Vigor 2927ac - Router Draytek - Free user manual and instructions

USER MANUAL Vigor 2927ac Draytek

(For future update, please visit DrayTek web site)

Date: May 29 2025

Copyrights

© All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.

Trademarks

The following trademarks are used in this document:

● Microsoft is a registered trademark of Microsoft Corp.
● Windows, Windows 7, 8, 10, 11 and Explorer are trademarks of Microsoft Corp.
● Apple and Mac OS are registered trademarks of Apple Inc.
● Other products may be trademarks or registered trademarks of their respective manufacturers.

Safety Instructions

• Read the installation guide thoroughly before you set up the router.
• The router is a complicated electronic unit that may be repaired only be authorized and qualified personnel. Do not try to open or repair the router yourself.
• Do not place the router in a damp or humid place, e.g. a bathroom.
  ● The router should be used in a sheltered area, within a temperature range of +5 to +40 Celsius.
• Do not expose the router to direct sunlight or other heat sources. The housing and electronic components may be damaged by direct sunlight or heat sources.
• Do not deploy the cable for LAN connection outdoor to prevent electronic shock hazards.
• Do not power off the router when saving configurations or firmware upgrades. It may damage the data in a flash. Please disconnect the Internet connection on the router before powering it off when a TR069/ ACS server manages the router.
• Keep the package out of reach of children.
• When you want to dispose of the router, please follow local regulations on conservation of the environment.

Warranty

We warrant to the original end user (purchaser) that the router will be free from any defects in workmanship or materials for a period of two (2) years from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, we will, at our discretion, repair or replace the defective products or components, without charge for either parts or labor, to whatever extent we deem necessary tore-store the product to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be offered solely at our discretion. This warranty will not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. The warranty does not cover the bundled or licensed software of other vendors. Defects which do not significantly affect the usability of the product will not be covered by the warranty. We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes.

Be a Registered Owner

- Web registration is preferred. You can register your Vigor router via https://myvigor.draytek.com.

Firmware & Tools Updates

- Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.

https://www.draytek.com

Table of Contents

Part I Installation....i

I-1 Introduction ...... 1

I-1-1 Indicators and Connectors 2

I-1-1-1 Vigor2927 2

I-1-1-2 Vigor2927L 4

I-1-1-3 Vigor2927ac / Vigor2927ax / Vigor2927Lac....6

I-1-1-4 Vigor2927Vac 10

I-1-1-5 Vigor2927L-5G / Vigor2927Lax-5G.... 12

I-1-2 Notes for Antenna Installation (for "L" model) 15

I-2 Hardware Installation 18

I-2-1 Installing Vigor Router 18

I-2-2 Wall-Mounted Installation 19

I-2-3 Installing USB Printer to Vigor Router 20

I-3 Accessing Web Page 27

I-4 Dashboard....29

I-4-1 Virtual Panel 30

I-4-2 Name with a Link 31

I-4-3 Status for LTE 31

I-4-4 Quick Access for Common Used Menu 32

I-4-5 GUI Map 33

I-4-6 Web Console 34

I-4-7 Config Backup 35

I-4-8 Manual Download....35

I-4-9 Logout.... 35

I-4-10 Online Status 36

I-4-10-1 Physical Connection.... 36

I-4-10-2 Virtual WAN 38

I-5 Quick Start Wizard 39

I-5-1 For WAN1/WAN2 (Ethernet) 40

I-5-2 For WAN3/WAN4 (Wireless 2.4G/Wireless 5G).... 49

I-5-3 For WAN5/WAN6 (USB).... 55

I-6 Service Activation Wizard 57

I-7 Registering Vigor Router....59

Part II Connectivity 63

II-1 WAN 64

Web User Interface 66

II-1-1 General Setup 66

II-1-1-1 WAN1/ WAN2 (Ethernet).... 69

II-1-1-2 WAN3/WAN4 (Wireless 2.4G or 5G) 71

II-1-1-3 WAN5 / WAN6 (USB) or LTE or 5G-NR....72

II-1-2 Internet Access....74

II-1-2-1 Details Page for PPPoE in WAN1/ WAN2 (Physical Mode: Ethernet)....77

II-1-2-2 Details Page for Static or Dynamic IP in WAN1/WAN2 (Physical Mode: Ethernet)

80

II-1-2-3 Details Page for PPTP/L2TP in WAN1/WAN2 (Physical Mode: Ethernet)..... 84

II-1-2-4 Details Page for WAN3/WAN4 (Physical Mode: Wireless 2.4G/Wireless 5G) . 87

II-1-2-5 Details Page for 3G/4G USB Modem (PPP mode) in WAN5 / WAN6 ...... 89

II-1-2-6 Details Page for 3G/4G USB Modem (DHCP mode) in WAN5 / WAN6 ...... 91

II-1-2-7 Details Page for 3G/4G USB Modem (DHCP mode) in LTE WAN 94

II-1-2-8 Details Page for 3G/4G/5G Modem (DHCP mode) in 5G-NR WAN....98

II-1-2-9 Details Page for IPv6 - Offline in WAN1/ WAN2/ WAN5/ WAN6.... 104

II-1-2-10 Details Page for IPv6 - PPP in WAN1/ WAN2.... 104

II-1-2-11 Details Page for IPv6 - TSPC in WAN1/ WAN2/ WAN5/ WAN6 105

II-1-2-12 Details Page for IPv6 - AICCU in WAN1/ WAN2/ WAN5/ WAN6.... 107

II-1-2-13 Details Page for IPv6 - DHCPv6 Client in WAN1/WAN2.... 108

II-1-2-14 Details Page for IPv6 - Static IPv6 in WAN1/WAN2 110

II-1-2-15 Details Page for IPv6 - 6in4 Static Tunnel in WAN1/ WAN2.... 111

II-1-2-16 Details Page for IPv6 - 6rd in WAN1/WAN2.... 113

II-1-3 Multi-VLAN 115

II-1-4 WAN Budget.... 120

II-1-4-1 General Setup 120

II-1-4-2 Status 124

II-2 LAN 125

Web User Interface 127

II-2-1 General Setup 127

II-2-1-1 Details Page for LAN1 - Ethernet TCP/IP and DHCP Setup.... 129

II-2-1-2 Details Page for LAN2 \~ LAN8 and DMZ 133

II-2-1-3 Details Page for IP Routed Subnet 135

II-2-1-4 Details Page for LAN IPv6 Setup 137

II-2-1-5 DHCP Server Options.... 140

II-2-2 VLAN 142

II-2-3 Bind IP to MAC 146

II-2-4 LAN Port Mirror.... 149

II-2-5 Wired 802.1x 150

II-2-6 Link Aggregation.... 151

II-3 Hardware Acceleration.... 152

II-4 NAT 154

Web User Interface 155

II-4-1 Port Redirection.... 155

II-4-2 DMZ Host 159

II-4-3 Open Ports 162

II-4-4 Port Triggering....164

II-4-5 Port Knocking 166

II-4-6 ALG....169

II-5 Applications 170

Web User Interface 172

II-5-1 Dynamic DNS 172

II-5-2 LAN DNS / DNS Forwarding 178

II-5-3 DNS Security 181

II-5-3-1 General Setup 181
II-5-3-2 Domain Diagnose 182

II-5-4 Schedule....183

II-5-5 RADIUS/TACACS+ 186

II-5-5-1 External RADIUS.... 186
II-5-5-2 Internal RADIUS 188
II-5-5-3 External TACACS+.... 191

II-5-6 Active Directory/LDAP 192

II-5-6-1 General Setup 192
II-5-6-2 Active Directory / LDAP Profiles.... 193

II-5-7 UPnP 195

II-5-8 IGMP....196

II-5-8-1 General Setting.... 196
II-5-8-2 Working Status 197

II-5-9 Wake on LAN/WAN 198

II-5-10 SMS / Mail Alert Service.... 200

II-5-10-1 SMS Alert 200
II-5-10-2 Mail Alert 201

II-5-11 Bonjour 202

II-5-12 High Availability 205

II-5-12-1 General Setup 206
II-5-12-2 Config Sync 208

II-5-13 Local 802.1X General Setup 210

Application Notes 212

A-1 How to use DrayDDNS? 212
A-2 How to Configure Customized DDNS? 217

II-6 Routing....221

Web User Interface 222

II-6-1 Static Route 222

II-6-2 Load-Balance /Route Policy 227

Diagnose for Route Policy 233

II-6-3 BGP 237

II-6-3-1 Basic Settings.... 237
II-6-3-2 Static Network.... 238

Application Notes 239

A-1 How to set up Address Mapping with Route Policy? 239
A-2 How to use destination domain name in a route policy? 241
A-3 Introduction to Load Balance/Route Policy 243

II-7 LTE / 5G-NR....245

Web User Interface 246

II-7-1 General Settings 246

II-7-1-1 SMS Quota 246
II-7-1-2 SMS Inbox/Outbox 247
II-7-1-3 Signal Quality Display 247

II-7-2 SMS Inbox 248
II-7-3 Send SMS 251
II-7-4 SMS Gateway 252

II-7-5 Router Commands 256

II-7-6 Status....259

II-7-7 RSRP Graph.... 261

Part III Wireless LAN....263

III-1 Wireless LAN (2.4GHz/5GHz) 264

Web User Interface 267

III-1-1 Wireless Wizard....267

III-1-2 General Setup 271

III-1-3 Security 273

III-1-4 Access Control 275

III-1-5 WPS....277

III-1-6 WDS (for 5GHz) 280

III-1-7 Advanced Setting 282

III-1-8 Station Control 286

III-1-9 Bandwidth Management 287

III-1-10 AP Discovery 288

III-1-11 Airtime Fairness....289

III-1-12 Band Steering (2.4 GHz) 291

III-1-13 Roaming 295

III-1-14 Station List....296

III-2 Mesh Network 298

III-2-1 Mesh Wizard.... 299

III-2-2 Mesh Setup 303

III-2-3 Mesh Status.... 305

III-2-4 Mesh Discovery 306

III-2-5 Basic/Advanced Config Sync 307

III-2-6 Support List 309

Part IV VoIP....311

IV-1 VoIP 312

Web User Interface 314

IV-1-1 VoIP Wizard 314

IV-1-2 General Settings 316

IV-1-3 SIP Accounts 319

IV-1-3-1 Alias List 322

IV-1-4 DialPlan 325

IV-1-4-1 Phone Book 325

IV-1-4-2 Digit Map 326

IV-1-4-3 Call Barring 329

IV-1-4-4 Regional 331

IV-1-5 Phone Settings.... 333

IV-1-6 Status 337

IV-1-7 Diagnostics.... 339

IV-1-7-1 Caller ID 339

IV-1-7-2 Tone 339

Part V VPN....341

V-1 VPN and Remote Access 342

Web User Interface 343

V-1-1 VPN Client Wizard 343

V-1-2 VPN Server Wizard 350

V-1-3 Remote Access Control 360

V-1-3-1 Remote Access Control Setup 360

V-1-3-2 Bind to WAN 361

V-1-4 PPP General Setup 362

V-1-5 SSL General Setup 364

V-1-6 IPsec General Setup 366

V-1-7 IPsec Peer Identity 369

V-1-8 VPN Matcher Setup 371

V-1-9 OpenVPN 373

V-1-9-1 OpenVPN Server Setup 373

V-1-9-2 Client Config.... 375

V-1-9-3 Import Certificate 376

V-1-10 WireGuard 377

V-1-11 Remote Dial-in User 378

V-1-11 LAN to LAN 384

V-1-12 VPN Trunk Management.... 395

V-1-13 Connection Management 401

V-2 Certificate Management.... 403

Web User Interface 404

V-2-1 Local Certificate 404

V-2-2 Trusted CA Certificate 409

V-2-3 Certificate Backup 413

V-2-4 Self-Signed Certificate 414

V-2-5 Local Services List 415

Part VI Security 417

VI-1 Firewall 418

Web User Interface 420

VI-1-1 General Setup 420

VI-1-2 Filter Setup 425

VI-1-3 Defense Setup 435

VI-1-3-1 DoS Defense 435

VI-1-3-2 Spoofing Defense 438

VI-1-3-3 Brute Force Protection 439

VI-1-4 Diagnose 440

VI-2 Central Security Management (CSM).... 443

Web User Interface 444

VI-2-1 APP Enforcement Profile 444

VI-2-2 URL Content Filter Profile 446

VI-2-4 Web Content Filter Profile 450

VI-2-5 DNS Filter Profile 453

Application Notes 456

A-1 How to Create an Account for MyVigor 456

A-2 How to Block Facebook Service Accessed by the Users via Web Content Filter / URL

Content Filter 461

Part VII Management....467

VII-1 System Maintenance 468

Web User Interface 469

VII-1-1 System Status 469

VII-1-2 TR-069 471

VII-1-2-1 ACS and CPE Settings 471

VII-1-2-2 Reporting Configuration.... 473

VII-1-2-3 Export Parameters 473

VII-1-3 NetFlow 474

VII-1-4 Administrator Password 475

VII-1-5 User Password 479

VII-1-6 Login Page Greeting 482

VII-1-7 Configuration Backup.... 484

VII-1-8 Webhook 487

VII-1-9 Syslog/Mail Alert 488

VII-1-10 Time and Date.... 491

VII-1-11 SNMP 492

VII-1-11 Management 494

VII-1-12 Panel Control 500

VII-1-13 Self-Signed Certificate 505

VII-1-14 Reboot System....507

VII-1-15 Firmware Upgrade 508

VII-1-16 Firmware Backup 509

VII-1-17 Internal Service User List.... 510

VII-1-18 Dashboard Control 511

VII-2 Bandwidth Management....512

Web User Interface 513

VII-2-1 Sessions Limit 513

VII-2-2 Bandwidth Limit....515

VII-2-3 Quality of Service 517

VII-2-4 APP QoS 523

VII-3 User Management 524

Web User Interface 525

VII-3-1 General Setup 525

VII-3-2 User Profile 526

VII-3-3 User Group.... 530

VII-3-4 User Online Status 531

Application Notes 533

A-1 How to authenticate clients via User Management 533

A-2 How to use Landing Page Feature.... 542

VII-4 Hotspot Web Portal....546

Web User Interface 546

VII-4-1 Profile Setup.... 546

VII-4-1-1 Login Method....547

VII-4-1-2 Steps for Configuring a Web Portal Profile.... 548

VII-4-2 User Information....567

VII-4-2-1 User Info 567

VII-4-2-2 Database Setup 568

VII-4-3 Quota Management 570

VII-4-4 PIN Generator 573

VII-4-4-1 PIN Status.... 573

VII-4-4-2 PIN Generator 574

VII-4-4-3 JSON PIN Generator 575

VII-4-4-4 PIN Voucher 576

Application Notes 578

A-1 How to create Facebook APP for Web Portal Authentication? 578

A-2 How to create Google APP for Web Portal Authentication?...... 584

VII-5 Central Management (VPN) 586

Web User Interface 587

VII-5-1 General Setup 587

VII-5-1-1 General Settings.... 587

VII-5-1-2 IPsec VPN Settings.... 588

VII-5-2 CPE Management.... 589

VII-5-2-1 Managed Device List 589

VII-5-2-2 CPE Maintenance 592

VII-5-2-3 Google Map.... 594

VII-5-3 VPN Management 596

VII-5-4 Log & Alert 597

Application Notes 598

A-1 CVM Application - How to manage the CPE (router) through Vigor2927 series? . 598

A-2 CVM Application - How to upgrade CPE firmware through Vigor2927 series? .... 602

VII-6 Central Management (AP)....605

Web User Interface 606

VII-6-1 Dashboard.... 606

VII-6-2 Status 607

VII-6-3 WLAN Profile.... 608

VII-6-4 AP Maintenance 614

VII-6-5 Traffic Graph 615

VII-6-6 Event Log 616

VII-6-7 Total Traffic 617

VII-6-8 Station Number 617

VII-6-9 Load Balance 618

VII-7 Central Management (Switch) 620

Web User Interface 621

VII-7-1 Status 621

VII-7-1-1 Switch Status....621

VII-7-1-2 Switch Hierarchy 623

VII-7-1-3 Detailed Info 624

VII-7-1-4 TR069 Setting 625

VII-7-2 Profile 627

VII-7-3 Group 630

VII-7-4 Maintenance....632

VII-7-5 Alert and Log 633

VII-7-5-1 Alert Setup 633

VII-7-5-2 Switch and Port Setup 634

VII-7-5-3 Alert Logs....635

VII-7-6 Database Setup 636

VII-7-7 Support List 637

VII-8 Central Management (External Devices) 638

Part VIII Others....641

VIII-1 Objects Settings....642

Web User Interface 643

VIII-1-1 IP Object 643

VIII-1-2 IP Group 646

VIII-1-3 IPv6 Object.... 648

VIII-1-4 IPv6 Group 650

VIII-1-5 Service Type Object....652

VIII-1-6 Service Type Group 654

VIII-1-7 Keyword Object 656

VIII-1-8 Keyword Group 658

VIII-1-9 File Extension Object 659

VIII-1-10 SMS/Mail Service Object 661

VIII-1-11 Notification Object 666

VIII-1-12 String Object 668

VIII-1-13 Country Object 669

VIII-1-14 Objects Backup/Restore 671

Application Notes 672

A-1 How to Send a Notification to Specified Phone Number via SMS Service in WAN Disconnection 672

VIII-2 USB Application 676

Web User Interface 677

VIII-2-1 USB General Settings....677

VIII-2-2 USB User Management 678

VIII-2-3 File Explorer 680

VIII-2-4 USB Device Status....681

VIII-2-5 Temperature Sensor 682

VIII-2-6 Modem Support List 685

VIII-2-7 SMB Client Support List 686

Application Notes 687

A-1 How can I get the files from USB storage device connecting to Vigor router? ... 687

Part IX Troubleshooting 691

IX-1 Diagnostics 692

Web User Interface 693

IX-1-1 Dial-out Triggering....693

IX-1-2 Routing Table 694

IX-1-3 ARP Cache Table 695

IX-1-4 IPv6 Neighbour Table 696

IX-1-5 DHCP Table 697

IX-1-6 NAT Sessions Table 698

IX-1-7 DNS Cache Table 699

IX-1-8 Ping Diagnosis 700

IX-1-9 Data Flow Monitor 701

IX-1-10 Traffic Graph 704

IX-1-11 VPN Graph 705

IX-1-12 Trace Route 706

IX-1-13 Syslog Explorer 707

IX-1-14 IPv6 TSPC Status 708

IX-1-15 High Availability Status 708

IX-1-16 Authentication Information 710

IX-1-17 DoS Flood Table 712

IX-1-18 Route Policy Diagnosis 713

IX-2 Checking If the Hardware Status Is OK or Not.... 715

IX-3 Checking If the Network Connection Settings on Your Computer Is OK or Not.... 716

IX-4 Pinging the Router from Your Computer 719

IX-5 Checking If the ISP Settings are OK or Not.... 721

IX-6 Problems for 3G/4G Network Connection....722

IX-7 Backing to Factory Default Setting If Necessary 723

IX-8 Contacting DrayTek 724

Part X Telnet Commands....725

Accessing Telnet of Vigor2927 726

Part I Installation

Installation

This part will introduce Vigor router and guide to install the device in hardware and software.

I-1 Introduction

This is a generic International version of the user guide. Specification, compatibility and feature vary by region. For specific user guides suitable for your region or product, please contact local distributor.

Vigor2927 series integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth.

By adopting hardware-based VPN platform and hardware encryption of AES/ DES/ 3DES, the router increases the performance of VPN greatly, and offers several protocols (such as IPsec/ PPTP/ L2TP) with VPN tunnels.

The object-based design used in SPI (Stateful Packet Inspection) firewall allows users to set firewall policy with ease. CSM (Content Security Management) provides users control and management in IM (Instant Messenger) and P2P (Peer to Peer) more efficiency than before. By the way, DoS/ DDoS prevention and URL/ Web content filter strengthen the security outside and control inside. Object-based firewall is flexible and allows your network be safe.

User Management implemented on your router firmware can allow you to prevent any computer from accessing your Internet connection without a username or password. You can also allocate time budgets to your employees within office network.

With the 4-port Gigabit switch on the LAN side provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs. The tagged VLANs (IEEE802.1Q) can mark data with a VLAN identifier. This identifier can be carried through an onward Ethernet switch to specific ports. The specific VLAN clients can also pick up this identifier as it is just passed to the LAN. You can set the priorities for LAN-side QoS. You can assign each of VLANs to each of the different IP subnets that the router may also be operating, to provide even more isolation. The said functionality is tag-based Multi-subnet (Multiple-Private LAN Subnets).

On the Wireless-equipped models (e.g., Vigor2927Iac) each of the wireless SSIDs can also be grouped within one of the VLANs.

In addition, Vigor2927 series supports USB interface for connecting USB printer to share printing function or 3G USB modem for network connection.

Vigor2927 series provides two-level management to simplify the configuration of network connection. The user mode allows user accessing into WEB interface via simple configuration. However, if users want to have advanced configurations, they can access into WEB interface through admin mode.

I-1-1 Indicators and Connectors

Before you use the Vigor router, please get acquainted with the LED indicators and connectors first.

I-1-1-1 Vigor2927

WAN1, WAN2 / P6

LAN P1-P5

I-1-1-2 Vigor2927L

Interface	Description
Factory Reset	Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration.
USB	Connector for a USB device (for 3G/ 4G USB Modem or printer or thermometer).
WAN1 Connector	for a modem for accessing Internet.
WAN2 / P6	Connector for local network devices or modem for accessing Internet. It is a switchable port. It can be used for LAN connection or WAN connection according to the settings configured in WUI.
LAN P1-P5	Connecters for local network devices.
PWR Connector for a power adapter.
ON/OFF Power Switch.
	Connector for installing LTE antennas.
SIM 2/1	Slots for installing SIM card(s).

I-1-1-3 Vigor2927ac / Vigor2927ax / Vigor2927Lac

I-1-1-4 Vigor2927Vac

Interface	Description
Wireless LAN ON/ OFF/ WPS	Wireless band will be switched / changed according to the button pressed and released. For example,2.4G (On) and 5G (On) - in default.2.4G (Off) and 5G (On) - pressed and released the button once.2.4G (On) and 5G (Off) - pressed and released the button twice.2.4G (Off) and 5G (Off) - pressed and released the button three times.When WPS function is enabled by web user interface, press this button for more than 2 seconds to wait for client's device making network connection through WPS.
Factory Reset	Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration.
USB1~2 / USB	Connector for a USB device (for 3G/ 4G USB Modem or printer or thermometer).
WAN1 Connector	for a modem for accessing Internet.
WAN2 / P6	Connector for local network devices or modem for accessing Internet.It is a switchable port. It can be used for LAN connection or WAN connection according to the settings configured in WUI.
LAN P1-P5	Connecters for local network devices.
	Connector for installing WLAN antennas.(For ac model)
PWR Connector for a power adapter.
ON/ OFF Power Switch.

I-1-1-5 Vigor2927L-5G / Vigor2927Lax-5G

Interface	Description
Wireless LAN ON/ OFF/ WPS	Wireless band will be switched / changed according to the button pressed and released. For example,2.4G (On) and 5G (On) - in default.2.4G (Off) and 5G (On) - pressed and released the button once.2.4G (On) and 5G (Off) - pressed and released the button twice.2.4G (Off) and 5G (Off) - pressed and released the button three times.When WPS function is enabled by web user interface, press this button for more than 2 seconds to wait for client's device making network connection through WPS.
Factory Reset	Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration.
USB	Connector for a USB device (for 3G/ 4G USB Modem or printer or thermometer).
WAN1	Connector for local network devices or modem for accessing Internet.
WAN2 / P6	Connector for local network devices or modem for accessing Internet.The port “ WAN2 / P6” is switchable. It can be used for LAN connection or WAN connection according to the settings configured in WUI.
LAN P1-P5	Connecters for local network devices.
	Connector for installing WLAN antennas.(For ac/ ax model).
PWR	Connector for a power adapter.
ON/ OFF	Power Switch.
	Connector for installing LTE antennas.
SIM Card	Slots for installing SIM card(s).(For L model).

I-1-2 Notes for Antenna Installation (for "L" model)

Antenna must be installed on the extension base before connecting to Vigor router.

The number of antenna used for LTE and 5G-NR models are different.

LTE Model

2 sets (Antenna + Extension Base)

5G-NR Model

4 sets (Antenna + Extension Base)

The antenna with an extension base on the Vigor router must be installed correctly. If only one antenna shall be installed, please use the connector (main signal connector) near the power switch.

LTE Model 5G-NR Model

For installing the SIM card into the card slot, here, we take Vigor2927Lac as an example.

1. While installing the SIM card into the card slot, note that the back plate of the SIM card slot must be removed first.

2. Assemble the SIM1 and SIM2 with the SIM tray. Then insert the SIM tray into the SIM card slot of the router.

Note

If you need to remove SIM1 or SIM2, carefully take them out of the card slot without bending the SIM tray.

Warning

There are two types of antennas provided for Vigor2927Lac, which must be installed in different locations carefully and correctly. Wrong installation might cause bad signal of wireless connection. Therefore, pay attention to the installation of antennas by referring to the following illustration.

I-2 Hardware Installation

I-2-1 Installing Vigor Router

Before starting to configure the router, you have to connect your devices correctly. (For the hardware connection, we take "ac" model as an example.)

1. Connect the DSL interface to the land line jack with a DSL line cable.
   Connect the cable Modem/ DSL Modem/ Media Converter to the WAN port of router with Ethernet cable (RJ-45).
2. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of the router and the other end of the cable (RJ-45) into the Ethernet port on your computer.
3. Connect one end of the power adapter to the router's power port on the rear panel, and the other side into a wall outlet.
4. Power on the device by pressing down the power switch on the rear panel.
5. The system starts to initiate. After completing the system test, the ACT LED will light up and start blinking.

(For the hardware connection, we take "ac" model as an example.)

I-2-2 Wall-Mounted Installation

Vigor router has keyhole type mounting slots on the underside.

1. Drill two holes on the wall. The distance between the holes shall be 168mm.

2. Fit screws into the wall using the appropriate type of wall plug.

Info

The recommended drill diameter shall be 6.5mm (1/4").

1. When you finished about procedure, the router has been mounted on the wall firmly.

I-2-3 Installing USB Printer to Vigor Router

You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows 7. For other Windows system, please visit www.DrayTek.com.

graph TD
    A["Printer Name: 192.168.1.1\nPort Name: IP_192.168.1.1"] --> B["Router (192.168.1.1)"]
    B --> C["Computer 1"]
    B --> D["Computer 2"]
    B --> E["Computer 3"]
    B --> F["Computer 4"]
    B --> G["Internet"]

Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).

1. Connect the printer with the router through USB/parallel port.
2. Open All Programs>>Getting Started>>Devices and Printers.

1. Click Add a printer.

1. A dialog will appear. Click Add a local printer and click Next.

1. In this dialog, choose Create a new port. In the field of Type of port, use the drop down list to select Standard TCP/IP Port. Then, click Next.

1. In the following dialog, type 192.168.1.1 (router's LAN IP) in the field of Hostname or IP Address and type 192.168.1.1 as the Port name. Then, click Next.

1. Click Standard and choose Generic Network Card.

1. Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next.

1. Type a name for the chosen printer. Click Next.

1. Choose Do not share this printer and click Next.

1. Then, in the following dialog, click Finish.

1. The new printer has been added and displayed under Printers and Faxes. Click the new printer icon and click Printer server properties.

1. Edit the property of the new printer you have added by clicking Configure Port.

1. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name.

The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router.

Info

Some printers with the fax/scanning or other additional functions are not supported.

Vigor router supports printing request from computers via LAN ports but not WAN port.

I-3 Accessing Web Page

1. Make sure your PC connects to the router correctly.

You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192.168.1.1. For the detailed information, please refer to the later section - Trouble Shooting of the guide.

1. Open a web browser on your PC and type http://192.168.1.1. The following window will be open to ask for username and password.

1. Please type "admin/admin" as the Username/Password and click Login.

2. Next, the following page will appear. You must change the login password before accessing the web user interface. Please set a password with the highest level of strength for network security.

For security reason, you must change the password before proceeding to the router webpage

New Password

Password Strength:

Strong password requirements:

1. Minimal length is 8 characters.
2. Must use at least 1 Upper and 1 lower character.
3. Must use at least 1 numeric or special character.
4. The Password cannot contain only the character "z".

OK

Info

If you fail to access to the web configuration, please go to "Trouble Shooting" for detecting and solving your problem.

1. Now, the Main Screen will appear. Take Vigor2927Lax-5G as an example.

Info

The home page will be different slightly in accordance with the type of the router you have.

1. The web page can be logged out according to the chosen condition. The default setting is Auto Logout, which means the web configuration system will logout after 5 minutes without any operation. Change the setting for your necessity.

I-4 Dashboard

Dashboard shows the connection status including System Information, IPv4 Internet Access, IPv6 Internet Access, Interface (physical connection), Security and Quick Access.

Click Dashboard from the main menu on the left side of the main page.

A web page with default selections will be displayed on the screen. Refer to the following figure:

Dashboard

System Information

IPv4 LAN Information

IPv4 Internet Access

Interface

Security

10/100M 1G

5G-NR

LTE access mode[None]

Bridge mode

Disabled

Access Tech

LTE

Band

Operator

单位：元

Signal

RSSI:

RSRP: -122 dBm (Poor)

RSRO:

New SMS

Current using SIM

Unknown

Quick Access

System Status

Firmware Upgrade

Dynamic DNS

TR-069

User Management

IM/P2P Block

Schedule

SysLog / Mail Alert

LDAP

RADIUS

Firewall Object Setting

I-4-1 Virtual Panel

On the top of the Dashboard, a virtual panel (simulating the physical panel of the router) displays the physical interface connection. It will be refreshed every five seconds. When you move and click the mouse cursor on LEDs (except ACT), USB ports, WAN2/P6, or LAN1-LAN5 (P1\~P5), related web setting page will be open for you to configure if required.

For detailed information about the LED display, refer to I-1-1 LED Indicators and Connectors.

I-4-2 Name with a Link

A name with a link (e.g., Router Name, Current Time, WAN1\~6 and etc.) below means you can click it to open the configuration page for modification.

I-4-3 Status for LTE

It is a short table which displays current status for

Vigor2927L/ Vigor2927Lac/ V2927L-5G/ V2927Lax-5G including access mode used, access tech adopted, band usage, operator, strength of signal and notification of new SMS received.

I-4-4 Quick Access for Common Used Menu

All the menu items can be accessed and arranged orderly on the left side of the main page for your request. However, some important and common used menu items which can be accessed in a quick way just for convenience.

Look at the right side of the Dashboard. You will find a group of common used functions grouped under Quick Access.

The function links of System Status, Dynamic DDNS, TR-069, User Management, IM/ P2P Block, Schedule, Syslog/ Mail Alert, LDAP, RADIUS, Firewall Object Setting and Data Flow Monitor are displayed here. Move your mouse cursor on any one of the links and click on it. The corresponding setting page will be open immediately.

In addition, quick access for VPN security settings such as Remote Dial-in User and LAN to LAN are located on the bottom of this page. Scroll down the page to find them and use them if required.

Note that there is a plus ( ) icon located on the left side of VPN/LAN. Click it to review the VPN connection(s) used presently.

Host connected physically to the router via LAN port(s) will be displayed with green circles in the field of Connected.

All of the hosts (including wireless clients) displayed with Host ID, IP Address and MAC address indicates that the traffic would be transmitted through LAN port(s) and then the WAN port. The purpose is to perform the traffic monitor of the host(s).

I-4-5 GUI Map

All the functions the router supports are listed with table clearly in this page. Users can click the function link to access into the setting page of the function for detailed configuration. Click the icon on the top of the main screen to display all the functions.

GUI Map

I-4-6 Web Console

It is not necessary to use the telnet command via DOS prompt. The changes made by using web console have the same effects as modified through web user interface. The functions/ settings modified under Web Console also can be reviewed on the web user interface.

Click the Web Console icon on the top of the main screen to open the following screen.

I-4-7 Config Backup

There is one way to store current used settings quickly by clicking the Config Backup icon. It allows you to backup current settings as a file. Such configuration file can be restored by using System Maintenance>>Configuration Backup.

I-4-8 Manual Download

Click this icon to open online user's guide of Vigor router. This document offers detailed information for the settings on web user interface.

I-4-9 Logout

Click this icon to exit the web user interface.

I-4-10 Online Status

Online Status

Physical Connection

Virtual WAN

I-4-10-1 Physical Connection

Such page displays the physical connection status such as LAN connection status, WAN connection status, and so on.

Physical Connection for IPv4 Protocol

Online Status

Physical Connection for IPv6 Protocol

Detailed explanation (for IPv4) is shown below:

Detailed explanation (for IPv6) is shown below:

Info

The words in green mean that the WAN connection of that interface is ready for accessing Internet; the words in red mean that the WAN connection of that interface is not ready for accessing Internet.

I-4-10-2 Virtual WAN

Such page displays the virtual WAN connection information.

Virtual WAN are used by TR-069 management, VoIP service and so on.

The field of Application will list the purpose of such WAN connection.

I-5 Quick Start Wizard

Quick Start Wizard can help you to deploy and use the router easily and quickly.

Go to Wizards>>Quick Start Wizard. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next.

Wizards >> Quick Start Wizard

Enter login password

Please enter an alpha-numeric string as your Password (Max 83 characters)

Old Password

New Password

Confirm Password

Password Strength:

Password Requirements:

1. Must be a minimum of 8 characters.

2. Contain at least three of the following for a strong password:

uppercase letters

lowercase letters

numbers

symbols

Hint: If you want to keep the password unchanged, leave the password blank and press "Next" button to skip this process.

On the next page as shown below, please select the WAN interface that you use. If Ethernet interface is used, please choose WAN1/WAN2; if 3G USB modem is used, please choose WAN3 or WAN4. Then click Next for next step.

Wizards >> Quick Start Wizard

Select WAN Interface

Select WAN Interface:

Display Name:

Physical Mode:

Physical Type:

VLAN Tag insertion:

Tag value

Priority

WAN1

Ethernet

Auto negotiation

Disable

(0\~4095)

(0\~7)

Note: The available WAN interfaces (WAN#, 5G-NR, LTE) will vary according to the model you have.

WAN1, WAN2, WAN3, WAN4, WAN5 and WAN6 will bring up different configuration page. Refer to the following for detailed information.

I-5-1 For WAN1/WAN2 (Ethernet)

WAN1/ WAN2 can be configured for physical mode of Ethernet.

Wizards >> Quick Start Wizard

Select WAN Interface

< Back Next > Finish Cancel

Available settings are explained as follows:

On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step.

Ethernet WAN1/2 - PPPoE

1. Choose WAN1 as the WAN Interface and choose Ethernet as the Physical Mode. Click the Next button. The following page will be open for you to specify Internet Access Type.

Quick Start Wizard

Connect to Internet

1. Click PPPoE as the Internet Access Type. Then click Next to continue.

Quick Start Wizard

PPPoE Client Mode

Available settings are explained as follows:

1. Please manually enter the Username/ Password provided by your ISP. Click Next for viewing summary of such connection.

Wizards >> Quick Start Wizard

Please confirm your settings:

WAN Interface:

WAN1

Physical Mode:

Ethernet

Physical Type:

Auto negotiation

Internet Access:

PPPoE

Click Back to modify changes if necessary. Otherwise, click Finish to save the current settings and restart the Vigor router.

1. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Quick Start Wizard Setup OK!

1. Now, you can enjoy surfing on the Internet.

Ethernet WAN1/2 - PPTP/L2TP

1. Choose WAN1 as the WAN Interface and choose Ethernet as the Physical Mode. Click the Next button. The following page will be open for you to specify Internet Access Type.

Quick Start Wizard

Connect to Internet

WAN 1 Select one of the following Internet Access types provided by your ISP.

1. Click PPTP/L2TP as the Internet Access Type. Then click Next to continue.

Quick Start Wizard

PPTP Client Mode

WAN 1

Enter the username, password, WAN IP configuration and PPTP server IP provided by your ISP.

Username

Password

Confirm Password

WAN IP Configuration

Obtain an IP address automatically
○ Specify an IP address

IP Address

Subnet Mask

Gateway

Primary DNS

Second DNS

PPTP Server

192.168.124.14

255.255.255.0

192.168.124.1

8.8.8.8

8.8.4.4

Available settings are explained as follows:

1. Please Enter the IP address/ mask/ gateway information originally provided by your ISP. Then click Next for viewing summary of such connection.

Wizards >> Quick Start Wizard

Please confirm your settings:

1. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Quick Start Wizard Setup OK!

1. Now, you can enjoy surfing on the Internet.

Ethernet WAN1/2 - Static IP

1. Choose WAN1 as the WAN Interface and choose Ethernet as the Physical Mode. Click the Next button. The following page will be open for you to specify Internet Access Type.

Quick Start Wizard

Connect to Internet

1. Click Static IP as the Internet Access type. Simply click Next to continue.

Quick Start Wizard

Static IP Client Mode

Available settings are explained as follows:

1. Please Enter the IP address information originally provided by your ISP. Then click Next for next step.

Wizards >> Quick Start Wizard

Please confirm your settings:

WAN Interface:

WAN1

Physical Mode:

Ethernet

Physical Type

Auto negotiation

Internet Access:

Static IP

Click Back to modify changes if necessary. Otherwise, click Finish to save the current settings and restart the Vigor router.

1. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Quick Start Wizard Setup OK!

1. Now, you can enjoy surfing on the Internet.

Ethernet WAN1/2 - DHCP

1. Choose WAN1 as the WAN Interface and choose Ethernet as the Physical Mode. Click the Next button. The following page will be open for you to specify Internet Access Type.

Quick Start Wizard

Connect to Internet

WAN 1 Select one of the following Internet Access types provided by your ISP.

1. Click DHCP as the Internet Access type. Simply click Next to continue.

Quick Start Wizard

DHCP Client Mode

WAN 1 If your ISP requires you to enter a specific host name or specific MAC address, please enter it in.

Available settings are explained as follows:

1. After finished the settings above, click Next for viewing summary of such connection.

Wizards >> Quick Start Wizard

Please confirm your settings:

WAN Interface:

WAN1

Physical Mode:

Ethernet

Physical Type:

Auto negotiation

Internet Access:

DHCP

Click Back to modify changes if necessary. Otherwise, click Finish to save the current settings and restart the Vigor router.

1. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Quick Start Wizard Setup OK!

1. Now, you can enjoy surfing on the Internet.

I-5-2 For WAN3/WAN4 (Wireless 2.4G/Wireless 5G)

WAN3/ WAN4 shall be used for wireless (2.4G or 5G) connection.

Wireless WAN3/WAN4 - Static IP

1. Choose WAN3/WAN4 as WAN Interface and choose Wireless 2.4G or Wireless 5G as the physical mode.

Quick Start Wizard

Select WAN Interface

Select WAN Interface:

Display Name:

Physical Mode:

Physical Type:

WAN3

Wireless 2.4G

Auto negotiation

or

Quick Start Wizard

Select WAN Interface

Select WAN Interface:

Display Name:

Physical Mode:

Physical Type:

WAN4

Wireless 5G

Auto negotiation

1. Then, click Next for getting the following page.

Quick Start Wizard

Connect to Internet

WAN 3

Select one of the following Internet Access types.

Static IP

○ DHCP

1. After click Static IP as the Internet Access type, you will get the following page. Enter the required information and click Next to continue.

Quick Start Wizard

Static IP Client Mode

WAN 3

Enter the Static IP configuration.

WAN IP

172.16.3.8

Subnet Mask

255.255.255.0

Gateway

172.16.3.7

Available settings are explained as follows:

1. From the following page, enter the SSID of an existed AP as the wireless connection server for this WAN. Or click AP Discovery to find an access point as the server for this WAN interface. Click Next to continue.

Wizards >> Quick Start Wizard

Connect to Internet

WAN 3

Enter the AP configuration that router wants to connect.

SSID

MAC Address (Optional)

Channel

Security Mode

1. Then, a summary of the connection will be shown on the screen.

Quick Start Wizard

Please confirm your settings:

WAN Interface:

WAN3

Physical Mode:

Wireless 2.4G

Internet Access:

Static IP

Click Back to modify changes if necessary. Otherwise, click Finish to save the current settings and restart the Vigor router.

1. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Quick Start Wizard Setup OK!

1. Now, you can enjoy surfing on the Internet.

Wireless WAN3/WAN4 - DHCP

1. Choose WAN3/WAN4 as WAN Interface and choose Wireless 2.4G or Wireless 5G as the physical mode.

Quick Start Wizard

Select WAN Interface

or

Quick Start Wizard

Select WAN Interface

1. Then, click Next for getting the following page.

Quick Start Wizard

Connect to Internet

WAN 3

Select one of the following Internet Access types.

○ Static IP

DHCP

1. After click DHCP as the Internet Access type, you will get the following page. Eenter the SSID of an existed AP as the wireless connection server for this WAN. Or click AP Discovery to find an access point as the server for this WAN interface. Click Next to continue.

Quick Start Wizard

Connect to Internet

WAN 3

Enter the AP configuration that router wants to connect.

SSID

MAC Address (Optional)

Channel :

Security Mode

Encryption Mode

Pass Phrase

Available settings are explained as follows:

1. Then, a summary of the connection will be shown on the screen.

Quick Start Wizard

Please confirm your settings:

WAN Interface:

WAN3

Physical Mode:

Wireless 2.4G

Internet Access:

DHCP

Click Back to modify changes if necessary. Otherwise, click Finish to save the current settings and restart the Vigor router.

1. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Quick Start Wizard Setup OK!

1. Now, you can enjoy surfing on the Internet.

I-5-3 For WAN5/WAN6 (USB)

WAN3/ WAN4 is dedicated to physical mode in USB.

1. Choose WAN5/WAN6 as WAN Interface. For "L" model, the WAN5 will be changed as LTE.

Quick Start Wizard

WAN Interface

1. Then, click Next for getting the following page.

Quick Start Wizard

Connect to Internet

Available settings are explained as follows:

1. Then, click Next for viewing summary of such connection.

Wizards >> Quick Start Wizard

Please confirm your settings:

WAN Interface:

WAN6

Physical Mode:

USB

Internet Access:

PPP

Click Back to modify changes if necessary. Otherwise, click Finish to save the current settings and restart the Vigor router.

1. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Quick Start Wizard Setup OK!

1. Now, you can enjoy surfing on the Internet.

I-6 Service Activation Wizard

Service Activation Wizard can guide you to activate WCF service (Web Content Filter) with a quick and easy way. For the Service Activation Wizard is only available for admin operation, therefore, please type "admin/admin" on Username/Password while Logging into the web user interface.

Service Activation Wizard is a tool which allows you to use trial version of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com. For using Web Content Filter Profile, please refer to later section Web Content Filter Profile for detailed information.

Now, follow the steps listed below to activate WCF feature for your router.

Info

Such function is available only for Admin Mode.

1. Open Wizards>>Service Activation Wizard.

1. The screen of Service Activation Wizard will be shown as follows. You can activate the Web content filter services and/or APPE enforcement service and/or DDNS service at the same time or individually. When you finish the selection, please click Next.

Service Activation Wizard

Select the service type that you want to activate

Info

• BPjM is web content filter (WCF) for German Speaking users. It is ideal for your family to provide more Internet security for youngsters.
  ● Cryan 30-day trial is WCF which offers 30-day trial period.
  ● DT-APPE, developed by DrayTek, offers a mechanism to upgrade APPE signature automatically.

• DT-DDNS, developed by DrayTek, offers one year free charge service of dynamic DNS service for internal use.

• Setting confirmation page will be displayed as follows, please click Activate.

Service Activation Wizard

Please confirm your settings

Sevice Type : Trial version
Sevice Activated : Web Content Filter (Cyren / Commtouch)
APP Enforcement (DT-APPE)
Dynamic DNS (2018042313200201.drayddns.com) 

Please click Back to re-select service type you to activate. 

Info

The service will be activated and applied as the default rule configured in Firewall>>General Setup.

1. Now, the web page will display the service that you have activated according to your selection(s).

Service Activation Wizard

Please confirm your settings

Sevice Type : Trial version
Sevice Activated : Web Content Filter (Cyren / Commtouch)
APP Enforcement (DT-APPE)
Dynamic DNS (2018042313200201.drayddns.com) 

Please click Back to re-select service type you to activate. 

I-7 Registering Vigor Router

You have finished the configuration of Quick Start Wizard and you can surf the Internet at any time. Now it is the time to register your Vigor router to MyVigor website for getting more service. Please follow the steps below to finish the router registration.

1 Please login the web configuration interface of Vigor router by typing "admin/admin" as User Name / Password.

2 Click MyVigor Services>>Production Registration from the home page.

MyVigor Services Product Registration Service Status

3 A Login page will be shown on the screen. Please Enter the account and password that you created previously. And click Login.

Info

If you haven't an accessing account, please refer to section Creating an Account for MyVigor to create your own one. Please read the articles on the Agreement regarding user rights carefully while creating a user account.

4 The following page will be displayed after you logging in MyVigor. Type a nickname for the router, then click Submit.

5 When the following page appears, your router information has been added to the database. Your router has been registered to myvigor website successfully.

graph TD
    A["License Status"] --> B["License Action"]
    B --> C["Activate License"]
    C --> D["Force Sync"]
    D --> E["License History"]
    E --> F["Today 2019-12-26"]
    F --> G["Product Registration 2019-12-26"]

6 Clicking MYPRODUCT for viewing the general information of the registered router on MyVigor website.

This page is left blank.

Part II Connectivity

WAN

LAN

NAT

Applications

Routing

It means wide area network. Public IP will be used in WAN.

It means local area network. Private IP will be used in LAN. Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP.

When the data flow passing through, the Network Address Translation (NAT) function of the router will dedicate to translate public/private addresses, and the packets will be delivered to the correct host PC in the local area network.

DNS, LAN DNS, LDAP, UPnP, IGMP, Wake on LAN/WAN, RADIUS/TACACS+, SMS/ Mail Alert, Bonjour, High Availability, Local 802.1x

Static Route, Load-Balance/ Route Policy, BGP

It allows users to access Internet.

Basics of Internet Protocol (IP) Network

IP means Internet Protocol. Every device in an IP-based Network including routers, print server, and host PCs, needs an IP address to identify its location on the network. To avoid address conflicts, IP addresses are publicly registered with the Network Information Centre (NIC). Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP/IP local area networks (LANs), such as host PCs under the management of a router since they do not need to be accessed by the public. Hence, the NIC has reserved certain addresses that will never be registered publicly. These are known as private IP addresses, and are listed in the following ranges:

From 10.0.0.0 to 10.255.255.255

From 172.16.0.0 to 172.31.255.255

From 192.168.0.0 to 192.168.255.255

What are Public IP Address and Private IP Address

As the router plays a role to manage and further protect its LAN, it interconnects groups of host PCs. Each of them has a private IP address assigned by the built-in DHCP server of the Vigor router. The router itself will also use the default private IP address: 192.168.1.1 to communicate with the local hosts. Meanwhile, Vigor router will communicate with other network devices through a public IP address. When the data flow passing through, the Network Address Translation (NAT) function of the router will dedicate to translate public/private addresses, and the packets will be delivered to the correct host PC in the local area network. Thus, all the host PCs can share a common Internet connection.

Get Your Public IP Address from ISP

In ADSL deployment, the PPP (Point to Point)-style authentication and authorization is required for bridging customer premises equipment (CPE). Point to Point Protocol over Ethernet (PPPoE) connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator. This implementation provides users with significant ease of use. Meanwhile it provides access control, billing, and type of service according to user requirement.

When a router begins to connect to your ISP, a serial of discovery process will occur to ask for a connection. Then a session will be created. Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP.

Network Connection by 3G/4G USB Modem

For 3G/4G mobile communication through Access Point is popular more and more, Vigor2927 adds the function of 3G/4G network connection for such purpose. By connecting 3G/4G USB Modem to the USB port of Vigor2927, it can support LTE/HSDPA/UMTS/EDGE/GPRS/GSM and the future 3G/4G standard (HSUPA, etc). Vigor2927n with 3G/4G USB Modem allows you to receive 3G/4G signals at any place such as your car or certain location holding outdoor activity and share the bandwidth for using by more people. Users can use LAN ports on the router to access Internet. Also, they can access Internet via 802.11(a/b/g/n/ac) wireless standard, and enjoy the powerful firewall, bandwidth management, and VPN features of Vigor2927n series.

graph TD
    A["Coffee Bus"] -->|Wireless Signal| B["3G/4G Router"]
    B --> C["Internet"]
    C -->|Wireless Signal| A
    D["Smartphone"] -->|Wireless Signal| B

After connecting into the router, 3G/4G USB Modem will be regarded as the WAN3/WAN4 port. However, the original WAN1 and WAN2 still can be used and Load-Balance can be done in the router. Besides, 3G/4G USB Modem in WAN3/WAN4 also can be used as backup device. Therefore, when WAN1 and WAN2 are not available, the router will use 3.5G for supporting automatically. The supported 3G/4G USB Modem will be listed on DrayTek web site. Please visit www.draytek.com for more detailed information.

Web User Interface

WAN

General Setup

Internet Access

Multi-VLAN

WAN Budget

II-1-1 General Setup

This section will introduce some general settings of Internet and explain the connection modes for WAN1, WAN2, WAN3, WAN4, WAN5/LTE and WAN6 in details.

This router supports multiple-WAN function. It allows users to access Internet and combine the bandwidth of the multiple WANs to speed up the transmission through the network. Each WAN port can connect to different ISPs, even if the ISPs use different technology to provide telecommunication service (such as DSL, Cable modem, etc.). If any connection problem occurred on one of the ISP connections, all the traffic will be guided and switched to the normal communication port for proper operation. Please configure WAN1, WAN2, WAN3, WAN4, WAN5/LTE and WAN6 settings.

This webpage allows you to set general setup for WAN1, WAN2, WAN3, WAN4, WAN5/LTE and WAN6 respectively.

WAN >> General Setup

General Setup

Load Balance Setup Advance

Note:

1. Latency, jitter, and packet-loss require setting Link Condition Detection in each WAN setting page.

2. When WAN2 is not Ethernet, P6 port will be used as LAN.

OK Cancel

Or

WAN >> General Setup

Load Balance Setup Advanced

Note

1. Latency, jitter, and packet-loss require setting Link Condition Detection in each WAN setting page

2. When Physical Mode/Type of WAN2 is not Ethernet or WAN2 is disabled, P6 port will be used as LAN

OK Cancel

Available settings are explained as follows:

Item Description
Index	Click the WAN interface link under Index to access into the WAN configuration page.
Enable	V means such WAN interface is enabled and ready to be used.
Physical Mode / Type	Display the physical mode and physical type of such WAN interface.
Bandwidth(Kbps)DownLink/UpLink	Display the downstream and upstream rate of such WAN interface.
Active Mode	Display whether such WAN interface is Active device or backup device.Backup (WAN#) - Display the backup WAN interface for such WAN when it is disabled.
Load Balance	Select to enable the load balance function.
Load Balance Setup	Advance - Load Balance for the traffic of STUN, google STUN, and SIP are disabled in default to prevent from conflict. The following dialog allows you to define protocol, port and name for the traffic not to be applied with load balance. That is, when an item is enabled (checked), it might not be affected by load balance.
Mode	IP Based - The same source / destination IP pair will select the same WAN interface as policy. It is the default setting.Session Based- All of the WAN interfaces will be used (as out-going WAN) for passing through new sessions to get better transmission speed. Though good speed test result for throughput might be reached; however, some web site may not open smoothly, especially the site need authentication, e.g., FTP.If you have no strong demand about speed test result, keep default settings as IP based.
Line Speed	This option is available for multiple-WAN for getting enough bandwidth for each WAN port. If you know the practical bandwidth for your WAN interface, please choose the setting of According to Line Speed. Otherwise, please choose Auto Detect to let the router reach the best load balance.
Load Balance Weights	There are four weight types for choosing to meet your request.Custom - You can distribute the usage ratio for each WAN interface by setting weights for bandwidth, latency, jitter,

and packet loss respectively.

• Upload / Download Bandwidth - The higher the weight is, the WAN interface with higher bandwidth will get higher usage.
• Low Latency - It defines the time taken by Vigor router when sending the packets to the IP set in Link Condition Detection. The higher the weight is, the WAN interface with lower latency will get higher usage.
• Low Jitter - It defines the change rate of latency. For stable session, small jitter value will be better. The higher the weight is, the WAN interface with lower jitter will get higher usage.
  ● Less Packet Loss - It defines the proportion that packets will be discarded before arriving at the IP set in Link Condition Detection. The higher the weight is, the WAN interface with lower packet loss will get higher usage.

Bandwidth-Based - The load balance weight for each WAN will be executed according to line speed setting (DownLink/ UpLink Rate). This is default setting.

Quality-Based - The load balance weight for each WAN will be executed according to the transmission rate, latency time and the jitter time.

Reliabilitiy-Based - The load balance weight for each WAN will be executed according to line speed and packet loss value. Usually, the WAN interface with low packet loss will have the higher ratio to be used.

Info

Some router (e.g., Vigor2927 or Vigor2927Lax-5G) does not support WAN3 and WAN4.

After finished the above settings, click OK to save the settings.

II-1-1-1 WAN1/WAN2 (Ethernet)

WAN1/ WAN2 can be configured for physical mode of Ethernet.

WAN >> General Setup

WAN 1

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-1-2 WAN3/WAN4 (Wireless 2.4G or 5G)

WAN3/ WAN4 can be configured for physical mode of Wireless 2.4G or Wireless 5G.

WAN >> General Setup

WAN 3

Note:

The line speed setting of WAN interface is available only when According to Line Speed is selected as the Load Balance Mode.

OK

Cancel

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-1-3 WAN5 / WAN6 (USB) or LTE or 5G-NR

To use 3G/4G network connection through 3G/4G USB Modem, please configure WAN5 or LTE / WAN6 interface.

WAN >> General Setup

WAN 6

Note:
The line speed setting of WAN interface is available only when According to Line Speed is selected as the Load Balance Mode.

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-2 Internet Access

For the router supports multi-WAN function, the users can set different WAN settings for Internet Access. Due to different Physical Mode for WAN interface, the Access Mode for these connections also varies. Refer to the following figures for examples.

Access Mode for Etherenet,

WAN >> Internet Access

Internet Access

Note:

1. Device on USB port 1 applies WAN5 configuration.

2. Device on USB port 2 applies WAN6 configuration.

DHCP Client Option

Access Mode for Wireless 2.4G/5G,

WAN >> Internet Access

Internet Access

Note:

1. Device on USB port 2 applies WAN6 configuration.

DHCP Client Option

Access Mode for 5G-NR

WAN >> Internet Access

Internet Access

Note:

1. Device on USB port 2 applies WAN6 configuration.

DHCP Client Option

Access Mode for USB,

WAN >> Internet Access

Internet Access

Note:

1.Device on USB port 1 applies WAN5 configuration

2.Device on USB port 2 applies WAN6 configuration.

DHCP Client Option

None

3G/4G USB Modem(PPP mode)

3G/4G USB Modem(DHCP mode)

Available settings are explained as follows:

Note:

1. Option 12 is reserved. You cannot configure it here, but you can configure it in "Router Name" field of "WAN >> internet Access >> Details Page".
   2 Option 55 is reserved and configured with value 1, 3, 6, 15 and 212, also 33 and 121 for some models.
2. Configuring option 61 here will override the setting in "WAN >> Internet Access" page's DHCP Client Identifier field.
3. Hexadecimal Digit: Input the hexadecimal representation of ASCII Character data. e.g. Option 16, Data:2f70617468 (/path)

4. Address List: Data column supports maximum 339 characters or 15 IP addresses

5. Address LLC Data Column supports maximum 239 characters of 15 IP addresses

Enable/Disable - Enable/Disable the function of DHCP Option. Each DHCP option is composed by an option number with data. For example,

Option number:100

Data: abcd

When such function is enabled, the specified values for DHCP option will be seen in DHCP reply packets.

Interface - Specify the WAN interface(s) that will be overwritten by such function. WAN7 \~ WAN9 can be located under WAN>>Multi-PVC/VLAN.

Option Number - Type a number for such function.

DataType - Choose the type (ASCII or Hex) for the data to be stored.

Data - Enter the content of the data to be processed by the function of DHCP option.

Info

If you choose to configure option 61 here, the detailed settings in WAN>>Interface Access will be overwritten.

II-1-2-1 Details Page for PPPoE in WAN1/WAN2 (Physical Mode: Ethernet)

To choose PPPoE as the accessing protocol of the Internet, please select PPPoE from the WAN>>Internet Access >>WAN1/2 page. The following web page will be shown.

WAN >> Internet Access

WAN 1

Note:

1. (Optional) Required for some ISPs. Leave blank if in doubt because the connection request might be denied if "Service Name" is incorrect.
2. VPN feature may be affected when the value of MTU is changed, please also check your value of VPN MSS in "VPN and Remote Access >> PPP General Setup" or "VPN and Remote Access >> IPsec General Setup" page.

We recommend to put the same decreased value on VPN MSS. For example, reducing the MTU from 1500 -> 1400, then it will need to reduct 100 from MSS value.

Available settings are explained as follows:

Item Description
Enable/Disable	Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
ISP Access Setup	Enter your allocated username, password and authentication parameters according to the information provided by your ISP.Service Name (Optional) - Enter the description of the specific network service.Usage - Enter the username provided by ISP in this field.The maximum length of the user name you can set is 63 characters.Password - Enter the password provided by ISP in this field.The maximum length of the password you can set is 62 characters.Index (1-15) in Schedule Setup - You can Enter four sets of time schedule for your request. All the schedules can be set previously in Applications >> Schedule web page and youcan use the number that you have set in that web page.
PPPoE Pass-through	The router offers PPPoE dial-up connection. Besides, you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router. When PPPoA protocol is selected, the PPPoE package transmitted by PC will be transformed into PPPoA package and sent to WAN server. Thus, the PC can access Internet through such direction.For Wired LAN - If you check this box, PCs on the same network can use another set of PPPoE session (different with the Host PC) to access into Internet.For Wireless LAN - It is available for n model. If you check this box, PCs on the same wireless network can use another set of PPPoE session (different with the Host PC) to access into Internet.Note: To have PPPoA Pass-through, please choose PPPoA protocol and check the box(es) here. The router will behave like a modem which only serves the PPPoE client on the LAN. That's, the router will offer PPPoA dial-up connection.
WAN Connection Detection	Such function allows you to verify whether network connection is alive or not through PPP Detect or Ping Detect.Mode - Choose PPP Detect or Ping Detect for the system to execute for WAN detection. If you choose Ping Detect as the detection mode, you have to type required settings for the following items.Primary/Secondary Ping IP - If you choose Ping Detect as detection mode, you have to type Primary or Secondary IP address in this field for pinging.Ping Gateway IP - If you choose Ping Detect as detection mode, you also can enable this setting to use current WAN gateway IP address for pinging.With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.TTL (Time to Live) - Set TTL value of PING operation.Ping Interval - Enter the interval for the system to execute the PING operation.Ping Retry - Enter the number of times that the system is allowed to execute the PING operation before WAN disconnection is judged.
MTU	It means Max Transmit Unit for packet.Path MTU Discovery - It is used to detect the maximum MTU size of a packet not to be segmented in specific transmit path.Click Detect to open the following dialog.Path MTU to - Enter the IP address as the specific transmit path.MTU size start from - Determine the starting point value of the packet. Default setting is 1500.MTU reduce size by - It determines the decreasing sizeof MTU value. For example, the number specified in this field is “8”. The maximum MTU size is “1500”. After clicking the “detect” button, the system will calculate and get the suitable MTU value such as 1500, 1492, 1484 and etc., automatically.Detect- Click it to detect a suitable MTU valueAccept- After clicking it, the detected value will be displayed in the field of MTU.
TTL	Change the TTL value - Enable or disable the TTL (Time to Live) for a packet transmitted through Vigor router.En able - TTL value will be reduced (-1) when it passes through Vigor router. It will cause the client, accessing Internet through Vigor router, be blocked by certain ISP when TTL value becomes “0”.Disable - TTL value will not be reduced. Then, when a packet passes through Vigor router, it will not be cancelled. That is, the client who sends out the packet will not be blocked by ISP.
PPP/MP Setup	PPP Authentication - Select PAP only or PAP / CHAP / MS-CHAP / MS-CHAPv2 for PPP.Idle Timeout - Set the timeout for breaking down the Internet after passing through the time without any action.IP Address Assignment Method (IPCP)- Usually ISP dynamically assigns IP address to you each time you connect to it and request. In some case, your ISP provides service to always assign you the same IP address whenever you request. In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function.WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 32 public IP addresses other than the current one you are using. Enter the additional WAN IP address and check the Enable box. Then click OK to exit the dialog.Fixed IP Address - Enter a fixed IP address.Default MAC Address - Enter MAC address for the router. Youcan use Default MAC Address or specify another MAC address for your necessity.Specify a MAC Address – Enter the MAC address for the router manually.

After finishing all the settings here, please click OK to activate them.

II-1-2-2 Details Page for Static or Dynamic IP in WAN1/WAN2 (Physical Mode: Ethernet)

For static IP mode, you usually receive a fixed public IP address or a public subnet, namely multiple public IP addresses from your DSL or Cable ISP service providers. In most cases, a Cable service provider will offer a fixed public IP, while a DSL service provider will offer a public subnet. If you have a public subnet, you could assign an IP address or many IP address to the WAN interface.

To use Static or Dynamic IP as the accessing protocol of the internet, please click the Static or Dynamic IP tab. The following web page will be shown.

WAN >> Internet Access

WAN 1

*: Required for some ISPs

Note:

1. If enable firewall in bridge mode, IPv6 connection type would be change to DHCPv6 mode.
2. Bridge Subnet cannot be selected by Multi-WAN Interface at the same time.
3. If both Bridge Mode and Firewall are enabled, the settings under User Management will be ignored.
4. Full Bridge Mode supports forwarding packets with VLAN tags.
5. Full Bridge Mode doesn't support wireless LAN.

OK Cancel

Available settings are explained as follows:

Item Description
Enable / Disable	Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
Keep WAN Connection	Normally, this function is designed for Dynamic IP environments because some ISPs will drop connections ifthere is no traffic within certain periods of time. Check Enable PING to keep alive box to activate this function.PING to the IP - If you enable the PING function, please specify the IP address for the system to PING it for keeping alive.PING Interval - Enter the interval for the system to execute the PING operation.
WAN Connection Detection	Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect.Mode - Choose ARP Detect, Ping Detect or Always On for the system to execute for WAN detection. If you choose Ping Detect as the detection mode, you have to type required settings for the following items.Primary/Secondary Ping IP - If you choose Ping Detect as detection mode, you have to type Primary or Secondary IP address in this field for pinging.Ping Gateway IP - If you choose Ping Detect as detection mode, you also can enable this setting to use current WAN gateway IP address for pinging.With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.TTL (Time to Live) - Set TTL value of PING operation.Ping Interval - Enter the interval for the system to execute the PING operation.Ping Retry - Enter the number of times that the system is allowed to execute the PING operation before WAN disconnection is judged.
MTU	It means Max Transmit Unit for packet.Path MTU Discovery - It is used to detect the maximum MTU size of a packet not to be segmented in specific transmit path.Click Detect to open the following dialog.Note: Path MTU discovery will reduce the MTU size for 3 times.Accept CancelPath MTU to - Enter the IP address as the specific transmit path.MTU size start from - Determine the starting point value of the packet. Default setting is 1500.MTU reduce size by - It determines the decreasing size of MTU value. For example, the number specified in this field is “8”. The maximum MTU size is “1500”. After clicking the “detect” button, the system will calculate and get the suitable MTU value such as 1500, 1492, 1484 and etc., automatically.Detect - Click it to detect a suitable MTU valueAccept - After clicking it, the detected value will bedisplayed in the field of MTU.
RIP Protocol	Routing Information Protocol is abbreviated as RIP (RFC1058)specifying how routers exchange routing tables information.Click Enable RIP for activating this function.
Bridge Mode	Enable Full Bridge Mode - If the function is enabled, the router will work as a bridge modem which is able to forward incoming packets with VLAN tags.Enable Bridge Mode - If the function is enabled, the router will work as a bridge modem. Yet, the incoming packets with VLAN tags will be discarded.Enable Firewall - It is available when Bridge Mode is enabled. When both Bridge Mode and Firewall check boxes are enabled, the settings configured (user profiles) under User Management will be ignored. And all of the filter rules defined and enabled in Firewall menu will be activated.Bridge Subnet - Make a bridge between the selected LAN subnet and such WAN interface.
TTL	Change the TTL value - Enable or disable the TTL (Time to Live) for a packet transmitted through Vigor router.I f enabled - TTL value will be reduced (-1) when it passes through Vigor router. It will cause the client, accessing Internet through Vigor router, be blocked by certain ISP when TTL value becomes “0”.I f disabled - TTL value will not be reduced. Then, when a packet passes through Vigor router, it will not be cancelled. That is, the client who sends out the packet will not be blocked by ISP.
WAN IP Network Settings	This group allows you to obtain an IP address automatically and allows you Enter IP address manually.WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 32 public IP addresses other than the current one you are using.Obtain an IP address automatically - Click this button to obtain the IP address automatically if you want to use Dynamic IP mode.Router Name: Enter the router name provided by ISP.Domain Name: Enter the domain name that you have assigned.DHCP Client Identifier: Check the box to specify username and password as the DHCP client identifier for some ISP.Usage: Type a name as username. The maximum length of the user name you can set is 63 characters.Password: Type a password. The maximum length of the password you can set is 62 characters.Specify an IP address - Click this radio button to specify some data if you want to use Static IP mode.IP Address: Enter the IP address.Subnet Mask: Enter the subnet mask.Gateway IP Address: Enter the gateway IP address.Default MAC Address: Click this radio button to use default MAC address for the router.Specify a MAC Address: Some Cable service providers specify a specific MAC address for access authentication. Insuch cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field.
DNS Server IP Address	Enter the primary IP address for the router if you want to use Static IP mode. If necessary, Enter secondary IP address for necessity in the future.

After finishing all the settings here, please click OK to activate them.

II-1-2-3 Details Page for PPTP/L2TP in WAN1/WAN2 (Physical Mode: Ethernet)

To use PPTP/L2TP as the accessing protocol of the internet, please click the PPTP/L2TP tab. The following web page will be shown.

WAN >> Internet Access

WAN 1

OK

Cancel

Available settings are explained as follows:

	92.168.1.1/doc/pathmtu.htmPath MTU to: IPv4 Host•MTU size start from MTU reduce size by Note: Path MTU discovery will reduce the MTU size for 3 times.Accept CancelPath MTU to - Enter the IP address as the specific transmit path.MTU size start from - Determine the starting point value of the packet. Default setting is 1500.MTU reduce size by- It determines the decreasing size of MTU value. For example, the number specified in this field is “8”. The maximum MTU size is “1500”. After clicking the “detect” button, the system will calculate and get the suitable MTU value such as 1500, 1492, 1484 and etc., automatically.Detect - Click it to detect a suitable MTU valueAccept - After clicking it, the detected value will be displayed in the field of MTU.
PPP/MP Setup	PPP Authentication - Select PAP only or PAP / CHAP / MS-CHAP / MS-CHAPv2 for PPP.Idle Timeout - Set the timeout for breaking down the Internet after passing through the time without any action.IP Address Assignment Method (IPCP)- Usually ISP dynamically assigns IP address to you each time you connect to it and request. In some case, your ISP provides service to always assign you the same IP address whenever you request. In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function.WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 32 public IP addresses other than the current one you are using. Enter the additional WAN IP address and check the Enable box. Then click OK to exit the dialog.Fixed IP Address - Enter a fixed IP address.
WAN IP Network Settings	Obtain an IP address automatically - Click this button to obtain the IP address automatically.Specify an IP address - Click this radio button to specify some data.IP Address - Enter the IP address.Subnet Mask - Enter the subnet mask.

92.168.1.1/doc/pathmtu.htm

After finishing all the settings here, please click OK to activate them.

II-1-2-4 Details Page for WAN3/WAN4 (Physical Mode: Wireless 2.4G/ Wireless 5G)

When Wireless 2.4G is selected as Physical Mode, WAN uses wireless station mode to access Internet. The Router acts as a 2.4GHz wireless station and connects to the specific Wireless AP.

Info

WAN3/ WAN4 (Wireless WAN) is not available for "ax" model.

Open WAN>>Internet Access>>WAN3/4 page. The following web page will be shown.

WAN >> Internet Access

WAN 3

Static or Dynamic IP

Enable

○ Disable

Obtain an IP address automatically

○ Specify an IP address

IP Address

Subnet Mask

Gateway IP Address

192.168.98.46

255.255.255.0

192.168.98.1

WAN Connection Detection

Mode

ARP Detect

MTU

1500 (Max:1500)

Universal Repeater Parameters

SSID

MAC Address (Optional)

Channel :

Security Mode

Encryption Mode

Pre-Shared Key(PSK)

guests

16:49:BC:53:FE:38

Channel 1, 2412MHz

WPA2/PSK

AES

•••••••••

AP Discovery

Note: If Channel is modified, the Channel setting of wireless 2.4G would be also modified.

OK

Cancel

Available settings are explained as follows:

After finishing all the settings here, please click OK to activate them.

II-1-2-5 Details Page for 3G/4G USB Modem (PPP mode) in WAN5 / WAN6

To use 3G/4G USB Modem (PPP mode) as the accessing protocol of the internet, please choose Internet Access from WAN menu. Then, select 3G/4G USB Modem (PPP mode) for WAN5/WAN6. The following web page will be shown.

Available settings are explained as follows:

Item Description
Modem Support List	It lists all of the modems supported by such router.
3G /4G USB Modem (PPP)mode)	Click Enable for activating this function. If you click Disable,this function will be closed and all the settings that you adjusted in this page will be invalid.
SIM PIN code	Type PIN code of the SIM card that will be used to access Internet.The maximum length of the PIN code you can set is 15 characters.
Modem Initial String	Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP.The maximum length of the string you can set is 47 characters.
APN Name	APN means Access Point Name which is provided and required by some ISPs. Enter the name and clickApply.The maximum length of the name you can set is 43 characters.
Modem Initial String2	The initial string 1 is shared with APN.In some cases, user may need another initial AT command to restrict 3G band or do any special settings.The maximum length of the string you can set is 47 characters.
Modem Dial String	Such value is used to dial through USB mode. Please use the default value. If you have any question, please contact to your ISP.The maximum length of the string you can set is 31 characters.
Service Name	Enter the description of the specific network service.
PPP Username	Enter the PPP username (optional). The maximum length of the name you can set is 63 characters.
PPP Password	Enter the PPP password (optional). The maximum length of the password you can set is 62 characters.
PPP Authentication	Select PAP only or PAP or CHAP for PPP.
Index (1-15) in Schedule Setup	Set the wireless LAN to work at certain time interval only.You may choose up to 4 schedules out of the 15 schedules pre-defined inApplications >> Schedule setup. The default setting of this field is blank and the function will always work.
WAN Connection Detection	Such function allows you to verify whether network connection is alive or not through PPP Detect or Ping Detect.Mode - Choose PPP Detect or Ping Detect for the system to execute for WAN detection. If you choose Ping Detect as the detection mode, you have to type required settings for the following items.Primary/Secondary Ping IP - If you choose Ping Detect as detection mode, you have to type Primary or Secondary IP address in this field for pinging.Ping Gateway IP - If you choose Ping Detect as detection mode, you also can enable this setting to use current WAN gateway IP address for pinging.With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.TTL (Time to Live) - Set TTL value of PING operation.● Ping Interval - Enter the interval for the system to execute the PING operation. ● Ping Retry - Enter the number of times that the system is allowed to execute the PING operation before WAN disconnection is judged.

After finishing all the settings here, please click OK to activate them.

II-1-2-6 Details Page for 3G/4G USB Modem (DHCP mode) in WAN5 / WAN6

To use 3G/4G USB Modem (DHCP mode) as the accessing protocol of the internet, please choose Internet Access from WAN menu. Then, select 3G/4G USB Modem (DHCP mode) for WAN5/WAN6. The following web page will be shown.

WAN >> Internet Access

WAN 5

Note:

1. Please note that in some case USB port connection will be terminated temporarily to activate the new configuration.

2. VPN feature may be affected when the value of MTU is changed, please also check your value of VPN MSS in "VPN and Remote Access >> PPP General Setup" or "VPN and Remote Access >> IPsec General Setup" page. We recommend to put the same decreased value on VPN MSS. For example, reducing the MTU from 1500 -> 1400, then will need to reduct 100 from MSS value.

The following compatibility test lists 3.5G/LTE modems supported by Vigor router under certain environment or countries. If the LTE modem you have is on the list but cannot work properly, please write an e-mail to support@dravtek.com or consult your dealer for further information.
Available settings are explained as follows:

Item Description
Modem Support List	It lists all of the modems supported by such router.3G4G Modem Support List(DHCP mode)The following compatibility test lists 3.5G/LTE modems supported by Vigor router under certain environment or countries. If the LTE modem you have is on the list but cannot work properly, please write an e-mail to support@draytek.com or consult your dealer for further information.
Enable / Disable	Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
SIM PIN code	Type PIN code of the SIM card that will be used to access Internet.The maximum length of the PIN code you can set is 19 characters.
Network Mode	Force Vigor router to connect Internet with the mode specified here. If you choose 4G/ 3G/ 2G as network mode, the router will choose a suitable one according to the actual wireless signal automatically.
APN Name	APN means Access Point Name which is provided and required by some ISPs. Enter the name and click Apply.The maximum length of the name you can set is 47 characters.Disable Auto APN - In default, the APN name will be given automatically (through pre-configured APN profile list) by Vigor router system. To specify an APN name, check this box and enter the APN name manually in the field of APN Name.
WAN Connection Detection	Such function allows you to verify whether network connection is alive or not through ARP Detect, Strict ARP Detect or Ping Detect.Mode - Choose ARP Detect, Strict ARP Detect or Ping Detect for the system to execute for WAN detection. If you choose Ping Detect as the detection mode, you have to type required settings for the following items.Primary/Secondary Ping IP - If you choose Ping Detect as detection mode, you have to type Primary or Secondary IP address in this field for pinging.Ping Gateway IP - If you choose Ping Detect as detection mode, you also can enable this setting to use current WAN gateway IP address for pinging.With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.TTL (Time to Live) - Set TTL value of PING operation.Ping Interval - Enter the interval for the system to execute the PING operation.Ping Retry - Enter the number of times that the system is allowed to execute the PING operation before WAN disconnection is judged.

Schedule Profiles	Set the wireless LAN to work at certain time interval only.You may choose up to 4 schedules out of the 15 schedules pre-defined inApplications >> Schedulesetup. The default setting of this field is blank and the function will always work.
MTU	It means Max Transmit Unit for packet.Path MTU Discovery- It is used to detect the maximum MTU size of a packet not to be segmented in specific transmit path.Click Choose IP to open the following dialog.Path MTU to - Enter the IP address as the specific transmit path.MTU size start from - Determine the starting point value of the packet. Default setting is 1500.MTU reduce size by- It determines the decreasing size of MTU value. For example, the number specified in this field is “8”. The maximum MTU size is “1500”. After clicking the “detect” button, the system will calculate and get the suitable MTU value such as 1500, 1492, 1484 and etc., automatically.Detect - Click it to detect a suitable MTU valueAccept - After clicking it, the detected value will be displayed in the field of MTU.
Authentication	SelectPAP onlyorPAP or CHAPfor PPP authentication.Usage - Enter the username for authentication (optional).Password - Enter the password for authentication (optional).

After finishing all the settings here, please click OK to activate them.

II-1-2-7 Details Page for 3G/4G USB Modem (DHCP mode) in LTE WAN

It is available for "L" model only. LTE WAN uses the embedded LTE module to access internet.

To use 3G/4G USB Modem (DHCP mode) as the accessing protocol of the internet, please choose Internet Access from WAN menu. Then, select 3G/4G USB Modem (DHCP mode) for LTE. The following web page will be shown.

WAN >> Internet Access

LTE

3G/4G LTE Modem(DHCP mode) IPv6

Note:

1. Please note that in some case USB port connection will be terminated temporarily to activate the new configuration.
2. Preferred LTE band setting will take effect until next LTE connection.
3. VPN feature may be affected when the value of MTU is changed, please also check your value of VPN mss by using "VPN mss set" command.
   We recommend to put the same decreased value on VPN mss. For example, reducing the MTU from 1500 -> 1400, then it will need to reduct 100 from mss value.

Available settings are explained as follows:

Item Description
Enable	Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
SIM PIN code	Enter PIN code of the SIM card that will be used to access Internet.The maximum length of the PIN code you can set is 15 characters.
Network Mode	Force Vigor router to connect Internet with the mode specified here. If you choose 4G/3G/2G as network mode, the router will choose a suitable one according to the actual wireless signal automatically.
APN Name	APN means Access Point Name which is provided and required by some ISPs. Enter the name and clickApply.The maximum length of the name you can set is 47 characters.Disable Auto APN - In default, the APN name will be given automatically (through pre-configured APN profile list) by Vigor router system. To specify an APN name, check this box and enter the APN name manually in the field of APN Name.
LTE hardware version	The hardware version of the embedded LTE module.
Keep WAN Connection	Normally, this function is designed for Dynamic IP environments because some ISPs will drop connections if there is no traffic within certain periods of time. CheckEnable PING to keep alive box to activate this function.Enable PING to Keep alive - If you enable the PING function, please specify an IP address for the system to PING it for keeping alive. Vigor system will send a packet per second to the specified IP address. If the system does not receive any reply from that IP within 10 seconds, Vigor system will reboot LTE module until successfully set LTE connection.PING to the IP - Enter an IP address.Connection Latency Check - Enable the latency time setting for packet reply. If it is enabled (checked), Vigor system will wait for the packet reply from the specified IP address.When the time of waiting packet reply reaches the time threshold (defined in Latency) and continues for a period of time (defined in Latency Duration), Vigor system will reboot LTE module until successfully set LTE connection.Latency - Set a time threshold for packet reply. Default value is 800 (unit: micro-second).Latency Duration - Set a time period. Default value is 60 (unit: second).
WAN Connection Detection	Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect.Mode - Choose ARP Detect or Ping Detect for the system to execute for WAN detection. If you choose Ping Detect as the detection mode, you have to type required settings for the following items.Primary/Secondary Ping IP - If you choose Ping Detect as detection mode, you have to type Primary or Secondary IP address in this field for pinging.Ping Gateway IP - If you choose Ping Detect as detection mode, you also can enable this setting to use current WAN gateway IP address for pinging.With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.TTL (Time to Live) - Set TTL value of PING operation.Ping Interval - Enter the interval for the system to execute the PING operation.Ping Retry - Enter the number of times that the system is allowed to execute the PING operation before WAN disconnection is judged.
Schedule Profile	Set the LTE WAN to work at certain time interval only.Specify up to 4 time schedule entries to enable or disable the WAN. All the schedules can be set previously inApplications>> Schedule web page and you can use the number that youhave set in that web page.
MTU	Maximum Transmission Unit, the size of the largest packet, in bytes, that can be transmitted to the WAN. The maximum value is 1500.Path MTU Discovery- Use this feature to determine the optimal MTU size for the WAN.Click Choose IP to open the following dialog.Path MTU to - Select Host / IP, for an IPv4 address or Host / IPv6, for an IPv6 address, and then enter the IP address in the textbox.MTU size start from - Determine the starting point value of the packet.MTU reduce size by - Number of octets by which to decrease the 1500-byte MTU. Start with a 0 value for the reduce size and click the Detect button. If the message Fail is returned, increase the MTU reduce size and try again. Repeat until you see the message Success, indicating that the optimal MTU size has been reached.Detect - Click it to detect a suitable MTU valueAccept - After clicking it, the detected value will be displayed in the field of MTU.
Authentication The protocol used for PPP authentication.PAP only - Only PAP (Password Authentication Protocol) is used.PAP or CHAP - Both PAP and CHAP (Challenge-Handshake Authentication Protocol) can be used for PPP authentication. Router negotiates with the PPTP or L2TP server to determine which protocol to use.Usage -Username provided by the ISP for authentication (optional).Password -Password provided by the ISP for authentication (optional).
Preferred LTE Band	Click the link to specify the preferred LTE band. A dialog will be open and list available LTE bands supported by the LTE module for the user to choose for establishing the network connection.
Network Scan	Click it to search the nearby ISP for LTE connection.The following dialog lists available ISP services detected by Vigor router.
Enable Bridge Mode	If the function is enabled, the router will work as a LTE bridge modem.Bridge Specific MAC Address - Enter the MAC address of the device (e.g., a computer, router or a WiFi router) which needs to be connected to the Internet through the LTE modem.

After finishing all the settings here, please click OK to activate them.

II-1-2-8 Details Page for 3G/4G/5G Modem (DHCP mode) in 5G-NR WAN

It is available for "5G-NR" model only.

To use 3G/4G/5G Modem (DHCP mode) as the accessing protocol of the internet, please choose Internet Access from WAN menu. Then, select 3G/4G/5G Modem (DHCP mode) for 5G-NR. The following web page will be shown.

WAN >> Internet Access

5G-NR

Note:

1. Only one SIM will be used at the same time.
   SIM1 (the lower SIM slot) has a higher priority by default.
2. Preferred LTE band setting will take effect until next LTE connection.
3. Enabling failback to priority SIM option will drop backup SIM 5G-NR connection when doing the retry.

Available settings are explained as follows:

Item Description
Enable	Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
WAN Connection Detection	Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect.Mode - Choose ARP Detect or Ping Detect for the system to execute for WAN detection. If you choose Ping Detect as the detection mode, you have to type required settings for the following items.Primary/Secondary Ping IP - If you choose Ping Detect as detection mode, you have to type Primary or Secondary IP address in this field for pinging.Ping Gateway IP - If you choose Ping Detect as detection mode, you also can enable this setting to use current WAN gateway IP address for pinging.With the IP address(es) pinging, Vigor router can check if the WAN connection is on or off.TTL (Time to Live) - Set TTL value of PING operation.Ping Interval - Enter the interval for the system to execute the PING operation.Ping Retry - Enter the number of times that the system is allowed to execute the PING operation before WAN disconnection is judged.
MTU	Maximum Transmission Unit, the size of the largest packet, in bytes, that can be transmitted to the WAN. The maximum value is 1500.Path MTU Discovery - Use this feature to determine the optimal MTU size for the WAN.Click Choose IP to open the following dialog.Path MTU to - Select Host / IP, for an IPv4 address or Host / IPv6, for an IPv6 address, and then enter the IP address in the textbox.MTU size start from - Determine the starting point value of the packet.MTU reduce size by - Number of octets by which to decrease the 1500-byte MTU. Start with a 0 value for the reduce size and click the Detect button. If the message Fail is returned, increase the MTU reduce size and try again. Repeat until you see the message Success, indicating that the optimal MTU size has been reached.Detect - Click it to detect a suitable MTU valueAccept - After clicking it, the detected value will be displayed in the field of MTU.
Preferred LTE Band	Click the link to specify the preferred LTE band. A dialog willbe open and list available LTE bands supported by the LTE module for the user to choose for establishing the network connection.
Network Scan	Click it to search the nearby ISP forLTEconnection.The following dialog lists available ISP services detected by Vigor router.
Query Neighbour Cells	Vigor system will scan automatically to locate the neighboring access points and display corresponding information.Note:If set wrong cell, LTE WAN cannot connect to networkOK CancelAdd specific cell- Select one of the entries from the Neighbour Cells list and click Add specific cell to add it for connection.Scaning / Scan- If “Scanning” appears, it means that the Vigor system is searching the APs to display information related to the neighboring APs. If “Scan” appears, the Vigor router is ready to perform the searching job.Network in use- Displays current used Earfcn and Pcidvalues.Delete selected- Remove the access point which has been added to the specific cell for connection.Enable specific cell for connection- If selected, Vigor router will only connect to the access points specified in this area.Earfcn (E-UTRA Absolute Radio Frequency Channel Number) / Pcid(Physical cell ID) - Both values are used for identifying the access point. Enter the values for specific access point by referring to the values displayed on the Neighbour Cells list.
Enable Bridge Mode	Enable Bridge Mode- If the function is enabled, the router will work as a LTE bridge modem.Bridge Subnet- Select an interface.Bridge Specific MAC Address- Enter the MAC address of the device (e.g., a computer, router or a WiFi router) which needs to be connected to the Internet through the LTE modem.
First priority for dialing up	SIM1/SIM2- Select SIM1 or SIM2 as the first priority for dialing up. The default setting is SIM1.Enable Speed Up Dual SIM Failover- If selected, Vigor router will speed up the SIM failover procedure to prevent disconnection.Enable Failback to priority SIM- If selected, the Vigor router will return to use the priority SIM for network connection after the time interval set below.Retry first priority SIM when backup SIM has been online for XXX minutes- Set the time interval.
SIM1 Settings / SIM2 Settings
SIM PIN code	Enter PIN code of the SIM card that will be used to access Internet.
Network Mode	Force Vigor router to connect Internet with the mode specified here. If you choose 4G/3G/5G as network mode, the router will choose a suitable one according to the actual wireless signal automatically.
APN Name	APN means Access Point Name which is provided and required by some ISPs. Enter the name.Disable Auto APN- In default, the APN name will be given automatically (through pre-configured APN profile list) by Vigor router system. To specify an APN name, check this box and enter the APN name manually in the field of APN Name.
Reset LOCI file content at startup	Clean the LOCI file (e.g., information of RPLMN, FPLNM stored in SIM card) before accessing Internet with SIM card again.
Keep WAN Connection	Normally, this function is designed for Dynamic IP environments because some ISPs will drop connections if there is no traffic within certain periods of time.Enable PING to Keep alive- If you enable the PING function, please specify an IP address for the system to PING it for keeping alive.PING to the IP- Enter an IP address.Interval- Set the time interval to send out the keepalive packet.Timeout- Vigor system will send a packet per secondto the specified IP address. If the system does not receive any reply from that IP within 10 seconds, Vigor system will reboot LTE module until successfully set LTE connection.Connection Latency Check - Enable the latency time setting for packet reply. If it is enabled (checked), Vigor system will wait for the packet reply from the specified IP address. When the time of waiting packet reply reaches the time threshold (defined in Latency) and continues for a period of time (defined in Latency Duration), Vigor system will reboot LTE module until successfully set LTE connection.Latency- Set a time threshold for packet reply. Default value is 800 (unit: micro-second).Latency Duration- Set a time period. Default value is 60 (unit: second).
Authentication The protocol used for PPP authentication.PAP only- Only PAP (Password Authentication Protocol) is used.PAP or CHAP- Both PAP and CHAP (Challenge-Handshake Authentication Protocol) can be used for PPP authentication. Router negotiates with the PPTP or L2TP server to determine which protocol to use.Usage-Username provided by the ISP for authentication (optional).Password-Password provided by the ISP for authentication (optional).

SIM1/SIM2 Failover Setting

SIM1/SIM2 Neighbour Cells Settings

After finishing all the settings here, please click OK to activate them.

II-1-2-9 Details Page for IPv6 – Offline in WAN1/WAN2/WAN5/WAN6

When Offline is selected, the IPv6 connection will be disabled.

WAN 1

II-1-2-10 Details Page for IPv6 – PPP in WAN1/WAN2

WAN 1

Note:
IPv4 WAN setting should be PPPoE / PPPoA client.

Available settings are explained as follows:

Below shows an example for successful IPv6 connection based on PPP mode.

Online Status

Info

At present, the IPv6 prefix can be acquired via the PPPoE mode connection which is available for the areas such as Taiwan (hinet), the Netherlands, Australia and UK.

II-1-2-11 Details Page for IPv6 – TSPC in WAN1/WAN2/WAN5/WAN6

Tunnel setup protocol client (TSPC) is an application which could help you to connect to IPv6 network easily.

Please make sure your IPv4 WAN connection is OK and apply one free account from hexago (http://gogonet.gogo6.com/page/freenet6-account) before you try to use TSPC for network connection. TSPC would connect to tunnel broker and requests a tunnel according to the specifications inside the configuration file. It gets a public IPv6 IP address and an IPv6 prefix from the tunnel broker and then monitors the state of the tunnel in background.

After getting the IPv6 prefix and starting router advertisement daemon (RADVD), the PC behind this router can directly connect to IPv6 the Internet.

WAN 1

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-2-12 Details Page for IPv6 – AICCU in WAN1/WAN2/WAN5/WAN6

WAN >> Internet Access

WAN 1

Note:
If "Always On" is not enabled, AICCU connection would only retry three times.

OK

Cancel

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-2-13 Details Page for IPv6 – DHCPv6 Client in WAN1/WAN2

DHCPv6 client mode would use DHCPv6 protocol to obtain IPv6 address from server.

WAN >> Internet Access

WAN 1

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-2-14 Details Page for IPv6 – Static IPv6 in WAN1/WAN2

This type allows you to setup static IPv6 address for WAN interface.

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-2-15 Details Page for IPv6-6in4 Static Tunnel in WAN1/WAN2

This type allows you to setup 6in4 Static Tunnel for WAN interface.

Such mode allows the router to access IPv6 network through IPv4 network.

However, 6in4 offers a prefix outside of 2002::0/16. So, you can use a fixed endpoint rather than anycast endpoint. The mode has more reliability.

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

Below shows an example for successful IPv6 connection based on 6in4 Static Tunnel mode.

Online Status

II-1-2-16 Details Page for IPv6 - 6rd in WAN1/WAN2

This type allows you to setup 6rd for WAN interface.

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

Below shows an example for successful IPv6 connection based on 6rd mode.

II-1-3 Multi-VLAN

Multi-VLAN allows users to create profiles for specific WAN interface and bridge connections for user applications that require very high network throughput. Simply go to WAN and select Multi-VLAN.

● Channel 1/2: Ethernet on WAN1/WAN2.
● Channel 3: Wireless 2.4GHz on WAN3.
● Channel 4: Wireless 5GHz on WAN4.
● Channel 5/6: USB1/USB2 (WAN5/WAN6).

Channels 7 through 16 can be bridged to one or more of the 4 LAN ports P2 through P5. In addition, Channels 7 through 9 can be configured as virtual WANs (WAN7 through WAN9).

General

WAN >> Multi-VLAN

Multi-VLAN

Note:
1 Greyed out or hidden WANs are reserved
2. Ports configured for bridge mode cannot be selected in LAN >> VLAN Configuration.

Available settings are explained as follows:

To configure a PVC channel, click its channel number.

WAN links for Channel 7, 8 and 9 are provided for router-borne application such as TR-069. The settings must be applied and obtained from your ISP. For your special request, please contact with your ISP and then click WAN link of Channel 7, 8 and 9 to configure your router.

Internet Access >> Multi-VLAN >> Channel 7

Available settings are explained as follows:

After finished the above settings, click OK to save the settings and return to previous page.

Click any index (10\~16) to get the following web page:

Internet Access >> Multi-VLAN >> Channel 10

Available settings are explained as follows:

After finished the above settings, click OK to save the settings.

II-1-4 WAN Budget

This function is used to determine the data traffic volume for each WAN interface respectively to prevent from overcharges for data transmission by the ISP. Please note that the Quota Limit and Billing cycle day of month settings will need to be configured correctly first in order for some period calculations to be performed correctly.

II-1-4-1 General Setup

WAN >> WAN Budget

Note:

1. The budget traffic information provided here is for reference only, please consult your ISP for the actual traffic usage and charges.
2. When hardware acceleration function is used, the monitored WAN traffic of Ethernet WAN interfaces may be slightly inaccurate.

or

WAN >> WAN Budget

Note:

1. The budget traffic information provided here is for reference only, please consult your ISP for the actual traffic usage and charges.
2. When hardware acceleration function is used, the monitored WAN traffic of Ethernet WAN interfaces may be slightly inaccurate.

or

Note:

1. The budget traffic information provided here is for reference only, please consult your ISP for the actual traffic usage and charges.
2. When hardware acceleration function is used, the monitored WAN traffic of Ethernet WAN interfaces may be slightly inaccurate.

OK Cancel

Click WAN1 (to WAN6) or LTE link to open the following web page.

WAN 1

Note:

1. Please make sure the Time and Date of the router is configured.
2. SMS message and mail will be sent when the usage reaches 95% and 100% of quota.

Available settings are explained as follows:

you can specify which day of today is in a cycle.

Use Cycle in hours -

WAN1

Note:
1. Please make sure the Time and Date of the router is configured.
2. SMS message and mail will be sent when the usage reaches 95% and 100% of quota.

• Cycle duration: Specify the days and hours to reset the traffic record. For example, 7 means the whole cycle is 7 days; 20 means the whole cycle is 20 days. When the time is up, the router will reset the traffic record automatically.
• Today is day - Specify the day in the cycle as the starting point which Vigor router will reset the traffic record. For example, "3" means the third day of the cycle duration.

Use Cycle in days -

WAN >> WAN Budget

WAN 1

• Cycle duration: Specify the days to reset the traffic record. For example, 7 means the whole cycle is 7 days; 20 means the whole cycle is 20 days. When the time is up, the router will reset the traffic record automatically.
• Today is day - Specify the day and time for data quota rest in the cycle as the starting point which Vigor router will reset the traffic record. For example, "3" means the third day of the cycle duration.

After finished the above settings, click OK to save the settings.

II-1-4-2 Status

The status page displays the status WAN budget, including the duration and the usage.

WAN >> WAN Budget

If the WAN budget is exhausted, a lock will be displayed on the page if Shutdown WAN interface is selected. Which means no data transmission will be carried out. Moreover, the system will send out a warning message to the administrator if Mail Alert is selected. Or, the system will send out SMS message to the administrator if SMS message is selected.

WAN >> WAN Budget

II-2 LAN

Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP.

The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address. What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa. Besides, Vigor router has a built-in DHCP server that assigns private IP address to each local host. See the following diagram for a briefly understanding.

graph TD
    A["Internet"] --> B["NAT"]
    A --> C["DHCP Server"]
    B --> D["Public IP Address"]
    C --> E["Private Subnet Router IP Address: 192.168.1.1"]
    D --> F["Computer 192.168.1.10"]
    D --> G["Computer 192.168.1.11"]
    D --> H["Computer 192.168.1.12"]
    D --> I["Computer 192.168.1.13"]

In some special case, you may have a public IP subnet from your ISP such as 220.135.240.0/24. This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts.

graph TD
    A["Internet"] --> B["NAT"]
    B --> C["Router"]
    C --> D["Public Subnet"]
    C --> E["Computer 192.168.1.22"]
    C --> F["Computer 192.168.1.11"]
    C --> G["Computer 220.135.240.210"]
    C --> H["Computer 220.135.240.209"]
    C --> I["Public Subnet"]
    style A fill:#cce5ff,stroke:#333
    style B fill:#ffcccc,stroke:#333
    style C fill:#e6f7ff,stroke:#333
    style D fill:#e6f7ff,stroke:#333
    style E fill:#e6f7ff,stroke:#333
    style F fill:#e6f7ff,stroke:#333
    style G fill:#e6f7ff,stroke:#333
    style H fill:#e6f7ff,stroke:#333
    style I fill:#e6f7ff,stroke:#333

What is Routing Information Protocol (RIP)

Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other.

What is Static Route

When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method. You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP.

What are Virtual LANs and Rate Control

You can group local hosts by physical ports and create up to 8 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each.

graph TD
    A["Internet"] --> B["VLAN0"]
    A --> C["VLAN1"]
    B --> D["192.168.1.11"]
    B --> E["192.168.1.10"]
    C --> F["192.168.1.13"]
    C --> G["192.168.1.12"]

Web User Interface

A LAN comprises a collection of LAN clients, which are networked devices on your premises. A LAN client can be a computer, a printer, a Voice-over-IP (VoIP) phone, a mobile phone, a gaming console, an Internet Protocol Television (IPTV), etc, and can have either a wired (using Ethernet cabling) or wireless (using Wi-Fi) network connection.

LAN clients within the same LAN are normally able to communicate with one another directly, as they are peers to one another, unless measures, such as firewalls or VLANs, have been put in place to restrict such access. Nowadays the most common LAN firewalls are implemented on the LAN client itself. For example, Microsoft Windows since Windows XP and Apple OS X have built-in firewalls that can be configured to restrict traffic coming in and going out of the computer. VLANs, on the other hand, are usually set up using network switches or routers, such as the Vigor2927.

To communicate with the hosts outside of the LAN, LAN clients have to go through a network gateway, which in most cases is a router (such as the Vigor 2862) that sits between the LAN and the ISP network, which is the WAN. The router acts as a director to ensure traffic between the LAN and the WAN reach their intended destinations.

LAN

General Setup

VLAN

Bind IP to MAC

LAN Port Mirror

Wired 802.1X

Link Aggregation

II-2-1 General Setup

This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup.

There are eight subnets provided by the router which allow users to divide groups into different subnets (LAN1 - LAN8). In addition, different subnets can link for each other by configuring Inter-LAN Routing. At present, LAN1 setting is fixed with NAT mode only. LAN2 - LAN8 can be operated under NAT or Route mode. IP Routed Subnet can be operated under Route mode.

General Setup

DHCP Server Option

Note:

Please enable LAN 2 - 8 on LAN >> VLAN page before configure them.

Enable DMZ port will make the LAN Port 5 neglect the setting on VLAN page, LAN Port 5 will become the DMZ Port.

☐ Force router to use "DNS server IP address" settings specified in LAN1

Inter-LAN Routing

OK

Available settings are explained as follows:

When you finish the configuration, please click OK to save and exit this page.

Info

To configure a subnet, select its Detials Page button to bring up the LAN Details Page.

II-2-1-1 Details Page for LAN1 – Ethernet TCP/IP and DHCP Setup

There are two configuration pages for LAN1, Ethernet TCP/IP and DHCP Setup (based on IPv4) and IPv6 Setup. Click the tab for each type and refer to the following explanations for detailed information.

LAN >> General Setup

Note: Change IP Address or Subnet Mask in Network Configuration will also change HA LAN1 Virtual IP to the same domain IP.

OK

Available settings are explained as follows:

Item Description
Network Configuration For	NAT Usage,IP Address - This is the IP address of the router. (Default: 192.168.1.1).Subnet Mask - The subnet mask, together with the IP Addressfield, indicates the maximum number of clients allowed on the subnet. (Default: 255.255.255.0/ 24).LAN IP Alias-Such feature allows specifying multiple gateways (under a switch) with different WAN interfaces for accessing the Internet via the Vigor router.LAN 1 IP AliasNote:1. LAN IP Alias only applies to muti-gateway usage. When a LAN host set its gateway as LAN IP Alias, Vigor Router will route the host's packets through the specified Output Interface.2. Route Policy has a higher priority than the LAN IP Alias Output Interface setting.OK Clear All CancelRIP Protocol Control,Enable - When Enabled, the router will attempt to exchange routing information with neighbouring routers using the Routing Information Protocol.
DHCP ServerConfiguration	DHCP stands for Dynamic Host Configuration Protocol. The router by factory default acts a DHCP server for your network so it automatically dispatches related IP settings to any local user configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network.If you want to use another DHCP server in the network other than the Vigor Router's, you can let Relay Agent help you to redirect the DHCP request to the specified location.Disable - Let you manually assign IP address to every host in the LAN.Enable Server - Let the router assign IP address to every host in the LAN.Start IP Address - The beginning LAN IP address that is given out to LAN DHCP clients.IP Pool Counts - The maximum number of IP addresses to be handed out by DHCP. The default value is 200. Valid range is between 1 and 1021. The actual number of IP addresses available for assignment is the IP Pool Counts, or 1021 minus the last octet of the Start IP Address, whichever is smaller.Gateway IP Address - The IP address of the gateway, which is the host on the LAN that relays all traffic coming into and going out of the LAN. The gateway is normally the router, and therefore the Gateway IPAddress should be identical to the IP Address in the Network Configuration section above.Lease Time - The maximum duration DHCP-issued IP addresses can be used before they have to be renewed.Clear DHCP lease for inactive clients periodically - If selected, the router sends ARP requests recycles IP addresses previously assigned to inactive DHCP clients to prevent exhaustion of the IP address pool.Note: When Clear DHCP lease for inactive clients periodically is enabled, router will do the following:Check activities of DHCP clients by ARP requests every minute when the available DHCP IP addresses are less than 30Clear DHCP lease when the client is not responding ARP replies.Enable Relay Agent - When selected, all DHCP requests are forwarded to a DHCP server outside of the LAN subnet, and whose address is specified in the DHCP Server IP Address field.DHCP Server IP Address - It is available when Enable Relay Agent is checked. Set the IP address of the DHCP server you are going to use so the Relay Agent can help to forward the DHCP request to the DHCP server.
DNS Server IP Address	DNS stands for Domain Name System. Every Internet host must have a unique IP address, also they may have a human-friendly, easy to remember name such as www.yahoo.com. The DNS server converts the user-friendly name into its equivalent IP address.Primary IP Address -You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server.Secondary IP Address - You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server.The default DNS Server IP address can be found via Online Status:Online StatusIf both the Primary IP and Secondary IP Address fields are left empty, the router will assign DNS servers obtained from WAN interface to local users as a DNS proxy server and maintain a DNS cache. If there is no DNS servers available, router will use its own IP address instead.If the IP address of a domain name is already in the DNS cache, the router will resolve the domain name immediately. Otherwise, the router forwards the DNS query packet to the external DNS server by establishing a WAN (e.g. DSL/ Cable) connection.

When you finish the configuration, please click OK to save and exit this page.

Private IP addresses can be assigned automatically to LAN clients using Dynamic Host Configuration Protocol (DHCP), or manually assigned. The DHCP server can either be the

router (the most common case), or a separate server, that hands out IP addresses to DHCP clients.

Alternatively, static IP addresses can be manually configured on LAN clients as part of their network settings. No matter how IP addresses are configured, it is important that no two devices get the same IP address. If both DHCP and static assignment are used on a network, it is important to exclude the static IP addresses from the DHCP IP pool. For example, if your LAN uses the 192.168.1.x subnet and you have 20 DHCP clients and 20 static IP clients, you could configure 192.168.1.10 as the Start IP Address, 50 as the IP Pool Counts (enough for the current number of DHCP clients, plus room for future expansion), and use addresses greater than 192.168.1.100 for static assignment.

II-2-1-2 Details Page for LAN2 \~ LAN8 and DMZ

LAN >> General Setup

Note: Change IP Address or Subnet Mask in Network Configuration will also change HA DMZ Virtual IP to the same domain IP.

OK

Available settings are explained as follows:

When you finish the configuration, please click OK to save and exit this page.

II-2-1-3 Details Page for IP Routed Subnet

LAN >> General Setup

TCP/IP and DHCP Setup for IP Routed Subnet

Available settings are explained as follows:

When you finish the configuration, please click OK to save and exit this page.

II-2-1-4 Details Page for LAN IPv6 Setup

There are two configuration pages for LAN1/ LAN2/ LAN3/ LAN4/ LAN5/ LAN6/ LAN7/ LAN8/ DMZ Port, Ethernet TCP/ IP and DHCP Setup (based on IPv4) and IPv6 Setup. Click the tab for each type and refer to the following explanations for detailed information. Below shows the settings page for IPv6.

LAN >> General Setup

It provides 2 daemons for LAN side IPv6 address configuration. One is SLAAC(stateless) and the other is DHCPv6 (Stateful) server.

Available settings are explained as follows:

Item Description
Enable	Check the box to enable the configuration of LAN 1 IPv6 Setup.
WAN Primary Interface	Use the drop down list to specify a WAN interface for IPv6.
Static IPv6 Address configuration	IPv6 Address -Type static IPv6 address for LANPREFIX Length - Enter the fixed value for prefix length.Add - Click it to add a new entry.Delete - Click it to remove an existed entry.
Unique Local Address (ULA) configuration	Unique Local Addresses (ULAs) are private IPv6 addresses assigned to LAN clients.Off - ULA is disabled.Manually ULA Prefix - LAN clients will be assigned ULAs generated based on the prefix manually entered.Auto ULA Prefix - LAN clients will be assigned ULAs using an automatically-determined prefix.
Current IPv6 Address Table	Display current used IPv6 addresses.
DNS Server IPv6 Address	Deploy when WAN is up - The RA (router advertisement) packets will be sent to LAN PC with DNS server information only when network connection by any one of WAN interfaces is up.Enable - The RA (router advertisement) packets will be sent to LAN PC with DNS server information no matter WAN connection is up or not.Use DNS Server (WAN/Custom) - Determines the DNS server for sending the packets through WAN DNS Server, Customized DNS Server or both servers. The default setting is Both.If WAN DNS Server is selected, LAN client can visit the Internet through the dynamic DNS server offered by the ISP for data transmission. However,if Customized DNS Server is selected, LAN client can visit the Internet via the primary/ secondary DNS server. Please specify settings for primary/ secondary DNS server or use the default values.Whe Both is chosen, LAN client can visit the Internet either via the dynamic DNS server or the customized DNS servers.Primary DNS Sever - Enter the IPv6 address for Primary DNS server.Secondary DNS Server - Enter another IPv6 address for DNS server if required.Disable - DNS server will not be used.
Management	Configures the Managed Address Configuration flag (M-bit) in Route Advertisements.Off - No configuration information is sent using Route Advertisements.SLAAC(stateless) - M-bit is unset.DHCPv6(stateful) - M-bit is set, which indicates to LAN clients that they should acquire all IPv6 configuration information from a DHCPv6 server. The DHCPv6 server can either be the one built into the Vigor2927, or a separate DHCPv6 server.Other Option (O-bit) - Check this box to enable the O-bit for obtaining additional information (e.g., DNS) from DHCPv6.
DHCPv6 Server	Enable Server -Click it to enable DHCPv6 server. DHCPv6 Server could assign IPv6 address to PC according to the Start/ End IPv6 address configuration.Disable Server -Click it to disable DHCPv6 server.Auto IPv6 range - After check the box, Vigor router will assign the IPv6 range automatically.Start IPv6 Address / End IPv6 Address -Enter the start andend address for IPv6 server.Advancesetting- Click the Edit button to configure advanced IPv6 settings for DHCPv6 server.LAN >> General SetupOK Cancel
Advance setting	The Advanced Settings page has additional settings for Router Advertisement and enabling multiple WANs for IPv6 traffic.Router Advertisement Configuration- Click Enable to enable router advertisement server. The router advertisement daemon sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 stateless auto-configuration.Disable- Click it to disable router advertisement server.Hop Limt- The value is required for the device behind the router when IPv6 is in use.Min/Max Interval Time (sec) - It defines the interval (between minimum time and maximum time) for sending RA (Router Advertisement) packets.Default Lifetime (sec)-Within such period of time, Vigor router can be treated as the default gateway.Default Preference- It determines the priority of the hostbehind the router when RA (Router Advertisement) packets are transmitted.MTU - It means Max Transmit Unit for packet. IfAutois selected, the router will determine the MTU value for LAN.RIPng Protocol -RIPng (RIP next generation) offers the same functions and benefits as IPv4 RIP v2.Extension WAN - In addition to the default WAN used for IPv6 traffic specified in the WAN Primary Interface in the LAN IPv6 Setup page, additional WANs can be selected to carry IPv6 traffic by enabling them in the Extension WAN section.Available WAN - Additional WANs available but not currently selected to carry IPv6 traffic.Selected WAN - Additional WANs selected to carry IPv6 traffic.

After making changes on the Advance setting page, click the OK button to retain the changes and return to the LAN IPv6 Setup page. Be sure to click OK on the LAN IPv6 Setup page or else changes made on the Advance setting page will not be saved.

II-2-1-5 DHCP Server Options

DHCP Options can be configured by clicking the DHCP Server Option button on the LAN>> General Setup screen.

LAN >> General Setup

DHCP Server Customized Status

Note:
1. Configuring options 44, 46 or 66 here will overwrite the settings by telnet command msubnet.
2. Configuring option 3 here will overwrite the setting in "LAN >> General Setup" Details Page's "Gateway IP Address" field.
3. Configuring option 15 here will overwrite the setting in "WAN >> Internet Access >> Static or Dynamic IP" Detail Page's "Domain Name" field.
4. Hexadecimal Digit: Input the hexadecimal representation of ASCII Character data. EX: Option:18, Data:2f70617468 (/path)

OK

Available settings are explained as follows:

To add a DHCP option entry from scratch, clear the data entry fields (Enable, Interface, Option Number, DataType and Data) by clicking Reset. After filling in the values, click Add to create the new entry.

To add a DHCP option entry modeled after an existing entry, click the model entry in Customized List. The data entry fields will be populated with values from the model entry. After making all necessary changes for the new entry, click Add to create it.

To modify an existing DHCP option entry, click on it in Customized List. The data entry fields will be populated with the current values from the entry. After making all necessary changes, click Update to save the changes.

To delete a DHCP option entry, click on it in Customized List, and then click Delete.

II-2-2 VLAN

Virtual Local Area Networks (VLANs) allow you to subdivide your LAN to facilitate management or to improve network security.

Select LAN>>VLAN from the menu bar of the Web UI to bring up the VLAN Configuration page.

Tagged VLAN

The tagged VLANs (802.1q) can mark data with a VLAN identifier. This identifier can be carried through an onward Ethernet switch to specific ports. The specific VLAN clients can also pick up this identifier as it is just passed to the LAN. You can set the priorities for LAN-side QoS. You can assign each of VLANs to each of the different IP subnets that the router may also be operating, to provide even more isolation. The said functionality is tag-based multi-subnet.

Port-Based VLAN

Relative to tag-based VLAN which groups clients with an identifier, port-based VLAN uses physical ports (P1 \~ P4) to separate the clients into different VLAN group.

Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port. The multi-subnet can let a small businesses have much better isolation for multi-occupancy applications. Go to LAN page and select VLAN. The following page will appear. Click Enable to invoke VLAN function.

Below is an example page in Vigor2927ac:

LAN >> VLAN Configuration

VLAN Configuration

√ Permit untagged device in P1 to access router
Note:
1. For each VLAN row, selecting Enable VLAN Tag will apply the associated VID to the selected wired LAN port.
2. Wireless LAN traffic is always untagged, but the SSID is still a member of the selected VLAN (group).
3. Each VID must be unique.

Available settings are explained as follows:

Inter-LAN Routing

The Vigor router supports up to 15 VLANs. Each VLAN can be set up to use one or more of the Ethernet ports and wireless LAN Service Set Identifiers (SSIDs). Within the grid of VLANs (horizontal rows) and LAN interfaces (vertical columns),

● all hosts within the same VLAN (horizontal row) are visible to one another
● all hosts connected to the same LAN or WLAN interface (vertical column) are visible to one another if
- they belong to the same VLAN, or
- they belong to different VLANs, and inter-LAN routing (LAN>>General Setup) between them is enabled (see below).

Inter-LAN Routing

Inter-LAN Routing allows different LAN subnets to be interconnected or isolated. It is only available when the VLAN functionality is enabled. In the Inter-LAN Routing matrix, a selected checkbox means that the 2 intersecting LANs can communicate with each other.

Vigor2927 series features a hugely flexible VLAN system. In its simplest form, each of the Gigabit LAN ports can be isolated from each other, for example to feed different companies or departments but keeping their local traffic completely separated.

Configuring port-based VLAN for wireless and non-wireless clients

1. All the wire network clients are categorized to group VLAN0 in subnet 192.168.1.0/24 (LAN1).

2. All the wireless network clients are categorized to group VLAN1 in subnet 192.168.2.0/24 (LAN2).

3. Open LAN>>VLAN Configuration. Check the boxes according to the statement in step 1 and Step 2.

LAN >> VLAN Configuration

VLAN Configuration

1. Click OK.

2. Open LAN>>General Setup. If you want to let the clients in both groups communicate with each other, simply activate Inter-LAN Routing by checking the box between LAN1 and LAN2.

LAN >> General Setup

General Setup

DHCP Server Option

Note

1. Please enable LAN 2 - 8 on LAN >> VLAN page before configure them.
2. Enable DMZ port will make the LAN Port 5 neglect the setting on VLAN page. LAN Port 5 will become the DMZ Port.

☐ Force router to use "DNS server IP address" settings specified in LAN1

Inter-LAN Routing

Vigor router supports up to six private IP subnets on LAN. Each can be independent (isolated) or common (able to communicate with each other). This is ideal for departmental or multi-occupancy applications.

II-2-3 Bind IP to MAC

This function is used to bind the IP and MAC address in LAN to have a strengthening control in network. With the Bind IP to MAC feature you can reserve LAN IP addresses for LAN clients. Each reserved IP address is associated with a Media Access Control (MAC) address.

Click LAN and click Bind IP to MAC to open the setup page.

LAN >> Bind IP to MAC

Bind IP to MAC

Note:

1. IP-MAC binding presets DHCP Allocations.
2. If Strict Bind is enabled, unspecified LAN clients in the selected subnets cannot access the Internet.
3. Comment can not contain characters " and ".
4. MAC address can be seperated by : or - . E.g., FF:FF:FF:FF:FF:FF or FF-FF-FF-FF-FF-FF

OK

Available settings are explained as follows:

Item Description
Enable	Click this radio button to invoke this function. However, IP/ MAC which is not listed in IP Bind List also can connect to Internet.
Disable	Click this radio button to disable this function. All the settings on this page will be invalid.
Strict Bind	Check the box to block the connection of the IP/ MAC which is not listed in IP Bind List.LAN clients will be assigned IP addresses according to theMAC-to-IP address associations on this page. LAN client whose MAC address has not been bound to an IP address will be denied network access.Note: Before selecting Strict Bind, make sure at least one valid MAC address has been bound to an IP address. Otherwise no LAN clients will have network access, and it will not be possible to connect to the router to make changes to its configuration.Apply Strict Bind to Subnet - Choose the subnet(s) for applying the rules of Bind IP to MAC.
ARP Table	This table is the LAN ARP table of this router. The information for IP and MAC will be displayed in this field. Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below.
Select All	Select all entries in the ARP Table for manipulation.
Sort	Reorder the entry based on the IP address.
Refresh	Refresh the ARP table listed below to obtain the newest ARP table information.
Add or Update to IP Bind List	IP Address - Enter the IP address to be associated with a MAC address.Mac Address - Enter the MAC address of the LAN client's network interface.Comment - Type a brief description for the entry.
Add	It allows you to add the one you choose from the ARP table or the IP/ MAC address typed in Add and Edit to the table of IP Bind List.
Update	It allows you to edit and modify the selected IP address and MAC address that you create before.
Delete	You can remove any item listed in IP Bind List. Simply click and select the one, and click Delete. The selected item will be removed from the IP Bind List.
IP Bind List	It displays a list for the IP bind to MAC information.
Backup IP Bind List	Click Backup and enter a filename to back up IP Bind List to a file.
Upload From File	Click Browse... to select an IP Bind List backup file. ClickRestore to restore the backup and overwrite the existing list.

Info

Before you select Strict Bind, you have to bind one set of IP/MAC address for one PC. If not, no one of the PCs can access into Internet. And the web user interface of the router might not be accessed.

When you finish the configuration, click OK to save the settings.

II-2-4 LAN Port Mirror

The LAN Port Mirror function allows network traffic of select LAN ports to be forwarded to another LAN port for analysis. This is useful for enforcing policies, detecting unauthorized access, monitoring network performance, etc.

Select LAN>>LAN Port Mirror from the menu bar of the Web UI to bring up the LAN Port Mirror configuration page.

LAN >> LAN Port Mirror

LAN Port Mirror

Note:

1. The mirrored WAN1 is a software mirror, it will lead to a substantial decline in performance.

OK

Available settings are explained as follows:

After finishing all the settings here, please click OK to save the configuration.

II-2-5 Wired 802.1x

Wired 802.1X provides authentication for clients wishing to connect to the LAN by Ethernet. Only one client can be authenticated on each LAN port.

Select LAN>>Wired 802.1X from the menu bar of the Web UI to bring up the Wired 802.1X configuration page.

LAN >> Wired 802.1X

Wired 802.1X

LAN 802.1X:

□ Enable

Authentication Type:

External RADIUS

802.1X ports:

P1

P2

P3

P4

P5

Note:

1. 802.1X enabled LAN ports only support a single attached device using EAPOL authentication. To authenticate multiple devices through a LAN port you need an 802.1X-capable switch. Then configure 802.1X on the attached switch instead.
2. Please configure External RADIUS or Local 802.1X for authentication.
3. Authentication by External RADIUS supports PEAP, EAP-TLS and EAP-TTLS.

OK

Available settings are explained as follows:

After finishing all the settings here, please click OK to save the configuration.

II-2-6 Link Aggregation

LAG means Link Aggregation Group which groups some physical ports together to make a single high-bandwidth data path. Thus it can implement traffic load sharing among the member ports in a group to enhance the connection reliability.

LAN >> Link Aggregation

Link Aggregation

Notes:

1. Only Support Static (Balance-xor) mode
2. Ports in LAG can not be mirror port
3. LAG uses Hash Algorithm to decide the port, and the calculated port might be the same. When LAG doesn't work as expected, please change the device IP for a try.

OK

Available settings are explained as follows:

After finishing all the settings here, please click OK to save the configuration.

II-3 Hardware Acceleration

Hardware Acceleration is also called PPA in DrayTek for it is based on Protocol Processing Engine (PPE) of Infineon. It can only support 4096 sessions for network traffic (IN & OUT).

When the data traffic is heavy and data transmission is getting slowly and slowly, you can configure this page to accelerate the data streaming by hardware itself. Open Hardware Acceleration to access into the following page:

Hardware Acceleration

Acceleration: Enable ▼

NAT

Protocol: √ TCP √ UDP

Option: √ Wireless LAN Client

5G WAN

IPsec

Protocol: √ TCP √ UDP

□ Exception List

Note:

1. When the wireless bandwidth limit is enable, wireless sessions will not add hardware acceleration.
2. Hardware Acceleration does not support PPTP/L2TP.
3. The exception type "WLAN Bridge" means hardware acceleration between wireless lan client and physical lan client.

OK

Clear

Available settings are explained as follows:

Checking the PPA status

For checking whether the rule of PPA is working or not, a user can login to Vigor2927 series by using telnet. User can view how many sessions are transferring in each direction of PPA table after entering "ppa -v".

II-4 NAT

Usually, the router serves as an NAT (Network Address Translation) router. NAT is a mechanism that one or more private IP addresses can be mapped into a single public one. Public IP address is usually assigned by your ISP, for which you may get charged. Private IP addresses are recognized only among internal hosts.

When the outgoing packets destined to some public server on the Internet reach the NAT router, the router will change its source address into the public IP address of the router, select the available public port, and then forward it. At the same time, the router shall list an entry in a table to memorize this address/ port-mapping relationship. When the public server response, the incoming traffic, of course, is destined to the router's public IP address and the router will do the inversion based on its table. Therefore, the internal host can communicate with external host smoothly.

The benefit of the NAT includes:

• Save cost on applying public IP address and apply efficient usage of IP address. NAT allows the internal IP addresses of local hosts to be translated into one public IP address, thus you can have only one IP address on behalf of the entire internal hosts.
  ● Enhance security of the internal network by obscuring the IP address. There are many attacks aiming victims based on the IP address. Since the attacker cannot be aware of any private IP addresses, the NAT function can protect the internal network.

Info

On NAT page, you will see the private IP address defined in RFC-1918. Usually we use the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods.

Web User Interface

NAT

Port Redirection

DMZ Host

Open Ports

Port Triggering

ALG

II-4-1 Port Redirection

Port Redirection is usually set up for server related service inside the local network (LAN), such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP address for each server and this public IP address/ domain name are recognized by all users. Since the server is actually located inside the LAN, the network well protected by NAT of the router, and identified by its private IP address/ port, the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address/ port of the server.

graph TD
    A["Internet"] --> B["NAT"]
    B --> C["DMZ 192.168.1.22"]
    B --> D["DMZ 192.168.1.11"]
    B --> E["FTP Server 192.168.1.12 Port 21"]
    B --> F["Web Server 192.168.1.13 Port 80"]
    G["Destined to 220.135.240.207 Port 213"] --> A

The port redirection can only apply to incoming traffic.

To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 40 port-mapping entries for the internal hosts.

NAT >> Port Redirection

Note:
The port number values set in this page might be invalid due to the same values configured for Management Port Setup in System Maintenance>>Management, Open VPN and SSL VPN.

Each item is explained as follows:

Press any number under Index to access into next page for configuring port redirection.

Index No. 1

Note:

In "Range" Mode the End IP will be calculated automatically once the Public Port and Start IP have been entered.

Available settings are explained as follows:

After finishing all the settings here, please click OK to save the configuration.

Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc. Since the common port numbers of these services (servers) are all the same, you may need to reset the router in order to avoid confliction.

For example, the built-in web user interface in the router is with default port 80, which may conflict with the web server in the local network, http://192.168.1.13:80. Therefore, you need to change the router's http port to any one other than the default port 80 to avoid conflict, such as 8080. This can be set in the System Maintenance >>Management Setup. You then will access the admin screen of by suffixing the IP address with 8080, e.g., http://192.168.1.1:8080 instead of port 80.

System Maintenance >> Management

II-4-2 DMZ Host

As mentioned above, Port Redirection can redirect incoming TCP/UDP or other traffic on particular ports to the specific private IP address/port of host in the LAN. However, other IP protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc.

graph TD
    A["Internet"] --> B["NAT"]
    B --> C["DMZ 192.168.1.22"]
    B --> D["DMZ 192.168.1.11"]
    B --> E["FTP Server 192.168.1.12 Port 21"]
    B --> F["Web Server 192.168.1.13 Port 80"]
    G["Destined to 220.135.240.207\nProtocol: Any\nPort: Any"] --> A

The security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall.

Click DMZ Host to open the following page. You can set different DMZ host for each WAN interface. Click the WAN tab to switch into the configuration page for that WAN.

NAT >> DMZ Host Setup

Available settings are explained as follows:

Item Description
WAN 1	Choose Private IP or None first.
Private IP	Enter the private IP address of the DMZ host, or click Choose PC to select one.
Choose IP Click this button	and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host.When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting.NAT >> DMZ Host SetupDMZ Host SetupWAN1 WAN2 WAN3 WAN4 WAN5 WAN6WAN 1Private IPPrivate IP 192 160 1.5 Choose IPOK

DMZ Host for WAN2, WAN3, LTE or WAN4 is slightly different with WAN1. Active True IP selection is available for WAN1 only.

See the following figure.

NAT >> DMZ Host Setup

If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface, you will find them in Aux. WAN IP for your selection.

NAT >> DMZ Host Setup

Available settings are explained as follows:

Item Description
Enable	Check to enable the DMZ Host function.
Private IP	Enter the private IP address of the DMZ host, or click Choose PC to select one.
Choose IP	Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host.When you have selected one private IP from the above dialog, the IP address will be shown on the screen. Click OK to save the setting.

After finishing all the settings here, please click OK to save the configuration.

II-4-3 Open Ports

Open Ports allows you to open a range of ports for the traffic of special applications.

Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.

Click Open Ports to open the following page:

NAT >> Open Ports

Open Ports Setup
Set to Factory Default

OK

Cancel

The port number values set in this page might be invalid due to the same values configured for Management Port Setup in System Maintenance>>Management, Open VPN and SSL VPN.

Available settings are explained as follows:

To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services.

NAT >> Open Ports >> Edit Open Ports

Index No. 1

Available settings are explained as follows:

After finishing all the settings here, please click OK to save the configuration.

NAT >> Open Ports

II-4-4 Port Triggering

Port Triggering is a variation of open ports function.

The key difference between "open port" and "port triggering" is:

• Once the OK button is clicked and the configuration has taken effect, "open port" keeps the ports opened forever.
• Once the OK button is clicked and the configuration has taken effect, "port triggering" will only attempt to open the ports once the triggering conditions are met.
• The duration that these ports are opened depends on the type of protocol used. The "default" durations are shown below and these duration values can be modified via telnet commands.

TCP: 86400 sec.

UDP: 180 sec.

IGMP: 10 sec.

TCP WWW: 60 sec.

TCP SYN: 60 sec.

NAT >> Port Triggering

Available settings are explained as follows:

Click the index number link to open the configuration page.

NAT >> Port Triggering

No. 1

Enable

Service

Comment

Source IP

Triggering Protocol

Triggering Port

Incoming Protocol

Incoming Port

Note:

The Triggering Port and Incoming Port should be input like this : 123-456,777-789 (legal),123-456,789 (legal), but 123-456-789 (illegal).

OK

Clear

Cancel

Available settings are explained as follows:

II-4-5 Port Knocking

Port Redirection is one of the typical ways to allow the internal servers to be accessible from the Internet. However, the port might be exposed to the Internet and might be scanned by the malware if it open.

Therefore, a technology which can add an extra layer of protection to the internal servers and protect network services from unauthorized access, Port Knocking.

Port knocking is a technology that can add an extra layer of protection to the internal servers. Its basic idea is that only open ports are at risk of being attacked, so it allows all ports to be closed at the beginning. Do not open them, and then set a password based on the port combination. Only those who know the password can open the ports and connect.

Typical NAT Port Redirection

graph LR
    A["Internet"] --> B["TCP Port 8080 is always open."]
    B --> C["Server"]
    C --> D["Warning Icon"]

NAT Port Knocking

graph LR
    A["Internet"] --> B["TOTP"]
    B --> C["TOP Port 8080 is closed. After unlock the door by TOTP, TCP Port 8080 will be open for the client."]
    C --> D["Server"]
    D --> E["✓"]

This page offers up to 16 profiles to configure the server's public IP, first port knock port and 6 digit validation code. Later, the client's computer can establish the network connection securely via a Port Knock tool. After passing the authentication, the client can access the specified server.

NAT >> Port Knocking

Available settings are explained as follows:

Click the index number link to open the configuration page.

Index No. 1

Available settings are explained as follows:

After finishing all the settings here, please click OK to save the configuration.

II-4-6 ALG

ALG means Application Layer Gateway. There are two methods provided by Vigor router, RTSP (Real Time Streaming Protocol) ALG and SIP (Session Initiation Protocol) ALG, for processing the packets of voice and video.

RTSP ALG makes RTSP message, RTCP message, and RTP packets of voice and video be transmitted and received correctly via NAT by Vigor router.

However, SIP ALG makes SIP message and RTP packets of voice be transmitted and received correctly via NAT by Vigor router.

NAT >> ALG

ALG (Application Layer Gateway)
Set to Factory Default

OK

Available settings are explained as follows:

II-5 Applications

Dynamic DNS

Most ISPs assigns dynamic WAN IP addresses to their customers. Dynamic IP addresses presents challenges to users who would like to accept remote connections to their LANs from the Internet, as service could be disrupted due to the IP address changing without notice. By setting up service with a Dynamic DNS (DDNS) provider, and configuring Dynamic DNS updates on the Vigor router, you can have reliable access to your network by means of an easy-to-remember domain address that resolves to the most current WAN IP address.

The Vigor router supports a wide range of DDNS providers, such as DynDNS, No-IP.com, DtDNS, and ChangeIP. Please contact the DDNS provider of your choice to set up service before configuring DDNS on the router.

LAN DNS / DNS Forwarding

LAN DNS allows the network administrator to override standard DNS resolutions for selecting domain addresses. The router will respond to queries on matched domain addresses with custom IP addresses.

DNS Forwarding allows the network administrator to forward DNS queries to different DNS servers based on the domain name.

LAN DNS and DNS Forwarding only affect DNS queries that are sent to the WAN through the router. DNS queries that are directed to a DNS server on the LAN will not be intercepted by the router.

Schedule

The Vigor router has a built-in clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only schedule the router to dialup to the Internet at a specified time, but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours. The schedule is also applicable to other functions.

RADIUS/TACACS+

Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers. It is the most common method of authenticating and authorizing dial-up and tunneled network users.

The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication. It enables centralized remote access authentication for network management.

LDAP /Active Directory Setup

Lightweight Directory Access Protocol (LDAP) is a communication protocol for using in TCP/IP network. It defines the methods to access distributing directory server by clients, work on directory and share the information in the directory by clients. The LDAP standard is established by the work team of Internet Engineering Task Force (IETF).

As the name described, LDAP is designed as an effect way to access directory service without the complexity of other directory service protocols. For LDAP is defined to perform, inquire and modify the information within the directory, and acquire the data in the directory

securely, therefore users can apply LDAP to search or list the directory object, inquire or manage the active directory.

UPnP

The Vigor supports UPnP (Universal Plug and Play), which is a suite of network protocols that simplifies network configuration. Applications and network devices on the LAN, that support UPnP, may request the router to modify its settings to allow NAT Traversal, so that WAN hosts can connect to them directly.

Examples of applications and devices that support UPnP include file-sharing applications such as uTorrent, Vuze and eMule, gaming consoles such as the Sony PlayStations 3 and 4 Xbox 360 and Xbox One, media streaming applications such as Plex and XBMC, and messaging and calling applications such as Skype. To find out if a certain application or network device supports or requires UPnP, please consult its user manual or check with its vendor.

Wake on LAN

Using the Wake on LAN (WoL) feature, LAN clients that support WoL can be powered on or resume from sleep over the network, without the need for physical access to the device.

In order for LAN clients to be able to woken from sleep or off states, the network interface card must be configured to monitor Wake-on-LAN messages. Consult the documentation of the LAN client for details on setting up its network interface for Wake on LAN.

Web User Interface

Applications

Dynamic DNS

LAN DNS / DNS Forwarding

DNS Security

Schedule

RADIUS/TACACS+

Active Directory / LDAP

UPnP

IGMP

Wake on LAN/WAN

SMS/Mail Alert Service

Bonjour

High Availability

Local 802.1X General Setup

II-5-1 Dynamic DNS

Enable the Function and Add a Dynamic DNS Account

To begin configuring Dynamic DNS, from the main menu, navigate to Applications, and select Dynamic DNS. The Dynamic DNS main configuration screen appears:

Applications >> Dynamic DNS Setup

Dynamic DNS Setup
Set to Factory Default

OK

Clear All

Available settings are explained as follows:

After clicking on the index number, the detail configuration screen for the DDNS profile appears:

Applications >> Dynamic DNS Setup >> Dynamic DNS Account Setup

Index : 1

Note:

1. The Create function of Let's Encrypt certificate works only when the current profile has been stored.
2. WAN IP must be public IP when create Let's Encrypt certificate.

OK Clear Cancel

If User-Defined is specified as the service provider, the web page will be changed slightly as follows:

Applications >> Dynamic DNS Setup >> Dynamic DNS Account Setup

Index : 1

Available settings are explained as follows:

Item Description
Enable Dynamic DNS Account	Select to enable this DDNS profile.
WAN Interface	Select the WAN interface to monitor for IP address changes.WANx First - The specified WAN interface will be examined first. If it is online, its IP address will be used in the DDNS update.WANx Only - Only the specified WAN interface will be examined. If the WAN interface is online, its IP address will be used in the DDNS update. Otherwise no update will be performed for this DDNS profile.
Service Provider	Select the DDNS provider. If your DDNS provider is not listed, select User-Defined and manually configure the profile.Provider Host - Enter the IP address or the domain name of the host which provides related service.Note that such option is available when Customized is selected as Service Provider.Service API - Enter the API information obtained from DDNS server.Note that such option is available when Customized isselected as Service Provider.(e.g:/dynamic/ dns/ update.asp?u=j0***&p=j0*******&hostname=j****.changeip.org&ip=###IP###&cmd=update&offline=0)Auth Type- Two types can be used for authentication.Basic-Username and password defined later can be shown from the packets captured.URL-Username and password defined later can be shown in URL.(e.g., http://ns1.vigorddns.com/ddns.php?username=xxxx&password=xxxx&domain=xxxx.vigorddns.com)Note that such option is available when Customized is selected as Service Provider.Connection Type- There are two connection types (HTTP and HTTPS) to be specified. Note that such option is available when Customized is selected as Service Provider.Server Response- Type any text that you want to receive from the DDNS server.Note that such option is available when Customized is selected as Service Provider.If other service provider is selected, you have to configure Service Type, Domain Name, Login Name and Password.Service Type- Select the service type that matches that of your DynDNS account. If you are unsure which service type to select, try Dynamic first. This options is applicable to DynDNS only.Domain Name- The domain and subdomain to be updated.
Login Name The login name	of the DDNS account.
Password	The password of the DDNS account.
Wildcard and Backup MX	The Wildcard and Backup MX (Mail Exchange) features are not supported for all Dynamic DNS providers. You could get more detailed information from their websites.
Mail Extender	If the mail server is defined with another name, please enter the name in this area. Such mail server will be used as backup mail exchange.
Determine WAN IP	If a Vigor router is installed behind any NAT router, you can enable such function to locate the real WAN IP.When the WAN IP used by Vigor router is private IP, this function can detect the public IP used by the NAT router and use the detected IP address for DDNS update.There are two methods offered for you to choose:WAN IP- The IP address of the router's WAN interface will be used.Internet IP- The real public IP address will be used.Select this option if the IP address assigned to the router's WAN interface is not the actual external IP address.

Click OK to save changes, Clear to clear all settings, or Cancel to discard changes and return to the main DDNS screen.

DrayDDNS Settings

DrayDDNS, a new DDNS service developed by DrayTek, can record multiple WAN IP (IPv4) on single domain name. It is convenient for users to use and easily to set up. Each Vigor Router is available to register one domain name.

Choose DrayDDNS (Global) as the service provider, the web page will be displayed as follows:

Applications >> Dynamic DNS Setup >> Dynamic DNS Account Setup

Index : 1

Note:

1. The Create function of Let's Encrypt certificate works only when the current profile has been stored.

Available settings are explained as follows:

Disable the Function and Clear all Dynamic DNS Accounts

Uncheck Enable Dynamic DNS Setup, and click Clear All button to disable the function and clear all accounts from the router.

Delete a Dynamic DNS Account

Click the Index number you want to delete and then click Clear All button to delete the account.

DDNS updates take place when:

● The router is powered on or rebooted.
● The public IP address of any WAN interface changes.
● The online status of a WAN interface changes (going from online to offline or vice versa).
● The DDNS function is changed from disabled to enabled.
● A DDNS entry is modified and enabled.
● The Auto-Update Interval has elapsed.

Procedures for Setting up a Dynamic DNS Entry

1. Contact the dynamic DNS provider of your choice and have service set up. Most DDNS providers accept signups on their websites. Service could be provided free of charge or for a fee.
2. Create a DDNS entry on the router by selecting the appropriate DDNS provider and enter the account information.
3. Make sure that both the DDNS entry and the DDNS feature are enabled on the router.
4. Click the View Log button on the DDNS main page to bring up the update log.
5. Examine the update log to make sure the update was successful.
6. If the update was not successful, verify the DDNS entry to make sure the settings are entered correctly.

II-5-2 LAN DNS / DNS Forwarding

LAN DNS lets the network administrators host servers with privacy and security. When the network administrators of your office set up FTP, Mail or Web server inside LAN, you can specify specific private IP address (es) to correspondent servers. Thus, even the remote PC is adopting public DNS as the DNS server, the LAN DNS resolution on Vigor2927 series will respond the specified private IP address.

graph TD
    A["server.yourdomain.com"] -->|Private IP 192.168.1.100| B["Internet"]
    A -->|Public IP 210.139.175.223| B
    B --> C["Public DNS Server server.yourdomain.com"]
    D["192.168.1.x"] -->|A private IP address mapped to the Domain Name.| E["IP Address List"]
    F["140.186.223.x"] -->|Data transfer| G["Internet"]
    H["Enable Profile: server"] --> I["Profile Index: 1"]
    J["Domain Name: kernel.yourdomain.com"] --> K["IP Address List"]
    L["IP Address List: Index: IP Address = 192.168.1.100"] --> M["IP Address List: Same Subset Reply"]

To start configuring LAN DNS or DNS Forwarding, from the main menu, click Applications, followed by LAN DNS / DNS Forwarding.

Each item is explained as follows:

To configure a LAN DNS profile, click on its index to bring up the configuration page.

Applications >> LAN DNS / DNS Forwarding

Profile Index : 1