and choose it in later web page settings e g Advanced gt gt NAT gt gt Port Redirection DMZ Host Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Click this button to clear all the configurations for this page If the WAN interface is set as a DHCP client the Vigor3300 Series will ask for IP network settings from the DHCP server or DSL modem automatically In general it is not necessary for users to manually configure the router However users can modify Connection Detection if required Static DHCP PPPOP TF Dilz TuUL Configuration Configuration Default Gateway 721631 Host Name and Domain Name are required for some ISPs ee 1500 Connection Detection Detect Type Send ARP to Gateway Detect Destination Host SY HP or Domain Mame Connection Detection Vigor3300V Series User s Guide Apply Reset Cancel Detect Type Select a detecting type for this WAN interface There are three ways Send ARP to Gateway Send PING and Send HTTP Request supported in the router Send Http Re
94. N IP is 192 168 2 1 and the Subnet Mask is 255 255 255 0 Then users in the other departments can set IP address from 192 168 2 2 to 192 168 2 254 Vigor3300V Series User s Guide 33 Dr ay Te k 3 1 5 Example for the Companies in the Same Building There are four companies in the same building They share the broadband network and use the Vigor3300V router to achieve the load balance security and VoIP features In this case we can define four VLANs including VLANS VLAN6 VLAN7 and VLANS8 The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 is 192 168 3 0 and the subnet of VLANS is 192 168 4 0 Vigor3300V LAN 192 168 1 0 192 168 4 0 192 168 3 0 192 168 4 0 bo H3 Pi 5 5 t p ta os 3 3 Company A Company B Company C Company D Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLAN5 VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS type 5 to VLAN ID In the Member field choose p1 Then choose the Tagged for Frame Tag Operation in pl We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of company A 4 Inthe VLAN6 type 6 to VLAN ID In the Member field choose p2 Then choose the Tagged for Frame Tag Operation in p2 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from company B 5 Inthe VLAN7 type 7 to VLAN ID In the Member field choose p3
95. N Usage Example 2 Start to dial by using telephones Phone 1 call Phone 2 gt Press 2901 or 888829 192 168 29 1 Phone 1 call Phone 3 gt Press 2201 or 888822 192 168 22 1 Phone 2 call Phone 1 gt Press 3301 Phone 2 call Phone 3 gt Press 2201 or 192 168 22 1 Phone 3 call Phone 1 gt Press 3301 Phone 3 call Phone 2 gt Press 2901 or 192 168 29 1 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press Dray Tek 74 Vigor3300V Series User s Guide 3 3 5 Example 5 Practical Application of FXS Based on the VoIP Example 1 Basic Configuration and Registration we will introduce the practical application of FXS Generally the practical application of FXS falls into the following two sections Connect the telephones Please refer to VoIP Example 1 Two VoIP equipments call with each other Connect PBX s Outside Lines The usage is the same as that of PSTN line Different PBX has its own settings and required configuration by you Below shows a scenario architecture graph Sess sees tie wees wees Line 1 Line 2 Port 1 FXS 888833 Router Port1 FXS 888829 EEE Phone 1 Taiwan German 101 Phone 2 Configuration table between 3300V and 2910V WAN IP __ PortNumber___ Phone Number Proxy Codec _ 2910V 61 31 167 135 Port1 FXS 888829 iptel G
96. NS Lease Time Min Set a lease time for the DHCP server The time unit is minute Gateway IP Optional Set a gateway IP address for the DHCP server Next click DHCP Relay Agent tab to set DHCP server if required Quick Setup LAN DHCP Relay Relay Agent WAN Interface WANI w DHCP Server IP Address lt lt Previous Finish WAN Interface Choose the WAN interface for such connection DHCP Server IP Address Type an IP address for the DHCP server Next click IP Routing tab to set routing path for each WAN interface if required Quick Setup LAN DHCP Relay LAN IP DHCP Agent IP Routing WAN1 Status OcEnable Disable IP Address Subnet Mask WAN2 Status OcEnable Disable IP Address Subnet Mask WANS Status OcEnable Disable IP Address Subnet Mask l 7 WAN4 Status OcEnable Disable IP Address Subnet Mask lt lt Previous When you finished the above settings please click Finish A system reboot page will appear Click Apply to activate the PPTP mode configuration Dray Te k 22 Vigor3300V Series User s Guide Chapter 3 Applications 3 1 Application for 802 1 VLAN 3 1 1 Block LAN to LAN Communication To control the communication of PCs among different network segments effectively please adjust firewall setting to deny LAN to LAN communication from Firewall gt IP Filter Group Table Thus PCs tha
97. NS server The Vigor3300V supports several domain server providers as Vigor3300V Series User s Guide 137 Dr ay Te k Server Type Domain Name Login Name Login Password Wild Card Backup MX Mail Extender default dyndns org www dyndns org id dyndns org vuy dyndns orgi no ip com www no 1p com DtDNsS fwww dtdns con t ChangelF con www changeip com dynamniccnaneserver www dynamilc nameserver com huagal net fwww ddn cn 3322 WWW ooce Org YigorDDNs www vigorddns com WWW Strata con Select Static Dynamic or Custom type for this entry of DDNS settings Assign a private domain name to be accessed Assign a name to login into DDNS server Assign a password to login into DDNS server If you want anything here yourhost dyndns org to work EX To make things like www yourhost dyndns org work click Enable to active this function MX stands for Mail Exchanger Mail Exchangers are used for directing mail to specific servers other than the one a hostname points at Assign an email address Click Apply to finish these settings and return to previous page Note 1 The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get more detailed information from their websites 2 Backup MX provides a secondary mail server to hold your e mail if your main email server go offline for any reason Once you go back online your email will be delive
98. O Enable 6 Disable Enable Disable Enable Disable O Enable g Disable O Enable 10 Disable Enable Apply Cancel Index The number of each entry Status User can Disable or Enable this port to be blocked Port Number Assign a port number to be blocked in system Click Apply to finish this setting 4 3 5 DDNS Setup The Dynamic DNS function allows the router to update its online WAN IP address which assigned by ISP or other DHCP server to the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet DDNS is more popular on dynamic IP users who typically receive dynamic frequently changing IP addresses from their service provider Dray Te K 136 Vigor3300V Series User s Guide Before you set up the Dynamic DNS function you have to subscribe free domain names from the Dynamic DNS service providers The router provides up to ten accounts for the function and supports the following providers www dynsns org Www no ip com www dtdns com www changeip com www ddns cn You should visit their websites for registering your own domain name on the router In the Advanced group click DDNS option You will get the following page Advanced DDNS Domain Name Server Provider Server Type Active Status il dyndns org dynamic Disable Not Connected 2 dyndns org
99. PN in this case it is mOTP and the VPN server IP address in this case it is 114 37 161 182 Cancel 4 Type the User Name in this case it is draytek and check Enable Mobile one time password mOTP 5 Press the button of Configure Secret for mOTP to generate the secrete number In this case Automatically generate secret is selected It will generate a 32 digit secret number automatically Next click Generate Configure Secret for mOTP Ex Automatically generate secret C Manually type and store secret secret gt _ Note To obtain fully secured authentication you d better use a Mobile device to generate or save the secret instead Such feature is used to experience Vigor mOTP function only Generate Cancel Vigor3300V Series User s Guide 87 Dr ay Te k 6 A 32 digit secret number is generated randomly Please click Copy Automatically generate secret Generated secret You should configure the router s secret as above Cancel 7 Fill this number in the field of Secret in VPN User Profile Edit of Vigor 3300V web page Then click Apply VPN User Profile Edit Profile Status ODisable Enable Enable Mobile One Time Passwords mOTP Secret 151b 1517 2ea8 4f1d 3935 1fh6 284a 1af5 Group Apply Cancel 8 In the field of Type of VPN choose the type of VPN in this case it is PPTP and click Require Encryption 9 Choose MS CHAP v2 as Authent
100. Phone r ia Taiwan German ISDN Phone Dray Tek 44 Vigor3300V Series User s Guide 3 2 VoIP Basic Protocol Select Protocol Select the communication protocol SIP or MGCP and the IP Address WAN or LAN VPN used by VoIP You need to configure relative settings at first Please refer to the figure below as an example of Vigor 3300V Quick Setup System Network Advanced Firewall Qos VPN 13 29 37 E Protocol H Select Protocol Port Settings SIP Accounts is lr a spesa p 3 Dial Plan Select Protocol siP OMGcP BM Miscellaneous Tone Settings SIP MGCP E as Configuration Configuration D NAT Traversal SIP Local Port 5060 fe Incoming Call Barring gt Call History z Outbound Proxy Proxy a P Active Proxy ae Proxy Address Port Registrar amp Tone Upload gt Domain 4 o E Status gt amp Contig Activate 2 F 3 P Example iptel iptel org iptel org iptel org Proxy User Agent Name 1 DrayTek V3300V 1 0 0 2 DrayTek V3300V 1 0 0 3 DrayTek V3300V 1 0 0 Apply Cancel Protocol SIP Accounts Router provides default configuration for SIP accounts You can click any one of the radio buttons and click Edit to modify the SIP account for your necessity VoIP SIP Accounts UserName Display Name Proxy Server Ring Port Ring Type orasini 1 100 1001 1 All Ports 20 100
101. Protocol IP Network IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address to identify its location on the network To avoid address conflicts IP addresses are publicly registered with the Network Information Centre NIC Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP IP local area networks LANs such as host PCs under the management of a router since they do not need to be accessed by the public Hence the NIC has reserved certain addresses that will never be registered publicly These are known as private IP addresses and are listed in the following ranges From 10 0 0 0 to 10 255 255 255 From 172 16 0 0 to 172 31 255 255 From 192 168 0 0 to 192 168 255 255 What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to th
102. S Octets Sent PR Packets Received OR Octets Received PL Packets Lost JI Interarrival Jitter Estimate ms LA Avg TX Delay ms Dray Tek 50 Vigor3300V Series User s Guide 3 3 VoIP and ISDN Examples There are many different kinds of applications about VoIP function Most of VoIP callings must be via a VoIP Server by registering except we can dial VoIP number by the IP address directly We will set up a basic configuration and registration as an example The other examples might be revised based on this example The VoIP function mainly depends on the requirement and application All the examples are based on example to revise configuration in accordance with the usage requirement and application Example 1 Basic Configuration and Registration Example 2 Basic Configuration and Registration for ISDN Example 3 Basic Calling Method Example 4 VoIP over VPN Example 5 Practical Application of FXS Example 6 Practical Application of FXO Example 7 Practical Application of ISDN NT Example 8 Practical Application of ISDN TE 3 3 1 Example 1 Basic Configuration and Registration In this case Vigor3300V uses a FXS card and a FXO card with four groups of iptel numbers and fwd numbers respectively The Codec is G 729A WAN IP address is 220 135 240 207 2910V has two VoIP Ports with an iptel number and the fwd number respectively The Codec is G 729A and the WAN IP is 61 31 167 135 Basic settings in Vigo
103. SDN line ISDN ALL TE Connecter for ISDN line Factory Reset button Used to restore the default settings Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration PWR Connecter for a power cord ON OFF Power switch Vigor3300V Series User s Guide 5 Dr ay Te k 1 3 Hardware Installation 1 3 1 Network Connection Before starting to configure the router you have to connect your devices correctly In this case we suppose you have FXS FXO module inserted into the router 1 Connect the power cord to Vigor3300V s power port on the rear panel and the other side into a wall outlet 2 Power on the device by pressing down the power switch on the rear panel The PWR LED should be ON 3 The system starts to initiate After completing the system test the ACT LED will light up and start blinking 4 Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of Vigor3300 Connect the other end of the cable RJ 45 to the Ethernet port on your computer that device also can connect to other computers to form a small area network The LAN LED for that port on the front panel will light up 6 Connect a server modem router depends on your requirement to any WAN port of Vigor3300V with Ethernet cable RJ 45 The WAN1 to WAN4 LED will lig
104. SIP Accounts User Name Display Name Proxy Server Ring Port Ring Type EREA 1 1001 1001 1 All Ports 2 1002 1002 2 All Ports 3 1003 1003 3 All Ports 40 1004 1004 4 All Ports 5 1005 1005 5 All Ports 6 O 1006 1006 6 All Ports 7 1007 1007 T All Ports 8 1008 1008 8 All Ports 1234 Delete Delete All You can set up to 32 SIP accounts To edit an existing SIP Accounts simply choose the radio button for the one you want to modify and click Edit Vigor3300V Series User s Guide 193 Dr ay Te k VoIP SIP Accounts Edit Disable Enable Username 1001 Password boas Display Name 1001 Authentication ID 1001 Proxy Server none v Call without f Registration Disable Enable VolP IP Address Call Forwarding Disable Callforwarding all calls Callforwarding busy Callforwarding no answer after Bo rings Range 1 10 SIP URL oi Example 8001 iptel org Subscribe for MWI Disable Enable Expires time s0 OOOO MWI Inform Play Special Dial Tone CLIP IncomingCall CLIP display Display name and number OutgoingCall CLIP hidden No hidden v Call Park Call Park Dial Number 700 IncomingCall Rings O Rings all ports in the group O Rings the first available port Rings by round robin Cl Force start form the port _and ring each port for seconds Ring Port Setting M P1 Any P2 O P3 Disable Enable Usern
105. SRA E A all E ft L Master and Slave have the same group number and virtual IF E Virtual MAC will be generated automatically by assigned Group Number Host Network Configuration obtained via DHCP client IF 192 166 1 11 Subnet Mask 255 256 255 0 Default Gateway 192 168 1 3 ARP Tabla 192 1768 1 3 00 00 5E 01 01 07 lf Master Activated 192 1768 1 1 00 00 5E 071 01 07 182 1768 1 2 00 50 TF 04 0B8 02 lf Slave Activated 2 168 1 1 00 50 2 1768 1 2 00 00 TF 0A 0E 01 BE 07 01 01 L Hosti Network Configuration obtained via DHCP client IF 192 168 1 12 Subnet Mask 255 255 255 0 Dafault Gateway 182 168 1 3 ARP Tabla 182 168 1 3 O0 00 5E 07 01 01 lf Master Activated 182 168 1 1 O0 00 5E 07 01 01 182 168 1 2 O0 50 TF 04 06 02 lf Slave Activated 182 168 1 1 O0 50 7F 04 0B 01 182 168 1 2 O0 00 5E 07 01 01 In the Network group click the High availability option High Availability Vigor3300V Series User s Guide Dray Tek Network LAN High Availability Basic Status 602 1Q Status High Availability Disable O Enable Group Number Range 1 255 Role Virtrual IP Slave Status Not sync Apply Cancel High Availability Disables or enables this function When the master device Group Number Role Virtual IP Slave Status fails down the slave device will take its work over Assign a group number The range is from 1 to 255 PCs on the same g
106. Se Miscellaneous St Tone Settings Tone Classfication Low Frequency Hz High Frequency Hz aaa S amp NAT Traversal Incoming Call Barring Ringing tone Busy tone bb Tone Upload Status Congestion tone Tone Timer Howler Tone Ringing Tone 18 Tone Dial Tone Busy Tone Special Dial Call Waiting Tone Tone Ww ow Oo Dray Tek 48 Vigor3300V Series User s Guide QoS Enable this function to ensure the quality of VoIP conversation The default value is Enable Quick Setup System VoIP QoS O Disable Enable Advanced QoS Link Fragmentation and interleaving NAT Traversal Network Advanced Firewall Qos non guaranteed voice quality higher data throughput guaranteed voice quality normal data throughput C For uplink bandwidth lt 768 kbps VPN A Contig Activate 13 23 28 Protocol gt Port Settings MB Speed Dial 2 LL Dial Plan p Miscellaneous Tone Settings Gos NAT Traversal i Incoming Call Barring b Call History bd Tone Upload gt Apply Cancel E Status b When the WAN interface of Vigor3300 is a private IP address the VoIP traffics must pass through the upper layer NAT router User can enable STUN function in order to make VoIP function can work smoothly Quick Setup System VoIP NAT Traversal NAT Traversal Disable Manually Input NAT IP Address Auto Discover NAT IP Address Symmetric Media Dis
107. Series User s Guide B Dray Tek Quick Setup LAN LAN IP DHCP WAN1 Status IP Address Subnet Mask WAN2 Status IP Address Subnet Mask WANS Status IP Address Subnet Mask WAN4 Status IP Address Subnet Mask DHCP Relay Agent O Enable Disable O Enable Disable O Enable Disable O Enable Disable IP Routing lt lt Previous When you finished the above required settings please click Finish A system reboot page will appear Click Apply to activate the static mode configuration Dray Tek 16 Vigor3300V Series User s Guide 2 2 2 DHCP Mode DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet If you choose DHCP mode the DHCP server of your ISP will assign a dynamic IP address for Vigor3300 automatically It is not necessary for you to assign any setting Host Name and Domain Name are required for some ISPs Simply click Next to setup LAN interface Quick Setup LAN DHCP Relay l LAN IP DHCP Fae IP Routing IP Configuration IP Address Subnet Mask DHCP Server Status Enable ODisable Relay Agent Primary OMS Secondary OMS Lease Time thin 440 I Gateway IP Optionall lt lt Previous Finish IP Address Type an IP address for the LAN interface Subnet Mask Type the subnet mask for the LAN interfa
108. Series User s Guide Dray Tek Byte In Display the bytes count received by this tunnel Packet Out Display the packets count sent out by this tunnel Byte Out Display the bytes count sent out by this tunnel Uptime Display the time duration since the tunnel is established Refresh Allow you to refresh current VPN status Disconnect Allow you to disconnect the select VPN connection 4 6 2 PPTP amp L2TP PPTP General Setup To configure the general setup for PPTP please click VPN gt gt PPTP amp L2TP gt gt General Setup gt gt PPTP General Setup VPN PPTP General Setup Status Active O Inactive PPTP Authentication CHAP v PPTP Encryption User Authentication Local O RADIUS Server Mutual Authentication Enable Disable UserName Password DNS Server Get DNS Server from LAN Setting Get DNS Server by Manual Setting primary DNS Secondary DNS Apply Cancel Status Set the function to Active or Inactive PPTP Authentication Allow you to choose an authentication mode to be used The default setting is CHAP PPTP Authentication PAP PAP CHAP H5 CHAP HS CHAP V2 PPTP Encryption Allow you to choose an encryption mode to be used If PPTP authentication mode is set to CHAP or PAP PPTP Encryption mode does not need to be set PPTP Authentication MS CHAF We PPTP Encryption Ho Encryption MPPE 40 bit
109. To delete a user certificate please click the index number that you want to delete and click the delete button A dialog box will appear to ask your confirmation Click OK to delete it or click Cancel to leave the dialog without deletion Microsoft Internet Explorer 2 Are you sure of deleting this User Certificate Item To view a user certificate please click the index number that you want to view the detailed information of the certificate and click the View button The following page will be shown for your reference VPN IPSec User Certificate 1 View Certificate Name Issuer NIANA iC TWIST Hsin ChwL Houko O DrayteWOU RD3 CN presto emailAddress pcho draytek com tw Subject iC TWiST Houkol L Hsin Chu O RDWOU DrayteKiCN 3300CA_0804 emailAddress pcho draytek com Valid From Aug 4 11 57 40 2005 GMT Valid To Aug 4 11 57 40 2007 GMT Back Status This page will show the VPN connection status VPN IPSec Status Name Status Algorithm Remote IP Remote Subnet packet Brem Packet e Uptime 1 2900V up DES_0 HMAC_SHA1 NO_PFS 61 230 211 232 192 168 29 0 24 13 716 12 624 29 Refresh Disconnect Name Display the name of the IPSec tunnel Status Display the status of the tunnel up or down Algorithm Display the algorithm used by this IPSec Remote IP Display remote IP address of the tunnel Remote Subnet Display remote subnet mask of the tunnel Packet In Display the packets count received by this tunnel 184 Vigor3300V
110. When DMZ Host type is set as Routing Mode please type the IP address here to be chosen in IP Alias in Advanced gt gt NAT gt gt DMZ Host Apply Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Reset Click this button to clear all the configurations for this page 4 2 2 Load Balance Policy Vigor3300V supports a load balancing function It can assign traffic with protocol type IP address for specific host a subnet of hosts and port range to be allocated in WAN interface User can assign traffic category and force it to go to dedicate network interface based on the following web page setup VoIP and VPN traffic can also be assigned to specific WAN ports In the Network group click the Load Balance Policy option You will get the following page Vigor3300V Series User s Guide 115 Dray Te k Network Load Balance Policy Protocol Source IP 01 0 60 9106 0 6 Protocol Source IP Subnet Mask Dest IP Subnet Mask Dest Port Start Dest Port End Network Interface Strict Bind Edit Delete Delete All Dest Port Dest Port Network Subnet Mask Dest IP Subnet Mask Strict Bind Start End interface Edit Delete Delete All Display the protocol used for this entry Display the source IP address specified for this entry Display the subnet mask address specified for the source IP of this entr
111. _ Port1 xs 888829 G 729A 2200V 161 230 207 146 Porti FXS 88822 O ooo G 729A About the VPN configurations please refer to VPN Example 3 three part communication About VolP basic configuration please refer to VoIP Example 1 Basic Configuration and Registration The following examples are modified which based on these two examples Configuration Example for Vigor3300V 1 Enter the VoIP gt gt Protocol gt gt Select Protocol page Disable all the Active entries by removing the V box After configuration please click Apply to save the settings VoIP Protocol Select Protocol siPp O MGCP SIP MGCP Configuration Configuration SIP Local Port 5060 Outbound Proxy Proxy Name Proxy Port Registrar Expires Port sec Active Proxy Address Registrar Addr Domain 1 2 0 2 FF Example iptel iptel org iptel org iptel org Proxy User Agent Name 1 DrayTek V3300V 1 0 0 2 DrayTek V3300V 1 0 0 DrayTek V3300V 1 0 0 Apply Cancel Vigor3300V Series User s Guide 69 Dray Te k 2 Dray Tek Or open VoIP gt gt SIP Accounts and click radio button Click Edit VoIP SIP Accounts UserName Display Name Proxy Server Ring Port 1001 1001 1 O 1002 1002 2 1003 1003 3 O 1004 1004 4 O 1005 1005 5 O 1006 1006 6 1007 1007 7 1008 1008 8 Set LAN VPN as VolP IP Address VolP SIP Accounts Edit Disable Enable Username 1001 Password ecco Display Name
112. a different VLAN VLANs can also set up according to different company in the same building to save the money and reduce the device establishment This router supports Virtual LAN only in LAN site User can select some ports to add into a VLAN group In one VLAN group the port number can be single one or more The purpose of VLAN is to isolate traffic between different users and it can provide better security application For Port Base VLAN There are three VLAN settings offered here for you to configure If you click Disable no configuration can be completed Please choose Port Base VLAN to open the following page Dray Te k 142 Vigor3300V Series User s Guide Advanced LAN VLAN Setting O Disable Port Base VLAN 902 10 VLAN Port Base VLANO VLAN1 VLAN WLAN P1 P4 VLAN 0 3 Apply Reset Vigor3300V Series User s Guide p OOO ji P4 OOBbBOs OeHOOSs aa Apply Reset Cancel Check the box to make the computer connecting to the port being grouped in the specified VLAN Be aware that each port can be grouped in different VLAN at the same time only if you check the box For example if you check the boxes of VLANO P1 and VLANI P1 you can make P1 to be grouped under VLANO and VLAN simultaneously This router allows you to set 4 groups of virtual LAN After finishing the settings please click Apply In addition you can click Reset to reset the VLAN setting as default A dialog will be pr
113. able Enable bb Tone Upload b Deny List IP Domain Remind Status gt amp Contig Activate Speed Dial Entries From 1 To 150 Apply Cancel Call History It can display 50 groups of calling information Quick Setup System Network Advanced Firewall Qos VPN 12 03 59 Protocol r S Port Settings TEE A aeree een Speeddial SA Dial Plan Refresh Option Refresh S amp Miscellaneous SQ Tone Settings Port Call Caller Callee Release 205 odec Packet DTMF Number Type Number Number Start Time End Time Duration Reason gt ype Period VAD Relay A NAT Traversal PS Packets Sent OS Octets Sent PR Packets Received OR Octets Received PL Packetglis Incoming Call Barring bhte ms LA Avg TX Delay ms St Call History bb Tone Upload DrayTek Corp Status yTek Enterprise Network Solutions amp Contig Activate Status Display current VoIP registering status and calling status Quick Setup System Network Advanced Firewall QoS VPN 12 05 15 Protocol Sy Port Settings SQ Speed Dial Dial Plan Refresh Option No Refresh w Refresh amp Miscellaneous VoIP Status A Tone Settings Call Caller Callee Remote RTP Re 2c Packet DTMF a me Number a Period VAP Relay Sy NAT Traversal 1 1 Idle Incoming Call Barring 1 2 Idle Sy Call History 2 1 Idle bp Tone Upload 2 2 Idle Status H Port Status 3 4 Idle amp Contig Activate SIP Status 3 2 Idle 4 1 Idle 42 Idle PS Packets Sent O
114. able modem users will use DHCP to get a globally reachable IP address from the cable head end system Different mode will lead different configuration and will be explained in later section Before you connect a broadband access device e g a DSL Cable modem to Vigor3300V you need to know what kind of Internet access your ISP provides The following sections introduce several widely used broadband access services Static PPPoE PPTP for DSL DHCP for Cable modem and DMZ In most cases you will get a DSL or cable modem from the broadband access service provider Vigor3300V is connected behind the broadband device i e DSL cable modem and works as a NAT or IP router for broadband connections Next we will introduce each WAN mode in detailed Vigor3300V Series User s Guide 109 Dray Te k Static IP Setup It means that the IP group information for WAN interface is manually assigned by the user SPU PPPOEPPTP eee Configuration IF Address Subnet Mask Default Gateway Primary DMS Secondary DNS 168 95 192 1 MTU Connection Detection Configuration Ohl Host Name and Domain Marie are required for some ISPs Detect Type Send ARP to Gateway Detect Intervalfsec Mo Reply Count Detect Destination Host HP or Domain Mame IP Alias List ile a a a Dl BI IP Address Subnet Mask Default Gateway Primary DNS Secondary DNS MTU Host Name Domain Name Detect Type Dete
115. able symmetric RTP and T 38 NAT Status Network Advanced Firewall Qos NAT IP Address Semi auto need to config NAT STUN Local Port STUN Server Address STUN Server Port Enable symmetric RTP and T 38 VPN 13 22 32 E Protocol Port Settings p Speed Dial Dial Plan Miscellaneous Tone Settings Gos NAT Traversal E Incoming Call Barring NAT Type N A Local IP Address 127 0 0 1 WAN IP Address 127 0 0 1 Call History amp Tone Upload ig NAT only for SIP az Status b amp Contig Activate Apply Cancel Note The upper layer router must forward the UDP packets with port number 5060 for SIP protocol 13456 13486 for RTP and 49170 49200 for T 38 to the WAN IP address of Vigor3300V Users can define the port number s for their necessity Vigor3300V Series User s Guide 49 Dray Tek Incoming Call Barring Set This function can receive or reject the specific VoIP calling via Internet The rules are based on the speed dial number or IP Domain Quick Setup System Network Advanced Firewall Qos VPN 13 20 50 Protocol gt Sy Port Settings SQ Speed Dial A Dial Plan A Miscellaneous SQ Tone Settings Sy Gos Sy NAT Traversal VoIP Incoming Call Barring Set Barring Class Allow all incoming calls v Match Method Disable Enable Name Paninda Incoming Call Barring SS Call History Dis
116. access servers switches and bridges computers hosts or printers This function is to define a community string name An agent is a network management software module that resides in a managed device An agent has local knowledge of management information and translates that information into a form compatible with SNMP An NMS executes applications that monitor and control managed devices NMSs provide the bulk of the processing and memory resources required for network management One or more NMSs must exist on any managed network Vigor3300V Series User s Guide 145 Dray Te k There are two items for SNMP SNMP Community and SNMP Traps SNMP Community In general NMSs in the community exist within the same administrative domain Advanced SNMP SNMP Community Community 1 public co 00000000 0 10 Community Host mask Max Access Edit Delete Delete All Host mask Max Access R Ba d on ly 1 Delete Delete All Display the community string used for the specified entry Display the mask address for the host Display the authority read only or read write for this entry Allow users to edit the selected SNMP community settings Remove one all the selected SNMP community settings A dialog will be prompted for you to ask confirmation Click OK To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or
117. ach to a firewall and effectively acts as a proxy server as well In a typical DMZ configuration for a small company a separate computer or host in network terms receives requests from users within the private network for access to Web sites or other companies accessible on the public network The DMZ host then initializes sessions for these requests on the public networks However the DMZ host is not able to initiate a session back into the private network It can only forward packets that have already been requested Users of the public network outside the company can access only the DMZ host The DMZ may typically also have the company s Web pages so these could be served to the outside world If an outside user penetrated the DMZ host s security only the Web pages will be corrupted but other company information would not be exposed The service provider must provide the exact settings for this mode Dray Te k 114 Vigor3300V Series User s Guide atatic DHCR Configuration Pere FET DMZ Configuration EE a a Subnet Mask OoOo DMZ Host Type Outgoing Interface DMZ Host IP List Only Routing Mode 4 i Apply Reset Cancel IP Address Set the private IP address of WAN interface Subnet Mask Set the subnet mask value of WAN interface DMZ Host Type Choose NAT Mode or Routing Mode as the DMZ host type Outgoing Interface This setting is available when Routing Mode selected as DMZ host type DMZ Host IP List
118. al working conditions The warranty does not cover the bundled or licensed software of other vendors Defects which do not significantly affect the usability of the product will not be covered by the warranty We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes Web registration is preferred You can register your Vigor router via http www draytek com Due to the continuous evolution of DrayTek technology all routers will be regularly upgraded Please consult the DrayTek web site for more information on newest firmware tools and documents http www draytek com iv Vigor3300V Series User s Guide European Community Declarations Manufacturer DrayTek Corp Address No 26 Fu Shing Road HuKou Township HsinChu Industrial Park Hsin Chu County Taiwan 303 Product Vigor3300V DrayTek Corp declares that Vigor3300V of routers are in compliance with the following essential requirements and other relevant provisions of R amp TTE Directive 1999 5 EEC The product conforms to the requirements of Electro Magnetic Compatibility EMC Directive 2004 108 EC by complying with the requirements set forth in EN55022 Class A and EN55024 Class A The product conforms to the requirements of Low Voltage LVD Directive 2006 95 EC by complying with the requirements set forth in EN60950 1 Regulator
119. alue in Vigor router is Main mode Peer ID In Aggressive mode Peer ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characters Key Lifetime main The rekey renegotiated period of the IKE Phasel keying channel of a connection The acceptable range is from 5 to 480 minutes 8 hours Proposal main The proposed encryption and or authentication algorithms for IKE Phasel negotiation There are several proposals offered in this page with combination of three types of algorithms Encryption algorithms DES 3DES AES Authentication algorithms MD5 SHA1 DH Diffie Hellman Group MODP768 MODP1024 MODP1536 Vigor3300V Series User s Guide 171 Dray Te k Proposal des mdS modpy6e w Fe des nmnd5 modpr bg des md5 modpilz 4 des md5 modpi536 dea amp ha modp7 b8 des sha modpilz 4 des sha modpi536 3des md5 modp7bg 3des nmnd5 modpilz4 3des nmnd5 modpi53 3des sha modp7 bs 3des sha modpilz 4 3des sha modpib36 aes z2 8 md5 modpr6g aes z2 8 md5 modpil z 4 aes z28 md5 modpi536 aeslz8 sha modpr 68 aes 2 8 sha modpilz 4 aes 28 sha modpib36 Key Lifetime quick The rekey renegotiated period of the IKE Phase2 keying Proposal quick Accepted Proposal PFS Status Delay Timeout Dray Tek channel The acceptable range is from 5 to 1440 minutes 24 hours The proposed encryption and or authentication algorithms for IKE Pha
120. ame Password Display Name Authentication ID Proxy Server Call without Registration Dray Tek O P4 OPs O Pe O p7 O ps Apply Cancel Click the radio button to enable or disable the SIP account Define the account name or number Define the password for this account You can change it if required Define the name recognized by the remote end Type the name or number used for SIP Authorization with SIP Registrar Choose the proxy server pre configured in VoIP gt gt Protocol gt gt SIP Configuration for such account undefined proxy 1 undefined proxy z undefined proxy 3 If you want to make VoIP call without register personal information please choose Enable and check the box to 194 Vigor3300V Series User s Guide VoIP IP Address Call Forwarding Subscribe for MWI MWI Inform CLIP Call Park Vigor3300V Series User s Guide achieve the goal Some SIP server allows user to use VoIP function without registering The interface is used to apply VoIP traffics There are two options WAN and LAN VPN If LAN VPN is selected VoIP can be applied through a VPN tunnel to create a high security voice phone WAN iw 1 LAN YPH Disable Disable forwarding function Call forwarding all calls Forward all incoming calls to the specified SIP URL site Call forwarding busy Forward incoming calls to the specified SIP URL site when this line is busy Call forwarding no answer afte
121. an Match String gi ee ae Prefix Add SS Miscellaneous aay Memo 1 SQ Tone Settings Sy Gos 2 O A NAT Traversal 3 Incoming Call Barring 4 O S Call History amp Tone Upload 2 Status 6 O amp Config Activate T 8 O 9 O 10 O 1 Edit Delete Delete All Vigor3300V Series User s Guide 47 Dr ay Tek Miscellaneous Other related VoIP settings Quick Setup System Network Advanced Firewall Qos VPN 13 25 49 Protocol S amp Port Settings S amp Speed Dial S amp Dial Plan RTP Starting Port Sy Miscellaneous T 38 Starting Port 49170 Sy Tone Settings VoIP Miscellaneous S amp QoS T 38 Redundancy number 1 Range 0 4 Ny NAT Traversal Dialing Completion Timeout 4 sec Range 1 60 DEN li S amp Call History VoIP ToS oao Tone Upload Line Polarity Reversal as Callee on hook as Callee Answer A amp Contig Activate FXO auto disconnection if no packet is received in seconds Range 5 3600 0 no auto disconnection FXS On hook Tip Ring Voltage FXS Ringing Ringing Frequency 25 4 Hz Ringing Cadence On 2000 msec Ringing Cadence Off 4000 msec Apply Cancel Tone Settings There are optional built in 15 groups of tone for different regions and a group of tone User Defined can be configured by users Quick Setup System Network Advanced Firewall Qos VPN 13 24 36 Protocol S amp Port Settings VoIP Tone Settings BR speed Dial St Dial Plan Region UK Caller ID Type
122. ans that Vigor3300V plays the Slave role in high availability feature If there is only one Vigor3300V used in LAN this line will be blank Display the total number of received packets at the LAN interface Display the total transmitted packets at the LAN interface a Dray Tek WAN Status The status of WAN interface Static DHCP PPPoE PPTP or DMZ is shown in this page Simply click WAN Status tag to get the detailed There are four sets of WAN status can be shown in this page at one time The sample below just lists one set of WAN status for only WAN interface is used System Status Refresh Option No Refresh Refresh Basic Status LaNstatus E WANI IP Address 172 16 3 102 MAC Address Primary DNS Secondary DNS Gateway RX Packets TX Packets Connection Status Up Time WANS IP Address MAC Address Primary DNS Secondary DNS Gateway RX Packets TX Packets Connection Status Up Time IP Address MAC Address Primary DNS Secondary DNS Gateway RX Packets TX Packets Connection Status Up Time Connect Dray Tek 00 50 f 2fc4 c6 168 95 1 1 168 95 192 1 7276s 9867 684 connected 0 days 0 hours 3 minutes 47 seconds 00 50 7f 2f c4 t8 WAN2 IP Address MAC Address 00 50 7f 2f c4 c7 Primary DNS Secondary DNS Gateway RX Packets TX Packets Connection Status Up Time WANS IP Address MAC Address O0 50 7f 2f
123. are in a daze while dialing a phone call Vigor3300V will send it out automatically according to the Inter Digit TimeOut setting Type a description for this entry a Dray Tek When the caller dials 02111199999 Vigor3300V find the first digit is 0 This number is matched the setting in Match String Ox T Next Vigor3300V will delete the first digit number 0 and add 886 instead At last the new number 8862111199999 draytek com will be dialed out From the above figure we know the Max Length is set with 10 Therefore if the caller dials 035972727 only 9 digits he must dial immediately or wait for 4 seconds to send the call out Vigor3300V will change the number with 88635972727 yet the caller still dials 035972727 In addition when the caller dials 035 and is in a daze more than 4 seconds the phone number will be called out and be changed with 88635 draytek com directly by Vigor3300V Example VoIP Dial Plan a Match String 1 OT 2 OOT 1 7 pox 4 800000 5 Froccon 6 O XX tO 9011x T 8 O 9 10 O 4 7 5 Miscellaneous Min Max Prefix Length Length Strip Prefix Add SIP IP Address 1 32 0 A 172 16 1 13 1 32 0 4 172 16 1 13 1 32 0 4 172 16 1 13 1 32 0 4 172 16 1 13 1 32 0 4 172 16 1 13 1 32 0 1 172 16 1 13 3 o 9 1 172 16 1 13 Out Memo 8 entry 1 8 entry 2 8 entry 3 8 entry 4 10 entry 5 8 entn 6 8 entry 7 1 De
124. ase click Apply to invoke it To download a user certificate please click index number one with the status of Request Generated and click the Download button If not you might see the following dialog to warn you Microsoft Internet Explorer After you click the Download button the system will guide you to save the downloaded file newreq_RD computer_1l pem to a place that you assign File Download Save ir B Desktop Some hes can ham pour computes lithe hle information below E My Documents E v2800v g koki SUSPICIONS or you do mot fully trust line source donotopenor f S My Computer EVN _200tunnel zave Ihis file i E my Network Places Network Connections 2 5 3_RC4 File name mewreg_3300CA_i pem es File types E2900 cfg Frome 192 168 1 1 Would pou like to open the file of save it bo your computer e Always ask before opening this type of file To import a user certificate that you saved previously please click index number one with the status of Request Generated and click the Import button If not you might see the following dialog to warn you Microsoft Internet Explorer A You can import only when the stais is Request Genrated Vigor3300V Series User s Guide 183 Dr ay Tek After you click the Import button the system will guide you to import a saved file to a place that you want VPN IPSec User Certificate 1 Import Import User Certificate Apply Cancel
125. at is used to bind with the assigned IP address Dray Te k 160 Vigor3300V Series User s Guide Refresh It is used to refresh the ARP table When there is one new PC added to the LAN you can click this link to obtain the newly ARP table information IP Bind List It displays a list for the IP bind to MAC information Add It allows you to add the one you choose from the ARP table or the IP MAC address typed in Add and Edit to the table of IP Bind List Edit It allows you to edit and modify the selected IP address and MAC address that you create before Remove You can remove any item listed in IP Bind List Simply click and select the one and click Remove The selected item will be removed from the IP Bind List Note Before you select Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web configurator of the router might not be accessed 4 4 5 IM P2P Blocking IM Blocking means instant messenger blocking P2P is the short name of peer to peer You will see a list of common P2P applications You can define blocking rules such as specified an IP address for passing through or blocking for IM Instant Messenger P2P Peer to Peer application Firewall IM P2P Blocking Source IP Subnet Mask Action Option 9 9 9 9 90 9 9 9 9 lit Delete Delete All To edit IM P2P blocking rule please choose one of the radio buttons under
126. authentication The default value is PAP PAP PAP CHAF MS CHAP Ma LHAP Ve Type a service name required from ISP service After setting up the PPPoE click Next to setup the LAN interface continuously Quick Setup LAN LAN IP DHCP IP Configuration IF Address Subnet Mask DHCP Server Status Start IF End IF Primary DNS Secondary OMS Lease Time hin Gateway IPfQptional IP Address Subnet Mask Status Start IP End IP Vigor3300V Series User s Guide DHCP Relay Agent IP Routing 192 166 1 1 255 255 255 0 Enable Disable Relay Agent 1952 165 1 10 192 165 1254 440 ill lt lt Previous GaN Type the subnet mask for the LAN interface Type an IP address for the LAN interface Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Type the start IP address of the IP pool that DHCP server can use for clients in LAN Type the end IP address of the IP pool that DHCP sever can use for clients in LAN j Dray Tek Primary DNS Type the IP address for primary DNS Secondary DNS Type a private IP address to the secondary DNS Lease Time Min Set a lease time for the DHCP server The time unit is minute Gateway IP Optional Set a gateway IP address for the DHCP server Next click DHCP Relay Agent tab to set DHCP server if required Quick Setup LAN DHCP Relay Rela
127. before you want to use this function Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Assign an interval time for detecting if the WAN connection is on or off Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Click this button to make the connection of the WAN will be always on Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Click this button to clear all the configurations for this page PPTP with a DSL Modem Setup The service provider must provide the exact settings for this mode static DHCP DMZ Configuration Configuration Configuration User Name dray PPTP Local Address 1172 16 99 5 Password esoo PPTP Subnet Mask 255 255 0 0 Authentication PAP y PPTP Server Address 172 16 99 55 Service Name Always On Enable PPPoE IP Alias Enable MTU 1442 IP Address Assignment Method IPCP Fixed IP No Dynamic IP O Yes Fixed IP Address Connection Detection Detect Interval O E No Reply Count User Name Password Authentication Vigor3300V Series User s Guide Apply Reset Cancel Assign a specific valid user
128. bjects Setting Memory usage 61 Connection Static IP CSM ae E IP Address 172 16 3 229 Bandwidth Management LAN Default Gateway 172 16 3 4 Applications MAC Address 00 50 7F DD 15 18 Primary DNS VPN and Remote Access ist IP Address 192 168 1 1 ae a EE Certificate Management ist Subnet Mask 255 255 255 0 DHCP Server Yes WAN 2 VolP Primary DNS Link Status Disconnected ISDN Secondary DNS MAC Address OO SO 7F DD 15 1A Wireless LAN Connection Teas VLAN VolP IP Address USB Application Port 1 2 Default Gateway System Maintenance SIP registrar ia eae Diagnostics Account ID change_me change_me So Register i Wireless LAN fel aae ee Codec MAC Address 00 14 85 08 69 19 In Calls oO 0 Frequency Domain Europe Out Calls 0 0 Firmware Version 2 01 10 10 5 4 Click SIP Account DialPlan SIP Accounts Phone Settings Status Configure Port and Port2 by clicking Index number and 2 VoIP gt SIP Accounts SIP Accounts List Index Profile Domain Realm Proxy ena Ring Port Status 1 change_me J olP1 vorp2 ISDN 2 change_me oIP1 vor ISDN 3 change_me Oyo Dvor ISDN 4 change_me C volPi C volp2 ISDN 5 change_me J oIP1 L oIP2 JISDN 6 change_me oIP1 Dvor ISDN R success registered on SIP server fail to register on SIP server NAT Traversal Setting stun fwdnet net SIP PING interval 150 sec Note
129. c4 c9 Primary DNS Secondary DNS Gateway RX Packets TX Packets Connection Status Up Time Display the IP address of the WAN interface Display the MAC address of the WAN Interface Display the IP address of the primary DNS Display the IP address of the secondary DNS Display the IP address of the default gateway Display the total received packets for each WAN interface Display the total transmitted packets for each WAN interface Display the connection status of the WAN interface Display the total system uptime of the interface Click this button to make a connection manually 94 Vigor3300V Series User s Guide 4 1 2 Time As an NTP Network Time Protocol client the router gets standard time from the time server Some time based functions such as Call Schedule and URL Content filtering cannot work properly until the system time functions run successfully Typically NTP achieves high accuracy and reliability with multiple redundant servers and diverse network paths The Vigor3300 Series supports synchronization with a specific NTP server or the remote PC host of the administrator In the System group click the Time option The Time page is shown below System Time NTP Server gt re ata Care oe A 3 Time Zone GMT 00 00 Greenwich Mean Time Dublin Daylight Saving Time NotUse Ouse Update Interval 30 seconds M Apply Cancel Use Brows
130. can deploy different VoIP ISDN applications according to the requirements 3 2 1 FXS and FXO FXS Foreign eXchange Station and FXO Foreign eXchange Office are assembled with a pair A telecommunications line from an FXO device must be connected to an FXS device Similarly an FXS device must be connected to an FXO device For example PSTN is FXS equipment and a telephone is FXO equipment Telephone Telephone FXO FXO As for the Private Branch Exchange PBX it is more special because it has both FXS and FXO devices at the same time Outside lines of the PBX are usually connected to the phone line at this case the PBX acts as FXO equipment inside lines of the PBX are usually connected to telephones so the PBX acts as FXS equipment PBA Outside Lines FXO PBX Inside Line FXS Telephone Telephone FXO FXO Dray Te k 40 Vigor3300V Series User s Guide FXS equipment PSTN or inside lines of PBX FXO equipment Telephones FAX machines and outside lines of PBX Based on the characteristics described above that the FXS equipment and the FXO equipment must connect with each other please pay special attention when you use FXS card and FXO card FXS card This card can connect to the telephone FAX machine outside lines of PBX and FXO port on FXO card FXS Card Telephone PBA Inside Lines FXO Card FXO card This card can connect to PSTN inside lines of PBX and FXS port on FXS cards FXO
131. cated but not be encrypted ESP Specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted and Vigor3300V Series User s Guide 169 Dr ay Te k Dray Tek NAT Traversal WAN Interface Netbios Naming Packet Local Certificate Security Gateway Network IP Subnet Mask Next Hop Remote ID DHCP over IPSEC Security Gateway Network IP Subnet Mask authenticated Security Protocol Click Enable to let multi IPSec tunnels passing through this router Click Disable to close this function MAT Traversal Enable The WAN interface to be used WAN Interface Pass Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel The local certificate is active for authentication if the RSA Signature option is selected in the Authentication field These options come from the user certificate file The IP address of the local gateway s public network interface The keyword default can be used to represent the IP Address of the selected WAN Interface The subnet behind the local gateway The IP address of the next hop The keyword default can be used to represent the gateway IP address of the selected
132. ce Status Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Start IP Type the start IP address of the IP pool that DHCP server can use for clients in LAN End IP Type the end IP address of the IP pool that DHCP sever can use for clients in LAN Primary DNS Type the IP address for primary DNS Secondary DNS Type a private IP address to the secondary DNS Lease Time Min Set a lease time for the DHCP server The time unit is minute Gateway IP Optional Set a gateway IP address for the DHCP server Next click DHCP Relay Agent tab to set DHCP server if required Vigor3300V Series User s Guide 17 Dray Te k Quick Setup LAN DHCP Relay l Relay Agent WAN Interface VAN1 DHCP Server IP Address lt lt Previous Finish WAN Interface Choose the WAN interface for such connection DHCP Server IP Address Type an IP address for the DHCP server Next click IP Routing tab to set routing path for each WAN interface if required Quick Setup LAN DHCP Relay LAN IP DHCP Agent IP Routing WAN1 Status O Enable Disable IP Address Subnet Mask WAN2 Status O Enable Disable IP Address Subnet Mask WANS Status OcEnable Disable IP Address Subnet Mask WAN4 Status O Enable Disable IP Address Subnet Mask lt lt Previous When you finished the ab
133. col Paty Aki ose Regen Aili plal ong Fea iptal org TLE A fa ial pubes com mri fail pukei JE Dray Tek 56 Frasi ti PHI Doiii Vigor3300V Series User s Guide 2 Set SIP accounts e g username and proxy server by referring to the table Basic settings in Vigor 3300V and 2910V on last page VoIP SIP Accounts Edit Disable Enable Username 888833 Password sees Display Name 1001 Authentication ID 1001 Proxy Server iptel v Call without Registration Disable O Enable VolP IP Address WAN vw 3 Enter VoIP Port Settings page click the Edit icon of port 1 VoIP Port Settings Edit Type Active SIP Account per rg Hotline Mic Spk Gain FAX Codec DTMF 1 ISDN NT V 1 888833 0 0 Transparent G 729A RFC2833 2 ISDN NT V 2 888834 070 Transparent G 729A RFC2833 3 ISDN NT V 3 660533 0 0 Transparent G 729A RFC2833 4 ISDN NT V 4 660534 0 0 Transparent G 729A RFC2833 5 ISDN TE V 5 888835 0 0 Transparent G 729A RFC2833 6 ISDN TE V 6 888836 0 0 Transparent G 729A RFC2833 7 ISDN TE V 7 660525 0 0 Transparent G 729A RFC2833 8 ISDN TE V 8 660526 0 0 Transparent G 729A RFC2833 4 Enter the Port 1 page This page falls into six sections Port GSDN NT Display the port type enable or disable the port choose the SIP account and etc VoIP Port Settings Port1 Edit Port 1 ISDN NT Disable Enable Default SIP Accounts 1 888833 vi
134. correct You have to set Port VLAN ID for P4 previously before you check this box Enable packet forwarding Packets can be transmitted and forwarded among VLAN between VLANs groups if this box is checked In default it is unchecked Port VALN ID Type the ID for each port used for identification on VLAN When the tag operation for each port representing for different computers connected to this router is marked by untagged to avoid conflict occurred the system will apply the ID listed in these boxes automatically for each port P1 to P4 to ensure proper and correct network operation 4 3 10 SNMP The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devices There is a set of protocols for managing complex networks SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth A SNMP managed network consists of three key components managed devices agents and network management systems NMSs A managed device is a network node that contains an SNMP agent and that resides in a managed network Managed devices collect and store management information and make this information available to NMSs by using SNMP Managed devices sometimes called network elements can be routers and
135. ct Interval sec No Reply Count Dray Tek PJ Ph a D a im m A a Cc jo 3 ho Co hr he ao 2 s o Apply Reset cancel Set the private IP address of WAN interface Set the subnet mask value of WAN interface Set the private IP address of gateway Set the private IP address of primary DNS Set the private IP address of secondary DNS Mean maximum transmission unit of one packet The default value is 1500 Some ISP may ask you to type your host name Please type in if necessary Some ISP may ask you to type your domain name Please type in if necessary Select a detecting type for this WAN interface There are three ways Send ARP to Gateway Send PING and Send HTTP Request supported in 3300 Send Http Request we Send ARP to Gateway Send PING Send Http Request Assign an interval period of time for each detecting The minimum value is 3 and no limit for maximum value Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply 110 Vigor3300V Series User s Guide Detect Destination Host IP or Domain Name IP Alias List Apply Reset DHCP Client Setup received by the router the connection of WAN interface will be regarded as breaking down Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not
136. d Remote Access to create a virtual private network for security in the Internet IPSec General Setup PPTP amp L2TP Sh Policy Table WPN Trunk Log Trust CA User Certificate Status A Virtual Private Network VPN is an extension of a private network that encompasses links across shared or public networks like the Intranet A VPN enables you to send data between two hosts across a shared or public network in a manner that emulates the properties of a point to point private link There are two types of VPN connections remote dial in access and LAN to LAN connection The Remote dial In Access facility allows a remote access node a NAT router or a single computer to dial into a VPN router through the Internet to access the network resources of the remote network The LAN to LAN Access facility connects two independent LANs for mutual sharing of network resources For example the head office network can access the branch office network and vice versa The VPN technology implemented in the Vigor3300 Series of broadband security routers supports Internet industry standards to provide customers with interoperable VPN solutions such as X 509 and DHCP over Internet Protocol Security IPSec This VPN feature is only Dray Te k 166 Vigor3300V Series User s Guide supported for Vigor3300V routers IPSec is the security architecture for IP networks IPSec provides security services at the IP layer by enabling a system to
137. e 139 Dray Te k Advanced Call Schedule Edit ODisable Enable Start Date 201 0 8 18 Year Month Date Start Time 00 00 le Hour Minute Action Force Down Force On How often Once O Weekdays Monday Tuesday Wednesday Thursday Friday Saturday Sunday Network Interface VANI Apply Cancel Enable Disable Click Disable to disable this function Click Enable to activate this function Start Date Assign a date for starting this profile Start Time Assign a time for starting this profile Action Force down means to inactivate the Network Interface Force up means to activate the Network Interface How often Once means only for one time Weekdays means that user can select some weekdays to apply Network Interface Select one specific WAN interface to be applied Click Apply to finish this setting Delete Call Schedule To delete an item click the radio button of the item that you want to delete Then click Delete on the bottom of the page to remove the entry Advanced Call Schedule Status Date amp Time Action How often Week Option WAN 1 Enable 2000 1 26 00 00 Force On Once VAN 2 O Microsoft Internet Explorer 3 Are you sure of deleting this item e 4 O 7 a g 1 Edit Delete Delete All Also users can click Delete All to remove all entries in the table 4 3 7 WAN Port Mirroring Setup Vigor3300V supports port mirroring function in WAN interfaces
138. e accepted by this router Allow only calls from allow list Only the calls listed in the Allow List page will be accepted by this router Allow only calls from speed dial entries Only the calls listed in the speed dial entries will be accepted by this router Deny only calls from deny list The calls listed on Deny List page will not be accepted by this router And others calls are accepted Deny all incoming calls All incoming calls from remote ends are not accepted by this router Name Enable or Disable this function to take value of Speed Dial Phone Number to be checked 213 Dray Tek IP Domain Enable or Disable this function to take the value of Speed Dial Destination to be checked Speed Dial Entries Type the range to be checked The default value is from 1 to 150 Allow List The Vigor3300 Series supports up to 30 entries in the Allow List table When you choose Allow only calls from allow list as the Barring Class only the people listed in this list can call this router VoIP Incoming Call Barring Allow List Name IP Domain 1 Tom 192 168 1 6 John iptel org 4 Example John 192 168 1 1 or iptel org 123456 Apply Cancel Name The name or number in the allow list IP Domain The IP address or domain name to be allowed If the peer is registered in SIP proxy server use the domain name of the SIP proxy server Otherwise use the static IP address or DDNS domain na
139. e correct host PC in the local area network Thus all the host PCs can share a common Internet connection Get Your Public IP Address from ISP In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE Point to Point Protocol over Ethernet PPPoE connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator This implementation provides users with significant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated Vigor3300V Series User s Guide 107 Dray Te k via PAP or CHAP with RADIUS authentication system And your IP address DNS server and other related information will usually be assigned by your ISP Below shows the menu items for Network a wan aE Lan Limit Session 4 2 1 WAN b Load Balance Policy p Auto Load Balance p High Availability p FIP Configuration Bandwidth Management j The Vigor3300V Series supports four WAN interfaces Static DHCP PPPoE and PPTP which share the same setting page Click Network gt gt WAN The following page will be shown Network WAN Load Balance Backup Edit WAN WAN WAN
140. e in your comment for such group After you click Apply the new group will be added and you will see it from the drop down menu of Start Filter Group Firewall IP Filter Table Next Group Mame Apply Cancel Group Name Type in the name of the group Next Group Name Select next group to filter packets Comment Type in your comment or description for the group To edit a selected group please click the number link to open the following page You can change the next group name and modify the comment for your necessity When you finish the modification simply click Apply Dray Te k 150 Vigor3300V Series User s Guide Firewall IP Filter Table Next Group Name Comment sroup for pass rules Add Rule Apply Cancel Besides you can add new filter rule for the group On the edit page of IP Filter Table click the Add Rule button The following page will be shown Firewall IP Filter Add Filter Rule Filter Condition Active Comment Filter 1 Source IP 192 168 1 77 Subnet Mask 255 255 0 0 E Port between 100 200 Destination IP 10 1 4 77 Subnet Mask 255 255 0 0 Port bet ween 100 200 Group Name Protocol any protocol Direction WAN to LAN Fragment do not care v Action Block or Pass Block immediately vi Next Group Name none Apply Cancel Comment Type the na
141. e line 0 then press 87654321 Phone 3 calls Phone 1 gt Press 888835 After getting through you will hear the Dial tone then press the extension 101 Phone 3 call Phone 4 gt Press 888835 After getting through you will hear the Dial tone Press outside line 0 then press 87654321 Phone 4 calls Phone 2 gt Press 12345678 After getting through you will hear the auto reply from the PBX then press the extension 102 After getting through you will hear the Dial tone then press the VoIP number 888833 Phone 4 calls Phone 3 gt Press 12345678 After getting through you will hear the auto reply from the PBX then press the extension 102 After getting through you will hear the Dial tone then press the VoIP number 888829 Note indicates termination of the phone number After pressing VoIP is called out immediately Or you may wait 3 seconds if you do not press This example is intercommunication with one SIP Proxy Server For the applications of Direct IP Call and Intercommunication with different SIP Proxy Servers please refer to 3 3 3 Example 3 Basic Calling Method The VoIP call can also wok with VPN please refer to 3 3 4 P Example 4 VoIP over VPN Dray Te k 84 Vigor3300V Series User s Guide 3 4 Application for mOTP What is OTP and mobile OTP OTP One Time Password is also named dynamic password with the feature of non repeatability and validness just for one time It uses more secure way to authent
142. e received packets Click this button to open the edit page for adjusting the settings Click this button to delete the selected setting or all settings A confirmation dialog box will appear Click OK to delete this entry from the Load Balance Policy table In addition click Delete All in the Load Balance Policy page to delete all of 10 entries on this page To edit an entry select it by clicking the radio button from 1 to 10 Then click the Edit button on the bottom to bring up the following Web page Network Bandwidth Management Limitation Table Edit Start IP End IP TX Limit RX Limit Start IP End IP TX Limit Vigor3300V Series User s Guide Kbps Kbps Apply Cancel Assign the IP range for the bandwidth management Define the limitation for the speed of the upstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Dray Tek RX Limit Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Apply After finishing the configuration please click this button to invoke these settings 4 2 7 Limit Session A PC with private IP address can access to the Internet via NAT router The router will generate the records of NAT sessions for such connection The P2P Peer to Peer a
143. ed before First you should create at least one Group in the IP Filter gt gt URL Filter Then you can enable the Data Filter and select a Start Filter Group in General Setup The following sections explain IP Filter functions with details URL Filter General Setup The URL content filter consists of the following functions URL Access Control Content Filter Restrict Web Feature and Filter Schedule e URL Access Control The URL Access Control controls Web site access by inspecting the URL string against user defined keywords In the Firewall group click the URL Filter option You will see the following page Firewall URL Filter Filter schedule O Disable Enable URL Access Content Filter Access Control by Keyword Restrict Web Feature Block websites with matching keywords Allow websites with matching keywords Keyword Add Edit Delete Keyword List AARAA RARAN TARAR RAAKAA mesh le fie wm Sr ee Block Direct IP Web Access _ Block Direct IP Web Access Exception List Enable Exception List P Address S Subnetmask _ Eclit Delete Exception List Apply Cancel Enable Disable Disable or Enable URL Filter function Keyword The keyword s used to filter URLs Keywords can be partial words or complete URLs The router will reject any Website which whole or partial URL matches any keywords Keyword List The list of keywords Block Direct IP Web Deny any Web s
144. ed by your ISP on the web page Static DHCP Configuration Configuration UserName 1234 hinet net PPTP Local Address 10 66 99 88 Password esso PPTP Subnet Mask 255 255 255 0 Authentication PAP F PPTP Server Address 172 66 99 88 Service Name Optional Next gt gt PPTP Local Address Assign a local IP address of PPTP PPTP Subnet Mask Assign a net mask value for IP address of PPTP PPTP Server Address Assign a remote IP address of PPTP server After setting up the PPTP click Next to setup the LAN interface continuously Quick Setup LAN DHCP Relay LAN IP DHCP Agent IP Routing IP Configuration gn IP Address Subnet Mask DHCP Server Status Enable Disable Relay Agent Primary DMS fe Secondary OMS fe Lease Time hin Gateway IPfQptional lt lt Previous Ga IP Address Type an IP address for the LAN interface Subnet Mask Type the subnet mask for the LAN interface Status Click Enable to use DHCP server click Disable to close DHCP server click Relay Agent to activate relay agent function Vigor3300V Series User s Guide 21 Dray Te k Start IP Type the start IP address of the IP pool that DHCP server can use for clients in LAN End IP Type the end IP address of the IP pool that DHCP sever can use for clients in LAN Primary DNS Type the IP address for primary DNS Secondary DNS Type a private IP address to the secondary D
145. eeceeeceeeeeeeeeeeeeeeeeeeeaeuseeeeseeeseeeseeaaees 80 3 3 8 Example 8 Practical Application of ISDN TE cc eecccceeceeeeeeeeeeseeeeeeeesseeeeeeeseaeseeeeesaaees 82 3 4 Application for IOP pater cc ceionazccassecenbantesueenaccinnatdoeeectentatonceaeekenorcedcerateubd sinatabelsaeennaeeouatdaseestdeaieds 85 Chapter 4 Reference Advanced Web Configuration c scccssscssseeseseeeseeeneeeeneess 91 Dray Tek vi Vigor3300V Series User s Guide a EO SUSI U E EEE A EIA E I E A E E EEE 91 A US a E E E a 91 AA TG A E A A E E 95 ALS VS a E E A E 96 ATLA NS Se COMO saroian a e dens E a E D a a aia 98 Ako OMI AION o D esene E Ee E EE RO 99 4 1 6 Firmware Upgrade Setup wacaieniesczecniuaianantunaiesndenstanctubenssamedabdueniuadascniuderuebewtabantudaataantubostess 100 ARETO reena n E E E E E A A E A 103 Aio DANOS WOOIS eara a E E E E E 104 A2 NEIWOK SElUDiicassiorsre inanan na e ana aTr eraran oE Tara ueia aoaea 107 ANAN E E R 108 d2 kodad Balanco PolCar E E R E 115 eae NO Load BACE arsso ne eee ee eee eee eee 118 MIN gee acess ee sess ae cence E ed eee nee E ice earu nase pemne seeseeaesogeeeenatdeasanceie 118 QZ ANOVA IO IM os he regan teecercctagscened tei E sehen see sate sasenscecauesaastwes E 121 B26 RIP COMMU AU OB aa dren sande desea es E 123 4 2 6 Bandwidth Manageme nt cccccsssccccseeeeeceeseeecseneeeeeeeeeeessaeeeeesaeeeeseeeeessneeeeseeeessaeeeessness 124 OZ VAM SC SS ION ee s1nnsgeessssccosavarnectanaes
146. efault Loop through None ME Backup Phone Number 5 Confirm the settings are correct and then finish the configuration VoIP gt DialPlan Setup Phone Book Dial Out Index Phone number Display Name SIP URL Pein Loop through t 2801 3300 _Poti_IP 668863340 220 135 240 207 Default None 2 Default None 3 Default Hone 4 Default None Start to dial by using telephones Phone 1 calls Phone 2 gt Press 2901 or 888829 61 31 167 1354 Phone 2 calls Phone 1 gt Press 33014 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press With 2910V you can t only dial alphanumeric addresses or symbols To dial an IP address start and end it with a hash replace the dots with star In this example you have to press 220 135 240 207 But 3300V can only receive the format of Number IP So it is required to setup 3300V s number 888833 220 135 240 207 in the DialPlan entry Dray Te k 64 Vigor3300V Series User s Guide Intercommunication with one SIP Proxy Server registration Connect telephones into 3300V s Port 1 amp Port 3 and 2910V s Port 1 amp Port 2 respectively Each port needs to register in the SIP Server Below shows a scenario architecture graph tL Phones Phone 4 EEE Phone 1 Phonez Taiwan German Porti FXS Port3 FAS Porti FXS Port2 FXS 888833 660533 888829 660529 iptel fwd ipte
147. egulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP The most generic function of Vigor router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host Dray Te k 118 Vigor3300V Series User s Guide Network LAN DHCP Relay l LAN IP DHCP ee IP Routing IP Configuration IP Address 192 165 1 1 Subnet Mask 255 255 255 0 DHCP Server Status Enable O Disable Relay Agent Primary DNS fs Secondare ONS OoOo Lease Time Min Gateway PfOptionalh oOo Apply Cancel For LAN IP DHCP In the Vigor3300V router there are some IP address settings for the LAN interface The IP address subnet mask is for private users or NAT users The IP address of the default gateway on other local PCs should be set as the Vigor3300 Series server IP address When the DSL connection between the DSL and the ISP has been established each local PC can directly route to the Internet The IP address subnet mask can also be used to connect to other pri
148. ency Domain g D Firmware Yersion Configure Port1 and Port2 by clicking Index number and 2 VoIP gt SIP Accounts Europe 2 01 10 10 5 4 SIP Accounts List Index Profile ba Ca Ce lor Domain Realm Proxy Account Mame change_me change_me change_me change_me change_me change_me 1 volP4 CoPi CoPi CI voIP1 CI voIP1 CoPi Ring Port Volpe L Warpe2 CoP CI olPe2 CI voIP2 CoP Status ISDN CIISDON Liston LIISDN LIISDN CIISDON NAT Traversal Setting STUN server External IP SIP PING interval R success registered on SIP server fail to register on SIP server stun fwdnet net 54 Vigor3300V Series User s Guide Type relevant SIP Servers used for registration respectively VoIP gt gt SIP Accounts SIP Account Index No 1 Profile Name 11 char max Register via C make call without register SIP Port Domain Realm 63 char max Proxy 63 char max JaAct as outbound proxy Display Name 23 char max Account Nurmber Name 63 char mas C Authentication ID 63 char max 4 Password ee 63 char max SEC Espiry Time NAT Traversal Support i Ring Port oIP1 voa ISDN Ring Pattern After configuration please click OK to save the settings 2910 series will go to VoIP gt gt SIP Account
149. er Time Click this option to use the browser time from the remote administrator PC host as router s system time Use NTP Time Click this option to use the time from an NTP server as router s system time NTP Server Type a public IP address or domain name of the NTP time server Time Zone Select the time zone where the router is located Daylight Savings Time Select Use to activate this function This function is useful for some areas Update Interval Select a time interval for updating from the NTP server Apply Click Apply to save these settings Vigor3300V Series User s Guide 95 Dray Te k 4 1 3 Syslog The Vigor3300V Series supports a Syslog function to keep a record of abnormal conditions The router will send Syslog packets to a Syslog server on the remote site The administrator can observe any abnormal events from the router Open System gt gt Syslog The Syslog web page is shown below System Syslog Disable Enable Syslog Server IP Syslog Server Port Firewall Log VPN Log User Access Log Call Log WAN Log VoIP syslog option Syslog Facility Syslog Severity Disable Enable Syslog Server IP Syslog Server Port Firewall Log VPN Log User Access Log Call Log WAN Log Syslog Facility Dray Tek Local use 6 Alert Apply _ Cancel Click Enable to activate this function The router will send system log message for your reference If you click Disable
150. er the voice activity is progressing or not If not RTP packets transmission will be stopped for saving more bandwidth Microphone Gain The gain value while transmitting voice The default value is 0 The range is from 32 to 31 Speaker Gain The gain value while receiving voice The default value is 0 The range is from 32 to 31 FAX Mode The FAX function mode There are several options Transparent FAX will be transmitted via voice channel no fax relay and no Codec change will be involved This is the default value T 38 Relay Using T 38 Fax Relay Bypass Once FAX is detected the Codec will automatically switch to a high bit rate type G 711a u or G 726 to make sure FAX can transmit successfully If this option is selected the Vigor3300 will apply these two following settings FAX Bypass Codec and FAX Bypass Codec Rate FAX Bypass Codec Select one option to be applied if FAX mode is configured as Bypass mode G f11U PCHU b4kbp s w GC F110 PCHI 64kbps G 7114 PCHA 64kbps FAX Bypass Codec Rate Select one option 20 or 40 to be applied if FAX mode is configured as Bypass mode The stability for the faxing result of documents with codec rate 20ms is higher than 40ms Yet the bandwidth request for AOms is less than 20ms DTMF Mode InBand Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone OutBand RFC2833 Choose this one then the Vig
151. evice does not support 802 1Q VLAN 6 Inthe VLAN8 input 8 to VLAN ID In the Member field choose p4 Then choose Dray Tek the Untagged for Frame Tag Operation in p4 Configure the PVID to 8 for the device does not support 802 1Q VLAN 30 Vigor3300V Series User s Guide Advanced LAN VLAN Setting Disable Port Base VLAN 902 10 VLAN Port Base 802 10 VLAN VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation j P4 Pt P1 P2 P3 P4 VLAN E Untegsed ea Bia Wi Teosed wl vas e o E Teose ntaso iea fea wl vaw z E essei Bea Bea Bfe wl vas e C Enable management port for P4 Port Setting P1 P P3 P4 Apply Reset Cancel 7 After applying the settings the web page will be redirected to reboot web page You can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 8 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 9 Inthe Network setting type the subnet 192 168 1 0 to LAN For example the VLANS5 LAN IP is 192 168 1 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 1 2 to 192 168 1 254 10 In the Network setting type the subnet 192 168 2 0 to LAN2 For example the VLAN6 LAN IP is 192 168 2 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can se
152. f Engineer Department 36 Vigor3300V Series User s Guide 6 Inthe VLAN8 type 8 to VLAN ID In the Member field choose p4 Then choose the Untagged for Frame Tag Operation in p4 We should configure the PVID to 8 because the device does not support 802 1Q VLAN Advanced LAN VLAN Setting O Disable Port Base VLAN 802 10 VLAN Port Base VLAN 802 1Q VLAN Group Index Active Name VLAN ID Member Frame Tag Operation P1 P3 Tagged Tagged Tagged Tagged Tagged Tagged Tagged f a pE Tagged Tagged Untagged Port Setting p1 p2 P3 P4 Port VLANID 5 6 7 E Apply Reset Cancel 7 After applying the settings the web page will be redirected to reboot web page User can ignore it and continue to configure the Network setting After finishing Network setting you can execute the reboot procedure 8 After rebooting the tagged ports will communicate with 802 1Q tagged devices only 9 The network configuration is the same with A 2 1 Please refer to A 2 1 part Vigor3300V Series User s Guide 37 Dray Tek 3 1 7 Example for Trunk Usage A company wants to separate the Engineer Department Sales Department Marketing Department and other departments to limit their communication with each other to ensure the security Many employees of the company use some switches s
153. f component failure and the availability of backup resources The complexity of HA is determined by the availability needs and the tolerance of system interruptions Systems provides nearly full time availability typically have redundant hardware and software that makes the system available despite failures The high availability of the V3300 Series is designed to avoid single points of failure When failures occur the failover process moves processing performed by the failed component the Master to the backup component the Slave This process remains system wide resources recovers partial of failed transactions and restores the system to normal within a matter of microseconds Take the following picture as an example The left V3300 Series is regarded as Master device the right V3300 Series is regarded as Slave device When Master V3300 Series is broken down the Slave device could replace the Master role to take over all jobs as soon as possible However once the original Master is working again the Slave would be changed to original role to stand by i Slave Router Configuration LAN IP 192 168 1 21 LAN MAC O0 50 7F 04 0B8 02 Master Router Configuration LAN IP 192 168 1 1 LAN MAC O0 50 7F 04 0B 01 ail igh Availability Enabl High Availability Enable A ii tlurabar na Group Number 1 Rola Slava Role Master Virtual IF 102 168 1 3 Virtual IP 192 168 1 3 a pe age Virtual MAC 00 00 5E 00 01 01
154. figuration Example for Vigor2910V l Dray Tek Open the Web interface of the router and open VoIP menu Vigor2910 Series Dual WAN Security Router Quick Start Wizard Online Status WAN LAN System Status NAT Firewall Objects Setting CSM Bandwidth Management Applications VPN and Remote Access Certificate Management VolP ISDN Wireless LAN VLAN USB Application System Maintenance Diagnostics All Rights Reserved Click SIP Account gt DialPlan SIP Accounts P Phone Settings Status Model Name Firmware Version Build Date Time CPU Usage Total Memory Memory usage MAC Address ist IP Address ist Subnet Mask DHCP Server Primary DNS Secondary DNS Port SIP registrar Account ID Register Codec In Calls Out Calls Se IS DrayTek Vigor2910 3 2 1 _RC2 Tue Jul 29 18 35 51 48 2008 Dray Tek www draytek com WAN 1 Connected 00 50 7F DD 15 19 Static IP 172 16 3 229 172 116 3 4 WAN 2 Disconnected 00 50 7F DD 15 14 Wireless LAN 00 14 85 08 69 19 System 12 Link Status 16M MAC Address 61 Connection OO IP Address LAN Default Gateway 00 50 7F DD 15 18 Primary ONS 192 168 1 1 Secondary DNS 255 255 255 0 Yes 7 Link Status MAC Address Connection VoIP IP Address 4 2 Default Gateway i Primary DNS Secondary DNS i change_me change_me i MAC Address O 0 Frequ
155. figuration will be shown VPN IPSec VPN Trunk Policy Table Edit Basic Profile Status Enable m Name Authentication Preshared Key w Preshared Key Security Protocol ESP NAT Traversal Enable w Local Gateway WAN Interface VANI Local Certificate Security Gateway default Local GRE IP Next hop default Remote Gateway Remote ID Security Gateway 0 0 0 0 for dynamic client Remote GRE IP Profile Status Name Authentication PreShared Key Security Protocol Vigor3300V Series User s Guide Apply Cancel Set the initialization of IPSec Tunnel with this profile Enable Choose this one to active this profile Disable Choose this one to inactivate this profile Profile Status Enable The name for VPN connection ex VPN1 The maximum length of name is 20 characters including spaces The authentication to be used by PreShared Key or RSA Signature Authentication Preshared Key Preshared key RSA Signature The shared key for peer identification The maximum length is 40 characters including spaces AH Specify the IPSec protocol for the Authentication Header protocol The data will be authenticated but not be encrypted ESP Specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted and authent
156. hat you are using Location Local means upgrade firmware from browser Remote means upgrade firmware from a remote TFIP server Firmware Specify the location of the firmware file if you want to upgrade the firmware locally TFTP Server IP If you want to upgrade the firmware of this router from remote side please type the IP address of the TFTP server Remote File Name The default filename will be shown here If you have use another name to save the firmware file please type the new name in this field Apply After finished your selection please click Apply to execute the firmware upgrade Firmware Upgrade from a Console Port Firmware upgrade can be done from a console port too The following example was run on a Windows environment 1 Download the newest firmware from the DrayTek Website www draytek com tw or FTP site ftp draytek com on your computer first 2 Connect the RJ45 connector of console cable to the console port on Vigor3300 and the DB9 connector of the console cable to the RS232 port on the PC Dray Te k 100 Vigor3300V Series User s Guide 2 x Fort Settings a Bits per second js7e00 Data bits je f Parity None Stop bits ooo H Flow control Restore Defaults The default setting of the console port is baud rate 57600 no parity and 8 bit with 1 stop bit 3 Power on Vigor3300V then press ENTER before the system reboots completely 4 Open Hyper Terminal on the PC
157. he awich documentation tor details Vigor3300V Series User s Guide 29 Dray Tek 3 1 3 Four VLANs for Different Departments in A Company A company wants to separate the Engineer Department Sales Department Marketing Department and Other Department to limit their communication with each other to ensure the security In this case we can define four VLANs that are VLAN5 VLAN6 VLAN7 and VLANS The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 is 192 168 3 0 and the subnet of VLAN8 is 192 168 4 0 However each PC in the company does not support 802 1Q LAN 192 168 1 0 192 168 2 0 192 168 3 0 192 168 4 0 SS Engineer Sales Varketing Other Department Department Department Department Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS input 5 to VLAN ID In the Member field choose p1 Then choose the Untagged for Frame Tag Operation in p1 Configure the PVID to 5 for the device does not support 802 1Q VLAN 4 Inthe VLAN6 input 6 to VLAN ID In the Member field choose p2 Then choose the Untagged for Frame Tag Operation in p2 Configure the PVID to 6 for the device does not support 802 1Q VLAN 5 Inthe VLAN7 input 7 to VLAN ID In the Member field choose p3 Then choose the Untagged for Frame Tag Operation in p3 Configure the PVID to 7 for the d
158. he settings Delete Delete All Click this button to delete the selected setting or all settings A confirmation dialog box will appear Click OK to delete this entry from the Load Balance Policy table In addition click Delete All in the Load Balance Policy page to delete all of 10 entries on this page To edit an entry select it by clicking the radio button from 1 to 10 Then click the Edit button on the bottom to bring up the following Web page Network Limit Session Limitation Table Edit session Number Apply Cancel Start IP Assign the start IP address for limit session End IP Assign the end IP address for limit session Session Number Assign the available session number for each host in the specific range of IP addresses If you do not set the session number in this field the system will use the default session limit for the specific limitation you set for each index Apply After finishing the configuration please click this button to invoke these settings Vigor3300V Series User s Guide 127 Dray Te k 4 3 Advanced Setup In the Advanced menu there are several items offered here for you to adjust for the router Static Route MAT ir RADIUS Fd Port Block DONS Call Schedule WARN Port Mirroring LAM Port Mirroring LAN VLAK SNMF SIP ALG A hy 3 A 4 3 1 Static Route Setup When you have several subnets in your LAN sometimes a more effective and quicker way for connection is
159. he SIP proxy server Type the IP address of the SIP proxy server Type the port number of the SIP proxy server Type the IP address or domain name of the SIP registrar server Type the port number of the SIP registrar server Type the register expire time for SIP protocols The default value is 3600 Type the IP address or domain name of the SIP Domain Realm Type the name which will be displayed in SIP message User Agent parameter You can set up to 3 sets of SIP configurations in this page m Dray Tek For MGCP Configuration VoIP Protocol Select Protocol OsiP mocr E l lele SIP C i i SIP Configuration T P MGCP Local Port 2427 MGCP Call Agent Address 192 168 100 100 MGCP Call Agent Port 2727 EndPoint Name Style aaln fip_addr O mac_addr fip_addr O aalni mac_addr Oa alni Logic ID Starting Number 1 Wild carded RSIP Each endpoint sends its own RSIP Send only one wild RSIP Apply Cancel MGCP Local Port The UDP port number in MGCP local terminal MGCP Call Agent Address The IP address of the Call Agent server in MGCP MGCP Call Agent Port The UDP port number for the Call Agent server EndPoint Name Style Choose a proper name style for the VoIP settings There are three options for you to choose aaln ip addr ex aaln 1 1 1 1 1 mac_addr ip_addr ex 000504030201 1 1 1 1 1 aaln mac_addr ex aaln 1 000504030201 aaln ex aaln v3300 drayte
160. ht up 7 Connect telephone sets to the FXS ports of Vigor3300V with telephone lines RJ 11 to RJ 11 8 Connect the FXO ports to PABX with telephone lines RJ 11 to RJ 11 Below shows an outline of the hardware installation for your reference 2 gt 9 1 Power Cable Vigor3300V ee ae ans eee 866 ae ecu Gee OOF o 6 DSL Cabell Fiber Modem Wizard Server Caution Each of the Phone ports can be connected to an analog phone only Do not connect the phone ports to the telephone wall jack Such connection might damage your router Dray Te k 6 Vigor3300V Series User s Guide 1 3 2 ISDN Phone Adapter Installation ISDN S0 TE Mode ISDN NT is always fixed to connect ISDN phone However ISDN SO TE is configurable as NT or TE mode It can be adjusted in VoIP gt gt Port Settings Note When NT or TE port is dedicated with TE mode the Green LED will flash while data transmission However if it is dedicated with NT mode the Orange LED will light on whenit connect to ISDN phone set ISDN STE amp E NT NT or TE NT or T And by using ISDN phone adapters coming from the router package the user can connect several phones to the router for communication Refer to the following figure for reference ISDN Phone ip a ap EEE ISDN Phone Cable DSL Modem n Adapter or Media Converter b Ay al p a a te ae e ej Vigor3300 V Muk
161. iSewvice Security TO eee Fep E a OS Ge OS OG Q omo Got BOG HUG OOD A j i E eng _ i ISDN Phone Adapter 33 ISDN Phone Note When ISDN phone is connected the Orange LED will light on When there is no ISDN phone connected the Orange LED will flash Vigor3300V Series User s Guide 1 Dr ay Te k ISDN ALL TE Mode Such interface is used for connecting ISDN line Each port is dedicated to TE mode only Therefore you cannot use such interface to connect to any ISDN phone ISDN ALLTE gt ee ee e lt LINK E TE TE TE TE For the connection refer to the following figure for reference Cable DSL Modem or Media Converter Vigor3300Vs a Bee A om Oe 66 PEPP Note When data transmission through this interface the Green LED will flash Dray Te k 8 Vigor3300V Series User s Guide 1 3 3 Rack Mounted Installation The Vigor3300V Series can be mounted on a rack by using standard brackets in a 19 inch rack or optional larger brackets on 23 inch rack not included The bracket for 19 and 23 inch racks are shown below Attach the brackets to the chassis of a 19 or a 23 inch rack The second bracket attaches the other side of the chassis as above procedure After the bracket installation the Vigor3300 Series chassis can be installed in a rack by using four screws for each side of the rack ay p an mg SH poot GGG emt aie ah de de i Baten ee OS Ge aS
162. ic IP udaraca IP Alias 1 Enable Test TCP 88 120 192 168 1 89 92 124 Nena WANI O 3 O 4 5 6 i 8 O 9 D 10 O 1 Edit Delete Delete All Profile Status Display the status enabled or disabled of this profile Comment Display the name of the entry Dray Te k 130 Vigor3300V Series User s Guide Protocol Public Port Start Public Port End Private IP Private Port Start Private Port End Public IP WAN Interface IP Alias Edit Delete Delete All Display the protocol used for the entry Display the start point in the range of public port Display the end point in the range of public port Display the private IP used for this entry Display the start point in the range of private port Display the end point in the range of private port Display the channel used to perform port redirection Display the WAN interface of this profile Display the selected WAN IP address Allow users to edit the selected port redirection settings Removes one all the selected port redirection settings To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Advanced NAT Port Redirection Edit Profile Status Comment Protocol Public Port Range Private IP Private Port Range Public IP WAN Interface IP Alias Profile Status Comment Protocol Public Port Range Private IP
163. icate the data named Two factors For the password will be changed all the time it can avoid hackers or someone who interests to steal the account and password and then result in severe information security issue mibile OTP is a free charge resolution with Strong Authentication It can generate OTP by using the mobile device e g cell phone or PDA USB disk card or Token Such resolution can visit router firewall network server or build VPN Tunnel based on time synchronization and one time password Refer to the following graphic for overall information How to apply mOTP to VPN Tunnel First of all load OTP program into the mobile device as mOTP token Take Smart VPN Client as an example The application can be shown as the following figure smart VPN e with mOTP i Fa VPN client must type username pin code and secret number for authentication made by Vigor router sj Winternet a g s HEE IE eee elle Local User Databas Use Smart VPN Client to finish relational dial in settings for remote dial in profile Later proceed to carry out remote VPN dial in procedure Vigor router will carry out the VPN dialing authentication When it passes the authentication it means that Remote Dial in VPN is established successfully Vigor3300V Series User s Guide 85 Dr ay Te k Example In accordance to the above method below shows an example The user proceeds Smart VPN Client connection by using Sma
164. icated Security Protocol i Dray Tek Dray Tek NAT Traversal WAN Interface Local Certificate Security Gateway Local GRE IP Next Hop Remote ID Security Gateway Remote GRE IP Click Enable to let this IPSec tunnel pass through next router Click Disable to close this function MAT Traversal Enable Disable The WAN interface to be used WAN Interface WAHI WAHI WAN WANS Wana The local certificate is active for authentication if the RSA Signature option is selected in the Authentication field These options come from the user certificate file The IP address of the local gateway s public network interface The keyword default can be used to represent the IP Address of the selected WAN Interface The virtual IP address of the router specified for this tunnel The IP address of the next hop The keyword default can be used to represent the gateway IP address of the selected WAN Interface The identification number for the remote gateway The IP address of the remote client gateway This field is mandatory The setting for 0 0 0 0 is used for the road warrior with a dynamic IP address The virtual IP address of the remote client specified for this tunnel 176 Vigor3300V Series User s Guide For Advanced Configuration Click Advanced tab This page allows you to set advanced configuration for the specified policy The following page of default configuration w
165. ication method Next click OK to return to previous page 10 After finishing Smart VPN Client configuration click Connect to proceed the remote dial in connection Step 1 Dial to ISF If you have already gotten a public IP you can skip this step Dial Setup Step 2 Connect to VPN Server ry a z ja Care Up J ISP VPN a Dray Te k 88 Vigor3300V Series User s Guide 11 Type Username and pin code e g draytek and 1234 bial TO VPN Ta Type of VPN PPTP mOTP Remote IP Address 114 37 161 187 Password PIN Code TRER OK Cancel Vigor3300V Series User s Guide 89 Dr ay Tek This page is left blank Dray Te k 90 Vigor3300V Series User s Guide Chapter 4 Reference Advanced Web Configuration After finished basic configuration of the router you can access Internet with ease For the people who want to adjust more setting for suiting his her request please refer to this chapter for getting detailed information about the advanced configuration of this router As for other examples of application please refer to chapter 3 4 1 System Setup For the system setup there are several items provided for you to configure Status Time Setup Syslog Setup Access Control Setup Reboot and Firmware Upgrade Setup Diagnostic Tools and Configuration Setup Below shows the menu items for System a status Time a Sys
166. igned entry View Show configuration of the assigned entry To generate a user certificate please click one radio button to select the entry and click the Generate button VPN IPSec User Certificate 2 Generate Generate Certificate Signing Request Certification Name ID Type ID Value User Certificate Information Organization Unit Organization Locality City State Province Common Name Country e mail Key Size Certification Name ID Type ID Value Organization Unit Dray Tek 3300CA_0804 Domain Name w RDS Draytek Houko Hsin Chu abc Taivan v abc draytek com tw 1024 Bits Apply Cancel The name of the certification entry The ID type for this entry There are three types Domain Name Certificated by domain name IP Certificated by IP address Email Certificated by email address The ID value for this entry The unit value of this organization 182 Vigor3300V Series User s Guide Organization The value of this organization Locality City The local city name of this entry State Province The state name of this entry Common Name The common name for this entry Country The country name of this entry E mail The email address of this entry Key Size The key size for this entry There are 3 options 1024 Bits 1536 Bits and 2048 Bits When you finish the configuration ple
167. ile Name 11 char max Register via C make call without register SIP Port Domain Realm 63 char max Proxy 63 char max LJ Act as outbound proxy Display Name 23 char max Account Number Name 63 char max C Authentication ID 63 char max 3 Password eee 63 char max Expiry Time T hour sec MAT Traversal Support Ring Port voIP1 CL V orp2 ISDN Ring Pattern After configuration please click OK to save the settings 2910 series will go to VoIP gt gt SIP Account page automatically 2 Open VolP gt gt Status DialPlan H SIP Accounts Phone Settings P Status 3 Wait one or two minutes The time depends on SIP Server s response speed and the network condition Channel R means Port and Port 2 register successfully Status IDLE means there is no conversations on Port 1 Port 8 VoIP gt Status Status Refresh Seconds i Rx Port Status Codec PeerlID Elapse Tx RX Rx In Out Speaker hh mm ss Pkts Pkts Losts ins Calls Calls Gain ISDN 1 R 00 00 00 0 0 0 0 0 5 ISDN2 Ri 00 00 00 0 a T T 0 0 5 Now the configuration is completed Dray Te k 60 Vigor3300V Series User s Guide 3 3 3 Example 3 Basic Calling Method We will introduce three basic VoIP calling methods involving Direct IP Call Intercommunication with one SIP Proxy Server and Intercommunication with different SIP Proxy Servers All the settings are based on the VoIP Example 1 Basic Configuration and
168. ill be shown VPN IPSec VPN Trunk Policy Table Edit Default IKE Phase1 Mode Main mode Aggressive mode Peer ID Key Lifetime 480 minutes Proposal des mdS modp768 v des sha modp768 3des md5 modp768 3des mdS modp1024 ow IKE Phase2 quick mode Key Lifetime 60 minutes Proposal des md5 3des md5 des 7 3des v PFS Perfect Forward Secrecy Accepted Proposal Accept all supported proposal v Dead Peer Detection Delay 2 seconds Timeout secon GRE Header Key Auto GRE Key GRE Key In Ox GRE Key Out wao Apply Cancel Mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange security proposals to create a protected secure channel Main mode is more secure than Aggressive mode since more exchanges are done in a secure channel to set up the IPSec session However the Aggressive mode is faster The default value in Vigor router is Main mode Peer ID In Aggressive mode Peer ID is on behalf of the IP address Key Lifetime main Proposal main Vigor3300V Series User s Guide while identity authenticating with remote VPN server The length of the ID is limited to 47 characters The renegotiated period of the IKE Phasel keying channel of a connection The acceptable range is from 5 to 480 minutes 8 hours The proposed encryption and or authentication algorithms for IKE Phasel negotiation There a
169. k com Logic ID Starting Number Determine the starting number for the endpoint name There are eight ports in Vigor3300 series The default name for endpoint will be aaln If you type 1 in this filed the endpoint name will be aaln 1 aaln 2 aaln 8 If you type 11 in this field the endpoint name will be aaln 11 aaln 12 aaln 18 etc Simply keep the default value 1 Wild carded RSIP For VoIP phone call with MGCP configuration each port will send RSIP to call agent for notifying that port is initiated or restarted Each endpoint sends its own RSIP Each port must send one RSIP message e g aaln 172 16 3 5 to call agent respectively Send only one wild RSIP Only one RSIP message e g aaln 172 16 3 5 will be sent to call agent to indicate all ports are initiated restarted SIP Accounts In this section you set up your own SIP settings When you apply for an account your SIP service provider will give you an Account Name or user name SIP Registrar Proxy and Domain name The last three might be the same in some case Then you can tell your folks your SIP Address as in Account Name Domain name Dray Te k 192 Vigor3300V Series User s Guide As Vigor VoIP Router is turned on it will first register with Registrar using AccountName Domain Realm After that your call will be bypassed by SIP Proxy to the destination using AccountName Domain Realm as identity VoIP
170. l fwd Configurations between Vigor 3300V and 2910V wan ip ___ Port Number __ Pnone Number _ Proxy Codec _ 3300V 220 135 240 207 EOL EXS 1888833 iptel__ G 7294 Port3 FXS 660533 fwd G 729A soe lei31167135 PotLEXS 888829 liptel G 729A You can also add Speed Dial numbers in Speed Dial to speed up the dialing or to accommodate the setup of company s extension numbers Vigor3300V Series User s Guide 65 Dr ay Te k Configuration Example for Vigor3300V Enter the VoIP Speed Dial page and add the second and third group of Speed Dial number Then click Apply to save the settings and finish the configuration VoIP Speed Dial Speed Lael Heina SRA 1 3167135 2300 Port F a eon eal 2900 Fort GS 2o00y Part ae liii i Appi Cancel Clear This Page Start to dial by using telephones Phone 1 call Phone 3 gt Press 888829 or 291 Phone 2 call Phone 4 gt Press 660529 or 292 Phone 3 call Phone 1 gt Press 888833 Phone 4 call Phone 2 gt Press 660533 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press Dray Te k 66 Vigor3300V Series User s Guide Intercommunication with different SIP Proxy Servers Connect telephones into 3300V s Port 1 amp Port 3 and 2910V s Port 1 amp Port 2 respectively Each phone registers to the SIP Server The settings and scenario are the same as the abo
171. lete _ Delete All This page includes RTP and T 38 Starting Port T 38 Redundancy Number VoIP ToS and FAX Ringing settings VoIP Miscellaneous RTP Starting Port T 38 Starting Port T 38 Redundancy number Dialing Completion Timeout VoIP ToS Line Polarity Reversal FXO auto disconnection if no packet is received in 180 FS On hook Tip Ring Voltage Dummy Account FXS Ringing Ringing Frequency Ringing Cadence On Ringing Cadence Off RTP Starting Port Dray Tek 49170 1 Range 0 4 4 sec Range 1 60 as Callee on hook Jas Callee Answer seconds Range 5 3600 O no auto disconnection 25 HZ 2000 msec 4000 msec Apply Cancel The starting port number for RTP protocol packet The default setting is 13456 208 Vigor3300V Series User s Guide T 38 Starting Port The starting port number for T 38 protocol packet The default setting is 49170 T 38 Redundancy Number The redundancy number how many payloads attaching to the tail of the packet for T 38 protocol The default value is 1 Dialing Completion Users might dial with incomplete phone number and wait for Timeout several seconds but not finish the complete dialing The system will force to dial the incomplete number after the time you set in this field to finish that call For example the phone number is 03654321 and the dialing completion timeout is set to 4 secs The user dial
172. lete Rule 3 1 2 How to Check Edit VLAN ID on Your PC Not all the network cards support VLAN features If you cannot sure if the network card of your computer supports tagged VLAN or not please do the following steps to check or edit VLAN ID on your PC 1 Goto Control Panel and then double click on Network Connections Jetwork Connections Dray Tek 24 Vigor3300V Series User s Guide 2 Right click on Local Area Connection and click on Status Disable Repair Local 4rea Bridge Connections Create Shortcut Rename Properties 3 On the following dialog click Properties Local Area Connection Status ei x General Connection Status Connected Duration 00 10 52 Speed 100 0 Mbps Activity Sent aT Received n Laide Packets 4 Click Configure to access into next screen T t Local Area Connection Properties General Authentication Advanced Connect using Eg Intel R PR01100 5 Desktop Adapter This connection uses the following items Client for Microsoft Networks File and Printer Sharing tor Microsott Networks QoS Packet Scheduler 3 Internet Protocol TCP IP Install Uninstall Description Allows your computer to access resources on a Microsoft network Show icon in notification area when connected Notify me when this connection has limited or no conmectryity Vigor3300V Series User s
173. ll transfer is done now Attended mode 1 At the first phone A and phone B talk on the phone 2 Phone A presses flash hook phone A will play dialtone yet phone B will hold and wait Then phone A dials the phone number of phone C 3 Phone C picks up the phone to talk with phone A 4 Phone A presses flash hook phone A will play dialtone yet Phone C will hold Phone A dials 4 and press immediately and then phone A will transfer phone B to C 5 Phone C will hear waiting tone and Phone C presses flash hook to talk with phone B Vigor3300V Series User s Guide 201 Dray Tek Do Not Disturb ISDN Mode ISDN Type MSN numbers Default Call Route to Dray Tek The call transfer is done now Phone A plays busy tone Under CHT mode call waiting and call transfer function will be Call Waiting You can hear waiting tone while a new phone call is incoming then you can do 1 Flash hook This procedure always holds the current connection and connect with the second connection 2 On hook This procedure disconnects the current connection and connects with the new phone call Call transfer Flash hook to initiate another phone call When the new phone call connected hang up the phone and then the other two sides can communicate Reject all of the incoming calls to this port Click Enable to activate this function Port 1 and Port 3 are fixed in NT mode Therefore you cannot change it Port
174. lling information from Port 1 Port 8 Idle means there is no conversations on Port 1 Port 8 VolP Status Refresh Option No Refresh Call Status Tae eee 1 1 Idle 2 1 Idle 3 1 Idle 4 1 Idle 5 1 Idle 6 1 Idle 7 1 Idle 8 1 Idle PS Packets Sent S Octets Sent Delay ms NG Refresh Start Time PR Packets Received Address Port OR Octets Received PL Packets Lost Remote RTP Remote RTP agn Codec Packet DTMF RTP Statistic Type Period VAD Relay Ji Interarrival Jitter Estimate ms LA Avg T Note This page will automatically refresh based on the setting configured in Refresh Option You may click Refresh button to renew immediately 58 Vigor3300V Series User s Guide Configuration Example for Vigor2910V series 1 Open the Web interface of the router and open VoIP menu Vigor2910 Series t ae Igor eries s Dray Tek Dual WAN Security Router 4 N AN iiaiai System Status Quick Start Wizard Online Status Model Name DrayTek Vigor2910 Firmware Version 3 2 1_RC2 WAN Build Date Time Tue Jul 29 18 35 51 48 2008 a System WANT O sat CPU Usage 12 Link Status Connected Firewall Total Memory 16M MAC Address 00 50 7F DD 15 19 Objects Setting Memory usage 61 Connection Static IP CSM g IP Address 172 16 3 229 Bandwidth Management LAN Default Gateway 172 11
175. log Access Control P Change Password n Configuration ab Firmware Upgrade lt Reboot Diagnostic Tools 4 1 1 Status The online Status function provides some useful system information on the current status of the Vigor3300V Series A user can observe the system status on this Web page and determine which setting needed to be changed in corresponding web pages Open System gt gt Status The online Status Web page contains three parts Basic Status LAN Status and WAN Status Refresh Option Ho Retresh Ho Refresh Basic Status Model Every 10 Seconds LAN Every 20 Seconds 5 Be Seconds Refresh Option You can choose to refresh the Web page information automatically There are four options given as shown below No Refresh Static information page Vigor3300V Series User s Guide 91 Dray Te k Every 10 Seconds Refreshes the page every 10 seconds Every 20 Seconds Refreshes the page every 20 seconds Every 30 Seconds Refreshes the page every 30 seconds Basic Status General status of this router will be displayed in this page System Status Refresh Option No Refresh v Refresh Ee LAN status WAN Status Model Vigor3300 series Hardware Version 1 0 Firmware Version 2 6 3 EN Build Date amp Time 2010 08 17 14 31 01 System Uptime 0 days 2 hours 54 minutes 14 seconds CPU Usage 8 1173 Memory Size 128 MBytes Memory Usage 25 6968 Current System Time 1983 11
176. markets An application scenario for the Vigor3300 Series is depicted in the following figure which illustrates interconnections among branch offices through the Internet via the Vigor3300 Series routers By combining with an existing PABX an Internet phone from a remote branch can also access any extension number on a local PABX or a traditional phone via PSTN In addition by combining load balancing data security and Internet phone features the company can benefit from reducing operation fees A Virtual Private Network VPN is an extension of a private network that encompasses links across shared or public networks like an Intranet A VPN enables you to send data between two computers across a shared public Internet network in a manner that emulates the properties of a point to point private link The DrayTek Vigor3300 Series VPN router supports Internet industry standards technology to provide customers with open interoperable VPN solutions such as X 509 DHCP over Internet Protocol Security IPSec up to 200 tunnels and Point to Point Tunneling Protocol PPTP Internet Telephony also known as Voice over Internet Protocol VoIP is a technology that allows you to make telephone calls using a broadband Internet connection instead of a regular analog phone line Combining a PABX with a V3300V allows you to call anyone who has an Internet phone or a traditional telephone number including local long distance mobile and international n
177. me Password Dray Tek Apply Cancel Set the function to Active or Inactive Allow you to choose an authentication mode to be used The default setting is CHAP HS CHAP e Set user authentication to Local server or RADIUS server Enable or disable the Mutual Authentication function Type the user name that the other side provides for carrying out mutual authentication whenever you want Type the password that the other side provides for carrying out mutual authentication whenever you want 186 Vigor3300V Series User s Guide Get DNS Server from LAN Use DNS setting of LAN configuration Setting Get DNS Server by If you click this radio button please type the primary DNS Manual Setting and secondary DNS IP address manually in the following fields Primary DNS Type the IP address for primary DNS Secondary DNS Type the IP address for secondary DNS Group Table To create a VPN PPTP L2TP group table click VPN gt gt PPTP amp L2TP gt gt Group Table VPN PPTP Group Table Group Start IP Subnet Mask Accessed IP Subnet Mask A i c o C 2 Ld Start IP Type the starting IP address The default group value is 192 168 1 224 28 Subnet Mask Select the value of subnet mask for the Start IP Accessed IP Type the accessed IP address Subnet Mask Select the value of subnet mask for the Accessed IP User Profile This page allows you to set up to 30 sets of accounts VPN User Profile
178. me Deny List The Vigor3300 Series supports up to 30 entries in the Deny List table When you choose Deny only calls from deny list as the Barring Class people listed in this list cannot call this router VoIP Incoming Call Barring Deny List Name IP Domain 1 James 172 16 3 221 Steven arctel com 4 Example John 192 168 1 1 or iptel org 123456 Apply Cancel Name The name or number in the deny list IP Domain The IP address or domain name to be denied If the peer is registered in SIP proxy server use the domain name of the SIP proxy server Otherwise use the static IP address or DDNS domain name Dray Te K 214 Vigor3300V Series User s Guide 4 7 10 Call History This page lists the call history through Vigor3300 You can click Refresh to get the latest history information for these VoIP phones Besides this page refreshes automatically every 10 seconds VoIP Call History Refresh Option Every 10 Seconds Refresh Port Call Caller Callee Number Type Number Number Time Start Remote Remote wer Release RIP Codec Packet DTMF End Time Duration Reason a RTP Statistic Type Period VAD Relay Address Port PS Packets Sent O8 Octets Sent PR Packets Received OR Octets Received PL Packets Lost Ji Interarrival Jitter Estimate fms LA Avg TX Delayiirns Port Caller Callee Number Number o Number Call Type 6 Outgoing 888846 338383845 Refresh Optio
179. me for the rule Source IP It means the source IP address Placing the symbol t before a particular IP address will prevent this rule from being applied to that IP address It is equal to the logical NOT operator Subnet Mask It means the subnet mask for the source IP Source Port It means the port for the source IP Type the values in the boxes of start port and end port As for the operators ah k A between If the Start Port column is empty the Start Port and the End Port column will be ignored The filter rule will filter out any port number If the End Port column is empty the filter rule will set Vigor3300V Series User s Guide 151 Dray Te k Destination IP Destination Mask Destination Port Group Name Protocol Direction Fragments Block or Pass Dray Tek the port number to be the value of the Start Port column Otherwise the port number ranges from the Start Port to the End Port including the Start Port and the End Port If the End Port column is empty the port number is not equal to the value of the Start Port column Otherwise this port number is not between the Start Port and the End Port including the Start Port and End Port gt Specifies the port number is larger than or equal to the Start Port lt Specifies the port number is less than or equal to the Start Port Between Specifies the port number is between the Start Port and End Port It mean
180. mid place e g a bathroom The router should be used in a sheltered area within a temperature range of 5 to 40 Celsius Do not expose the router to direct sunlight or other heat sources The housing and electronic components may be damaged by direct sunlight or heat sources Do not deploy the cable for LAN connection outdoor to prevent electronic shock hazards Keep the package out of reach of children When you want to dispose of the router please follow local regulations on conservation of the environment We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials we will at our discretion repair or replace the defective products or components without charge for either parts or labor to whatever extent we deem necessary tore store the product to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be offered solely at our discretion This warranty will not apply if the product is modified misused tampered with damaged by an act of God or subjected to abnorm
181. mmunity Display the community string of the trap server Trap server port Display the port number used for the trap server Edit Allow users to edit the selected SNMP traps settings Delete Delete All Remove one all the selected SNMP traps settings A dialog will be prompted for you to ask confirmation Click OK To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry EMS SNMP Traps Edit Trap server 192 168 1 100 Trap community public Trap server port 2048 Apply Cancel Trap server Assign an IP address of trap server Trap community Assign a community string for Trap packet using Trap server port Assign a port number for Trap server using Apply Click Apply to save this setting and return the previous page Vigor3300V Series User s Guide 147 Dray Te k 4 3 11 SIP ALG This page allows you to configure settings to make SIP message and RTP packets of voice being transmitting and receiving correctly via NAT by Vigor3300V while using VoIP function with SIP protocol Advanced SIP Application level gateway O Disable Enable SIP listen port RTP port start Allow registrations Timeout for an RTP stream Default expires VoIP Port Setting VoIP SIP local port Disable Enable SIP listen port RTP port start 5060 7070 Anyone Register from
182. n Port Number Call Type Caller Number Callee Number Start Time End Time Duration Release Reason Remote RTP Address Remote RTP Port RTP Statistic Vigor3300V Series User s Guide FriSe 1 5 Incoming 888846 888845 17 01 51 anng 2UU5 FriSep 23 47 7 17 01 4 2005 p23 Remote 3 Release Remote RTP RTP Codec Packet DTMF Start Time End Time Duration Reason Address ia Statistic Type Period VAD Relay PS 275 OS 5500 FiSep23 9 gays AAS o PR 143 6729A an m don 17 02 00 N0h 00m 09 Normal Drop 61 230 213 114 13466 OR 2860 Skbos 20mMS Off RFC2833 7005 sli aaa at cae PL 0 Ji 0 LA 0 PS 143 OS 2860 Sen 73 R 7 02 00 days Normal Drop 61 230 213 114 13464 abet G 729A ms Off RFC2833 Ir Ve JU 00h 00m 1 3s OrmalvUrop 01 230 213 3464 d ool kbps LUMS b rU2Z533 2005 PL 0 Ji 0 LA 0 You can click Refresh to get the latest status information for these VoIP phones In addition you can set the time interval of refreshing Use the drop down list of Refresh Option to choose an automatic refreshing setting If you choose No Refresh the system will not refresh this page until you click Refresh button Ho Refresh wt Refresh Ho Retresh Every 10 Seconds Every 20 Seconds Every 30 Seconds The port number of VoIP The dialing direction for this call Incoming Outgoing The phone number of the caller The phone number of the receiver The starting time of the call The ending time of the
183. n a destination IP address and subnet of certain host in LAN for applying load balance policy Assign a destination port number range The port range is from 1 to 65535 If you choose All as the protocol you don t need to type any number here Select an interface WANI to WAN4 to be forwarded to Packets fitting the above settings can be routed through the selected interface only Check this box to invoke this function Click Apply to save all configurations oy Dray Tek 4 2 3 Auto Load Balance Because the network between China Telecom and China CNC are disconnected such function is designed to do auto load balance and separate the packets among China Telecom China CNC and other regions via different WAN interfaces For example if you check WANI and WAN4 for China Telecom packets belong to China Telecom will pass through the specified WAN interfaces only and load balance will be done between WANI and WANA Network Auto Load Balance Auto Load Balance Disable O Enable WAN1 WAN2 WAN3 WAN4 China Telecom C F F d China CNC F F F F Other Traffic F F d O Apply Cancel Auto Load Balance Choose Enable to invoke the auto load balance function for your devices China Telecom A telecom company China CNC A telecom company Other Traffic Regions that are not belonged to China Telecom and China CNC Apply Click Apply to save all configurations 4 2 4 LAN Local Area Network LAN is a group of subnets r
184. name provided by local ISP Assign a valid password provided by local ISP Select PAP CHAP MS CHAP or MS CHAP V2 protocol for PPP authentication according to the feature that your ISP provided for widest compatibility The default value is PAP L Dray Tek The password will be encrypted in CHAP but not in PAP PAP CHAF HS CHAF Ma CHAP e Service Name Assign a service name required for some ISP services PPTP Local Address Assign a local IP address PPTP Subnet Mask Assign a subnet mask value of IP address PPTP Remote Address Assign a remote IP address of PPTP server Detect Interval Assign an interval time for detecting if the WAN connection is on or off No Reply Count Assign detecting times to ensure the connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Apply Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Reset Click this button to clear all the configurations for this page DMZ Configuration In computer networks a DMZ De Militarized Zone is a computer host or small network inserted as a neutral zone between a company s private network and the outside public network It prevents outside users from getting direct access to company network A DMZ is an optional and more secure appro
185. ned to other client Click Refresh to re display this web page for getting newest routing information gt Dray Tek Select View NAT Active Sessions Table to get the following page This table can display about 30000 sessions with 20 pages System Diagnostic Tools View NAT Active Sessions Table Type Expire in State Source IP Dest IP sPort dPort Rep Source IP Rep Dest IP sPort dPort tcp 591 ESTABLISHED 192 168 1 222 207 46 6 24 3435 1863 207 46 6 24 Lie Lone weeo 1863 34682 tep 598 ESTABLISHED 192 168 1 222 207 46 6 153 3476 1863 207 46 6 153 a Br ara D DAA AE 1863 34723 v Type Display the protocol used for the active session Expire in Display the remaining time second of this session State Display the condition of this session Source IP Display the source IP address of the packet transmitted Dest IP Display the destination IP address of the packet transmitted sPort Display the source port of the packet transmitted dPort Display the destination port of the packet transmitted Rep Source IP Display the source IP address of the packet replied Rep Dest IP Display the destination IP address of the packet replied sPort Display the source port of the packet replied dPort Display the destination port of the packet replied Select Data Flow Monitor to get the following page This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds System
186. nnel is idle Use the value O to disable this function The recommended value is 2 seconds if enabled Timeout The timeout timer The peer will be declared dead once no acknowledge message is received after timeout value Use the value 0 to disable this function The recommended value is 4 seconds if enabled Auto GRE Key Check this box to automatically generate GRE key Or type the GRE key on the fields below manually GRE Key In This value is used for the router to authenticate the source of the packet The length is 4 bytes GRE Key Out This value is used for the remote client to authenticate the source of the packet The length is 4 bytes After finish the configuration click Apply to apply the IPSec policy setting into the policy table Significant fields will be summarized in the IPSec Table Operational Status reflects the current status of the tunnel UP means the IPSec tunnel has been established DOWN means no tunnel existing or termination status of the tunnel Dray Te k 178 Vigor3300V Series User s Guide If user expects the local gateway to act as the IKE initiator 1 e emit the first IKE main mode message user can click the hyperlink Initiate to start the IKE negotiation or set admin status to be always on to automatically restart IKE negotiation During the negotiation you can press Refresh to show the latest status of all policies VPN Trunk Group Table Vigor3300 series allows users to configure policies In
187. not forward any trace route packets Enable Block SYN Activates the Block SYN fragment function Any packets Fragment having the SYN flag and fragmented bit sets will be dropped Enable Block Fraggle Activates the Block fraggle Attack function Any broadcast Attack UDP packets received from the Internet are blocked Enable TCP Flag Scan Activates the Block TCP flag scan function Any TCP packet with an anomalous flag setting is dropped These scanning activities include no flag scan FIN without ACK scan SYN FIN scan Xmas scan and full Xmas scan Enable Tear Drop Activates the Block Tear Drop function This attack involves the perpetrator sending overlapping packets to the target hosts so that target host will hang once they re construct the packets The routers will block any packets resembling this attacking activity Enable Ping of Death Activates the Block Ping of Death function Many machines may crash when receiving an ICMP datagram that exceeds the maximum length The router will block any fragmented ICMP packets with a length greater than 1024 octets Enable Block ICMP Activates the Block ICMP fragment function Any ICMP Fragment packets with fragmented bit sets are dropped Enable Block Unknown Activates the Block Unknown Protocol function The router Protocol will block any packets with unknown protocol types Click Apply to apply the settings when you finish the configuration 4 4 3 URL Filter The Internet contains a wide
188. ns Temperature Humidity Max Power Consumption Dimension Power Vigor3300V Series User s Guide 229 Operating 0 C 45 C Storage 25 C 65 C 10 90 non condensing 60 Watt L440 W280 H44 mm 100 240 V AC Dray Tek
189. ns under Priority and click Edit The following page will be shown automatically Dray Te K 164 Vigor3300V Series User s Guide QoS Incoming Class Filter Edit Source IP Destination IP Service Type Status Service Type Protocol Source Port Destination Port DiffServ CodePoint Status 10 1 1 1 10 1 2 1 O Basit Advanced O None TCP v 80 150 80 160 Basic O Advanced O None DiffServ CodePoint Type DiffServ CodePoint Class Source IP Destination IP Service Type Status Service Type Protocol Source Destination Port DiffServ CodePoint Status Vigor3300V Series User s Guide BE v 0x Hex undefined Apply Cancel Type the source IP address with subnet mask value to be applied for this filter Type the destination IP address with subnet mask value to be applied for this filter There are three options for you to choose Basic Only the Service Type field is allowed to be configured Advanced The Protocol and Port fields are allowed to be configured None No field is allowed to be configured Select the service type that you want to use There are thirty five service types provided CU SEEME LO TCP UDP 7648 a DNS TCP UDP 53 E FINGER TCP 79 H 323 TCP 1720 HTTFP TCP 80 HTTPS TCP 443 IKE UDP 500 IPSEC AH IP 51 IPSEC ESP IP 50 IRC TCP U
190. nstallation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 1 Checking If the Hardware Status Is OK or Not Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable connections Refer to 1 3 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright r LAN r WAN DMZ ven ik Firewal 10 O pwR act as rox Factory Reset P1 P2 P3 P4 Pi P2 P3 P4 3 If not it means that there is something wrong with the hardware status Simply back to 1 3 Hardware Installation to execute the hardware installation again And then try again Vigor3300V Series User s Guide 219 Dr ay Te k 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings After trying the above section if the link is stilled failed please do the steps listed below to make sure the
191. ock ones be in block group Next Group Name It indicates the next filter group If the option Block if no further match or Pass if no further match of Block or Pass parameter is selected the unmatched packets will be compared with rules in Next Group The option None must be chosen while Block or Pass is selected as Block or Pass Apply Click this button to return to IP Filter Table setting page The new added rule information will be displayed on this page too Refer to the following graphic Firewall IP Filter Table Mext Group Mame Comment Skip this group Add Rule Apply Cancel IP Fitter Table Index SourcelP Subnet Mask Port gical Subnet Mask Port Protocol Direction Block Active Go a eT Va Steve erae a a eaa t sc OD ee el ool aus LAN Immediately Edit Rule Delete Rule 4 4 2 DoS The DoS function helps to detect and mitigates DoS attacks These include flooding type attacks and vulnerability attacks Flooding type attacks attempt to use up all your system s resources while vulnerability attacks try to paralyze the system by offending the vulnerabilities of the protocol or operation system In the Firewall group click the DOS option You will see the following page The DoS Defense Engine inspects each incoming packet against the attack signature database Any packet that may paralyze the host in the security zone is blocked The DoS Defense Engine also monitors traffic behavior Any anomalous situation
192. odec settings for the VoIP connection Display the DTMF mode setting for the VoIP connection When you click Edit the following page will appear for you to configure Such page is available for ISDN module Vigor3300V Series User s Guide ve Dray Tek Dray Tek VoIP Port Settings Port1 Edit Port 1 ISDN NT Disable Enable Default SIP Accounts VoIP IP Address Hotline Hotline Number to Internet Hotline Number to PBX FXO Manual Disconnection Codec Preferred Codec Single Codec Codec Rate Codec VAD CAS Microphone Gain Speaker Gain FAX FAX Mode FAX Bypass Codec FAX Bypass Codec Rate DTMF DTMF Mode DTMF Volume Supplemental Service Supplemental Service Mode Supplemental Service Items ISDN Mode NT TE ISDN Type P MP P P MSN numbers MSN Number 1 1001 v WAN v p delay 1 8sec G 729A 8kbps v O 20 ams Disable Enable 0 Range 14 6 0 Range 14 6 Transparent v ms InBand OutBand RFC2833 SIPINFO Cisco m 27 Range 0 31 Disable Normal CHT Call Waiting Call Transfer Default Account 1 150 5 1005 2 51 5 1005 3 52 5 1005 v 4 53 5 1005 v 5 54 5 1005 6 55 S 1005 v 7 56 5 1005 8 57 5 1005 v 9 58 5 1005
193. ompany wants to separate the Engineer Department Sales Department Marketing Department and guest to limit their communication with any department to ensure the security In this case we can define four VLANs that are VLANS5 VLAN6 VLAN7 and VLANS The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 is 192 168 3 0 and the subnet of VLANS8 is 192 168 4 0 However the notebook of guest does not support 802 1Q Vigor3300V LA N 192 168 10 192 168 2 0 192 168 3 0 192 168 4 0 Ee k auw b ais T Sales Marketing Gaii es Department Department ia Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS type 5 to VLAN ID In the Member field choose p1 Then choose the Tagged for Frame Tag Operation in pl We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC of Engineer Department 4 Inthe VLAN6 type 6 to VLAN ID In the Member field choose p2 Then choose the Tagged for Frame Tag Operation in p2 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from Engineer Department 5 Inthe VLAN7 type 7 to VLAN ID In the Member field choose p3 Then choose the Dray Tek Tagged for Frame Tag Operation in p3 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the PC o
194. ompted for you to ask confirmation Click OK ue Dray Tek For 802 1Q VLAN Another way to set VLAN is based on 802 1Q Please choose 802 1Q VLAN to open the following page This page is available only for the PCs with certain network cards which support 802 1Q VLAN feature It is useless for general network cards Advanced LAN VLAN Setting Disable PortBase VLAN 802 10 VLAN Port Base VLAN B re AEF Group Index Active Name VLAN ID P1 1 ofa e 2 Oo mae o gt ow ff jo a wa _ Enable management port for P4 C Enable packet forwarding between VLANs Port Setting P1 P2 Member Frame Tag Operation P2 P3 P4 P1 P2 P3 no D P4 P3 P4 Port VAN C Active Name VLAN ID Member Frame Tag Operation Dray Tek Apply Reset Cancel Check this box to activate the settings of this entry If you check the Management Port box below Index 4 will be unchangeable and locked And you have to set Port VLAN ID for P4 previously before you check Management Port Specify the name for the four groups of VLAN Type a number used for identification on VLAN for your computer Later you have to type the same ID number for each PC which wants to be grouped within the same VLAN group In addition if you type wrong ID number the following message will appear to warn you Please type correct number Microsoft Internet Explorer By the way if you don t know how to configure a VLAN
195. on to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1l TOff1 TOn2 and TOff2 mean the cadence of the tone pattern TOn1 and TOn2 represent sound on TOffl and TOff2 represent the sound off Vigor3300V Series User s Guide 209 Dray Te k VoIP Tone Settings Region UK v Caller ID Type Tone Classfication Low Frequency Hz High Frequency Hz salad pai PETN jaaa Dial tone Ringing tone Busy tone Congestion tone Tone Timer Dial Tone 16 Busy Tone 30 Howler Tone 60 Ringing Tone 180 Apply Cancel Region Choose the country area that the Vigor3300 located for using VoIP feature Or select User Defined for proprietary settings User Defined Australia canada US China Denmark Finland France GErmany Hong Kong Japan Hether lands Horway Poland Singapore Taivan Caller ID Type If User Defined is selected in the Region field users can select one of the supported values If a country is selected this field will display ID type value automatically ETSI LR DT a sStu E BT WH Horth America JAPAN ETSI during ring ETSI DT AS prior to ring ETSI LR DT aAsStU K BT DTHF Dial tone A tone means the phone line is ready to make a
196. onal users can purchase them and installed them into the router according to the real requirement The LED description for there four modules are different slightly Please read the following for detailed explanation DO Z SA B gt 4 Oe i a e r a a LINE w w p a t o ALL TE LED Explanation FXS FXO It means VoIP port is connected and ready to use It means VoIP port is not connected It means a phone call is coming and the port is ringing SO TE It means SO port is connected and SO mode is ready Left LED It means TE port is connected and TE mode is ready No ISDN phone adapter connected SO TE It means ISDN link is established Right LED Off It means ISDN link is off It means the data and voice transmission is on going ALL TE It means TE port is connected and TE mode is ready Left LED ALL TE It means ISDN link is established Right LED It means ISDN link is off It means the data and voice transmission is on going Dray Te k 4 Vigor3300V Series User s Guide Description for Connectors O E Aa ci O i Ae ia o o o o o o OM OPO OB O P a gt O O B O OA WAN DMZ Factory Reset Interface Description Console Provided for technician use LAN P1 P4 Connecter for local networked devices WAN DMZ PI Connecter for remote networked devices P4 FXS Connecter for telephone set FXO Connecter for FXS interface of PABX ISDN SO TE Connecter for ISDN phone I
197. one then press the PSTN number 87654321 Phone 2 calls Phone 3 gt Press 888835 After getting through you will hear the Dial tone then press the PSTN number 87654321 Phone 3 calls Phone 2 gt Press 12345678 After getting through you will hear the Dial tone then press the VoIP number 888829 Vigor3300V Series User s Guide 11 Dr ay Te k Phone 3 calls Phone 1 gt Press 12345678 After getting through you will hear the Dial tone then press the VoIP number 888833 Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may wait 3 seconds if you do not press Connect PBX s Inside Lines The usage is the same as that of common extension Different PBX has its own settings and required configuration by you By connecting 3300V s FXO Port5 to PBX s Inside Line VoIP is seamlessly integrated to PBX s inside lines and allows you to call not only the VoIP but also the PSTN line and PBX s extension Also the remote user can call you from the PSTN line and PBX s extension Phone 4 87654321 12345678 Port 5 FXO 888835 PBX wae C Saee saer Router Porti FXS 888829 Taiwan ets 1 Phone 2 German Phone 3 Fort 1 FXS 888833 Dray Tek 78 Vigor3300V Series User s Guide Configuration table between 3300V and 2910V ___ wanip __ Port Number __ Phone Number Proxy __ Codec _ Port5 FXO _ 888835 G 729A 2910V__ 61 31 167 135
198. or will capture the keypad number you pressed and transform it to digital form then send to the other side the receiver will generate the tone according to the digital form it receive This 204 Vigor3300V Series User s Guide function is very useful when the network traffic congestion occurs and it still can remain the accuracy of DTMF tone SIP INFO Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message DTMF Volume Determine the volume of DTMF voice signal The more the number is set the greater the sound is PIN Code On Net PIN Service If the phone call is from PSTN to Internet via FXO port the caller should input 4 digit PIN Personal identification number to authenticate the permission Off Net PIN Service If the call is from Internet to PSTN via FXO port the caller should input 4 digit PIN Personal identification number to authenticate the permission Do Not Disturb Reject all of the incoming calls to this port Click Enable to activate this function Apply When you finish all the configurations please click this button to activate them 4 7 3 Speed Dial This page allows you to set a simple way to dial a specific number Up to 150 numbers can be stored in Vigor3300V VoIP Speed Dial Speed Dial Phone Number Speed Dial Destination Memo 1 1001 1001 iptel org dial 1 Example 101 101 iptel
199. ote Access 1st IP Address 192 168 1 1 eale e Ae Cartilicate Manada mneni ist Subnet Mask 255 255 255 0 cate anagemen ae i DHCP Server Yes WAN 2 Volt Primary DNS l Link Status Disconnected ISDN Secondary DNS MAC Address 00 50 7F DD 15 14 Wireless LAN A Connection feos VLAN VoIP IP Address j eae USB Application Port 1 2 Dole SALEWA psm System Maintenance SIP registrar l an E Diagnostics Account ID change_me change_me i TE ee Register i i Wireless LAN i ar Codec MAC Address 00 14 85 08 69 19 In Calls 0 0 Frequency Domain Europe Out Calls 0 0 Firmware Yersion v2 01 10 10 5 4 Open VoIP gt gt DialPlan and click Phone Book DialPlan H SIP Accounts Phone Settings P Status 3 Click Index 1 VoIP gt DialPlan Setup 4 Phone Book Index Phone number Tee i te Display Name SIP URL Dial Out Loop through Account g Enter relevant settings for 3300V s Port 1 Click OK to save the settings Enable click V to activate the entry Phone Number type 3301 Display Name To facilitate ease differentiation please type 3300V_Port1_IP SIP URL Callee s Number IP please type 888833 220 135 240 207 Vigor3300V Series User s Guide 63 Dray Tek VoIP gt DialPlan Setup Phone Book Index No 1 Enable Phone Number 301 Display Name J300 Portt IP SIP URL 88833 220 196 240 207 Dial Out Account D
200. ove settings please click Finish A system reboot page will appear Click Apply to activate the DHCP mode configuration 2 2 3 PPPoE PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share a common connection PPPoE is used for most of DSL modem users All local users can share one PPPoE connection for accessing the Internet Your service provider will provide you information about user name password and authentication mode If your ISP provides you the PPPoE Point to Point Protocol over Ethernet connection please select PPPoE for this router to get the following page Enter the username and password provided by your ISP on the web page Dray Te k 18 Vigor3300V Series User s Guide Static DHCP Configuration UserName Password Authentication Service Name Optional User Name Password Authentication Service Name PPPoE PPTP Configuration 1234 hinet net PPTP Local Address PPTP Subnet Mask PAP PPTP Server Address Next gt gt Type a specific valid user name provided by the ISP Type a valid password provided by the ISP Select PAP CHAP MS CHAP or MS CHAP V2 protocol for PPP
201. p to protect your local network against attack from outsiders A firewall also provides a way of restricting users on the local network from accessing inappropriate Internet content and can filter out specific packets which may trigger unexpected outgoing connection such as a Trojan The following sections will explain how to configure the Firewall Users can select General Setup IP Filter DoS and URL Filter options from Firewall menu The DoS facility can detect and mitigate the DoS attacks The URL Filter can block inappropriate websites for SME IP Fitter DoS URL Filter Sh Bind IP to MAC IF Fitter m DoS URL Fitter Sh Bind IP to MAC General Setup b Group Table e General Setup License IMP2P Blocking IMP2P Blocking 4 4 1 IP Filter First you should create at least one Group in the IP Filter gt gt Group Table Then you can enable the Data Filter and select a Start Filter Group in General Setup The following sections explain IP Filter functions with details General Setup The page allows you to set general settings such as enabling the data filter function and choosing proper filter group Firewall General Setup Data Filter Disable Enable Start Filter Group Apply Cancel Data Filter Disable or Enable the firewall function This firewall can only be enabled if at least one filter group exists The default is Disable Start Filter Group Default
202. page automatically 1 Open VoIP gt gt Status DialPlan H SIP Accounts gt Phone Settings H Status 2 Wait one or two minutes The time depends on SIP Server s response speed and the network condition Channel R means Port and Port 2 register successfully Status IDLE means there is no conversations on Port 1 Port 8 VoIP gt gt Status Status Refresh Seconds a Rx Elapse Tx Rx Rx In Out Speaker Pors StAtUs CPUE PERNOD hh mm ss Pkts Pkts Losts fa Calls Calls Gain Fa R 00 00 00 0 0 0 0 0 0 5 FeO R 00 00 00 0 0 0 0 0 0 5 Now the configuration is completed Vigor3300V Series User s Guide 55 Dr ay Te k 3 3 2 Example 2 Basic Configuration and Registration for ISDN In this case Vigor3300V uses an ISDN NT card and an ISDN TE card with four groups of iptel numbers and fwd numbers respectively The Codec is G 729A WAN IP address is 220 135 240 207 2910V has two VoIP Ports with an iptel number and the fwd number respectively The Codec is G 729A and the WAN IP is 61 31 167 135 Basic settings in Vigor 3300V and 2910V WANTP____ PortNumber___ Phone Number_ Proxy Codec _ 3300V 220 135 240 207 Port5 ISDN TE 888835 iptel G 729A Po Proxy Domain Pot 5060 fwd fwd pulver com fwd pulver com Configuration Example for Vigor3300V 5060 1 Enter VoIP Protocol page and configure related settings on SIP Configuration VoIP Proto
203. php This product is designed for the ISDN and POTS network throughout the EC region and Switzerland Please see the user manual for the applicable networks on your product Vigor3300V Series User s Guide v Dray Tek Table of Contents haper I PEC TAC Cia gatas ataceta pees alroae elec ca sae cient eee eee eens ee teen eoneee earner cee ce eee ceeeueuuns 1 1 1 Web Configuration Buttons Explanation ccccccccccccecsssseeeceeeeeseeeeeeseeeeeeeseuaeeeeeeeeesseaaaeeseeeeeeseaas 1 1 2 LED Indicators and CONNECTOT S eicinad ere coseescanconescisacesuds avoscucsacguceb aseceestvonateucqwarchensecnqedsavesaiy acendace 2 eNe elre OO E E E E EE E E T E E aaaieaacionaten 3 1 3 Hardware Installati n aiia iTo Ea EEA kaia 6 1 3 1 Network COnne ction cccccccccccceccceeecceeeeeseceeeeceeseeeeceeeeeeseeeeseceeeeeeeuaassseeeeeeessaaeseeeeeesssaesaaaeess 6 1 3 2 ISDN Phone Adapter Installation ccccccccccccsssseeeeceeseeeeeeeeeeseeeesseeeeeeeesseaeeeeessaaeeeeeessageeeeees 7 1 3 3 Rack Mounted Installation ccccccccccccccssseeceeeceeeseeeeeeseeeeeeeeeeeseeeessseaseeeesseaseeeesssaaeeeessaaseeees 9 Chapter 2 Configuring Basic Settings cccccsssesesseeseeseeseeseesenseesesneesenseesensesseneees 11 2 1 CHANGING Password ccccccseeeeceeccaeeeeeeeeeeeeceeecaeeseeeeesseasceeeeseeaseeeeeseeaeeeeesseaeeeesseeeeeeesssasseseeeeeas 11 e2 OTe do 6 hae ene nee eee anne ee eee eee ee ee eee ee ee ee ee 13
204. pplications e g BitTorrent always need many sessions for procession and they will occupy over resources which might result in important accesses impacted To solve the problem you can use limit session to limit the session procession for specified Hosts is Limit Session Fo General Setup Kot Limitation Table General Setup This function allows users to configure general settings for limit session Click Network gt gt Limit Session and then choose General Setup You will get the following page Network Limit Session General Setup Limit Session Disable Enable Default Session Limit 1000 Apply Cancel Enable Disable Disables or enables this function Default Session Limit Defines the default session number used for each computer in LAN Apply After finishing the configuration please click this button to invoke these settings Limitation Table This function allows users to set limitation for limit session Click Network gt gt Limit Session and then choose Limitation Table You will get the following page Dray Te k 126 Vigor3300V Series User s Guide Network Limit Session Limitation Table 7 Start IP End IP Session Number 1 2 3 O 1 O 5 5 O 7 O 8 O 3 O am 1 Edit Delete Delete All Start IP Display the start IP address End IP Display the end IP address Session Number Display the session number Edit Click this button to open the edit page for adjusting t
205. quest we Send ARP to Gateway Send PING Send Http Regu Detect Interval Sec Assign an interval period of time for each detecting The minimum value is 3 and no limit for maximum value No Reply Count Assign detecting times to ensure the a Dray Tek Apply Reset connection of the WAN After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Detect Destination Host IP or Domain Name Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not If not the connection of WAN interface will be regarded as breaking down This function is available when Detect Type is set with Send PING or Send Http Request Click Apply to go back to the WAN Interface Configuration page To apply all settings click Apply on the WAN Interface Configuration page and reboot your router Click this button to clear all the configurations for this page PPPoE with a DSL Modem Setup Most DSL modem users will use this mode All the local users can share one PPPoE connection to access the Internet Static DHCP PPPoE PPTP Configuration Configuration UserName Password Authentication Service Name PPPoE IP Alias MTU IP Address Assignment Method IPCP Fixed IP Fixed IP Address Connection Detection Detect Interval No Reply Count Use
206. r Management Port Default Ports HTTP Port80 Telnet Port23 SSH Port22 User Defined Ports HTTP Port Telnet Port SSH Port PING Restriction Fj Disable PING from the LAN F Disable PING from the WAN Management Method Allow Management from the WAN Management Port PING Restriction Dray Tek Apply Cancel There are several servers provided by the system to allow you managing the router from Internet Check the box es to specify You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three Ps subnet masks is allowed Disable Disable the management from the WAN interface Enable All Enable all management through HTTP Telnet SSH from the WAN interface Enable User Defined WAN IP System can be managed by these three IP addresses via WAN Allowed IP1 IP3 The former box indicates an IP address allowed to login to the router and the later box indicates a subnet mask allowed to login to the router Default Ports Use the default ports for HTTP and Telnet if you choose HTTP and Telnet as management methods User Defined Ports Or you can assign new port numbers for HTTP Telnet and SSH respectively Disable PING from the LAN Choose this function to reject all ICMP packets from LAN side Disable PING from the WAN Choose this function to reject all ICMP packets from WAN side 98 Vigor3300V Series User
207. r Range 1 10 rings Forward incoming calls to the specified SIP URL site after ringing the times that you set here SIP URL Assign a SIP URL site e g aaa draytel org or abc iptel org to receive forwarded calls This function is used to set SIP account for sending a message to the proxy server for subscribing MWI Message Waiting Indicator Part proxy server may need such subscription yet not all of the proxy servers need Play Special Dial Tone Play congest tone for five seconds while off hook to inform you MWI message Hide the caller ID on the display panel of the phone set IncomingCall CLIP display If you choose No display no name and number of the incoming calls will be displayed If you choose Display number only just the number of the incoming calls will be displayed If you choose Display name and number then the name and number of all the incoming calls will be displayed on the phone set Display name and number Ho display Display number onl OutgoingCall CLIP display If you choose No hidden then the name and number of the outgoing calls will be displayed on remote end If you choose Hidden name only just the number of the outgoing call will be displayed If you choose Hidden name and number the name and number of all the outgoing calls will not be displayed on the phone set of remote end No hidden Ra Ho hidden Hidden name only Hidden name and number It allows a person to pu
208. r sec tor sec Tor sector sector Sec tor pdating flash block A 0 8 A Hi i A Hi i i 8 A Connected 1 03 45 Abo detect regi O 7 When set flash0O_0 780000 800000 general appears it means the firmware downloading has been completed The router will reboot itself and you will see the Firmware version V2 X X Please wait about 20 seconds to relogin the router The procedure is finished now Dray Te k 102 Vigor3300V Series User s Guide OD Hyper Terminal Fla Edt Whew Call Trarefor Hop Dae s 0 y 0 sector size 69096 sector size 65006 U sector size 69006 0 sector size 69996 sector size 65536 Updating flash block at bf d3beao set ethaddr 68 50 ft 28 88 23 t ethaddrl 88 50 f 28 80 e4 ethaddr 00 30 7 25 00 e4 default_nif_wanl_mac AD 5A FF 20 AN o Hdefaul t_nit_wan _mac 00 50 7f 78 80 e5 dofault_nif_wand_mac 60 50 7 28 80 06 Hdefault nit wani mac BA DA ef 28 BB a HALE d AHH Ti Y3 board for Vo GPIO contig have voip card Draytek login 3300 series AUS dataci gradi Sh 4 1 7 Reboot The Vigor router system can be restarted from a Web browser Reboot screen can appear after you finish the changing of WAN and LAN settings You have to reboot the router to invoke the configured settings that you made before Besides you can select Reset to factory default to reboot the device and retrieve the default setting
209. r 3300V and 2910V WANT __ PortNumber Phone Number __ Proxy Codec _ 3300V 220 135 240 207 PortlFXS 888833 lipta G 7294A Port2FXS 888834 _fiptel__ G 7294 Port3 FXS 660533 fa G 7294 Port4 FXS 660534 G 729A PortS FXO 888835 ipte _ G 729A Por6 xo 8888365 ipte 6 7294 PortFXO 660525 G 729A G 729A h h J h or i on 2 or Port8 FXO 660526 2910V 161 31 167 135 Port1 FXS 888829 iptel G 729A Port2 FXS 660529 G 729A Po Proxy Domain Port fwd pulver com fwd pulver com Aa TN olly N TO fo Vigor3300V Series User s Guide 51 Dray Te k Configuration Example for Vigor3300V 1 Enter VoIP Protocol page and configure related settings on SIP Configuration VoIP Protocol Select Protocol SIF LIeGoCr Mile Coniguraton AP Local Por TED oD slr a Proxy n m Regist Fapies 5 Acika Prony Haiii Pray Aki caa Paoay Mari Regrina Aili Pari iaci Donin H intel plal ong TED iptal org TETT a plal ong E a Feet Baf pubes tim 1 fed puksiir 3E 2 Baf pik t cim m Example ip al ipiel ong pre wg pied org 2 Set SIP accounts e g username and proxy server by referring to the table Basic settings in Vigor 3300V and 2910V on last page VoIP SIP Accounts Edit Disable Enable Username 888833 Password cecce Display Name 1001 Authentication ID 1001 Proxy Server iptel v Call without Registration VolP IP Address
210. r D that configured in VPN gt gt PPTP amp L2TP gt gt Group Table for this entry When you finish the configuration please click Apply to save and invoke such profile Status This page displays some relevant information about PPTP L2TP connection It will refresh automatically every 10 seconds VPN Status index Remote IP Assigned IP User Byte In Byte Out Up Time G 1 61 31 162 252 192 158 1 224 3300 1280 74 11 Retresh Disconnect 188 Vigor3300V Series User s Guide Dray Tek Index Display the index number of the tunnel Remote IP Display remote IP address of the tunnel Assigned IP Display IP address assigned by Vigor3300 User Display user account of this tunnel Byte In Display the bytes count received by this tunnel Byte Out Display the bytes count sent out by this tunnel Uptime Display the time duration since the tunnel is established Refresh Allow you to refresh current VPN status Disconnect Allow you to disconnect the select VPN connection Vigor3300V Series User s Guide 189 Dray Te k 4 7 VoIP Setup Voice over Internet Protocol VoIP is a technology that allows you to make telephone calls using a broadband Internet connection instead of a regular or analog phone line Protocol e Port Settings n Speed Dial Sy Dial Plan ty Miscellaneous b Tone settings mos MAT Traversal Call History bag Tone Upload eS Status s Config Activate 4 7
211. r Name Password Authentication Service Name PPPoE IP Alias Dray Tek DMZ Configuration dray PPTP Local Address TIT PPTP Subnet Mask PAP PPTP Server Address l iji ii Enable C Enable 1442 No Dynamic IP O Yes Apply Reset Cancel Assign a specific valid user name provided by local ISP Assign a valid password provided by local ISP Select PAP CHAP MS CHAP or MS CHAP V2 protocol for PPP authentication according to the feature that your ISP provided for widest compatibility The default value is PAP The password will be encrypted in CHAP but not in PAP Ma CHAP V e Assign a service name required for some ISP services Set other IP addresses binding in this interface You can set up to 32 sets of IP alias settings If you have typed addresses here you can see and choose it in later web page settings e g Advanced gt gt NAT gt gt Port Redirection DMZ Host 112 Vigor3300V Series User s Guide MTU Fixed IP Fixed IP Address Detect Interval No Reply Count Always On Apply Reset Mean maximum transmission unit of one packet The default value is 1442 Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP
212. r not You may need to try both PAP and CHAP Vigor3300V Series User s Guide 223 Dray Te k 3 Check if Service Name optional is correct or not It is required by some ISPs Static DHCP PPPoE PPTP DMZ Configuration Configuration Configuration UserName 1234 hinet net PPTP Local Address Password PPTP Subnet Mask Authentication PPTP Server Address Service Name PPPoE IP Alias Enable MTU 1442 IP Address Assignment Method IPCP Fixed IP No Dynamic IP O Yes Fixed IP Address Connection Detection Detect Interval 10 No Reply Count 2 IP Alias List il 10 1 1 100 2 10 1 1 101 a 10 1 1 102 4 5 6 i 8 w ho Apply Reset Cancel After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings Basic Status LAN Status ETENI WANT IP Address 218 168 226 27 MAC Address OO50 7f26 80 e6 Primary DMS 168 495 1 1 Secondary DNS Gateway 61 230 192 254 RA Packets g5 TA Packets 40 Connection Status connected Up Time Odays 0 hours 4 minutes 45 seconds Disconnect For Static Mode 1 Check if the values of IP Address Subnet Mask Gateway IP Address and Primary DNS that you got from ISP are set prope
213. racter in this field for transferring The character that you can type can be and O 9 ISDN The router is set by using ISDN call via ISDN TE port To change ISDN call into VoIP call please dial the character in this field for transferring The character that you 202 Vigor3300V Series User s Guide can type can be and 0 9 Route to Account Choose the number from the drop down list to specify ISDN TE port number When you finish all the configurations please click this button to activate them Apply When you click Edit the following page will appear for you to configure Such page is available for FXO module VoIP Port Settings Port5 Edit Port 5 FXO Disable Enable Default SIP Accounts I 5 1005 v VolP IP Address Hotline Hotline Number to Internet Hotline Number to PBX p delay 1 8sec FXO Disconnect Manual Disconnection Codec Preferred Codec Single Codec Codec Rate Codec VAD _ G 729A 8kbps v oO 20 ms Disable Enable CAS Range 14 6 Microphone Gain 0 OO Speaker Gain 0 Range 14 6 FAX FAX Mode Transparent l w FAX Bypass Codec FAX Bypass Codec Rate ms DTMF DTMF Mode InBand OutBand RFC2833 SIPINFO Cisco DTMF Volume 27 Range 0 31 PIN Code C On Net PIN Service C Off Net PIN Service Do Not Disturb Do Not Disturb
214. ration Click the VPN gt gt IPSec gt gt Trust CA option It can make users loading double key certificate issued by trusted CA server VPN IPSec Trust CA Name Issuer 00000000 0 1 Upload Delete View To upload a new Trust CA please select any one of the entry and click the Upload button The following page will appear VPN IPSec Trust CA 1 Upload Upload CA Certificate Apply Cancel Use the Browse button to locate the file you want to upload and click Apply User Certificate This page allows you to set up the CA configuration to generate user s certificate Click the VPN gt gt IPSec gt gt User Certificate option Vigor3300V Series User s Guide 181 Dray Te k VPN IPSec User Certificate Status Name Issuer ees iC TWIST Hsin oso e pent tects Chufl HouKof0 DrayteWOU RD3 CN presto emailAddress pcho draytek com tw n n MAA ki A iC TYWST HSin O eiai oe Chu L Hout 0 0 DraytekiOU RD3 CN presto emailAddress pcho draytek com tw bee any ae iC TWIST Hsin O at rhni ira i Chu L HouKo 0 DraytekiOUsRD3ICN presto emallAddress pcho draytek com tw 4 O Empty 5 O Empty Empty Empty O Empty 9 O Empty 10 O Empty 1 Generate Download Import Delete View Generate Generate a new entry for user certification Download Download a certification file generated from router to be stored in local host Import Import a certificated file from the local host Delete Delete an ass
215. re always holds the current connection and connect with the second connection Call transfer Check this box to execute call transfer function S 7 Analog PhoneA Dray Te k 200 Vigor3300V Series User s Guide There are three types of operating procedure used in Call Transfer Take a look at the diagram above Unattended mode 1 At the first phone A and phone B talk on the phone 2 Phone A presses flash hook phone A will play dialtone yet phone B will hold and wait Next phone A dials 4 and presses immediately phone A still plays dial tone Phone A dials the phone number of phone C for phone A wants to transfer phone B to Phone C 3 When phone C picks up the phone then phone C can talk with phone B The call transfer is done now Phone A plays busy tone Attended mode 1 At the first phone A and phone B talk on the phone Phone A presses flash hook phone A will play dialtone yet Phone B will hold and wait Next phone A dials the phone number of phone C Phone C picks up the phone to connect with phone A Phone C is on hook to disconnect with phone A Phone A presses flash hook to resume the call with Phone B Phone A presses flash hook again phone A will play dialtone yet phone B will hold Phone A dials 4 and press immediately and then phone A will transfer phone B to C 6 When phone C picks up the phone then phone C can talk with phone B The ca
216. re several proposals offered in this page with combination of three types of algorithms Encryption algorithms DES 3DES AES Authentication algorithms MD5 SHA1 DH Diffie Hellman Group MODP768 MODP1024 MODP1536 a Dray Tek Proposal des mdS modpy6e w Fe des nmnd5 modpr bg des md5 modpilz 4 des md5 modpi536 dea amp ha modp7 b8 des sha modpilz 4 des sha modpi536 3des md5 modp7bg 3des nmnd5 modpilz4 3des nmnd5 modpi53 3des sha modp7 bs 3des sha modpilz 4 3des sha modpib36 aes z2 8 md5 modpr6g aes z2 8 md5 modpil z 4 aes z28 md5 modpi536 aeslz8 sha modpr 68 aes 2 8 sha modpilz 4 aes 28 sha modpib36 Key Lifetime quick The renegotiated period of the IKE Phase2 keying channel The acceptable range is from 5 to 1440 minutes 24 hours Proposal quick The proposed encryption and or authentication algorithms for IKE Phase2 negotiations There are 2 options Encryption algorithms NULL DES 3DES AES Authentication algorithms MD5 SHA1 Accepted Proposal If you choose Only accept proposal listed above only the selected proposal will be accepted and applied by this device If you choose Accept all supported proposal all the proposals supported by this device will be accepted and applied Accepted Proposal Accept all supported proposal wt Only accept proposal listed above Accep te SII Suppor ted proposal Delay The keep alive timer A Hello message will be emitted periodically when a tu
217. re two phases of quick setup one is WAN configuration and the other is LAN configuration In the Quick Setup group you can configure the router to access the Internet with different modes such as Static DHCP PPPoE or PPTP modes For most users Internet access is the primary application The router supports the Ethernet WAN interface for Internet access The following sections will explain in more detail the various broadband access configurations All the settings in this section will be used in the first WAN interface Quick Setup WAN MAC Address Default MAC User Defined MAC Downstream Rate 102400 kbps Upstream Rate 1 02400 kbps Type Fast Ethernet v Physical Mode Auto Negotiation v IP Mode O Static DHCP PPPoE O PPTP Static DHCP FrFEoefer ir Configuration Configuration IP Address Host Name Subnet Mask Domain Name Default Gateway Host Name and Domain Name are required for some ISPs Primary DNS Secondary DNS IP Alias List ie MAC Address Downstream Rate Upstream Rate Type Vigor3300V Series User s Guide Next gt gt Default MAC Use the default Mac address stored originally in router User Defined MAC Use a MAC address defined by the user Assign the downstream rate for this WAN interface The default value is 102400 kbps 100 Megabit This setting is very important for Vigor3300 Series incoming
218. red to you Dray Tek 138 Vigor3300V Series User s Guide 4 3 6 Call Schedule Setup These call schedule profiles will control the up or down time of the router s dialer or connection manager In order to do the proper call schedule function a user must have to setup time function and arrange schedules for specified Internet access profile or LAN to LAN profile Vigor3300V supports lots of profiles for call schedule usage Click Advanced gt gt Call Schedule option You will get the following page Advanced Call Schedule Status Date amp Time Action How often Week Option WAN 1 Enable 2006 4 18 00 00 Force On Once WANI Delete Delete All Status Display the activation status enable or disable for this entry Date amp Time Display the start date and time for this schedule Action Display the action that this schedule adopts How often Display the using frequency once or specific day in a week of this schedule Week Option Display the specific day in a week if you choose Weekdays as the How often setting WAN Display the WAN interface used for this entry Edit Allow users to edit the selected call schedule settings Delete Delete All Remove one all the selected call schedule settings Edit Call Schedule To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Vigor3300V Series User s Guid
219. rly or not If you forget please contact with ISP for getting new ones Dray Te k 224 Vigor3300V Series User s Guide Static DHCP Peale eT eerie Configuration OMZ Configuration IP Address Host Mame Subnet Mask Domain Name Default Gateway Host Name and Domain Name are required for same ISPs Prirnary ONS Secondary DNS If anything wrong please retype correct values and try the network connection again After finishing the settings go to System Status page and click WAN Status You will get a correct web page of WAN settings Basic Status LAN Status ESTEE WANT IPF Address 22013032221 MAC Address O50 f2e a0 e4 Primary ONS 158 495 1 1 Secondary DNS Gateway 220 130 542 209 Ra Packets TOS Ts Packets 304 connection Status connected Up Time 0 days 0 hours 5 minutes seconds For DHCP Mode Check if Host Name optional and Domain Name optional are correct or not Both them are required for some ISPs tuleli PPPOE PPTP DMZ eee ren Configuration Configuration Default Gateway 721631 Host Name and Domain Name are required for same ISPs If anything wrong please check and retype correct values Then try the network connection again After finishing the settings go to System gt gt Status page and click WAN Status You will get a correct web page of WAN settings Vigor3300V Series User s Guide 225 Dray Te k Basic Status LAN status
220. ror logs recorded under different conditions There are eight levels representing different severities For example if you choose Debug as the severity the VoIP syslog will record log including Debug Informational Notice Warning Error Critical Alert and Emergency And if you choose Critical the situation of Critical Alert and Emergency will be recorded That is Debug owns the lowest severity and Emergency owns the highest severity Alert EMergenc Alert Critical Error Warning Notice include SIF Informational Debug Apply Click Apply to save these settings Note VoIP Syslog option is useful for the trouble s happened while using VoIP feature of Vigor router It is optional and will be asked to be configured by the maintenance engineers when Vigor users meet the problem of VoIP and need help Vigor3300V Series User s Guide 97 Dr ay Te k 4 1 4 Access Control This page allows you to determine which services HTTP Telnet SSH is used for the user to access Vigor router In addition you can also limit some hosts to access router Series with specified IP address Open System gt gt Access Control You will get the following page System Access Control Management Method Allow Management Method HTTP Telnet C SSH CO SNMP Management Access Control Allow Management from the WAN Disable Enable All O Enable User Defined WAN IP Allowed IP1 Allowed IP2 E Allowed IP3
221. roup in LAN can support for each other Select a role for this device as Master or Slave Assign an IP address as a virtual IP Display current status of slave device Click Apply to reboot the system and apply the settings 802 1Q Status This page allows you to set High Availability for LAN ports 1 4 respectively Network LAN High Availability Basic Status 802 1Q Status LAN1 LAN2 High Availability Disable Enable High Availability Disable Enable Group Number Range 1 255 Group Number Range 1 255 Role Role Virtrual IP Virtrual IP LANS LAN4 High Availability Disable O Enable High Availability Disable O Enable Group Number Range 1 255 Group Number Range 1 255 Role Role Virtrual IP Virtrual IP Apply Cancel High Availability Disables or enables this function When the master device fails down the slave device will take its work over Group Number Assign a group number The range is from 1 to 255 PCs on the same group in LAN can support for each other Role Select a role for this device as Master or Slave Virtual IP Assign an IP address as a virtual IP Click Apply to reboot the system and apply the settings Dray Tek 122 Vigor3300V Series User s Guide 4 2 6 RIP Configuration The Routing Information Protocol RIP is a dynamic routing protocol used in local and wide area networks The routing information packet will be sent out by web server or ro
222. rs for supporting timing sensitive and mission critical network applications such as VoIP Voice over IP and online gaming applications Differentiated quality of service is therefore one of the most important issues over the Internet infrastructure In the Vigor 3300V Series DSCP Differentiated Service Code Point support is also taken into consideration in the design of theQoS guaranteed control module The QoS function handles incoming and outgoing classes independently Users can configure incoming or outgoing separately without any impact on the other Dray Te k 162 Vigor3300V Series User s Guide b Incoming Class Setup b Incoming Class Fitter b Outgoing Class Setup Outgoing Class Fitter For the web pages for incoming class setup and outgoing class setup incoming class filter and outgoing class filter are similar they will be explained in the same sections 4 5 1 Incoming Outgoing Class Setup Incoming Outgoing Class Setup allows you to configure bandwidth percentage for data and voice signals transmission Click the QoS option and choose Incoming Class Setup Outgoing Class Setup There are eight queues that can be configured The total sum of bandwidth has to be 100 percent for all configured queues Any leftover bandwidth is assigned to eight queues to meet 100 percent totally QoS Incoming Class Setup O Disable Enable Index Class Name Bandwidth 1 4 I
223. rt VPN Client as mOTP token A System Configuration in Vigor Router 1 Log in the web configurator of Vigor router and choose System gt gt Time 2 Choose to use Browse Time or use NTP Time by specifying NTP server Make sure Current System time Click Apply to save it System Time NTP Server Time Zone GMT 00 00 Greenwich Mean Time Dublin v Daylight Saving Time NotUse Ouse Update Interval 30 seconds Apply Cancel B mOTP Operation in Smart VPN Client 1 Run Draytek Smart VPN Client Click Insert to add a new VPN profile Fa Smart VPN Client 3 6 5 2 as DrayTek Step 1 Dial to ISP If you have already gotten a public IP you can skip this step Step 2 Connect to VPN Server Status No connection PPTP 15P amp VPN A Dray Tek 86 Vigor3300V Series User s Guide 2 You can see the following screen Dial To VPN Auto runwhen system stare up VPM Server IP HOST Namefsuch as 123 45 67 89 or draytek com 114 37 161 182 User Name draytek Password W Enable mobile One Time Password mOTP Configure Secret for mOTP Type of VPN O U PPTP C Let O a piee Tural L2TP over IPSec SSL VPN Tunnel gt PPTP Encryption No encryption te Require encryption Maximum strength encryption Us default gateway on remote network More x 3 Type the profile name for such V
224. s Click System gt gt Reboot If you want to reboot the router using the current configuration click Apply To reset the router settings to default values check Reset to factory default and click Apply System Reboot System rebooting will take 20 seconds Cl Resetto factory default Apply Click Apply to reboot the whole system The rebooting procedure usually takes 20 or more seconds System is rebooting please wat 15 zecoands lett If your current interface or management port configuration has been changed please access with the new URL Vigor3300V Series User s Guide 103 Dr ay Tek 4 1 8 Diagnostic Tools In some cases a user may need to know some information about the router such as static or dynamic databases or other routing information The Vigor3300V supports five functions Routing Table ARP Cache Table DHCP Assignment Table NAT Active Sessions Table and Data Flow Monitor for the user to review such information In the System group click the Diagnostic Tools option Diagnostic Tools bal view Routing Table view ARP Cache Table view DHCP Assignment Table a View MAT Active Sessions Table a Data Flow Monitor Select View Routing Table to get the following page System Diagnostic Tools View Routing Table Destination Gateway Subnet Mask Flags Interface Refresh Dray Tek 172 16 2 0 on Refresh Display the destination IP address for various routings Di
225. s MPPE 40 bits 128 bits User Authentication Set user authentication to Local server or RADIUS server Enable Disable Enables or disables the Mutual Authentication function Vigor3300V Series User s Guide 185 Dr ay Te k User Name Password Get DNS Server from LAN Setting Get DNS Server by Manual Setting Primary DNS Secondary DNS Type the user name that the other side provides for carrying out mutual authentication whenever you want Type the password that the other side provides for carrying out mutual authentication whenever you want Use DNS setting of LAN configuration If you click this radio button please type the primary DNS and secondary DNS IP address manually in the following fields Type the IP address for primary DNS Type the IP address for secondary DNS When you finish the configuration please click Apply to invoke it L2TP General Setup To configure the general setup for L2TP please click VPN gt gt PPTP amp L2TP gt gt General Setup gt gt L2TP General Setup VPN L2TP General Setup Status Active Inactive L2TP Authentication CHAP v User Authentication Local O RADIUS Server Mutual Authentication Enable Disable UserName Password DNS Server Get DNS Server from LAN Settin q Get DNS Server by Manual Setting primary DNS secondary DNS Status L2TP Authentication User Authentication Enable Disable User Na
226. s button to make RTP and T 38 being not symmetrical Enable symmetric RTP and T 38 Click this button to make RTP and T 38 being symmetrical When Vigor3300 detects the IP address of the receiving packets differing with the address informed by remote end Vigor3300 will change the IP address automatically according to the real IP address of the packets to ensure the remote receiver can get the packets This feature is used to bar incoming VoIP calls from the Internet Barring classes can be specified to allow or deny incoming calls There are five barring classes on the device The default setting is Allow all incoming calls Set This page allows you to choose a barring class match method and set a range for speed dial entries for the incoming call barring VoIP Incoming Call Barring Set Barring Class Deny Match Method only Disable Name Disable IP Domain Speed Dial Entries From 1 To 150 Barring Class Match Method Vigor3300V Series User s Guide calls from deny list O Enable Enable Apply Cancel There are five options for incoming calls from remote ends Choose either one of them to set the barring class Deny only calls from deny list ka Allow all incoming calls Allow only calls from allow list calls from speed dial entries Allow onl leny only calls trom deny list all incoming calls Allow all incoming calls All incoming calls from remote ends ar
227. s the destination IP address for this filter rule Placing the symbol before a particular IP address will prevent this rule from being applied to that IP address It is equal to the logical NOT operator It means the subnet mask for the destination IP It means the port for the destination IP It means the filter group for the current rule It is the protocol s for this filter rule Protocal any protocol The direction of packet flow VPN In is for incoming packets VPN Out is for outgoing packets and Any is for both directions WAN to LAN Wh H to LAN It is the response to fragmented packets There are three options as below Fragment do not care fragment Do not care Specifies no fragment options Unfragment Applies the rule to unfragment packets Fragmented Applies the rule to fragmented packets The action to be taken when packets match the rule There are four options 152 Vigor3300V Series User s Guide Block or Fass Block immediately w Block immediately Pass lnmediately Block if no further match Pass if no further match Block immediately Block the packet immediately Pass immediately Pass the packet immediately Block if no further match means to locks the packet if no further rules are matched Pass if no further match means to passes the packet if no further rules are matched Note It is recommended placing pass rules in pass group and bl
228. s with 036 and stops to dial After passing through 4 seconds the router will send out that phone call automatically VoIP ToS The ToS value in VoIP protocol packet The default setting is Oxa0 Line Polarity Reversal as Callee Answer Check this box to generate line polarity reversal while the remote user picks up the phone call as Callee on hook Check this box to generate line polarity reversal while the remote user hangs up the phone call FXO auto disconnection if Determine the time length for the FXO disconnecting no packet is received in X automatically when there is no packet received minutes FXS On hook Tip Ring Determine the voltage of FXS port on hook Choose Low to Voltage save the power Dummy Account If a user wants to dial out a VoIP call with the SIP account not registered on the router the system will remember such account information and deem it as a dummy account Later it will be dialed out via PSTN line and FXO port Ringing Frequency Please select a proper setting as the ringing frequency Ringing Cadence On Determine the length of the ringing time for incoming calls Ringing Cadence Off Determine the length for the incoming calls to stop ringing 4 7 6 Tone Settings This setting is provided for fitting the telecommunication custom for the local area of the router installed Wrong tone settings might cause inconvenience for users To set the sound pattern of the phone set simply choose a proper regi
229. se2 negotiations There are 2 options Encryption algorithms NULL DES 3DES AES Authentication algorithms MD5 SHAI1 If you choose Only accept proposal listed above only the selected proposal will be accepted and applied by this device If you choose Accept all supported proposal all the proposals supported by this device will be accepted and applied Accepted Proposal Accept all supported proposal kd Qnly accept proposal listed above Accept all supported proposal Enables the PFS Perfect Forward Secrecy function A new Diffie Hellman Key Exchange is included every time an encryption and or authentication key are computed on PFS Enables or Disables the dead peer detection function The keep alive timer A Hello message will be emitted periodically when a tunnel is idle Use the value 0 to disable this function The recommended value is 30 seconds if enabled The timeout timer The peer will be declared dead once no acknowledge message is received after timeout value Use the value 0 to disable this function The recommended value is 120 seconds if enabled 172 Vigor3300V Series User s Guide After finish the configuration click Apply to apply the IPSec policy setting into the policy table VPN IPSec Policy Table Connection Name Local Subnet Remote Gateway Remote Subnet Interface Admin Status Operational Status Action Research 172 16 3 228 32 Ute Pe Psa Lae tals WANT enable down Initiate 0o19 0 90
230. seiectssedes E E EE 126 AION NCSC SD arses neni n vein EE see neat EEE EEEE NE 128 4 Sel SlatiG ROUTE SOU ve vies wis tesiatevendcneiseacagensesthate nanii i EAE EENE ai NAA E ekia 128 INN o UDe E EE EEE E 130 OO A oeU ereen E EE E EE E EE 135 4 3 A Por BIOCK oi iest cee cianiveciwsacnan on cacuctaa sant oa aa a EARE a AE EEE ETE EARE 136 Ao SOON So U ace ctpel teckadist cee lt n A ae ce aad eased ore seat oes 136 4 3 6 Call Schedule Setup ccccccesssssssseeeeeeeeeeeeeeeeeeeaaaauaeaaasaeeeeeeeeeeeeeeeeeseasaaaaaaesseeeeeeeeeeeseeees 139 4 3 7 WAN Port Mirroring Setup cccceeccecceeceaeeeeeeeeeeeeeeaeeeseeeeeeseeaeaaeeeeeeeeessaeaseeeeeeeeeseaaeeeeeeeeees 140 4 3 8 LAN Port Mirroring S tup cccccccccseeeeeeeeeeseeeeeeeeeeceeeeseeeseeeeeeseeeeeesseaseeeeeseeeeeeeeesseeseeeenaas 142 43 9 LAN WINS MO ia ruia oc cess ec esis de nee E e a E onset ance peedieaed a NNU 142 Se NOs INI ciprcapectncesbe av assseeeaecronsenceaeentac aooe aves seeueacseentapcnocae secu gsenasendeuusesteoesteec esoeareseseeee aan soneesiee 145 MT say 6 Cee eee mn ee ee ee ee ee ee ee eee 148 4 4 Firewall SCtup ccccccccccceeesseeeeeeeeeeeesseeeeeeeeeeeeesseeeeeeeeeeaeasaaeeeeeeesseaaaeeeeeeeessaaaaseeeeeeeeeesenaaagees 149 AIP RIIG sisescessconae sceesoascsnesnataeacenespanconssceeeansddaaaessaenconteeebaasaeconns E 149 ALDO r E E E E 153 4a APN CU eec E EE 155 4 4 4 Bind IP to MAC pte cso streates cclan sete cts coat earocctenaulans xisotei
231. setting on your computer please refer to How to Check Edit VLAN ID on Your PC below for more detailed information To make the hosts with the same VLAN ID of different ports communicating with each other please check the port box P1 to P4 according to your necessity Basically the default settings for tagged or untagged VLAN will be shown automatically when you type VLAN ID Name and check the Active box By the way you can modify the tag 144 Vigor3300V Series User s Guide operation for each VLAN in this page for obtaining proper control Use the drop down list to choose a tag operation for each port Tagged All the computers behind that port must support VLAN and are tagged with certain VLAN groups with specified ID numbers Untagged All the computers behind that port do not support VLAN feature Note It is recommended to group computers that do not support VLAN feature or support VLAN feature but their Untagged VLAN settings are checked in one port with untagged This device will tag proper port VLAN ID for untagged PC respectively for making them communicating with the router Enable Management Port It can help users to communicate with router still even though for P4 configuring the wrong setting in the 802 1Q VLAN tag The management port will lock index 4 We recommend that users enable the management port to fix the fourth VLAN settings unless users want to use the fourth VLAN and ensure the settings are
232. splay the default gateway Display the subnet mask for various routings Display the status of the routing entries Denoted by eth0 if it is a LAN interface and eth1 if it is a WAN interface Click Refresh to re display this web page for getting newest routing information 104 Vigor3300V Series User s Guide Select View ARP Cache Table to get the following page System Diagnostic Tools View ARP Cache Table IP Address MAC Address Interface Refresh IP Address MAC Addr Interface 192 168 1 1 00 50 7F 00 00 00 eth0 192 168 1 10 00 0E A6 24 D5 Al1 ethO Refresh Display the IP address for different ARP cache Display the MAC address for different ARP cache Denoted by eth0 if it is a LAN interface and eth if itis a WAN interface Click Refresh to re display this web page for getting newest ARP information Select View DHCP Assignment Table to get the following page System Diagnostic Tools View DHCP Assignment Table signed IP MAI Time Left 168 1 10 0 0 0 0 f D 0 O D 00 00 expired 132 168 1 11 00 0F 46 2A D5 A expired Assigned IP MAC Address Time Left Refresh Vigor3300V Series User s Guide Refresh Display the IP address of the static DHCP server Display the MAC address of the static DHCP server Display the remaining time for this IP address assigned by DHCP server When the time expired such IP address would not be kept for this client and might be assig
233. ssesanescesanene 216 AT AA OPAWIS a E E E A E sdecieceetnaatinestuneeseestedensseteeese 217 4 7 13 GOMMG FACUV ALG bes irsisisniiunesrirsr nnise niei aa ia aa ia aaa ai oa iaa ed aiai 218 Chapter 5 Trouble Shooting ssssssnnsnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnne 219 5 1 Checking If the Hardware Status Is OK or Nob ccccccccssseeeeeeeeeeeeaeeeeeeeeeeeeeaeeseeeeeeeeessaeeaeees 219 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 0 0008 220 5 3 Pinging the Router from Your Computer cc cceeeeeecceeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeseeeaseeeeeeeessaaaeeees 222 5 4 Checking If the ISP Settings are OK or NOt ccccccccececceeeeseeeceeeeeseeeeeeeeeeeeseeeeeseeeeeeseesaaaaeess 223 5 5 Backing to Factory Default Setting If NECESSALY cccccccseeeecceceeeeeseeseeeeeeeessaseeseeeeeeeesaaaeeees 227 5 6 Contacting Your Dealer cccccccccccccccssssecceeeecceeeeseeceeeeeeeeeeeseseeeeeeessauseeeeeesesseaasseeeeeeeessaeagaasess 227 Appendix Hardware Specifications ccccccsccessecesseseeseseeseeeseeensesensesensesensesennesones 229 Dray Tek Vill Vigor3300V Series User s Guide Chapter 1 Preface The Vigor3300V Series integrates a rich suite of functions including NAT firewall VPN load balance bandwidth management and VoIP capability These products are very suitable for providing multi integrated solutions to SME
234. t IP address from 192 168 2 2 to 192 168 2 254 11 In the Network setting type the subnet 192 168 3 0 to LAN3 For example the VLAN7 LAN IP is 192 168 3 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 3 2 to 192 168 3 254 12 In the Network setting type the subnet 192 168 4 0 to LAN4 For example the VLAN8 LAN IP is 192 168 4 1 and the Subnet Mask is 255 255 255 0 Then users in the Engineer Department can set IP address from 192 168 4 2 to 192 168 4 254 Vigor3300V Series User s Guide 31 Dray Te k 3 1 4 Two VLANs for Different Departments in A Company A company wants to separate the Engineer Department and Other Departments to limit their communication to protect the engineering data In this case we can define two VLANs that are VLANS and VLANG6 The subnet of VLANS is 192 168 1 0 and the subnet of VLANG6 is 192 168 2 0 192 168 1 0 192 168 1 0 192 168 2 0 192 168 2 0 auey by zog SUEI DI ZOR aeg DI ZOS IUEI D1 ZOR Engineer Department Engineer Department Other Departments Other Departments Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS and VLAN6 Groups 3 Inthe VLANS type 5 to VLAN ID In the Member field choose p1 and p2 Then choose Tagged for Frame Tag Operation in p1 and p2 We can ignore the PVID Port VLAN because 802 1q tag will be inserted to the frame from the PC of Engineer Department 4
235. t a call on hold at one telephone set and continue the conversation from any other telephone set i Dray Tek IncomingCall Rings Ring Port Setting Dray Tek Such number you type here is determined by your ISP The default Call Park Dial Number is 700 Rings all ports in the group Click this radio button to make all ports in the same SIP account ringing while receiving incoming calls Rings the first available port Click this radio button to make the first available port in the same SIP account ringing while receiving incoming calls Rings by round robin Click this radio button to make the phone port ringing in sequence within the same SIP account Force start from the port with round robin configuration you can check this box to force the incoming call ringing from specified port and determine the time for phone ringing When someone calls this SIP account the port P1 P8 selected here will ring If someone calls this SIP account via ISDN phone and Any is chosen as the ring port setting all the ISDN phones connected to this port will ring Yet if you choose only one MSN number 10 11 12 13 14 15 16 17 18 19 for that port only the phone with the number you selected will ring 196 Vigor3300V Series User s Guide 4 7 2 Port Settings Port Settings page allows users to set phone number for different call receivers Note Users might have ISDN module or VoIP Module inserted into Vigor router
236. t belong to various LANs will not connect with each other through the router To a company with several departments such feature is useful for it to determine data sharing among different departments 1 Open Firewall gt IP Filter gt Group Table to access into the following page Click Index 2 radio button Firewall IP Filter Group Table IP Filter Group Table Index Group Name Next Group Comment 1 Pass Block Group for pass rules 2 Block none Group for block rules Add Edit Delete 2 In this page click Add Rule Choose Block as Next Group Name Firewall IP Filter Table Next Group Mame Comment Group for block rules Acd Rule Apply Cancel 3 In the following page please set Block immediately as the action and click Apply Vigor3300V Series User s Guide 23 Dray Te k Firewall IP Filter Add Filter Rule Filter Condition Active Subnet Mask 255 255 256 0 Destination IP SubnetMask e Group Mame Block Protacal Direction Fragment Action Block or Pass Mest Group Mame Apply Cancel 4 Now you will get the following page Firewall IP Filter Table Group Name Next Group Name Block w Comment Group for block rules Add Rule Apply Cancel IP Filter Table Index SourcelIP Subnet Mask Port DestinationIP Subnet Mask Port Protocol Direction Block Active 1 any 2a iaa oo any any protocol LAN to LAN Block immediately Edit Rule De
237. tch the source destination subnet settings of some VPN rule that rule will perform auto connection and make the packets passing through However if you click Disable you have to make the VPN connection manually If the VPN connection is failed the packets will not be transmitted either Vigor3300V Series User s Guide 167 Dray Te k Policy Table To create a VPN IPSec policy click the Policy Table option under the IPSec menu VPN IPSec Policy Table a Connection l Hera Profile Anerational St i Noire Local Subnet Remote Gateway Remote Subnet Interface Status Operational Status Action 1 Research NEA Mais 2 1 all ae ale 1721621552 VAN enable down Initiate 2 O 3 O 4 O 5 6 7 8 O 3 O 10 1 Refresh it Delete Delete All Refresh Refresh the page information Edit Configure an entry Clicking this button can guide you accessing into editing page for that IPSec tunnel For detailed information refer to the following section of For Default Configuration Delete Delete a designated entry Delete All Delete all entries in the table To edit or add a policy table please click one of the radio buttons and click Edit Dray Te k 168 Vigor3300V Series User s Guide For Default Configuration Click Default tab The following page of default configuration will be shown VPN IPSec Tunnel Edit Basic Profile Status Enable vi Name Authentication Preshared Key v
238. the Static routes function rather than other methods You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP This function allows users to assign static routing information In the Advanced group choose Static Route You will get the following page Advanced Static Route Network Interface Destination IP Gateway IP Mask 0 9 9 9 0 9 90 9 9 6 1 Edit Delete Delete All Network Interface Display the network interface LAN WANI 2 3 or 4 Destination IP Display the destination IP of the static route Gateway IP Display the gateway address of the static route Mask Display the subnet mask of this route Edit Allow users to edit the selected static route settings Dray Te k 128 Vigor3300V Series User s Guide Delete Delete All Removes one or all the selected static route settings The system allows users to set up to 10 static routes for the router Edit the Static Route To edit static route for certain item select the radio button of the item and click Edit on the bottom of the page The following web page will be displayed Advanced Static Route Edit Network Interface Destination IP OoOo subnet Mask Apply Cancel Network Interface Select a network interface as a destination to be sent It includes LAN and WANI WAN4 Gateway IP Assign an IP address of the gateway for the interface selected above Destination IP Assign the
239. then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone OutBand RFC2833 Choose this one then the Vigor will capture the keypad number you pressed and transform it to digital form then send to the other side the receiver will generate the tone according to the digital form it receive This function is very useful when the network traffic congestion occurs and it still can remain the accuracy of DTMF tone SIP INFO Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message DTMF Volume Determine the volume of DTMF voice signal The more the number is set the greater the sound is Supplemental Service If you want to use call waiting or call transfer function you have to enable supplemental service mode by clicking Normal or CHT Click Disable to close this service Supplemental Service supplemental Service Mode Disable Normal CHT supplemental Service Items Call Waiting Call Transfer Under Normal mode call waiting and call transfer function will be Call Waiting You can hear waiting tone while a new phone call is incoming then you can do 1 Flash hook and dial 0 This procedure keeps the current connection and reject the new phone call 2 Flash hook and dial 1 This procedure disconnects the current connection and connect with the new phone call 3 Flash hook and dial 2 This procedu
240. ting you will lose all settings you did before Make sure you have recorded all useful settings before you pressing The password of the factory default is null Software Reset You can reset router to factory default via Web page Go to System gt gt Reboot on the web page The following screen will appear Choose Reset to factory default and click Apply After few seconds the router will return all the settings to the factory settings System Reboot System rebooting will take 20 seconds C Resetto factory default Apply Hardware Reset While the router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration Factory Reset r LAN rv ven Oink Firews 100 pwr act acs rox Factory After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 6 Contacting Your Dealer If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support draytek com Vigor3300V Series User s Guide 227 Dr ay Te k This page is left blank Dray Te k 228 Vigor3300V Series User s Guide Appendix Hardware Specificatio
241. ts that you have to forward rather than forward all ports Otherwise the intrinsic firewall type security of NAT facility will be affected By the way user can click Delete to remove one current existed NAT entry in the Advanced NAT Port Redirection page and click Delete All to remove all entries Address Mapping If you have a group of static IP addresses then you can use the address mapping feature to multiple open ports hosts in the Vigor3300 Series of broadband security routers The following session will show you how to setup address mapping feature In the Advanced group move to NAT option and choose Address Mapping to get the corresponding page Advanced NAT Address Mapping Protocol Public IP Private IP Mask rae 2 3 40 5 6 7 8 9 10 1 Edit Delete Delete All Protocol Display the protocol used for this address mapping Public IP Display the public IP address selected for this entry Private IP Display the private IP set for this address mapping Mask Display the subnet mask selected fro this address mapping Edit Allow users to edit the selected address mapping settings Delete Delete All Remove one all the selected address mapping settings To edit an item click the radio button of the item that you want to modify Then click Edit on the bottom of the page to add a new rule entry or modify an existed rule entry Dray Te k 132 Vigor3300V Series User s Guide Advanced
242. umber to Internet OoOo Hotline Number to PBX p delay 1 8sec FXO Manual Disconnection Disconnect Codec Preferred Codec G 729A 8kbps ss Single Codec Fi Codec Rate ms Codec VAD Disable Enable CAS Microphone Gain o Range 14 6 Speaker Gain o ange 14 6 FAX FAX Mode Transparent v FAX Bypass Codec 3 711U PCHU 64kbps FAX Bypass Codec Rate 20 ms DTMF DTMF Mode O inBand OutBand RFC2833 SIP INFO DTMF Volume Range 0 31 Supplemental Service Disable O Enable Apply Cancel Dray Tek 46 Vigor3300V Series User s Guide Speed Dial Setup the Speed Dial Phone numbers this function is more convenient to dial extension number or IP address There are 150 entries available at most Quick Setup System Network Advanced Firewall Qos VPN T3 27 50 Protocol gt Sy Port Settings Speed Dial Dial Plan VolP Speed Dial Speed Dial Phone Number Speed Dial Destination 5 Sy Miscellaneous Oe SS S05 2 SS NAT Traversal 0 B Incoming Call Barring gt SS Call History bb Tone Upload gt Status gt amp Contig Activate EE eee es Example 101 101 iptel org Dial Plan It can simplify the dial process There are 60 dial plan entries available at most Quick Setup System Network Advanced Firewall Qos VPN 10 49 31 Protocol SQ Port Settings bahar dese ee Rises fn s Dial Pl
243. umbers Internet Telephony offers features and services that are unavailable with a traditional phone at no additional cost Because Internet Telephony requires strictly minimal packet delay and jitter since voice quality is intolerant of packet loss the Vigor3300V integrates VoIP feature with QoS and packet loss concealment mechanisms to effectively transport high priority voice traffic over IP with low latency Another feature is T 38 fax relay By enabling and configuring fax rate on a dial peer the originating and the terminating V3300V can enter fax relay transfer mode By using the T 38 function customers can also save on fax expenses Lastly by enabling the load balance feature on multiple WAN ports lease lines can be replaced to provide a cost effective method for network infrastructure 1 1 Web Configuration Buttons Explanation Several main buttons appeared on the web pages are defined as the following ots Save and apply current settings Cancel Cancel current settings and recover to the previous saved settings ceci Clear all the selections and parameters settings including selection from drop down list All the values must be reset with factory default settings Add Add new settings for specified item Edit Edit the settings for the selected item Delete Delete the selected item with the corresponding settings Vigor3300V Series User s Guide l Dray Te k Note For the other buttons shown on the web pages please
244. upported 802 1Q VLAN to expand the network In this case we can define four VLANs that are VLANS VLAN6 VLAN7 and VLANS8 Each LAN port is Trunk port which supports multiple VLAN The subnet of VLANS is 192 168 1 0 the subnet of VLAN6 is 192 168 2 0 the subnet of VLAN7 is 192 168 3 0 and the subnet of VLANS8 is 192 168 4 0 Vigor3300V LAN 192 168 1 0 192 168 2 0 192 168 3 0 192 168 4 0 VLANS VLANS VLANS VLANS VLANO6 YLANG VLA No VLANG VLAN VLAN LAN VLAN VLANS VLANS LANE YLANS x x z b baw baa A zI T zi 5 5 5 i i u B02 10 Switch Procedure 1 Refer to A 1 to block LAN to LAN communication 2 Create VLANS VLAN6 VLAN7 and VLANS8 Groups 3 Inthe VLANS input 5 to VLAN ID In the Member field choose p1 p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from the switch 4 Inthe VLAN6 type 6 to VLAN ID In the Member field choose pl p2 p3 and p4 Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can ignore the PVID Port VLAN ID because 802 1q tag will be inserted to the frame from switch 5 Inthe VLAN7 type 7 to VLAN ID In the Member field choose p1 p2 p3 and p4 Dray Tek Then choose the Tagged for Frame Tag Operation in p1 p2 p3 and p4 We can 38 Vigor3300V Series User s Guide ignore the PVID Port
245. urfing activity that directly uses an IP Access address Dray Te k 156 Vigor3300V Series User s Guide Enable Exception List IP Address Subnet Mask Exception List e Content Filter Click it to allow specified IP addresses or subnets to be passed through The allowed IP address The allowed subnet mask of IP address The list of IP addresses where content filter rules are not applied Content Filter can help to avoid your employees accessing into improper websites and affecting the work efficiency protect your children from viewing inappropriate websites and accessing chat rooms and monitor and control web access from all computers connected to your router Firewall URL Filter ODisable Enable URL Access Content Filter R Control Access Control by Category Content Filter O Disable En Permitted Categories List estrict Web Feature Filter Schedule able Forbidden Categories List Advertisement amp Pop Ups a Alcohol amp Tobacco Anonymizers Arts Botnets Business Chat Child Abuse Images Comnpromised Computers amp Technology URL Option v Add Edit Delete Exception URL List Examples of URL ina an abc org a wun abe org direct a wun abe org page htm only this particular item page or file will be co Server Permitted Categories List Forbidden Categories List URL Option Exception
246. uter periodically and can be used to communicate with other routers It will calculate the number of network nodes on the route to ensure there is no obstruction on the network routine In addition it will choose a correct route based on the method of Distance Vector Routing and use the Bellman Ford algorithm to calculate the routing table RIP can update the routing table automatically and find a route to send packet See the following figure as an example B Support RIP w WAN1 WAN2 WAN3 or WAN4 wees suey Support RIP Support RIP Suppose Vigor3300V A supports RIP on WAN1 WAN2 WAN3 WAN4 Vigor3300V B supports RIP on WANI and WAN2 and Vigor3300V C supports RIP on WANI WAN2 WAN3 WAN4 Vigor3300V B will tell 3300V A if you want to send packets to Vigor3300V C please send it to me first then Vigor3300V A will create a routing rule to forward packet that destination is Vigor3300V C to Vigor3300V B In another direction Vigor3300V C will do the same thing Network RIP Configuration Disable Enable Enabled Interacefs WAN 1 O WAN 2 CO WAN 3 C WAN 4 Apply Cancel Enable Disable Disables or enables this function Enabled Interface Check the interface to apply the RIP configuration Apply After finishing the configuration please click this button to invoke these settings Vigor3300V Series User s Guide 123 Dr ay Te k 4 2 6 Bandwidth Management This function is
247. vate users PCs On this page you will see the private IP address defined in RFC 1918 Usually we use the 192 168 1 0 24 subnet for the route IP Address Type the IP address for LAN DHCP Subnet Mask Type the subnet mask for the LAN IP DHCP Status Click Enable the DHCP server click Disable to close DHCP server click Relay Agent to close DHCP sever and do the job of DHCP server Corresponding settings for Relay Agent can be configured in the page of DHCP Relay Agent Start IP Set the starting IP address of the IP address pool for DHCP server End IP Set the ending IP address of the IP address pool for DHCP server Primary DNS Set the private IP address of the primary DNS Secondary DNS Set the private IP address of the secondary DNS Lease Time Min Set a lease time for the DHCP server The time unit is minute Gateway IP Optional Set a gateway IP address for the DHCP server Click Apply to reboot the system and apply the settings Note If both the Primary and Secondary DNS fields are left empty the router will assign its own IP Address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name 1s already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connection Vigor3300V Series User s Guide 119 Dray Te k For DHCP Relay Agent This page allo
248. ve example But they must be set up in conjunction with the Speed Dial Configuration Example for Vigor3300 Enter the VoIP Speed Dial page and add the 4th and 5th group of Speed Dial number Then press Apply to save the settings and finish the configuration VoIP Speed Dial 4 5 Speed Dial Phone Number Speed Dial Destination Memo 2901 88829 192 168 2914 2910V_Part1_VPN 291 888829 2910_Port1 292 660529 2910_Port2 2911 888829 iptel org 2910 _Port1_iptel 2912 660529 fwd pulver com 2910V_Port2_fwd Example 101 101 iptel org Configuration Example for Vigor2910V Open VoIP gt gt DialPlan and click Phone Book Then add the second and third group of Speed Dial number VoIP gt gt DialPlan Setup Phone Book Index e Te I te Phone number 3301 3311 3a12 Display Name SIP URL 33900V Porti IP 888833 220 135 240 207 3300 Port iptel s88833 iptel org 3300 Port fwd Start to dial by using telephone Phone 1 call Phone 4 gt Press 2912 Phone 2 call Phone 3 gt Press 2911 Phone 3 call Phone 1 gt Press 3312 Phone 4 call Phone 2 gt Press 3311 bEOSSoa twd Pulver vom Apply Cancel Dial Out Account Default Default Default Default Clear This Page Loop through Mone None Mone hone Note indicates termination of the phone number After pressing VoIP is immediately called out Or you may
249. vices at the same time Outside lines of the PBX are usually connected to the ISDN line at this case the PBX acts as ISDN TE equipment inside lines of the PBX are usually connected to telephones so the PBX acts as ISDN NT equipment PBX Outside Lines PBX Inside Line ISDN Phone ISDN Phone Based on the characteristics described above that the ISDN NT equipment and the ISDN TE equipment must connect with each other please pay special attention when you use ISDN NT card and ISDN TE card Vigor3300V Series User s Guide 43 Dray Te k 3 2 5 Practical Application of ISDN NT with PBX By combining the ISDN NT with headquarters PBX it allows the internal telephones in headquarters to communicate with branch s telephones through the Internet For detailed configuration please refer to VoIP and ISDN examples PBX Outside Lines WAN WAN PBX Inside Line a d da ISDN Phone Taiwan German ISDN Phone 3 2 6 Practical Application of ISDN TE with PBX By combining the ISDN TE with headquarters PBX it allows the branch s telephones to connect to Headquarters PBX via the Internet and communicate with the customers via the PBX Another application is that you can call back to the Headquarters from outside and communicate with the branch via the Internet For detailed configuration please refer to VoIP and ISDN examples PBX Outside Lines PBX Inside Line ISDN NT i Ol n n I TT ISDN Phone ISDN
250. wait 3 seconds if you do not press Vigor3300V Series User s Guide 67 Dray Tek 3 3 4 Example 4 VoIP over VPN Based on the VoIP Example 1 Basic Configuration and Registration we will introduce how to dial the VoIP call through an encrypted VPN tunnel In this example Vigor3300V acts as a bridge accepting incoming VPN connections from the other two routers Vigor2910V and Vigor2200V The VPN traffic between Vigor2910V and Vigor2200V are all passed through Vigor3300V These three sites internal networks must be within the same subnet 192 168 X X Either site can ping the other two routers Then you can make a VoIP call through the encrypted VPN tunnel by directly dialing remote router s LAN IP Below shows the architecture graph Phone 1 Taiwan 192 168 33 1 FXS 8888833 Vers JENY i Router Router 192 168 29 1 m 192 168 22 1 FXS China Phone2 German Phoned Dray Tek 68 Vigor3300V Series User s Guide Configuration table 300 Headquarters 2910V Branch Offices 2200V Teleworker 220 135 240 207 161 31 167 135 Po WAN IP PPPoE fixed IP PPPoE dynamic IP 219 81 160 206 61 230 207 146 PPPoE fixed IP PPPoE dynamic IP LAN IP 192 168 33 1 192 168 29 1 192 168 22 1 192 168 33 X 192 168 29 X 192 168 22 X Encryption DES SHA1 method oN Preshared Key 330 1234 C 234 WAN IP __ Port Number __ Phone Number _ Proxy _ Codec _ 3300V 220 135 240 207 Port1 FXS E 672A 2910V_ 61 31 167 135
251. ws users to specify which subnet that DHCP server is located the relay agent should redirect the DHCP request to Network LAN DHCP Relay Apply Cancel Choose the WAN interface for applying relay agent Relay Agent WAN Interface VANI DHCP Server IP Address WAN Interface DHCP Server IP Address For IP Routing Type the IP address for the DHCP server This page allows users to type in secondary IP address for connecting to a subnet You can set IP routing for each WAN interface respectively Network LAN DHCP Relay LAN IP DHCP Agent IP Routing WAN1 Status IP Address Subnet Mask WAN2 Status IP Address Subnet Mask WANS Status IP Address Subnet Mask WAN4 Status IP Address Subnet Mask Status Enable ODisable 10 1 1 3 255 255 255 0 O Enable Disable O Enable Disable O Enable Disable Apply Cancel Click Enable or Disable to activate or close the IP routing of Dray Tek IP Address Subnet Mask LAN Interface specific WAN interface Type an IP address for the WAN interface WAN I WAN2 WAN3 WAN4 Type the subnet mask for the WAN interface WAN I WAN2 WAN3 WANA4 Select a proper LAN interface for WAN interface WANI WAN2 WAN3 WAN4 120 Vigor3300V Series User s Guide 4 2 5 High Availability The High Availability HA feature refers to the awareness o
252. xtension 102 After getting through you will hear the Dial tone then press the VoIP number 888833 Phone 4 calls Phone 3 gt Press 12345678 After getting through you will hear the auto reply from the PBX then press the extension 102 After getting through you will hear the Dial tone then press the VoIP number 888829 Note indicates termination of the phone number After pressing VoIP is called out immediately Or you may wait 3 seconds if you do not press This example is intercommunication with one SIP Proxy Server For the applications of Direct IP Call and Intercommunication with different SIP Proxy Servers please refer to 3 3 3 Example 3 Basic Calling Method The VoIP call can also wok with VPN please refer to 3 3 4 Example 4 VoIP over VPN Vigor3300V Series User s Guide 19 Dray Te k 3 3 Example 7 Practical Application of ISDN NT Based on Example 2 Basic Configuration and Registration for ISDN we will introduce the practical application of ISDN NT Generally the practical application of ISDN NT falls into the following two sections Connect the telephones Please refer to VoIP Example 1 Two VoIP equipments call with each other Connect PBX s Outside Lines The usage is the same as that of ISDN line Different PBX has its own settings and required configuration by you Below shows a scenario architecture graph ISDN NT Line 1 Port 1 ISDN NT 888833 E LE L A T E eee wwe
253. y Display the destination IP address specified for this entry Display the subnet mask address specified for the destination IP of this entry Display the start point specified in the Dest Port Range for this entry Display the end point specified in the Dest Port Range for this entry Display the interface specified for this entry Display the status of Strict Bind Click this button to open the edit page for adjusting the settings Click this button to delete the selected setting or all settings A confirmation dialog box will appear Click OK to delete this entry from the Load Balance Policy table In addition click Delete All in the Load Balance Policy page to delete all of 10 entries on this page To edit an entry select it by clicking the radio button from 1 to 10 Then click the Edit button on the bottom to bring up the following Web page Dray Tek 116 Vigor3300V Series User s Guide Network Load Balance Policy Edit Protocol ALL Source IP Subnet Mask DestIP Subnet Mask Dest Port Range Network Interface WANI v Strict Bind O Protocol Source IP Subnet Mask Dest IP Subnet Mask Dest Port Range Network Interface Strict Bind Apply Vigor3300V Series User s Guide Apply Cancel Select the desired protocol for the selected entry Assign a source IP address and subnet of certain host in LAN for applying load balance policy Assig
254. y Agent WAN Interface VAN1 DHCP Server IP Address lt lt Previous Finish WAN Interface Choose the WAN interface for such connection DHCP Server IP Address Type an IP address for the DHCP server Next click IP Routing tab to set routing path for each WAN interface if required Quick Setup LAN DHCP Relay LAN IP DHCP Agent IP Routing WAN1 Status O Enable Disable IP Address Subnet Mask I WANZ2 Status O Enable Disable IP Address Subnet Mask WANS Status O Enable Disable IP Address Subnet Mask WAN4 Status OcEnable Disable IP Address Subnet Mask lt lt Previous When you finished the above settings please click Finish A system reboot page will appear Click Apply to activate the PPPoE mode configuration Dray Te k 20 Vigor3300V Series User s Guide 2 2 4 PPTP This mode lets user get the IP group information by a DSL modem with PPTP service from ISP Your service provider will give you user name password and authentication mode for a PPTP setting Click PPTP as the protocol Type in all the information that your ISP provides for this protocol If your ISP offers you PPTP Point to Point Tunneling Protocol mode please select PPTP for this router Next enter the PPTP Subnet Mask e g 255 255 255 0 PPTP Local Address e g 10 66 99 88 and PPTP Server Address e g 172 66 99 88 provid
255. y Information Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device may accept any interference received including interference that may cause undesired operation Please visit http www draytek com user AboutRegulatory
256. yaeseeeap aafouseGerendadieewessetanscesaswnyaseweuedendenees 160 44 5 INES Zi IOC NIG sirsiran narniai s anean sausann sav ENA a NEEE ENE TOREK Nn iE 161 A Qualy ol Service SEIU seseina aE EEE EO EEEE i E E ARES 162 4 5 1 Incoming Qutgoing Class Setup sisstin a a aea 163 45 2 INCOMmInGg OULGOING Glass Fiter sessa a a a ea aai 164 4 6 VPN and Remote Access Setup cccccccececcceeeseeeceeeeceeeeeeeceeeeeesaeaseceeeeessueaeeeeeeeessaaaseeeeeees 166 ASG IPSEC cae soeeeecensndtnnedameteceaestctaincetocesatnecosassencsduscnsceeseearsdssnasenatspeansianconsssteseuseentsatenstoeasstencs 167 A DP Be eT eea E E 185 7 ga 6 ean 6 9a ec E E ene ee eee eee ee ee ee 190 A Ta 1 MOLOCO atactenperscedsneesaeseiatesuningavanncny sueshsmcasewoeea sae lougeineneas A ssataavcusesecsawnenauns 190 OTe OE OO IMS E E A E N EAEE E E A tance soedescass 197 AT oped Dial rsa a E 205 AA Dial PIAT inire o E a e E er a EE 205 4 7 5 Miscellaneous sacnpesissatarasiaeccias annichudanismipsuaatonnentadidathaumcanhsnuntales hadnt sandannsaroiiteszduadeinsieieenrancsid 208 A0 TONS SERMOS oaeen T E a aa E A ia 209 AT OO e A E E A 211 4 7 8 NAT WAVY SAM iatonesisnoiatondnudeiosaronebudannseiastaniaidintwasuianatedunetnentaiasiintchessaciahmaaincehyshenbaiaesnemaevensaus 212 A 7D COMMA Call Barring seisis aona EE E 213 FAO R ONY e E E E EE 215 Vigor3300V Series User s Guide vii Dray Tek BTN A Tone IIS AG ses ce eta seeenp seen nioeacear a a sesandientaaciersieemigu
257. ytek com 4 4 4 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthen control in network When this function is enabled all the assigned IP and MAC address binding together cannot be changed If you modified the binding IP or MAC address it might cause you not access into the Internet Firewall Bind IP to MAC Enable Disable Strict Bind Note lf choose Strict Bind all IPs not bind to MAC cannot gain access to internet ARP Table Select All Sort Refresh IP Bind List Select All Sort IP Address Mac Address Index IF Address Mac Address 192 168 1 10 O0 0F A46 2A4 05 Al Add and Edit nu B e i O H Add Edit Remove Apply Cancel Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IPPMAC which is not listed in IP Bind List ARP Table This table is the LAN ARP table of this router The information for IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below Add and Edit IP Address Type the IP address that will be used for the specified MAC address Mac Address Type the MAC address th
Download Pdf Manuals
Related Search
UG Vigor3300Vplus V1..