Quantcast
Channel: i-LAN Technology Pty Ltd
Viewing all 42 articles
Browse latest View live

How to Connect DrayTek Vigor router to VDSL2 connection on NBN ne...

0
0

This application note describes how to configure DrayTek VDSL Vigor routers (Vigor2760 and Vigor2860 series routers)  to a VDSL2 connection on the NBN network.

I. Get the firmware

Depending on your Vigor router model, download the firmware from the links below and update the firmware in your router. This firmware supports VDSL Vectoring wich is required for VDSL connections on the NBN network.

  1. DrayTek Vigor2760 - download link
  2. DrayTek Vigor2860 - download link

 

II. Configure Modem Code

Once the router has the latest firmware, select the modem code  supporting vectoring by following the procedures below:

  1. Go to WAN >> General setup page and configure the DSL Modem Code to "AnnexA_574307_571801"

WAN General Setup

Configure the VLAN ID on the same page only if required by your ISP:

  • Enter the VLAN Tag ID into Tag value section to match your ISP’s requirements.
    ISP VLAN Tag   
    Webshield      100
  • Set VLAN Tag insertion (VDSL2) to Enable
  • Click OK to save

 

III. Configure WAN Internet Access Mode

There are two common modes for connecting to the internet:  PPPoE / PPPoA and IPoE (Static or Dynamic IP). Follow the instruction for the mode that your ISP provides. On WAN >> Internet Access page, select the required Access Mode for WAN1 and click on Details Page.

  • PPPoE / PPPoA (Follow this procedure if access mode is PPPoE)

WAN InternetAccess PPPoE

  • DHCP / IPoE (Follow this procedure if access mode is DHCP / IPoE)

WAN InternetAccess IPoE

 

IV. Observe VDSL2 Connection

 

Once the router is connected to the VDSL line, check the physical link status and WAN IP address assignment in the Online Status >> Physical Connection page.

  • VDSL2 Information (Profile, State, UL/DL Speed, UL/DL SNR). The VDSL2 connection state should be SHOWTIME Vectoring Active.

OnlineStatus_PhysicalConnection_State

  • On the same page, WAN 1 Status should have IP and GW IP assigned by the ISP.

 

 

 



Configuring SSL LAN-to-LAN VPN Tunnel between Vigor 2860 and Vigo...

0
0

In this document, we will show how to create an SSL LAN to LAN VPN tunnel between a Vigor2860 and a Vigor3900 router.

We use the following network topology.

Configuring Vigor 2860

     1. Connect to the router.

         a. Use your internet browser to login to the router web interface.

         b. The default IP address for the router is 192.168.21.1

         c. Default username and password are:

               Username: admin

               Password: admin

 

     2. Check if the router is connected to the internet by looking at the router Dashboard page.

     3. Go to VPN and Remote Access>>LAN to LAN configuration menu.

     4. Select the first available Index to start the configuration.

     5. Create your SSL VPN Profile.

         a. Enter a profile name.

         b. Select (Enable this profile) and Dial-in.

        c. Under Dial-in settings, select SSL and enter your chosen SSL username and password.

        d. Enter the Remote Network IP (IP address xxxx) which is the local IP address of your Vigor 3900 router.

        e. Click OK to save your settings.

Configuring Vigor 3900

     1. Connect to the router.

         a. Use your internet browser to login to the router web interface.

         b. The default IP address of the router is 192.168.1.1

         c. Default username and password are:

               Username: admin

               Password: admin

     2. Verify that the WAN or Internet connection is up.

     3. Go to VPN and Remote Access>>VPN Profiles.

     4. Create your SSL VPN Profile.

         a. In the VPN Profiles page, select SSL Dial-out tab and click (Add).

         b. Enter a profile name and select enable.

         c. Select Enable (Always Dial-Out) and select the interface the VPN tunnel is going to use (e.g. WAN2)

         d. Enter the Server IP/Hostname; this is your WAN/Public IP address of your Vigor 2860.

         e. Enter the same SSL username and password that you used for Vigor 2860 router.

         f. Enter Local IP/Subnet Mask; this is the Local IP address/Subnet Mask of your Vigor 3900 router.

         g. Click (Add) to enter Remote IP/Subnet Mask; this is the LAN/Local IP address/Subnet Mask of your Vigor 2860 router.

         h. Click (Apply)

Test that the LAN-to-LAN connection has been established

Check that the SSL VPN tunnel between the two routers has been established:

     1. In the Vigor 3900 router go to VPN and Remote Access>>Connection Management menu. The VPN connection status will indicate that

         you are now connected, if not select SSL and the profile that you created and then click connect.

     3. Use PING command to test VPN connection.

 

Configuring IPsec LAN-to-LAN VPN Tunnel between Vigor 2860 and ...

0
0

In this document, we will show you how to create an IPsec LAN to LAN VPN tunnel between a Vigor2860 and a Vigor3900 using Aggressive Mode. 

We will use the following network topology.

Configuring Vigor 2860

     1. Connect to the router.

         a. Use your internet browser to login to the router web interface.

         b. The default IP address for the router is 192.168.21.1

         c. Default username and password are:

                 Username: admin

                 Password: admin

      2. Check that the router connected to the internet by looking at the router dashboard page.

      3. Go to VPN and Remote Access>>LAN to LAN configuration menu.

      4. Select the first available index to start the configuration.

      5. Create your IPsec VPN Profile.

          a. Enter a profile name.

          b. Select (Enable this profile) and Dial-in.

          c. Under Dial-in settings, select IPsec Tunnel and Specify Remote VPN Gateway.

          d. Select IKE Pre-Shared Key and then enter your chosen Pre-share Key then click OK.

          e. Enter your chosen Peer ID.

          f. Enter the Remote Network IP (IP address xxxx), which is the local LAN IP address of the Vigor 3900 router.

          g. Click OK to save your settings.

Configuring Vigor 3900

     1. Connect to the router

         a. Use your internet browser to login to the router web interface.

         b. The default IP address of the router is 192.168.1.1

         c. Default username and password are:

               Username: admin

               Password: admin

      2. Verify that the WAN or Internet connection is up.

      3. Go to VPN and Remote Access>>VPN Profiles.

      4. Create your IPsec VPN Profile.

          a. In the VPN Profiles page, select IPsec Dial-out tab and click (Add).

          b. Enter a Profile name and select enable.

          c. Select Enable (Always Dial-Out) and select the interface the VPN tunnel is going to use (e.g. WAN2).

          d. Enter the same Pre-Shared key that you used for Vigor 2860 router.

          e. Enter Local IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 3900 router.

          f. Enter Local Next Hop; this is the local IP address of your Vigor 2860.

          g. Enter Remote Host; this is your WAN/Public IP address of your Vigor 2860.

          h. Enter Remote IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 2860 router.       

          i. Select (Aggressive mode) under IKE Phase 1, (PSK) for Auth Type, and enter the same Pre-share key that you used for Vigor 2860 router.

          j. Enter Local ID that is the same as the Peer ID of Vigor 2860 and for Security Protocol select (ESP).

          k. Click (Apply)

Test that the LAN-to-LAN connection has been established

Check that the VPN tunnel between the two routers has been established:

     1. In the Vigor 3900 router go to VPN and Remote Access >>Connection Management menu. The VPN connection status will indicate that

         you are now connected.

     2. Perform the same check in the Vigor 2860.

     3. Use PING command to test VPN connection.

 

Configuring PPTP LAN-to-LAN VPN Tunnel between Vigor 2860 and Vig...

0
0

In this document, we will describe how to create a PPTP LAN-to-LAN VPN tunnel between a Vigor2860 and a Vigor3900.

The following network topology will be used.

 

Configuring Vigor 2860
     

 1. Connect to the router. 

     a. Use your internet browser to login to the router web interface.

     b. The default IP address for the router is 192.168.21.1

     c. Default username and password are:

           Username: admin

           Password: admin

 

 

     2. Check that the router is connected to the internet by looking at the router dashboard page.

     3. Go to VPN and Remote Access>>LAN to LAN configuration menu.

     4. Select the first available Index to start the configuration. 

  5. Create your PPTP VPN Profile.

      a. Enter a profile name.

      b. Select (Enable this profile) and Dial-in.     

      c. Under Dial-in settings, tick PPTP and enter your chosen PPTP username and password.

      d. Enter the Remote Network IP (IP address xxxx) which is the local LAN IP address of the Vigor 3900 router.

      e.Click OK to save your settings.

Configuring Vigor 3900

  1. Connect to the router.

        a. Use your internet browser to login to the router web interface.

        b. The default IP address of the router is 192.168.1.1.

        c. Default username and password are given below:

              Username: admin

              Password: admin

 

 

      2. Verify that the WAN or Internet connection is up

      3. Go to VPN and Remote Access>>VPN Profiles

      4. Create your PPTP VPN Profile.

          a. In the VPN Profiles page, select PPTP Dial-out tab and click (Add).

          b. Enter a Profile name and select enable.

          c. Select Enable (Always Dial-Out) and select the interface the VPN tunnel is going to use (e.g. WAN2).

          d. Enter the Server IP/Hostname; this is your WAN/Public IP of your Vigor 2860.

          e. Enter the same PPTP username and password that you used for Vigor 2860 router.

          f. Enter Local IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 3900 router.

          g. Click (Add) to enter Remote IP/Subnet Mask; this is the LAN/ Local IP address/Subnet Mask of your Vigor 2860 router.

          h. Click (Apply).

Test that the LAN-to-LAN connection has been established.

Check that the VPN tunnel between the two routers has been established:

   1. In the Vigor 3900 router go to VPN and Remote Access >>Connection Management menu. The VPN connection status will indicate that you are now connected

      2. Perform the same check in the Vigor 2860.

     3. Use PING command to test VPN connection.

Video - How to set up a wireless WAN?

0
0
Support Models :Vigor2860 Series, Vigor2860L/Ln, Vigor2925 Series, Vigor2925L/Ln

Wireless WAN is a feature available in Vigor2860n/nplus/vnplus and Vigor2925n/nplus/vnplus using firmware version 3.8.1 or later. This feature allows you to configure WAN 2 to use the router Wi-Fi to tether to a mobile Wi-Fi Hotspot such as a smartphone to provide internet connectivity when the primary WAN connection becomes unavailable.

WirelessWAN

Youtube Video

https://youtu.be/hRw4AtdVAgM

Application Notes:

http://www.draytek.com/en/faq/faq-connectivity/connectivity.wan/how-to-set-up-a-wireless-wan/#prettyPhoto

 

Configuring the Vigor2860L and Vigor2925L for LTE Internet access

0
0

The DrayTek Vigor2860L series and Vigor2925L series routers have an integrated LTE modem and will accept SIM The SIM cards from any of major broadband service providers in Australia - Telstra, Optus, Vodafone, etc., as well as those in New Zealand - Spark, 2Degrees, Vodafone, etc.

This guide will show you how to configure the Vigor2860L and Vigor2925L series router to enable 4G communication via the integrated LTE modem.

Supported 4G LTE bands are:

  •          B3 (1800MHz)
  •          B7 (2600MHz)
  •          B8 (900MHz)
  •          B20 (800MHz)

Note 1: Band 28 (700MHz) is currently not supported in Vigor LTE routers.
Note 2: 3G WCDMA Band 5 (850MHz) is currently not supported in Vigor LTE routers.

For 2G/3G/4G Coverage Areas check with your ISP for the exact frequency band used in your area from the following links: Telstra, Optus, Vodafone and Virgin Mobile

 

This configuration guide will cover:

  1.        Optus
  2.        Vodafone
  3.        Telstra

In our example we will use the Vigor2860. The configuration will be identical in the Vigor2925 router.

Step 1: Insert SIM Card into the Router

picture-1

Once the SIM card is installed you can install the cover plate on the SIM card slot to prevent accidental removal of the SIM card.

 

Step 2: Attach Antennas onto the Router

Attach the two black coloured antennas to the router as shown in the diagram below.  The primary antenna socket is the one nearest the SIM card slot.

picture-2

picture-3

Step 3 – Enable LTE WAN

Go to WAN >> General Setup configuration menu.

Select LTE and set Active Mode to Always On. (LTE corresponds to WAN3).

Click on LTE to go to LTE configuration menu.

  •          Select Yes for Enable
  •          Set Active mode to Always On
  •          Click on OK to save

picture-4

picture-5

Step 4 – Enable LTE WAN port

For LTE WAN click on the pulldown menu and select 3G/4G LTE  Modem(DHCP mode).

Then click on Details Page to configure the LTE connection.

picture-6

Select Enable to enable this profile.

Select the required Network Mode. Options are:

  • 4G/3G/2G
  • 4G Only
  • 3G Only
  • 2G Only

picture-7

 

We have selected the default setting 4G/3G/2G Network Mode.

Now enter the APN Name to correspond to the 4G modem being used and the ISP that you will be connecting to.

4.1 Optus 4G Configuration

Enter the APN Name:    connect

picture-8

Click OK to save.

 

4.2 Vodafone 4G Configuration

Enter the APN Name:    live.vodafone.com

picture-9

Click OK to save.

 

4.3 Telstra 4G Configuration

Enter the APN Name:    telstra.internet

picture-10

Click OK to save.

 

Step 5 – Establishing 4G connection

After completing the configuration steps outlined above, go to Online Status>> Physical Connection router menu and check if the LTE connection is up.

You may need to restart the router to bring up the connection.

Details will be shown under LTE status.

You should see LTE WAN has a valid IP address and LTE status will be Operational and signal quality shown.

picture-11

Check that you have Internet connectivity by going to an Internet web page or run ping to an external site.

picture-12

Video - Configuring the Vigor2860L and Vigor2925L for LTE Interne...

0
0

The DrayTek Vigor2860L series and Vigor2925L series routers have an integrated LTE modem and will accept SIM cards from any of major broadband service providers in Australia - Telstra, Optus, Vodafone, etc., as well as those in New Zealand - Spark, 2Degrees, Vodafone, etc.

This video shows the configuration steps to enable 4G communication via the integrated LTE modem.  The Vigor2860Ln router is used in the configuration example.

LTE-Video

 

Click here to watch the video.

How to Setup TPG IPTV on Vigor2860

0
0

 

This application note describes how to configure the DrayTek Vigor2860 router to access IPTV supplied by TPG.

 

Log into the router and go to WAN >> Multi-PVC/VLAN configuration menu.

Select WAN5 as highlighted below:

Multi PVC/VLAN

Configure Multi-PVC

A.)   Enable Multi-PVC/VLAN Channel 5 and select WAN Type ADSL

B.)    Under General Settings enter the following values:

 VPI                        0

 VCI                        35

Protocol               MPoA

Encapsulation   1483 Bridged IP LLC

C.)    Enable Open Port-based Bridge Connection for this Channel and select the LAN ports to receive IPTV. (Port 1 is reserved and cannot be selected)

D.)   Tick Open WAN Interface for this Channel and select WAN Application as IPTV.

E.)    Enable Obtain an IP address automatically then click “OK” on the bottom page.

Channel5

Configure IGMP

Go to Applications >> IGMP configuration menu. Tick Enable IGMP Proxy then click “OK”.

IGMP A

 

Once the Group ID appears, it indicates that the router has successfully obtained IP address servers for IPTV TPG

IGMP B

How to Play IPTV TPG using VLC Player

The links below provide information on how to use VLC player to watch IPTV

http://www.avenard.org/iptv/VLC.html

http://takopost.com/watch-tpg-iptv-using-vlc-media-player/

 

 

 


Video - How to Log into your DrayTek Vigor Router

0
0

This tutorial video shows you how to determine the LAN IP address for the DrayTek Vigor router and then use it to log into the router configuration menu.

The Vigor2860 is used to illustrate the log in procedure.

 

Click here to watch the video

Connecting DrayTek Broadband Routers to Optus Cable Service

0
0

 

This application note shows you how to configure the Optus supplied Netgear modem into bridge mode to interface Draytek broadband routers to Optus cable service.

Applicable DrayTek routers

 DrayOS Routers

Vigor2860, Vigor2925, Vigor2760, Vigor2832, Vigor2120, Vigor2132, Vigor2912, Vigor2952, Vigor3220

 

Linux OS based routers

Vigor2960, Vigor3900

Configuring NetGear Modem for Bridge Mode

 

Please be aware that once you have activated Bridge Mode, you will only have access to the 1st Ethernet socket on the modem, as Bridge Mode disables the other 3 sockets. To disable Bridge Mode you will need to perform a factory reset of the modem (hold a paperclip or pin for 10 seconds in the small hole on the back of the modem).

Configure the DrayTek Router to authenticate IPoE from Optus Cable

 

Dray OS Routers

A.)   Enable Static or Dynamic IP

B.)    Select Obtain an IP address automatically

C.)    In DHCP Client Identifier apply username and password

D.)   Click ok to apply the settings

 

 

Linux OS Based Routers

A.)   Enable WAN Profile

B.)    Select DHCP on IPv4 Protocol

C.)    Go to DHCP detail page

http://www.i-lan.net.au/dfaq/image/WAN/OptusCableEtherWAN/WAN IPoE Optus CableB.jpg

D.)   Apply username and if given apply also the password

E.)    Then click Apply to set the settings.

 

 

 

 

Configuring SSL LAN-to-LAN VPN Tunnel between Vigor 2860 and Vigo...

0
0

In this document, we will show how to create an SSL LAN to LAN VPN tunnel between a Vigor2860 and a Vigor3900 router.  We use the following network topology.

Configuring Vigor 2860

     1. Connect to the router.

         a. Use your internet browser to login to the router web interface.

         b. The default IP address for the router is 192.168.21.1

         c. Default username and password are:

               Username: admin

               Password: admin

 

     2. Check if the router is connected to the internet by looking at the router Dashboard page.

     3. Go to VPN and Remote Access>>LAN to LAN configuration menu.

     4. Select the first available Index to start the configuration.

     5. Create your SSL VPN Profile.

         a. Enter a profile name.

         b. Select (Enable this profile) and Dial-in.

        c. Under Dial-in settings, select SSL and enter your chosen SSL username and password.

        d. Enter the Remote Network IP (IP address xxxx) which is the local IP address of your Vigor 3900 router.

        e. Click OK to save your settings.

Configuring Vigor 3900

     1. Connect to the router.

         a. Use your internet browser to login to the router web interface.

         b. The default IP address of the router is 192.168.1.1

         c. Default username and password are:

               Username: admin

               Password: admin

     2. Verify that the WAN or Internet connection is up.

     3. Go to VPN and Remote Access>>VPN Profiles.

     4. Create your SSL VPN Profile.

         a. In the VPN Profiles page, select SSL Dial-out tab and click (Add).

         b. Enter a profile name and select enable.

         c. Select Enable (Always Dial-Out) and select the interface the VPN tunnel is going to use (e.g. WAN2)

         d. Enter the Server IP/Hostname; this is your WAN/Public IP address of your Vigor 2860.

         e. Enter the same SSL username and password that you used for Vigor 2860 router.

         f. Enter Local IP/Subnet Mask; this is the Local IP address/Subnet Mask of your Vigor 3900 router.

         g. Click (Add) to enter Remote IP/Subnet Mask; this is the LAN/Local IP address/Subnet Mask of your Vigor 2860 router.

         h. Click (Apply)

Test that the LAN-to-LAN connection has been established

Check that the SSL VPN tunnel between the two routers has been established:

     1. In the Vigor 3900 router go to VPN and Remote Access>>Connection Management menu. The VPN connection status will indicate that

         you are now connected, if not select SSL and the profile that you created and then click connect.

     3. Use PING command to test VPN connection.

 

Configuring IPsec LAN-to-LAN VPN Tunnel between Vigor 2860 and ...

0
0

In this document, we will show you how to create an IPsec LAN to LAN VPN tunnel between a Vigor2860 and a Vigor3900 using Aggressive Mode. We will use the following network topology.

Configuring Vigor 2860

     1. Connect to the router.

         a. Use your internet browser to login to the router web interface.

         b. The default IP address for the router is 192.168.21.1

         c. Default username and password are:

                 Username: admin

                 Password: admin

      2. Check that the router connected to the internet by looking at the router dashboard page.

      3. Go to VPN and Remote Access>>LAN to LAN configuration menu.

      4. Select the first available index to start the configuration.

      5. Create your IPsec VPN Profile.

          a. Enter a profile name.

          b. Select (Enable this profile) and Dial-in.

          c. Under Dial-in settings, select IPsec Tunnel and Specify Remote VPN Gateway.

          d. Select IKE Pre-Shared Key and then enter your chosen Pre-share Key then click OK.

          e. Enter your chosen Peer ID.

          f. Enter the Remote Network IP (IP address xxxx), which is the local LAN IP address of the Vigor 3900 router.

          g. Click OK to save your settings.

Configuring Vigor 3900

     1. Connect to the router

         a. Use your internet browser to login to the router web interface.

         b. The default IP address of the router is 192.168.1.1

         c. Default username and password are:

               Username: admin

               Password: admin

      2. Verify that the WAN or Internet connection is up.

      3. Go to VPN and Remote Access>>VPN Profiles.

      4. Create your IPsec VPN Profile.

          a. In the VPN Profiles page, select IPsec tab and click (Add).

          b. Enter a Profile name and select enable.

          c. Enable Auto dial-out and select Always dial-out.

          d. Select the interface the VPN tunnel is going to use (e.g. WAN2).

          e. Enter Local IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 3900 router.

          f. Enter Local Next Hop; this is the local IP address of your Vigor 2860.

          g. Enter Remote Host; this is your WAN/Public IP address of your Vigor 2860.

          h. Enter Remote IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 2860 router.       

          i. Select (Aggressive mode) under IKE Phase 1, (PSK) for Auth Type, and enter the same Pre-share key that you used for Vigor 2860 router.

          j. Enter Local ID that is the same as the Peer ID of Vigor 2860 and for Security Protocol select (ESP).

          k. Click (Apply)

Test that the LAN-to-LAN connection has been established

Check that the VPN tunnel between the two routers has been established:

     1. In the Vigor 3900 router go to VPN and Remote Access >>Connection Management menu. The VPN connection status will indicate that

         you are now connected.

     2. Perform the same check in the Vigor 2860.

     3. Use PING command to test VPN connection.

 

Configuring PPTP LAN-to-LAN VPN Tunnel between Vigor 2860 and Vig...

0
0

In this document, we will describe how to create a PPTP LAN-to-LAN VPN tunnel between a Vigor2860 and a Vigor3900.  The following network topology will be used.

 

Configuring Vigor 2860
     

 1. Connect to the router. 

     a. Use your internet browser to login to the router web interface.

     b. The default IP address for the router is 192.168.21.1

     c. Default username and password are:

           Username: admin

           Password: admin

 

 

     2. Check that the router is connected to the internet by looking at the router dashboard page.

     3. Go to VPN and Remote Access>>LAN to LAN configuration menu.

     4. Select the first available Index to start the configuration. 

  5. Create your PPTP VPN Profile.

      a. Enter a profile name.

      b. Select (Enable this profile) and Dial-in.     

      c. Under Dial-in settings, tick PPTP and enter your chosen PPTP username and password.

      d. Enter the Remote Network IP (IP address xxxx) which is the local LAN IP address of the Vigor 3900 router.

      e.Click OK to save your settings.

Configuring Vigor 3900

  1. Connect to the router.

        a. Use your internet browser to login to the router web interface.

        b. The default IP address of the router is 192.168.1.1.

        c. Default username and password are given below:

              Username: admin

              Password: admin

 

 

      2. Verify that the WAN or Internet connection is up

      3. Go to VPN and Remote Access>>VPN Profiles

      4. Create your PPTP VPN Profile.

          a. In the VPN Profiles page, select PPTP Dial-out tab and click (Add).

          b. Enter a Profile name and select enable.

          c. Select Enable (Always Dial-Out) and select the interface the VPN tunnel is going to use (e.g. WAN2).

          d. Enter the Server IP/Hostname; this is your WAN/Public IP of your Vigor 2860.

          e. Enter the same PPTP username and password that you used for Vigor 2860 router.

          f. Enter Local IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 3900 router.

          g. Click (Add) to enter Remote IP/Subnet Mask; this is the LAN/ Local IP address/Subnet Mask of your Vigor 2860 router.

          h. Click (Apply).

Test that the LAN-to-LAN connection has been established.

Check that the VPN tunnel between the two routers has been established:

   1. In the Vigor 3900 router go to VPN and Remote Access >>Connection Management menu. The VPN connection status will indicate that you are now connected

      2. Perform the same check in the Vigor 2860.

     3. Use PING command to test VPN connection.

Webinar - High Availability in DrayTek Routers

0
0

This webinar gave an overview of the High Availability Feature in DrayTek routers providing uninterrupted network access should a hardware failure occur. Hardware redundancy is added to the network to provide maximum up-time for critical installations.

High Availability is available in the Vigor3900, Vigor2960, Vigor2860,  Vigor2925, Vigor2952 and Vigor3220 routers.

webinar

Click here to watch

How to connect Android VPN L2TP/IPsec to DrayTek Vigor router?

0
0

This will apply DV2760, DV2860, DV2912, DV2832, DV2925, DV2952, DV3220, and DV2120

In this configuration, we used a Samsung Galaxy S7 ver 6.0.1 Marshmallow and DV2860Ln firmware ver 3.8.4.2

1.) configure the IPsec General Setup navigate to “VPN and Remote Access >> IPsec General Setup” then apply the Pre-Shared Key “Draytek”

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver1.jpg

2.) Build a Remote Dial-In profile go to “VPN and Remote Access >> Remote Dial-In Users” select the number one Index to create your first profile.

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver2.jpg

Then tick Enable this account, select L2TP with IPsec Policy ”Must” and apply username / password. Then click ok to save the profile.

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver3.jpg

Under Index 1 you can view the new profile and it’s ready for the remote dial-in.

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver4.jpg

Now we configure the Samsung Galaxy S7 go to “”settings” 

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver5.jpg

Select “More connection settings”

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver6.jpg

Click VPN

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver7.jpg

Then click “Add VPN” apply Name of the VPN profile, select L2TP / IPsec for your connection type, the server address is 192.168.100.20 and IPsec pre-shared key.

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver8.jpg

Then select L2TP / IPsec the apply the username and password then click connect.

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver9.jpg

Once the connection is successful you can check the status through Remote Dial-in Users or Connection Management

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver10.jpg

http://www.i-lan.net.au/dfaq/image/VPN/VPN_IPsecL2TP-Android/IPsecL2TPver11.jpg

 

 


Video - How to Configure the Vigor2860 Router for VDSL2 Connectio...

0
0

This video shows  how to configure the DrayTek Vigor2860 series router for VDSL2 connection on the NBN network in Australia.

2860-VDSL

Click here to watch this video.

Configuring Vigor Router Firewall using Objects to allow RDP acce...

0
0

In this example, we will configure the Vigor2860 router firewall to allow RDP access to a host on the LAN from one device on the Internet. We will use Objects to allow the computer “MyPC” to use RDP to access the host “PC1”.

 

 

 

 

 

Step 1: Configure Port Redirection

    1. Go to NAT>>Port Redirection and select the first index.

        a. Select enable to activate this profile.

        b. Enter Service Name as (e.g RDP).

        c. Enter Public Port as (e.g 514).

        d. Enter Private IP address which is PC1’s IP address (192.168.1.11).

        e. Enter Private Port as RDP Port (3389).

        f. Click OK to save your settings.

Step 2: Create Objects

    1. Create Object for “MyPC".

        a. Go to Object Settings>>IP Object and select the first index.

       b. Enter Name as “MyPC”.

       c. Select Address Type as Single Address.

       d. Enter “MyPC” public IP address.

       e. Click OK to save your settings.

    2. Create Object for PC1

        a. Select the 2nd index.

 

        b. Enter Name as PC1.

        c. Select Address Type as Single Address.

        d. Enter PC1 private IP address (192.168.1.11).

        e. Click OK to save your settings.

    3. Create Object for RDP Port.

        a. Go to Object Settings>>Service Type Object and select the first index.

        b. Name the Profile as “RDP".

        c. Select Protocol as “TCP".

        d. Enter Destination Port as RDP port (3389~3389).

        e. Click OK to save your settings.

Step 3: Create Firewall Filters

    1. Create filter rule that will block all RDP traffic if no other filter rule will match this rule.

        a. Go to Firewall>>Filter Setup, select Filter Set 2 and then Filter Rule 2.

        b. Select “Check to enable the Filter Rule”.

        c. Enter Comments as “e.g., Block_All_RDP”

        d. Select direction from WAN to LAN/DMZ/VPN

        e. Select “any” for Source IP.

        f. Select “PC1” object for Destination IP.

        g. Select “RDP” object for Service Type.

        h. Under Action/Profile, select “Block if no further match”.

        i. Click OK to save your settings.

    2. Create filter rule that will only allow MyPC to access PC1 remotely using RDP.

        a. Select Filter Rule 3.

        b. Select “Check to enable the Filter Rule”.

        c. Enter Comments as “e.g Allow_RDP_MyPC”.

        d. Select direction from WAN to LAN/DMZ/VPN.

        e. Select “MyPC” object for Source IP.

        f. Select “PC1” object for Destination IP.

        g. Select “RDP” object for Service Type.

        h. Under Action/Profile, select “Pass Immediately”.

        i. Click OK to save your settings.

Step 4: Testing

    a. Use Windows Run to launch the Remote desktop application.

        i. Enter the public IP address and port number of PC1.

        ii. Use a different computer to test the firewall policies.

    b. Repeat step 1 and 2

 

How to Configure Internal RADIUS Server in DrayTek Routers?

0
0

This application note will describe how to configure the Internal RADIUS Server in DrayTek Vigor routers. This feature is available in Vigor2860, & Vigor2925 routers.

In the example, we will use RADIUS to authenticate Wi-Fi users through an external Wi-Fi Access Point to the protected network.

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius1.jpg

Step 1

First create a user profiles in “User Management >> User Profile”. We will create two users: user 1 and samsung.

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius2.png

Select the next available profiles and enter the user details in each profile.

For each user profile enter the username and password (“user” and password) then select “Internal RADIUS”

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius3.png

 

Step 2

Go to Applications>>RADIUS/TACACS+ configuration menu.

Enable “Internal RADIUS” then apply “Share Secret and the IP Address / subnet of the Access Point”

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius4.png

 

Then select Method “PAP/CHAP/MS-CHAP/MS-CHAPv2”, tick “Support 802.1x Method” and select the Authentication List users.

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius5.png

 

Step 3 – Configure Access Point

In the Access Point Enable Wireless LAN and enter the required SSID.

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius6.png

Go to Wireless LAN (2.4GHZ)>>Security Settings configuration menu

Select the mode: Mixed(WPA+WAP2)/802.1x

Click on RADIUS Server to configure RADIUS options.

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius7.png

For the RADIUS server settings, enter the IP Address of the RADIUS server, Port number and shared secret.

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius8.png

 

To check the authentication is successful, go to “Diagnostics >> Authentication Information” menu.

http://www.i-lan.net.au/dfaq/image/InternalRadius/radius9.png

How to configure LAN to LAN Static Route using Draytek Routers

0
0

In this scenario, we will configure a LAN to LAN static route using Draytek routers that link with a point to point wireless bridge.  The LANs (LAN1, LAN2, and LAN3) on site (SITE 1, SITE 2, and SITE 3) can access each other through the routers (R1, R2, and R3) and LAN2 in Site 2 will have internet connection via Site 1 using Route Policy.

 

 

Step 1: Configure Router R1

  1. Assign a network subnet to Port 1.

     a. Go to LAN>>General Setup, click Details Page under LAN1.

     b. Enter IP address as 192.168.10.1 and Subnet Mask as 255.255.255.0

     c. Under DHCP Server Configuration, enter Start IP address 192.168.10.100 and Gateway IP address 192.168.10.1

     d. Click OK to save your settings.

  2.  Activate port 6 and assign a network subnet.

     a. Go to LAN>>VLAN, tick P6 under VLAN1 and select LAN2 as subnet.

     b. Tick all the remaining ports (P1-P5) under VLAN0 and LAN1 as subnet.

     c. Click OK to save your settings.

     d. Go to LAN>>General Setup, click Details Page under LAN2.

     e. Enter IP address 192.168.2.2 and subnet mask 255.255.255.0

     f. Under DHCP Server Configuration, select Disable Server.

     g. Click OK to save your settings.

 

  3.  Configure Static Routes.

     a. Go to LAN>>Static Route, select index 1 and tick Enable.

     b. Enter the following below:

  •      Destination IP address = 192.168.20.0
  •      Subnet Mask = 255.255.255.0
  •      Gateway IP address =  192.168.2.1
  •      Network Interface = LAN2

     c. Click OK to save your settings.

    

     

     d. Select Index 2 and tick Enable.

     e. Enter the following below:

  •      Destination IP address = 192.168.30.0
  •      Subnet Mask = 255.255.255.0
  •      Gateway IP address = 192.168.2.1
  •      Network Interface = LAN2

     f. Click OK to save your settings.

Step 2: Configure Router R2

  1. Assign a network subnet to Port 1.

     a. Go to LAN>>General Setup, click Details Page under LAN1.

     b. Enter IP address as 192.168.20.1 and Subnet Mask as 255.255.255.0

     c. Under DHCP Server Configuration, enter Start IP address 192.168.20.100 and Gateway IP address 192.168.20.1

     d. Click OK to save your settings.

  2. Activate port 2 and port 3 and assign a network subnet.

     a. Go to LAN>>VLAN, tick P2 under VLAN1 and LAN2 as subnet.

     b. Tick P3 under VLAN2 and select LAN3 as subnet.

     c. Tick the remaining ports (P1, P5 and P6) under VLAN0 and LAN1 as subnet.

     d. Click OK to save your settings.

     e. Go to LAN>>General Setup, click Details Page under LAN2.

     f.  Enter IP address 192.168.2.1 and subnet mask 255.255.255.0

     g. Under DHCP Server Configuration, select Disable Server.

     h. Click OK to save your settings.

     i. Go to LAN>>General Setup, click Details Page under LAN3.

     j. Enter IP address 192.168.3.1 and subnet mask 255.255.255.0

     k. Under DHCP Server Configuration, select Disable Server.

     l. Click OK to save your settings.

  3. Configure a route policy for internet connection.

     a. Go to Load Balance/Route Policy>>General Setup, select index 1 and tick Enable.

     b. Comment as “Internet” and select Protocol as Any.

     c. Select Src IP subnet and enter IP address 192.168.20.0 and subnet mask 255.255.255.0/24

     d. Select Destination and Destination Port as Any.

     e. Under “Send via if Criteria Matched”, Interface is LAN2 and Specific Gateway is 192.168.2.2

     f. Click OK to save your settings.

  4. Configure Static Routes.

     a. Go to LAN>>Static Route, select index 1 and tick Enable.

     b. Enter the following below:

  •          Destination IP address = 192.168.10.0
  •          Subnet Mask = 255.255.255.0
  •          Gateway IP address =  192.168.2.2
  •          Network Interface = LAN2

     c. Click OK to save your settings.

     d. Select Index 2 and tick "Enable"

     e. Enter the following below:

  •         Destination IP address = 192.168.30.0
  •         Subnet Mask = 255.255.255.0
  •         Gateway IP address = 192.168.3.2
  •         Network Interface = LAN3

     f. Click OK to save your settings.

Step 3: Configure R3

  1. Assign a network subnet to Port 1.

     a. Go to LAN>>General Setup, click Details Page under LAN1.

     b. Enter IP address as 192.168.30.1 and Subnet Mask as 255.255.255.0

     c. Under DHCP Server Configuration, enter Start IP address as 192.168.30.100 and Gateway IP address as 192.168.30.1

     d. Click OK to save your settings.

  2. Activate port 6 and assign a network subnet.

     a. Go to LAN>>VLAN, tick P6 under VLAN1 and select subnet as LAN3.

     b. Tick all the remaining ports (P1-P5) under VLAN0 and LAN1 as subnet.

     c. Click OK to save your settings.

     d. Go to LAN>>General Setup, click Details Page under LAN2.

     e. Enter IP address 192.168.3.2 and subnet mask 255.255.255.0

     f. Under DHCP Server Configuration, select Disable Server.

     g. Click OK to save your settings.

  3. Configure Static Routes.

     g. Go to LAN>>Static Route, select index 1 and tick Enable.

     h. Enter the following below:

  •          Destination IP address = 192.168.20.0
  •          Subnet Mask = 255.255.255.0
  •          Gateway IP address =  192.168.3.1
  •          Network Interface = LAN3

     i. Click OK to save your settings.

     j. Select Index 2 and tick Enable

     k. Enter the following below:

  •          Destination IP address = 192.168.10.0
  •          Subnet Mask = 255.255.255.0
  •          Gateway IP address = 192.168.3.1
  •          Network Interface = LAN3

     l. Click OK to save your settings.

High Availability “Active Standby Configuration”

0
0

This Application notes will discuss High Availability (HA) using “Active Standby” mode. In the scenario shown here we have three identical routers (Vigor2925) they are deployed in a campus environment where the routers are installed in three different locations for disaster recovery purposes. Routers are installed in Administrator Office, Engineering Office and Information Technology Office. The locations are 1km apart with optic fiber backbone connected to each Vigor2925 LAN port and each location has a separate WAN internet connection. The aim is to provide High Availability at each location. The network topology is shown in the diagram below:

 

Following routers support High Availability: Vigor2860, Vigor2925, Vigor2952, Vigor2960, Vigor3220 and Vigor3900

Mode

WAN Source

Online Status

Configuration Sync

Active-Standby

Primary and Secondary have different WAN sources

Both Primary and Secondary are online via their own different WAN lines

No Configuration Sync

Under Normal Operation

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/ActiveStandbyNormal01.jpg

Under normal High Availability operation, the traffic from subnet 192.168.1.1 is going through the Primary router which is located in the Information Technology Building.

The Primary Router is Down

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/ActiveStandbyNormal02.jpg

 

In the event the Primary router fails, the remaining routers will send packets to the rest of the HA router group to elect the next Primary router based priority settings. In this diagram above, the Administrator Office Building has higher priority value than Engineering Office Building all traffic is routed to Administrator Office Building.

Two Primary Routers are Down

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/ActiveStandbyNormal03.jpg

 

In the event that two routers have failed (Administrator Office Building and Information Technology Building routers) then traffic will be automatically routed to the Engineering Office Building.

Information Technology Office is out of Commission

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/ActiveStandbyNormal04.jpg

In this scenario the entire IT building is out of commission isolating each of the secondary routers from each other. In this scenario they each become Primary routers and run independently of each other. Internet traffic is routed by the corresponding WAN connection to the internet.

High Availability Active Standby Configuration:

Primary Router Configuration

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/HA01.jpg

 

 

 

  1. Change the IP address of LAN 1 to 192.168.1.2
  2. Go to LAN >> General Setup on the right side row tick “Details Page”

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/HA02.jpg

  1. Go to Application >> High Availability and select “Enable High Availability
  2. For “Redundancy Method” select “Active-Standby”
  3. For Priority ID enter 20
  4. Enable Syslog. This will be useful for troubleshooting
  5. Enable the LAN subnet for High Availability using the Virtual IP address 192.168.1.1

For more details on the High Availability you can visit the link

How to use High Availability

http://www.draytek.com/?a=resource/update&action=post/update&id=1660

Secondary Router Configuration

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/HA03.jpg

  1. Go to LAN >> General Setup on the right side row tick “Details Page”
  2. Change LAN 1 IP address to 192.168.1.3

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/HA04.jpg

  1. In Applications>>High Availability menu select “Enable High Availability”
  2. ForRedundancy Method select “Active-Standby”
  3. For Priority ID enter 15
  4. Enable Syslog. This will be useful for troubleshooting
  5. Enable the LAN subnet for High Availability using the Virtual IP address 192.168.1.1

Third Router Configuration

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/HA05.jpg

  1. Go to LAN >> General Setup on the right side row tick “Details Page”
  2. Change LAN 1 IP address to 192.168.1.4

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/HA06.jpg

  1. In Applications>>High Availability menu select “Enable High Availability”
  2. ForRedundancy Method select “Active-Standby”
  3. For Priority ID enter 10
  4. Enable Syslog. This will be useful for troubleshooting
  5. Enable the LAN subnet for High Availability using the Virtual IP address 192.168.1.1

How to check the High Availability Status

To know the High Availability status browse to the Virtual IP address 192.168.1.1 and go to Diagnostics >> High Availability Status.

http://i-lan.net.au/dfaq/image/HighAvailabilityActiveStandby/HA07.jpg

In the table it above, it shows that the router with the IP address of 192.168.1.2 is the Primary router and the two Secondary routers are also online.

 

Viewing all 42 articles
Browse latest View live




Latest Images