Draytek Vigor2000 User Manual

Page 1
0. Preface ..................................................................... 0-1
0.1 About This Manual ........................................... 0-2
0.2 Copyright Declarations .................................. 0-2
0.3 Trademarks ........................................................ 0-2
0.4 How To Become A Registered Owner ........ 0-2
0.5 Safety Instructions ........................................... 0-3
0.6 Warranty .............................................................. 0-3
1. Getting Started .................................................. 1-1
1.1 Introduction .......................................................... 1-2
1.2 Unpacking your Vigor2000 Router ................... 1-3
1.3 LED Indicators & Rear Panels .......................... 1-4
1.4 Key Features .......................................................... 1-7
2. Installation & Setup ......................................... 2-1
2.1 Before you Begin ................................................ 2-2
2.2 Hardware Installation ......................................... 2-4
2.3 Setting up a Management PC ........................... 2-7
2.4 Using the Smart Start Wizard ......................... 2-13
2.5 Using the Web Configurator .......................... 2-18
Table of Contents
Page 2
3. Basic Setup & Internet Access .................. 3-1
3.1 Basic Setup .......................................................... 3-2
3.2 Internet Access Setup ....................................... 3-7
3.3 ISDN Dial-up Internet Access ......................... 3-9
3.4 IDSL Leased-Line .................................................3-12
3.5 DSL/Cable Modem Internet Access ............... 3-14
4. Remote Access .................................................... 4-1
4.1 Introduction to Remote Access ......................... 4-3
4.2 Remote Dial-in Access ........................................ 4-3
4.3 LAN-to-LAN Access ............................................. 4-7
5. Advanced Setup ................................................ 5-1
5.1 Enabling the Remote Activation Function .... 5-3
5.2 Call Control Setup ................................................ 5-4
5.3 Configuring the BOD Parameters ................... 5-5
5.4 NAT Setup ........................................................... 5-7
5.5 IP Filter/Firewall Setup ....................................... 5-10
6. Virtual TA Application .................................... 6-1
6.1 Virtual TA Concepts ............................................ 6-2
6.2 Installing a Virtual TA Client .............................. 6-4
Page 3
6.3 Configuring a Virtual TA Client/Server ........... 6-5
7. System Management ...................................... 7-1
7.1 Online Status ........................................................ 7-3
7.2 Management Setup ............................................. 7-5
7.3 Diagnostic Tools .................................................. 7-7
7.4 Reboot System .................................................. 7-14
7.5 Firmware Upgrade ............................................ 7-15
8. Troubleshooting & FAQ ............................... 8-1
8.1 Using the Telnet Terminal Commands .......... 8-2
8.2 Viewing Call Logs ............................................... 8-4
8.3 Viewing ISDN Logs ............................................. 8-6
8.4 Viewing PPP Logs .............................................. 8-7
8.5 Viewing WAN Logs ............................................. 8-8
8.6 FAQs ........................................................................ 8-9
Page 4
0-1
0
Preface
0.1 About This Manual
0.2 Copyright Declarations
0.3 Trademarks
0.4 How To Become A Registered Owner
0.5 Safety Instructions
0.6 Warranty
0.7 European Community Declarations
Page 5
0-2
Preface
0.1 About This Manual
This manual is designed to assist users in using the DrayTek Vigor2000 Router. Information in this document has been care­fully checked for accuracy; however, no guarantee is given as to the correctness of the contents. The information contained in this document is subject to change without notice. Should you have any inquiries, please feel free to contact
support@draytek.com.tw . For latest product info and features,
visit our website at www.draytek.com.tw.
0.2 Copyright Declarations
Copyright © 2000 DrayTek Corporation. All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without writ­ten permission from the copyright holders.
0.3 Trademarks
Microsoft is a registered trademark of Microsoft Corp. Windows, Windows 95, 98, Me, NT, and 2000 are trademarks of Microsoft Corp. Other trademarks and registered trademarks of products referred to in this manual are the properties of their respective
owners.
0.4 How To Become A Registered Owner
Web registration is preferred. Please visit the following website:
http://www.draytek.com.tw/registration.htm. Alternatively, fill in
the registration card and mail it to the address found on the reverse side of the card. Registered owners will receive future product and update information.
Page 6
0-3
Preface
0.5 Safety Instructions
! Please read the installation guide thoroughly before you set
up the router.
! The router can be used only with a BRI (Basic Rate Inter-
face) ISDN line.
! The router is a complicated electronic unit that may be
repaired only by authorized and qualified personnel. Do not try to open or repair the router yourself.
! Do not place the router in a damp or humid place, e.g. a
bathroom.
! The router should be used in a sheltered area, within a
temperature range of +5 to +40 Celsius.
! Do not expose the router to direct sunlight or other heat
sources. The housing and electronic components may be dam­aged by direct sunlight or heat sources.
! Keep the packaging out of reach of children. ! When you want to dispose the router, please follow local
regulations on conservation of the environment.
We warrant to the original end user (purchaser) that the Vigor2000 Routers will be free from any defects in workmanship or materials for a period of two (2) years from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase.
During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workman­ship and/or materials, we will, at our discretion, repair or replace the defective products or components, without charge for either parts or labor, to whatever extent we deem necessary to re­store the product to proper operating condition. Any replace­ment will consist of a new or re-manufactured functionally equiva-
0.6 Warranty
Page 7
0-4
Preface
lent product of equal value, and will be offered solely at our discretion. This warranty will not apply if the product is modi­fied, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
The warranty does not cover the bundled or licensed soft­ware of other vendors. Defects that do not significantly affect the usability of the product will not be covered by the warranty. We reserve the right to revise the manual and online documen­tation and to make changes from time to time in the contents hereby without obligation to notify any person of such revision
or changes.
0.7 European Community Declarations
The Vigor2000 Routers have been approved for connection to the Public Switched Telecommunication Network using inter­faces compatible with ITU-TSS recommendation I.430 (Basic Rate ISDN user access). The Vigor2000 Routers comply with the R&TTE Directive 99/5/EC.
Page 8
1-1
1
Getting Started
1.1 Introduction
1.2 Unpacking Your Vigor2000 Router
1.3 Front Panel& Rear Panel Descriptions
1.4 Key Features
Page 9
1-2
Getting Started
1.1 Introduction
The Vigor2000 Router provides multiple users with efficient and reli­able access over a single ISDN BRI, IDSL (U Interface), DSL line, or Cable Modem (not support Dynamic IP) service to the Internet and corporate LAN for using E-mail, sharing documents, Web surfing, file transfers, etc. Moreover, the provision of a built-in six-port 10BaseT Ethernet hub and one Uplink port may give cost-effective workgroup connectivity over Ethernet.
In addition to improving the productivity of employee, flexible telecommuting access, and affordable management cost, Vigor2000 Router accommodates room for business growth from 6-7 computers to more. The smart solution of DrayTek Vigor2000 Route provides SOHO users an `easy to setup and use`, `instant internet and intranet connection`, `high interoperablility`, and `good security` for network management.
The broadband access protocol supports PPPoE, PPTP, and Static IP. These protocols comply with worldwide Ethernet-based DSL/Cable Modem standards.
For traditional ISDN users, the Vigor2000 Router features a built-in Virtual TA (Remote CAPI) server which operates as a CAPI-based ISDN TA for LAN users. To run FAX transmission or data transfer serv­ices, users need to install a Virtual TA client driver on the PCs and use third-party CAPI-based software .
Vigor2000 Router provides seamless migration from ISDN to a broadband connection for multiple SOHO users and easy usage of ISDN for backup-dial and/or remote access while concurrently using the DSL/Cable modem connection.
PPPoE / PPTP allows users on the LAN interface to setup a dial-on­demand DSL connection sharing the same IP account, and paying for only ONE connection. The idle-timeout function prevents wasted connection charges by shutting down the connection when it is idle. No PPPoE / PPTP client software is required for the computers. Hassle free!
Page 10
1-3
Getting Started
1.2 Unpacking Your Vigor2000 Router
Your Vigor2000 Router package should contain items listed below. If any item is missing or damaged, contact your dealer or DrayTek Customer Service Department immediately.
! One User manual with warranty/registration card
! One CD-ROM, including User Manual in electronic form, latest
released firmware, and utilities
! One RJ-45 ISDN telephone cable (black)
! One AC/AC power adapter (black)
! One Console cable (gray)
! One RJ45 to RS232 (9 pin) converter for console cable
! One Ethernet LAN cable (blue) for connection to a computer
or hub
Dimensions (cm) of Vigor2000 Router
21.8 (L) x 15.8 (W) x 3.6 (H)
Weight: 399 grams
Maximum Power: 10W
Power Adapter: AC adapter; Class2 transformer; input is 230VAC 50Hz;
minimum output is from 15 to 17V AC 600mA
Page 11
1-4
Getting Started
1.3 Front Panel & Rear Panel Descriptions
Vigor2000 Router:
Front Panel Description -- LED Indicators
There are eleven LEDs on the front panel, including ACT, LNK,B1, B2, COL, and P1 ~ P6.
ACT (Activity) BLINK when power is supplied to the router and the router is running normally.
Page 12
1-5
Getting Started
ISDN Group:
Note:
On some NT1 boxes, the LNK LED will go OFF when the ISDN line has been idle for a while. When the router is dialing or answering a call, it should be ON again.
LNK (Link) ON when the connected network card or hub has linked up. Blinking when the Ethernet packets pass through the interface.
B1
ON when there is successful remote connection on the ISDN BRI B1 channel.
B2
ON when there is successful remote connection on the ISDN BRI B2 channel.
LAN Group:
Col (Collision)
BLINK when there is collision of packets within the Ethernet.
P1 ~ P6
- ON when the computer is connected and has no packet transmission going.
- BLINK when packets are sending/receiving through hub or connected computer.
Rear Panel Description
The Vigor2000 has a power jack, an uplink port, six RJ-45 ports, a console port, and an ISDN port on the rear panel:
Page 13
1-6
Getting Started
Only the DrayTek supplied power adapter should be connected to the power jack.
UPLINK (back panel)
Use attached 10BaseT LAN cable to connect to another hub. The light besides the port will be ON when the router is connected to another hub.
LAN - P1, P2, P3, P4, P5, P6
These switch ports should be connected to your local PCs.
CONSOLE
Connects to the computer you want to use to configure Vigor2000 Router.
ISDN (Varied by Router Model)
- For S/T Interface Router Model: Connects to a NT1 box provided by your ISDN service provider.
- For U Interface Router Model: If your ISDN service provider does not provide the NT1 box or your ISP provides IDSL connection, use this model for connection.
Page 14
1-7
Getting Started
1.4 Key Features
The Vigor2000 Router provides many built-in server and software fea­tures to provide a convenient comprehensive solution for your SOHO network.
1. Network Address Translation (NAT): NAT allows multiple SOHO users to concurrently connect to an Internet Service Provider (ISP) using a single Internet access account.
2. Firmware Upgrade (TFTP) Server: Using this server and the Firmware Upgrade Utility software, you may easily upgrade to the latest firmware whenever enhanced features are added.
3. Web (HTTP) Server: A Web browser is the most common tool used to surf the Internet. You may use Microsoft Internet Explorer or Netscapes browser etc, to configure the Vigor2000 Router as easily as surfing web sites.
4. Virtual TA Server (VTA): The terminology Virtual TA means the Vigor2000 can operate as traditional ISDN TA to transmit and receive data, FAX, and voice transmissions via third-party software running on a desktop computer. In fact, a virtual TA server works as a network TA to exchange packets between an ISDN BRI and an Ethernet LAN. Therefore, desktop computers can use the ISDN line resource via an Ethernet LAN. In short, multiple users can share a network TA for backward compatibility with traditional applications, such as BBS, file transfer, sending/receiving FAXs etc.
5. Remote Access Server (RAS): RAS provides remote dial-in ac- cess services for home workers, branch offices, or telecommuters. Vigor2000 Routers offer 10 dial-in user profiles, including an authentication mechanism through CHAP/PAP and Calling Line Identification (CLID), secure callback functions, and 16 Lan-to-Lan Dialer Profiles, etc.
6. Routing Information Protocol (RIP) Support: Used in most
Page 15
1-8
Getting Started
LAN-to-LAN applications. The RIP protocol exchanges routing infor­mation between routers.
7. Domain Name Server (DNS) Proxy: The DNS proxy maintains a DNS cache, including a mapping table between domain names and IP addresses. The proxy also remembers DNS query packets sent through the router and saves them into its own DNS cache. For enhanced speed, when a DNS query packet enters the router, the proxy searches its local DNS cache. If matched, the router sends an answer to the host that sent the DNS query packet. Only unmatched DNS queries require querying a WAN Domain Name Server.
8. Telnet Terminal Server: The Telnet User Interface (TUI) is an efficient method of configuring and managing routers. It utilizes a traditional command-line user interface and is mainly for advanced configuration, management, and troubleshooting.
9. Dynamic Host Configuration Protocol (DHCP) Server: The server provides an easy-to-configure function for your local IP network. It can automatically assign IP network configurations for local PCs, such as IP address, IP netmask, gateway IP address, and Domain Name server etc.
10. Built-in Flash ROM: The Flash ROM memory saves the router firmware and configurations, even after power down.
11. ISDN Digital Subscriber Line (IDSL) Client Support: If your ISP provides ISDL connection, you can use the router to connect at 64/128k bps (U Interface Leased Line Type only).
12. Point-to-Point over Ethernet (PPPoE) Client Support: If you are a DSL user, the router has a built-in PPPoE client for establishing a DSL link connection with the ISP. There is no need to install a further PPPoE driver on your computers.
13. Point-to-Ponit Tunnelling Protocol (PPTP) Client Support: Some DSL modems (e.g. Alcatel modems) only provide a PPTP local connection for an end user computer. The Vigor2000 Routers have a
Page 16
1-9
Getting Started
built-in PPTP client for establishing a DSL link transport protocol for your entire local network. There is no need to install a PPTP driver on your computers.
14. Firewall: In addition to the built-in NAT mechanism, the Vigor2000 Routers feature another powerful firewall to protect your local network, or to deny specified local users access to unauthorized network services.
15. Bandwidth-on-Demand (BOD) for ISDN Interface: As the ISDN BRI interface has two independent B channels, the BOD mechanism allows you to automatically add/drop a B channel according to data traffic throughput.
16. Remote Management: The system manager can remotely manage the routers through an ISDN remote dial-in, ISDN, or DSL WAN interface.
Page 17
2-1
2
Installation &
Setup
2.1 Before you Begin
2.2 Hardware Installation
2.3 Setting up a Management PC
2.4 Using the Smart Start Wizard
2.5 Using the Web Configurator
Page 18
2-2
Installation & Setup
2.1 Before You Begin
1. Use only the power adapter supplied by DrayTek Corp. Using an incorrectly rated power adapter will result in damage to the router.
2. Know the type of interface provided by your ISP or telecom. The standard model only supports the ISDN BRI S/T-interface. If you are an ISDN U-interface user, you need to order a U-interface model. If you are an ISDN S/T-interface user, you should have an NT-1 or NT-1 plus provided by your ISP or telecom. Also, make sure the ISDN line is available.
3. In case of emergency, unplug the power adapter first.
4. Locate the device in a clean location. Do not block the ventilating slots on the rear panel.
5. Cables must be attached to the correct ports; to do otherwise may result in damage to the router. Keep cables away from walkways.
6. If you use S/T-interface, do not extend the ISDN line greater than 100 meters from the NT-1 (NT-1 plus) box and the router.
7. If you use DSL/Cable, check that your subscribed DSL/Cable modem supports the Ethernet interface for connecting to your PC. If not, you will be unable to connect it to the router.
8. Before you set up the router, you need to know the default settings of Vigor2000 Router as shown below:-
Factory Default Settings:
Default IP Network Settings:
IP Address: 192.168.1.1
Page 19
2-3
Installation & Setup
Subnet Mask: 255.255.255.0
DHCP Server: Enabled
Start IP Address: 192.168.1.10
IP Pool Counts: 50
DNS Server IP Address
- Primary IP Address: empty
- Secondary IP Address: empty
Web Configurator:
Username: admin
- Password: <blank>
Note: Blank means no password required.
Telnet Console:
Password: <blank>
Note: Blank means no password required.
Management from the Internet: Not allowed
Virtual TA Server: Enabled
Remote Dial-In Server: Disable
IP Address Assignment for Dial-In User: 192.168.1.200
Page 20
2-4
Installation & Setup
2.2 Hardware Installation
2.2.1 Connecting the Power Adapter
1. Connect the power adapter to the power outlet on the wall and to the PWR power jack on the rear panel of the router.
2. The ACT LED should be blinking once every 2 seconds.
2.2.2 Connecting to the Ethernet
A. Connecting to PCs:
1. Attach the Ethernet cable (blue color cable) to any P1 ~ P6 port.
2. Connect the other end of the Ethernet cable to your PCs' installed network interface card (NIC).
3. The LED indicators at both the Ethernet port and the NIC should be ON.
4. Attach the Console cable to Console port.
5. Connect the other end of the Console cable to the Management PC (p6~p23) you want to use to configure the Vigor2000 Router.
Note:
If the Ethernet cable is not long enough to reach your PCs, purchase a longer straight-through CAT. 5 UTP or STP Ethernet cable.
B. Connecting to an External Ethernet Hub:
1. Attach the Ethernet cable (blue color cable) to the Uplink port.
2. Connect the other end of the Ethernet cable to the external
Page 21
2-5
Installation & Setup
Ethernet hub or switch.
3. The LED indicators on both the Uplink port and the external Ethernet hub or switch should be ON.
Note:
If the Ethernet cable is not long enough to reach the external hub/switch, purchase a longer straight­through 10Base-T Ethernet cable, or create a handmade cable.
2.2.3 Connecting to an ISDN BRI Line
A. S/T-Interface Model
1. Locate the ISDN cable (black color cable).
2. Plug one of the RJ-45 connectors on the cable into the ISDN port on the rear panel of the router.
3. Plug the other end of the cable into any of the NT-1 (or NT1 plus) S/T-interface ports.
B. U-Interface Model
1. Locate the ISDN cable (black color cable).
2. Plug one of the RJ-45 connectors on the cable into the ISDN port on the rear panel of the router.
3. Plug the other end of the cable into the ISDN wall outlet.
2.2.4 Connecting to a DSL/Cable Modem
The router supports connection of a DSL modem via an Ethernet interface only. Non-Ethernet interface DSL modems, such as USB and ATMF-25, will not be supported.
1. Attach the Ethernet cable to the Ethernet port of the DSL/Cable
Page 22
2-6
Installation & Setup
3. If the Pn (the port that be plugged) LED is not bright, please change the direct cable to cross cable.
The hardware installation is now complete. The following sections will guide you through setting up your management PC and connecting to the Web Configurator.
The Web Configurator is a management utility that han­dles all configuration and provides web-based management.
Note:
modem.
2. Plug the other end of the cable into the P1 ~ P6 port.
Page 23
2-7
Installation & Setup
2.3 Setting Up a Management PC
The Vigor2000 Router has a built-in HTTP (Web) server for configuration. Before you use the router to access the Internet, you should set up a management PC to log into the router for further configuration. The management PC may be configured with a fixed or dynamically assigned IP address.
For a fixed IP address, use an IP address from a 192.168.1.0/24 net­work, such as 192.168.1.2.
For the dynamic IP address, you need to set the PC as a DHCP client, and then restart or renew the network settings. The DHCP server implanted in the router is enabled by default so the PC will then be assigned an IP address and related settings by the router.
The following examples are for a MicrosoftTM Windows 95/98 machine set to use a dynamic IP address. For other operating systems, please refer to the OS user manuals.
2.3.1 Checking the Network IP Configuration
The following explains how to setup the Transmission Control Proto­col/Internet Protocol (TCP/IP) in Windows 95/98. For more detailed information on TCP/IP setup, refer to the Windows 95/98 help files. For other operating systems refer to the user manuals.
1. On the desktop, right click "Network Neighborhood". Click "Properties". The Network screen will open (see the next page).
Page 24
2-8
Installation & Setup
Your particular system may differ from the screen shown here. Check if you have an Ethernet Network Interface card (NIC) installed. If not, refer to the installation documentation from the NIC card manufacturer and install the card and drivers.
If your have installed the NIC card,
1. Click the "Add" button. The "Select Network Component
Type" dialog box will open. This box has four options: Client, Adapter, Protocol, Service.
2. Select Protocol and click the "Add" button. The Select Net­work Protocol dialog box will open.
3. Select Microsoft in the left scrolling window, then select TCP/ IP on the right, and click "OK". It will return to the Network dialog box.
Page 25
2-9
Installation & Setup
2.3.2 Configuring the TCP/IP Protocol
1. On the Network dialog box Configuration card, select TCP/IP and then click "Properties". The TCP/IP Properties dialog box will open.
2. On the IP Address tab, click "Obtain an IP address automatically". As the DHCP (Dynamic Host Configuration Proto­col) server built into the router is enabled by default, your computer will get an IP address, subnet mask, and other related IP network settings from the router.
3. On the DNS Configuration tab, click "Disable DNS".
Page 26
2-10
Installation & Setup
4. Click the "Gateway" tab.
Page 27
2-11
Installation & Setup
5. Make the "New gateway" and "Installed gateways" fields blank and click "OK". A dialog box will pop up asking you to restart the PC. Click "Yes".
2.3.3 Checking TCP/IP Settings
1. After completing the previous steps, click "Start" -> "Run". Click the "Gateway" tab and type winipcfg. The IP Configuration window
will open. If the PC does not show an IP address in the 192.168.1.2 to
192.168.1.254 range, click the "Release" button to release the current configuration. Wait a few seconds and click "Renew" to get a new IP configuration from the router.
2. If the IP configuration is correct, you will be able to use the PING diagnostic utility built in Microsoft Windows to ping the router. Click "Start" -> "Programs" -> "MS-DOS Prompt". A command mode window will open. Type ping 192.168.1.1 (default IP of the router) to diagnose the network connectivity. If both hardware and software are correct, your computer will receive a response from the router as shown
Page 28
2-12
Installation & Setup
on the next page. If not, verify that the Ethernet cable is connected to the router properly and the Ethernet port LED on the front panel is lit.
Page 29
2-13
Installation & Setup
2.4 Using the Smart Start Wizard
The Smart Start Wizard will guide you to the Web Configurator or Telnet Terminal (command-line based management). Also, if the network you currently installed is not located in the 192.168.1.x IP range, the wizard will find the router and change the router's default IP address and IP mask to match the current network.
If you are familiar with using a web browser (Microsoft Internet Explorer, Netscape Communicator, etc.) or telnet client software, you may jump directly to the next section. We suggest you use the most up-to-date version of your web browser.
Installing the Router Tools
1. Insert the CD supplied with the router into the CD-ROM drive. The auto-run CD will display the main menu.
Note:
If auto-run fails to start the installation program, click autostart.exe on the root directory of the CD to start the program.
2. Click "Router Tools" for install. The Router Tools utilities include
Firmware Upgrade Utility, Smart Start Wizard, and Uninstall Router Tools.
Using the Wizard
1. Click "Start" > "Programs" > "Router Tools" > "Smart Start Wizard". (see below)
Page 30
2-14
Installation & Setup
The following screen will open.
2. Click "Search" to find the router on your network.
3. Click "OK" to go to the login password screen.
4. If this is the first time you setup the router, do not enter any password. Click "OK" to go to the next screen.
Page 31
2-15
Installation & Setup
The screen shows read-only IP and IP mask settings for the PC you are using, and also the IP Address and IP Mask settings for the router. Here you may change the settings of the router to match your current network environment, or keep the default settings.
5. Click "Next" to update the settings of the router.
6. Wait for a few seconds. The "Telnet" and the "Browser" will be clear (see below).
Page 32
2-16
Installation & Setup
If the IP address and IP Mask of your PC and the router are not located at the same subnet, please renew your PC's IP address using winipcfg.exe on Windows95/98/ME or ipconfig.exe on Windows NT/2000. As the browser has been launched, the following pop-up window will ask for User Name and Password.
Enter admin as the User Name and leave the Password field blank. The Web Configurator will open. In the following examples we use the NetscapeTM web browser.
Page 33
2-17
Installation & Setup
Page 34
2-18
Installation & Setup
2.5 Using the Web Configurator
2.5.1 Connecting to the Web Configurator via a Web Browser
1. Launch the Web browser. Enter http://192.168.1.1 into the browser Address window and press the Enter key.
2. An authentication dialog box will open.
3. If this is the first time you setup the router, type admin as the User Name and leave the Password field blank. Click "OK".
4. The Web Configurator Setup Main Menu will open. On the main page, Model, Firmware Version, Build Date/Time, and LAN MAC (Hardware) Address information will be displayed.
Page 35
2-19
Installation & Setup
2.5.2 Overview of the Web Configurator
The Setup Main Menu (see above figure) consists of four groups: Ba­sic Setup (Setup First), Quick Setup, Advanced Setup, and Sys- tem Management. The following will describe the outline for each
configuration menu.
Basic Setup (Setup First):
1. Administrator Password Setup:
Sets/changes the administrator password.
2. Ethernet TCP/IP and DHCP Setup:
Modifies the router's IP address and DHCP server settings.
Page 36
2-20
Installation & Setup
3. ISDN Setup:
ISDN users need to select a country code. Sets some ISDN numbering settings, e.g. MSN numbers and Own (Calling) num­bers.
Quick Setup:
1. Internet Access Setup: (required for Internet access)
Usually the router functions as a border router for SOHO or home networking so you must enter settings here to enable access to the Internet.
2. Remote Dial-In Access Setup:
Remote access or LAN-to-LAN remote access settings are made here.
3. Virtual TA (Remote CAPI) Setup:
Use this menu to create a Virtual TA user account and enable/ disable the built-in Virtual TA server.
Advanced Setup:
The following settings are for advanced configurations only. These items do not need to be configured for standard Internet access.
1. Call Control and PPP/MP Setup
Sets bandwidth-on-demand (BOD) parameters for the MP (Mul­tiple link PPP) protocol. Also, some call control parameters may be set here.
2. NAT (Network Address Translation) Setup
Sets NAT configurations, such as Port Redirection, etc.
Page 37
2-21
Installation & Setup
3. Static Route Setup
This menu has 10 routing rules for static routing usage. Here you may add/delete or activate/deactivate any static route.
4. Remote Dial-in User Setup
This menu supports 10 remote dial-in account for remote ac­cess applications. You can manage these dial-in accounts un­der the setup menu.
5. LAN-to-LAN Dialer Profile Setup
The LAN-to-LAN Dialer Profiles are different from last setup menu. Here up to 16 LAN to LAN profiles can be set for access to up to 16 remote networks via an ISDN line. These profiles have dial­out/dial-in/static route functions.
6. IP Filter/Firewall Setup
The router has a powerful built-in firewall. Up to 84 Call Filter and Data Filter rules may be set.
System Management:
1. Online Status
Click this item to view the current online status and statistics of the system.
2. Management Setup
Here allow you to grand or limit access rights to manage the router. Also, you may set HTTP or Telnet ports to specific port numbers of your choice.
3. Diagnostic Tools
Page 38
2-22
Installation & Setup
Diagnostic tools offers useful tools to diagnose the router or your network, e.g. view ARP table, routing table, NAT port map, DHCP server status, last triggered packet, etc.
4. Reboot System
You can restart the router with the default configuration or with the current running configuration.
5. Firmware Upgrade (TFTP Server)
Enables the TFTP server for firmware upgrades.
Note:
You should now have some basic concepts on how to setup and configure the router. The following chapters will explain each setup menu and related settings in more detail.
Page 39
3-1
3
Basic Setup &
Internet Access
3.1 Basic Setup
3.2 Internet Access Setup
3.3 ISDN Dial-up Internet Access
3.4 IDSL Leased-Line
3.5 DSL/Cable Modem Internet Access
Page 40
3-2
Basic Setup & Internet Access
The Web Configurator Setup Main Menu includes four groups: Basic Setup (Setup First), Quick Setup, Advanced Setup, and System Management.
This chapter explains the Basic Setup group and Internet Access Setup (which is in the Quick Setup group).
3.1 Basic Setup (Setup First)
This group includes Administrator Password Setup, Ethernet TCP/ IP and DHCP Setup, and ISDN Setup.
3.1.1 Changing the Administrator Password
On first setup the router requires no password. However, for security reasons, we strongly recommend that you set an administrator pass­word for the router. If you do not set a password for the router, any user can access the setting of the router and make changes randomly from local network or the Internet.
Click "Administrator Password Setup", the following screen will open.
Page 41
3-3
Basic Setup & Internet Access
Old Password:
If this is the first time you enter this menu, leave this field blank.
New Password:
Enter an administrator password.
Retype New Password:
Type the password again to confirm.
3.1.2 Configuring Ethernet TCP/IP Address and DHCP Server
Vigor2000 Router has six Ethernet ports for connecting to the local Ethernet network and external broadband device (i.e. DSL modem/ router or Cable modem).
There are two sets of IP address settings for the Ethernet. The 1st IP address/netmask is for private users or NAT users, and the 2nd IP address/netmask is for public users or pure router (not NAT) user. To allow access of public users you need to subscribe a globally reachable subnet from your ISP.
For example, for some ISDN dial-up access, the ISP will assign a few public IP addresses for your local network usage. You could use one IP address for your router; the 2nd IP address/netmask should be configured using the public IP address. Other local PCs should set the router IP address as the default gateway. When the ISDN con­nection to the ISP has been established, each local PC will directly route to the Internet. Also, you could use the 1st IP address/netmask to connect to other private users (PCs). These user's IP addresses will be translated to the 2nd IP address by the router and sent out via ISDN.
Page 42
3-4
Basic Setup & Internet Access
Router IP Network Configuration
1st IP Address: Private IP address for connecting to a local
private network (Default: 192.168.1.1).
1st Subnet Mask: Netmask for the local private network (De­fault: 255.255.255.0/24).
For IP Routing Usage: (Default: Disable)
Enable: Enable the 2nd IP address settings.
Disable: Disable the 2nd IP address settings.
2nd IP Address: Set a public IP address.
2nd Subnet Mask: Set a netmask for the public IP address.
DHCP Server Configuration
DHCP stands for Dynamic Host Configuration Protocol. It can auto­matically dispatch related IP settings to any local user configured as a DHCP client. The DHCP server supports up to 253 users (PCs) on
Page 43
3-5
Basic Setup & Internet Access
the local network.
Activate: (Default: Yes)
Yes: Enable the DHCP server.
No: Disable the DHCP server.
Start IP Address: Set the start IP address of the IP address
pool.
IP Pool Counts: Set the number of IPs in the IP address pool.
DNS Server IP Address: (Default: None)
DNS stands for Domain Name System. Every Internet host must have a unique IP address. They may also have a human­friendly and easy-to-remember name such as www.yahoo.com.
The DNS server converts this name into its equivalent IP address.
Primary IP Address: Set the IP address of the primary DNS server.
Secondary IP Address: Set the IP address of the secondary DNS server.
Note:
If you leave both Primary IP and Secondary IP Address fields blank, the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache. If the IP address of a Domain Name is already in the DNS cache, the router will resolve the Domain Name immediately. Otherwise, the router forwards the DNS query packet to the external DNS server by estab­lishing a WAN (e.g. ISDN or DSL/Cable) connection.
Page 44
3-6
Basic Setup & Internet Access
3.1.3 Configuring the ISDN Interface
Country Code:
Set the correct country code for proper function on your local ISDN network.
Own Number:
Set your ISDN number. The number you entered in this field will be carried with every outgoing call to the users you called.
MSN Numbers for the Router:
"MSN Numbers" means that the router is able to accept number­matched incoming calls. In addition, local ISDN network provider shoud support MSN service. The router provides three MSN number fields. Note that MSN services must be subscribed from your local telecom.
By default, MSN function is disabled (i.e. leave the MSN number fields blank) under which all incoming calls will be accepted without number matching.
Click OK to return to the Main Setup Menu.
Page 45
3-7
Basic Setup & Internet Access
3.2 Internet Access Setup
For most users, Internet access is the primary application. The following sections will explain more details of ISDN dial-up access and broadband access setup. When you click "Internet Access Setup" within the Quick Setup group, the following setup page will be shown.
Six methods are available for Internet Access.
Dialing to Single ISP: If you want to access the Internet via a single ISP, click here.
Dialing to Dual ISP: If you have more than one ISP, click here to set up two ISP dialup profiles. You will be able to dial to both ISPs at the same time. This is mainly for those ISPs who do not support Multiple link PPP (ML-PPP). In such cases dialing to two ISPs can increase the bandwidth utilization of the ISDN line to 128kbps data speed.
Page 46
3-8
Basic Setup & Internet Access
IDSL Client (For U Interface Model Only): If you are an IDSL subscriber, you must use U Interface Vigor2000 Router for direct connection. If the model you have is S/T Interface, you will not be able to use IDSL for Internet access.
PPPoE: This is for most DSL modem users. All local users can share one PPPoE connection to access the Internet.
PPTP: Some DSL service providers supply a special DSL modem (e.g. Alcatel's DSL modem). This kind of modem only supports the PPTP tunnel method to access the Internet. In these cases, you create a PPTP tunnel that carries a PPP session and terminates on the DSL modem. Once the tunnel has been established, this kind of DSL modem will forward the PPP session to the ISP. As long as the PPP session is connected, all the local users will be able to share this PPP session to access to the Internet.
Static IP: If you have obtained public IP address from DSL, Leased-Line or Cable (static IP only) service provider, select Static IP to setup your Internet Access mode.
Page 47
3-9
Basic Setup & Internet Access
3.3 ISDN Dial-up Internet Access
3.3.1 Connecting to a Single ISP
ISP Access Setup
ISP Name: Enter your ISP name.
Dial Number: Enter the ISDN access number provided by
your ISP.
Username: Enter the username provided by your ISP.
Password: Enter the password provided by your ISP.
Require ISP Callback (CBCP): If your ISP supports the
callback function, check "Require ISP Callback (CBCP)" to enable the Callback Control Protocol during PPP negotiations.
PPP/MP Setup
Link type: There are four link types
- Link Disable
Disable the ISDN dial-out function.
Page 48
3-10
Basic Setup & Internet Access
- Dialup 64Kbps
Use one ISDN B channel for Internet access.
- Dialup 128Kbps
Use both ISDN B channels for Internet access.
- Dialup BOD
BOD stands for bandwidth-on-demand. The router will use only one B channel under low traffic situations. Once the single B channel bandwidth is filled, the other B chan­nel will be dialed automatically. For more detailed BOD parameter settings, refer to the "Advanced Setup" group
-> "Call Control and PPP/MP Setup".
PPP Authentication: two types of authentication
- PAP Only
Set the PPP session to use the PAP protocol to negotiate the username and password with the ISP.
- PAP or CHAP
Set the PPP session to use the PAP or CHAP protocols to negotiate the username and password with the ISP.
Idle Timeout: Idle timeout means the router will disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection will remain always connected to the ISP.
IP Address Assignment Method (IPCP)
Fixed IP and Fixed IP Address:
In most environments you should not change the default set­tings as most ISPs provide a dynamic IP address for the router when it connects to the ISP. If your ISP provides a fixed IP address, check "Yes" and enter the assigned IP address in the Fixed IP Address field.
Page 49
3-11
Basic Setup & Internet Access
3.3.2 Connecting to Dual ISPs
Most configuration parameters are the same as last section. This page provides an "Enable Dual ISPs Function" check box and adds a secondary ISP Setup section. Check the box and enter the second ISP information.
Page 50
3-12
Basic Setup & Internet Access
3.4 IDSL Leased - Line
IDSL Client
ISP Access Setup
ISP Name: Enter the Internet Service Provider Name.
Username: Enter the username obtained from your ISP
provider.
Password: Enter the password obtained from your ISP provider.
PPP/MP Setup
Link Type: you have three selections
- Link Disable
Disable the IDSL link.
- Leased 64Kbps
Use one B channel for Internet access.
- Leased 128Kbps
Page 51
3-13
Basic Setup & Internet Access
Use both B channels for Internet access.
PPP Authentication: two types of authentication
- PAP Only
Set the PPP session to use the PAP protocol to negotiate the username and password with the ISP.
- PAP or CHAP
Sets the PPP session to use the PAP or CHAP protocols to negotiate the username and password with the ISP.
IP Address Assignment Method (ICPC)
Fixed IP and Fixed IP Address:
In most environments you should not change the default set­tings as most ISPs provide a dynamic IP address for the router when it connects to the ISP. If your ISP provides a fixed IP address, check "Yes" and enter the assigned IP address in the Fixed IP Address field.
Page 52
3-14
Basic Setup & Internet Access
3.5 DSL/Cable Modem Internet Access
Before you connect a broadband access device, e.g. a DSL/Cable modem, to the router, you need to know what kind of Internet access is provided by your ISP.
The following paragraphs deal with three widely used broadband ac­cess services. These are PPPoE Client, PPTP Client, and Static IP for DSL/Cable Modem. In most cases, you will get a DSL/Cable modem from the broadband access service provider. The router is connected behind the broadband device and works as a NAT or IP router for broadband and ISDN connections.
In addition to broadband access capabilities, the ISDN port can do dial backup, or provide remote access and remote management functions to support more flexible network connectivity. The following ap­plication scenario shows that the head office is capable of getting on to the Internet through the Vigor2000 and a broadband device and connecting to the branch office via an ISDN network simultaneously.
Page 53
3-15
Basic Setup & Internet Access
3.5.1 Using PPPoE with a DSL Modem
Click "Internet Access Setup" -> "PPPoE" to enter the setup page.
Page 54
3-16
Basic Setup & Internet Access
PPPoE Setup
PPPoE Link: Check "Enable" to enable the PPPoE client
protocol.
ISP Access Setup
ISP Name: Enter the ISP name.
Username: Enter the ISP supplied username.
Password: Enter the ISP supplied password.
ISDN Dial Backup Setup
Dial Backup Mode: Select "None" to disable this feature or
select "Packet Trigger" to activate this feature (refer to
3.5.4).
PPP/MP Setup
PPP Authentication: Select "PAP or CHAP" for widest
compatibility.
Idle Timeout: Idle timeout means the router will disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the PPP session will not terminate itself.
Fixed IP: Check "No (Dynamic IP)" unless your ISP has pro­vided you with a static IP address.
Fixed IP Address: If your ISP has provided you with a static IP address enter it here.
ISDN Dial Backup Setup
Dial Backup Mode: Select "None" to disable this feature o r
select "Packet Trigger" to activate this feature (refer to 3.5.4).
Page 55
3-17
Basic Setup & Internet Access
3.5.2 Using PPTP with a DSL Modem
PPTP Setup
PPTP Link: Check "Enable" to enable a PPTP client to es-
tablish a tunnel to a DSL/Cable modem.
PPTP Server IP Address: Specify the IP address of the
PPTP-enabled DSL/Cable modem. Refer to the user manual of the PPTP-enabled DSL/Cable modem.
Click "Internet Access Setup" -> "PPTP" to enter the setup page. The following setup page is just for example. Your DSL/Cable service provide should provide the exact settings.
ISP Access Setup
ISP Name: Enter the ISP name.
Username: Enter the ISP supplied username.
Password: Enter the ISP supplied password.
Page 56
3-18
Basic Setup & Internet Access
ISDN Dial Backup Setup
Dial Backup Mode: Select "None" to disable this feature or select "Packet Trigger" to activate this feature (refer to 3.5.4).
PPP Setup
PPP Authentication: Select "PAP or CHAP" for widest
compatibility.
Idle Timeout: Idle timeout means the router will disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the PPP session will not terminate itself.
Fixed IP: Check "No (Dynamic IP)" unless your ISP has pro­vided you with a static IP address.
Fixed IP Address: If your ISP has provided you with a static IP address enter it here.
3.5.3 Using a Static IP with a DSL/Cable Modem
Select this access mode if you receive a fixed public IP address or a public subnet from your DSL or Cable ISP. In most cases, a Cable ISP will provide a fixed public IP, while a DSL ISP will provide a public subnet. You must enable IP Routing Usage, and enter the fixed public IP or choose one public IP from the public subnet for Ethernet TCP/IP Setup (refer to 3.1.2).
Page 57
3-19
Basic Setup & Internet Access
Click "Internet Access Setup" -> "Static IP" to enter the setup page.
Access Control
Broadband Access: Select "Enable" to turn on the broadband
access capability.
Page 58
3-20
Basic Setup & Internet Access
Gateway IP Address: Enter the IP address from DSL service provider as Router IP address or the fixed IP gateway IP address.
ISDN Dial Backup Setup
Dial Backup Mode: Select "None" to disable this feature or
select "Packet Trigger" to activate this feature (refer to 3.5.4).
Note:
The router should be restarted to allow the settings to take effect.
3.5.4 Configuring ISDN Dial Backup
ISDN Dial Backup Setup
Page 59
3-21
Basic Setup & Internet Access
Dial Backup Mode:
None: Disable the backup function.
Packet Trigger: The backup line is disconnected until a packet from a local host triggers the router to establish a connection.
Always On: If the broadband connection is no longer available, the backup line will automatically connect and stay Always On until the broadband connection is recovered.
To start ISDN Dial Backup function, you must create a dial backup profile. Click "Internet Access Setup" -> "Dialing to a Single ISP" to setup the backup profile. Refer to section 3.3.1 for details.
Page 60
4-1
4
Remote Access
4.1 Introduction to Remote Access
4.2 Remote Dial-in Access
4.3 LAN-to-LAN Access
Page 61
4-2
Remote Access
This chapter explains the capabilities of remote access of the Vigor2000 Router. Use the following setup links on the Setup Main Menu to setup remote access functions.
Quick Setup
> Remote Dial-In Access Setup
Advanced Setup
> Remote Dial-In User Setup
> LAN-to-LAN Dialer Profile Setup
Page 62
4-3
Remote Access
4.1 Introduction to Remote Access
Here the term "Remote Access" covers two types of remote access. The first, "Remote Dial-In Access" means the router allows normal ISDN TA users or NAT routers (IP sharing routers) to dial into the router for sharing the network resources of the local network, or to surf the Internet via a broadband device. The other remote access function, "LAN-to-LAN Access", provides a solution to connect two independent LANs for mutual sharing of network resources. For ex­ample, the head office network can access the branch office network, and vice versa.
4.2 Remote Dial-In Access
4.2.1 Activating Remote Dial-In
In the Quick Setup group of the Setup Main Menu, click "Remote Dial-In Access Setup" to enter the setup page.
Page 63
4-4
Remote Access
Dial-In Access Control
Dial-In Service: Check "Enable" to allow dial-in service. Note
that if you check "Disable", the router will not accept any in- coming ISDN calls.
PPP/MP Setup
Dial-In PPP Authentication:
PAP: Selecting this option will force the router to au-
thenticate dial-in users with the PAP protocol.
PAP or CHAP: Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first. If the dial-in user does not support this protocol, it will fall back to use the PAP protocol for au­thentication.
Mutual Authentication (PAP): Enable this only if the connecting router requires mutual authentication. By default, the option is set to No.
IP Address Assignment for Dial-In Users
Start IP Address: Enter a start IP address to be assigned to
the dial-in PPP connection. You should choose an IP address from the local private network. For example, if the local private network is 192.168.1.0/255.255.255.0, you can choose
192.168.1.200 to be the Start IP Address.
Because one ISDN BRI has two independent data channels (B­channels), it is possible to allow two dial-in users at the same time. The first dial-in user would be assigned the start IP address and the second would be assigned the start IP address plus 1.
Click "OK"
4.2.2 Creating an Access Account for a Dial-in User
After activating the dial-in capability, you must create an access ac-
Page 64
4-5
Remote Access
count for each dial-in user. From the Advanced Setup menu, click "Remote Dial-In User Setup" to open the page shown below. The router provides 10 access accounts for dial-in users.
Set to Factory Default: Clicking here will clear all dial-in user ac­counts.
Index: Click one of the index numbers to open an individual setup page and enter the detail setting for each account.
Dial-In Username: The "???" means the access account has not set up yet. If an access account has been configured, the username will be shown.
Status: The symbol "v" means the account is active, "x" means inac­tive.
Click the index number of an account to open an individual setup page for detail setting.
Page 65
4-6
Remote Access
User Account and Authentication
Click to enable the user account: Check this item to acti-
vate the individual user account.
Username: Specify a username for the specific dial-in user.
Password: Specify a password for the specific dial-in user.
Idle Timeout: Default setting is 300 seconds. When a dial-in
connection has been idled longer than the time limit, the router will drop the connection.
Click to enable CLID authentication: For extra security, enables the option to allow the dial-in user to call only from a specific number. CLID stands for Calling Line Identification.
Peer ISDN Number: If CLID authentication has been enabled, enter the dial-in user's ISDN number.
Callback Function
The callback function provides a callback service for the dial-in user. The router owner will be charged the connection fee by the telecom.
Page 66
4-7
Remote Access
Click to enable the Callback function: Enable the callback function.
Specify the callback number: The option is for extra secu­rity. Once enabled, the router will only call back to the speci­fied ISDN number defined in the next parameter, Callback Number.
Callback Number: If the previous option has been enabled, enter the dial-in user's ISDN line number here.
Click to enable Callback Budget Control: Enable the callback budget control.
Callback Budget (Unit: minutes): By default, the callback function has a 30-minutes time restriction. The budget will be decreased automatically per callback connection. Once the callback budget has been exhausted, the callback mechanism will be disabled automatically.
4.3 LAN-to-LAN Access
Page 67
4-8
Remote Access
The following sections are based on the network layout above to de­scribe how to set up a LAN-to-LAN profile to connect two private net­works. In the above network layout, the private network of the head office is 192.168.1.0/24 and the off-site branch office network is
192.168.2.0/24.
Before you begin to setup a LAN-to-LAN profile for each network, you should gather the information shown in the following table.
eciffOdaeHeciffOhcnarB
DIkrowteN42/0.1.861.29142/0.2.861.291
ksamten/sserddaPIretuoR42/1.1.861.29142/1.2.861.291
noitcennocni-laidrofPIdengissA002.1.861.291002.2.861.291
tnuoccAsseccA
daeh:NU daeh:WP
hcnarb:NU hcnarb:WP
rebmunenilNDSI00010002
noitcnuFkcabllaCelbasiDelbasiD
4.3.1 Activating the Remote Dial-In Capability
In the Quick Setup group of the Setup Main Menu, click "Remote Dial­In Access Setup" to enter the setup page. See 4.2 Remote Dial-In Access for a full explanation of the fields on this page.
Page 68
4-9
Remote Access
Head Office:
The IP range of the Head Office network is 192.168.1.0/24, the settings should be as below:
Dial-In Service: Enable
Start IP Address: 192.168.1.200
Page 69
4-10
Remote Access
Branch Office:
The IP range of the Branch Office network is 192.168.2.0/24, the settings should be as below:
Dial-In Service: Enable
Start IP Address: 192.168.2.200
4.3.2 Creating a LAN-to-LAN Dialer Profile
After enabling the Dial-in service, you must create a LAN-to-LAN pro­file for each network. From the Advance Setup menu, click "LAN-to- LAN Dialer Profile" to enter the setup page as below.
Page 70
4-11
Remote Access
The router provides 16 LAN-to-LAN profiles for connecting to up to 16 different remote networks.
Set to Factory Default: Clicking here will clear all the LAN-to­LAN profiles.
Index: Click a number in the Index to open a detailed settings page for each profile.
Name: Indicate the name of the LAN-to-LAN profile. The symbol "???" means the profile is available.
Status: Indicate the status of the individual profiles. The symbol "v" means the profile is active and "x" means it is inactive.
Click an index number to open an individual LAN-to-LAN profile settings page.
Page 71
4-12
Remote Access
Each LAN-to-LAN profile includes 4 subgroups: Common Settings, Dial-Out Settings, Dial-In Settings, and TCP/IP Network Settings. The following will explain every subgroup in detail.
Common Settings
Profile Name: Specify a name for the remote network.
Enable this profile: Check here to activate this profile.
Call Direction: Specify the allowed call direction for this profile.
Page 72
4-13
Remote Access
Both: allow access of both outgoing and incoming calls.
Dial-Out: allow access of outgoing calls only.
Dial-In: allow access of incoming calls only.
Idle Timeout: Default setting is 300 seconds. When a connection of a profile has been idled longer than the time limit , the router will drop the connection.
Dial-Out Settings
Username: Specify a username for authentication by the re-
mote router.
Password: Specify a password for authentication by the re­mote router.
Dial Number: Specify the destination ISDN number for dialup.
Link Type: Indicate the dial-out link type.
Disable: Deactivate the dial-out action.
64kbps: Specify the outgoing connection speed is restricted to 64kbps (one B-channel).
128k bps: Specify the outgoing connection speed is 128kbps (two B-channels).
BOD: Specify the link type to be dynamic bandwidth control (Bandwidth-on-Demand).
PPP Authentication: Specify the authentication method. Normally set to PAP/CHAP for the widest compatibility.
VJ Compression: VJ Compression means TCP/IP protocol header compression. Normally set to "Yes" to improve band­width utilization.
Callback Function (CBCP): The callback function is implemented by the CBCP protocol that is one of the PPP protocol suite.
Page 73
4-14
Remote Access
- Require Remote to Callback: Inactive by default. When active, the router exchanges connection information with the remote router and requires the remote router to call back to make a connection.
- Provide ISDN Number to Remote: In some cases, the re­mote router requires the ISDN number for calling back. Check here to allow the local router to send the ISDN number to the remote router. The remote router owner will be charged the connection fee by the telecom.
Dial-In Settings
Username: Specify an username to authenticate the dial-in
router.
Password: Specify a password to authenticate the dial-in router.
Enable CLID Authentication: Limit the dial-in router to be
called from a specific ISDN number.
Peer ISDN Number: If CLID Authentication is enabled, enter the remote router's ISDN number in this field
Link Type: Refer to Dial-Out Settings.
PPP Authentication: Refer to Dial-Out Settings.
CVJ Compression: Refer to Dial-Out Settings
Callback Function (CBCP): Checking here allows this router
to accept requests from a remote router for call back.
Enable Callback Function: Checking here to enable this function. The router owner will be charged the connection fee by the telecom.
Use the Following Number to Callback
- Callback Number: Check here and enter a callback number for the router to call.
- Callback Budget: Specify a time budget for the callback function. By default the budget is set to zero, which means no call back attempt will work.
Page 74
4-15
Remote Access
TCP/IP Network Settings
The following settings are required for proper LAN-to-LAN operation.
My WAN IP: In most cases you may accept the default value
0.0.0.0 in this field. The router will then get a WAN IP address from the remote router during the IPCP negotiation phase. If the WAN IP address is fixed by remote, specify the fixed IP address here.
Remote Gateway IP: Specify the IP address of the remote router.
Remote Network IP: Specify the network identification of the remote network. For example, 192.168.1.0 is a network identification of a class-C subnet with netmask 255.255.255.0 (/
24).
Remote Network Mask: Specify the netmask of the remote network.
RIP Direction: The option specify the direction of RIP (Rout­ing Information Protocol) packets through the ISDN WAN con­nection.
RIP Version: Select the RIP protocol version. Specify Ver. 2 for greatest compatibility.
Exchange RIP Packets: The router has two local IP networks: the 1st subnet and 2nd subnet. Here you set which subnet will exchange RIP packets with the remote network. Usually set to 1st subnet for routing between the 1st subnet and the remote network.
Recall the LAN-to-LAN example described in section 4.3. The LAN­to-LAN Dialer Profile could be configured as below.
Page 75
4-16
Remote Access
Head Office:
Page 76
4-17
Remote Access
Branch Office:
Page 77
5-1
5
Advanced Setup
5.1 Enabling the Remote Activation Function
5.2 Call Control Setup
5.3 Configuring the BOD Parameters
5.4 NAT Setup
5.5 IP Filter/Firewall Setup
Page 78
5-2
Advanced Setup
This chapter explains the remaining options available in Advanced Setup:
Advanced Setup
> Call Control and PPP/MP Setup
> NAT Setup
> IP Filter/Firewall Setup
As you click "Call Control and PPP/MP Setup" will open the setup page as below. The page will describe in the following three sections for specific application.
Page 79
5-3
Advanced Setup
5.1 Enabling the Remote Activation Function
Some applications require the router to be remotely activated, or dial up to the ISP using the ISDN interface. For instance, if you are a user who accesses the Internet via ISDN from home, usually the dialup connection is idle when you are not at home. You may want to get some files from home while you are working in the office. This func­tion allows you to make a phone call to the router and ask it to dial up to the ISP. Then you can access your home network to retrieve the files. Of course, you have to have a fixed IP address and expose some internal network resources, such as FTP, WWW etc.
Click "Call Control and PPP/MP Setup" and specify a phone number in the Remote Activation field.
Page 80
5-4
Advanced Setup
5.2 Call Control Setup
Remote Activation
If the router accepts a call from the number 12345678, it will disconnect immediately and dial to the ISP. Note that "Internet Access Setup"
-> "Dialing to a Single ISP" should be preset properly.
Dial Retry and Dial Delay Interval
These two parameters set global settings for ISDN dialup access.
Dial Retry: Specify the dial retry counts per triggered packet. A triggered packet is any packet whose destination is outside the local network. The default setting is no dial retry. If set to 5, for each triggered packet, the router will dial 5 times until it is connected to the ISP or remote access router.
Dial Delay Interval: Specify the interval between dialup retries. By default, the interval is 0 seconds.
Page 81
5-5
Advanced Setup
PPP/MP Dial-Out Setup
Basic Setup
Select according to the ISP service type you subscribed and enter parameters according to the setup you entered for Remote Access
Setup (Chap 4).
5.3 Configuring the BOD Parameters
BOD stands for bandwidth-on-demand for Multiple Link PPP (ML-PPP or MP). Click "Call Control and PPP/MP Setup" to see the follow­ing settings.
These parameters are activated when you set the Link Type to Dialup
Page 82
5-6
Advanced Setup
BOD. Usually the ISDN will use one B channel to access the Internet or remote network when you use the Dialup BOD link type. The router
will use the parameters here to make a decision on when to activate/ drop the additional B channel. Note that cps (characters-per-second) measures the total link utilization.
High Water Mark and High Water Time: These parameters specify the conditions under which the second channel will be activated. When the utilization of the first connected channel goes over the High Water Mark and past the High Water Time, the additional channel will be activated. The link speed will then be 128kbps (two B channels).
Low Water Mark and Low Water Time: These parameters specify the conditions under which the second channel will be dropped. When the utilization of two B channels is under the Low Water Mark and past the High Water Time, the additional channel will be dropped. The link speed will be 64kbps (one B channel).
Note:
If you are not familiar with the operation of ISDN and ML­PPP, be wary of changing the default values.
Page 83
5-7
Advanced Setup
5.4 NAT Setup
Usually you will use the router as a NAT-enabled router. NAT stands for Network Address Translation. It means the router gets one (in Single ISP, PPPoE, PPTP) or two (in Dual ISPs mode) globally re­routable IP addresses from the ISP. Local hosts will use private network IP addresses defined by RFC-1918 to communicate with the router. The router translates the private network addresses to a globally routable IP address that is then used to access the Internet. The following explains NAT features for specific applications.
Click "NAT Setup" to open the setup page. On the page you will see the private IP address definitions defined in RFC-1918. Usually we
use the 192.168.1.0/24 subnet for the router.
5.4.1 Exposing Internal Servers to the Public Domain
The Port Redirection Table may be used to expose internal servers to the public domain or to directly assign a specific port number to internal hosts. External hosts or domain can specify port numbers to access
internal network services, such as FTP, WWW, etc.
The following example shows how an internal FTP server is exposed
Page 84
5-8
Advanced Setup
to the public domain. The internal FTP server is running on the local host addressed as 192.168.1.10.
As shown above, the Port Redirection Table provides 10 port-mapping entries for internal hosts.
Service Name: Specify the name for the specific network serv­ice.
Protocol: Specify the transport layer protocol that supports TCP and UDP options.
Public Port: Specify which port should be redirected to the internal host.
Private IP: Specify the private IP address of the internal host offering the service.
Private Port: Specify the private port number of the service offered by the internal host.
Page 85
5-9
Advanced Setup
Active: Check here to activate the port-mapping entry.
5.4.2 DMZ Host Setup
Click “DMZ Host Setup” to open the setup page. The DMZ Host settings allow a defined internal user to be exposed to the Internet to use some special-purpose applications such as Netmeeting or Internet Games etc.
DMZ Enable: Check to enable the DMZ Host function.
DMZ Host IP: Enter the IP address of DMZ host.
5.4.3 Well-known Port Number List
This page provides some well-known port numbers for your reference.
Page 86
5-10
Advanced Setup
5.5 IP Filter/Firewall Setup
The IP Filter/Firewall function helps to prevent your local network against attack from outside. It also provides a method of restricting users on the local network from accessing the Internet. Additionally, it can filter out specific packets to trigger the router to place an outgoing
connection.
5.5.1 An Overview of the Firewall
The IP Filter/Firewall includes two types of filter: Call Filter and Data Filter. The former is designed to block or allow IP packets that will trigger the router to establish an outgoing connection. The later is designed to block or allow which kind of IP packets are allowed to pass through the router when the WAN connection has been estab­lished.
Page 87
5-11
Advanced Setup
In concept, when an outgoing packet is routed to the WAN, the IP Filter will decide if the packet should be forwarded to the Call Filter or Data Filter. If the WAN connection has not been established, the packet will enter the Call Filter. If the packet is not allowed to trigger router dialing, it will be dropped. Otherwise, it will initiate a call to establish the WAN connection.
If the WAN connection of the router has been established, the packet will pass through the Data Filter. Packets match the block rule will be dropped and the contrary will be sent to the WAN interface. Alternatively, if an incoming packet enters from the WAN interface, it will pass through the Data Filter directly. If the packets match the block rule, it will be dropped. Otherwise, it will be sent to the internal LAN. The filter architecture is shown as below.
The Following sections will explain more about IP Filter/Firewall Setup using Web Configurator. The Filter has 12 filter sets with 7 filter rules for each set. There are a total of 84 filter rules for the IP Filter/ Firewall Setup. By default, the Call Filter rules are defined in filter
Page 88
5-12
Advanced Setup
set 1 and the Data Filter rules are defined in filter set 2.
General Setup: Some general settings are in the setup link.
Filter Setup: Here there are 12 filter sets for IP Filter configu-
rations.
Set to Factory Default: Click here to restore the filter rules to default values.
5.5.2 General Setup
On the General Setup page you can enable/disable the Call Filter or Data Filter and assign a Start Filter Set for each, configure the log settings, and set the MAC address for duplicate packets.
Page 89
5-13
Advanced Setup
Call Filter: Check "Enable" to activate the Call Filter function. Assign a start filter set for Call Filter.
Data Filter: Check "Enable" to activate the Data Filter func­tion. Assign a start filter set for Data Filter.
Log Flag: For troubleshooting purpose, you need to specify the filter log here.
None: The log function is inactive.
Block: All blocked packets will be logged.
Pass: All passed packets will be logged.
No Match: The log function will record all packets that are unmatched.
Note:
The filter log will be displayed on the Telnet terminal when you type the "log -f" command.
Page 90
5-14
Advanced Setup
MAC Address for Packet Duplication: Logged packets may also be logged to another location via Ethernet. If you want to duplicate logged packets from the router to another network device, you must enter the MAC address (HEX Format) of the other devices. Enter "0" to disable the feature (also see "Duplicate to LAN" on page 5-22). The feature will be helpful under Ethernet switch environment.
5.5.3 Editing the Filter Sets
Comments: Enter filter set comments/description. Its maximum
length is 22 characters.
Filter Rule: Click a button numbered "1" ~ "7" to edit the filter rule.
Active: Enable or disable the filter rule.
Next Filter Set: Specify the next filter set to link to after the
current filter set. Be aware of the sequence of the link and avoid
Page 91
5-15
Advanced Setup
any possible loop among the filter sets.
The following setup pages show the default settings for Call Filter and Data Filter. You will see the Call Filter set is assigned to Set 1 and the Data Filter set to Set 2.
Page 92
5-16
Advanced Setup
5.5.4 Editing the Filter Rules
Click the Filter Rule index button to enter the Filter Rule setup page for each filter. The following explains each configurable item in detail.
Comments: Enter filter set comment/description. Its maximum length is 14 characters.
Check to enable the Filter Rule: Enable the filter rule.
Pass or Block: Specify the action to be taken when packets
match the rule.
Block Immediately: Packets matching the rule will be dropped immediately.
Pass Immediately: Packets matching the rule will be passed immediately.
Block If No Further Match: A packet matching the rule,
Page 93
5-17
Advanced Setup
and that does not match further rules, will be dropped.
Pass If No Further Match: A packet matching the rule, and that does not match further rules, will pass through.
Branch to Other Filter Set: If the packet matches the filter rule, the next filter rule will branch to the specified filter set.
Duplicate to LAN: If you want to log the matched packets to another network device, check this box to enable it. The MAC Address is defined in "General Setup" -> "MAC Address for
Packet Duplication".
Log: Check this box to enable the log function. Use the Telnet
command "log -f" to view the logs.
Direction: Set the direction of packet flow. For the Call Filter, this setting is irrelevant.
Page 94
5-18
Advanced Setup
For the Data Filter:
IN: Specify the rule for filtering incoming packets.
OUT: Specify the rule for filtering outgoing packets.
Protocol: Specify the protocol(s) this filter rule will apply to.
IP Address: Specify a source and destination IP address for
this filter rule to apply to. Placing the symbol "!" before a par­ticular IP Address will prevent this rule from being applied to that IP address. It is equal to the logical NOT operator.
Subnet Mask: Specify the Subnet Mask for the IP Address column for this filter rule to apply to.
Operator: The operator column specifies the port number set­tings. If the Start Port is empty, the Start Port and the End Port column will be ignored. The filter rule will filter out any port number.
= : If the End Port is empty, the filter rule will set the port number to be the value of the Start Port. Otherwise, the port number ranges between the Start Port and the End Port (including the Start Port and the End Port).
!= : If the End Port is empty, the port number is not equal to the value of the Start Port. Otherwise, this port number is not between the Start Port and the End Port (includ- ing the Start Port and End Port).
> : Specify the port number is larger than the Start Port (includes the Start Port).
< : Specify the port number is less than the Start Port (includes the Start Port).
Keep State: When checked, protocol information about the TCP/UDP/ICMP communication sessions will be kept by the IP Filter/Firewall (the Firewall Protocol option (see fig. 5.x on page 5-17) requires that TCP or UDP or TCP/UDP or ICMP be se­lected for this to operate correctly).
Page 95
5-19
Advanced Setup
Fragments: Specify a fragmented packets action.
Don't Care: Specify no fragment options in the filter rule.
Unfragmented: Apply the rule to unfragmented pack­ets.
Fragmented: Apply the rule to fragmented packets.
Too Short: Apply the rule only to packets that are too short to contain a complete header.
5.5.5 Restricting Unauthorized Internet Services
This section will show a simple example to restrict access of WWW from certain locations. In this example, we assume the IP address of the access-restricted user is 192.168.1.10. The filter rule is created in the Data Filter set and is shown as below.
Port 80 is the HTTP protocol port number for WWW services.
Page 96
6-1
6
Virtual TA
Application
6.1 Virtual TA Concepts
6.2 Installing a Virtual TA Client
6.3 Configuring a Virtual TA Client/Server
Page 97
6-2
Virtual TA Application
This chapter covers Virtual TA concepts and explains how to setup a Virtual TA.
Quick Setup
> Virtual TA (Remote CAPI) Setup
6.1 Virtual TA Concepts
The term Virtual TA means the local Ethernet-connected hosts or PCs use popular CAPI-based software such as RVS-COM or BVRP etc. to access the router as a local ISDN TA for FAX sending or receiving via the ISDN line. Basically, it is a client/server network model. The Virtual TA server built into the router handles the connection establishment and release. The Virtual TA client, installed in the Ethernet-connected host, creates a CAPI-based driver to relay all CAPI messages between applications and the router's CAPI module.
Note:
1. The Virtual TA client is only supported on Microsoft
TM
Windows 95 OSR2.1/98/98SE/Me/2000 platforms.
2. The Virtual TA client only supports the CAPI 2.0 proto­col and has no built-in FAX engine.
3. One ISDN BRI interface only has two B channels. The
Page 98
6-3
Virtual TA Application
maximum number of active clients is also 2.
4. Before you set up the Virtual TA, you must set the correct country code. Click "ISDN Setup" in the Basic Setup group.
As the following application chart shows, the Virtual TA client can make an outgoing call or accept an incoming call to/from a peer FAX machine or ISDN TA etc.
Page 99
6-4
Virtual TA Application
6.2 Installing a Virtual TA Client
1. Insert the CD-ROM supplied with your Vigor2000, or directly double­click the installer file. Vsetup95.exe is for Windows 95 OSR2.1 or higher. Vsetup98.exe is for Windows 98, 98SE and Me. Vsetup2k.exe is for Windows 2000.
2. Follow the on screen instruction of the installer. The last step requires you to restart your computer. Click "OK" to restart.
3. After the computer restarted, you will see a VT icon on the taskbar (usually in the bottom-right of the screen, near the clock) as shown below.
When the icon text is GREEN, the Virtual TA client is connected to the Virtual TA server and you can launch your CAPI-based software to use the client to access the router. Read your software user guide for detailed configuration.
If the icon text is RED, it means the client lost the connection with the server. Check the physical Ethernet connection
Page 100
6-5
Virtual TA Application
6.3 Configuring a Virtual TA Client/Server
The Virtual TA application is a client/server model. You must set it up on both ends to operate your Virtual TA application.
By default, the Virtual TA server is enabled and the username and password fields are blank. Any Virtual TA client may login to the server. Once a single Username and Password field has been filled,
the Virtual TA server will only allow clients with a valid username and password to login.
Virtual TA Server:
Enable: Check to activate the server.
Disable: Check to deactivate the server. All Virtual TA applica-
tions will be stopped.
Loading...