Manuals / Draytek / Computer Equipment / Network Router

Draytek 2130 manual Authentication, Identities, Advanced Settings

Models: 2130

1 208

Download 208 pages 58.79 Kb

Page 165

Authentication

Authentication	Type - Determine the authentication method for remote dial-in
	user.

Preshared secret – If you choose this one, you have to type the shared secret manually and specify local identity. When using Preshared secret, all clients share the same secret.

Certificates - If you choose this one, you have to choose local certificate from the Local Certificate drop down list and type in local identity. Then, use Add Identity to specify remote identity for this service.

Identities

	Local Certificate - Used to authenticate the local part of the
	VPN tunnel (while using certificate-based authentication).
	Local Identity - Specify a local ID to be used for Dial-in
	setting in the LAN-to-LAN Profile setup. This item is optional
	and can be used only in IKE aggressive mode. It can also be a
	DNS name or an email address.
	Remote Identities - Define the identities of allowed clients.
Advanced Settings	Phase 1 (IKE) Encryption - Negotiation of IKE parameters
	including encryption, hash, Diffie-Hellman parameter values,
	and lifetime to protect the following IKE exchange,
	authentication of both peers using either a Pre-Shared Key or
	Digital Signature (x.509). The peer that starts the negotiation
	proposes all its policies to the remote peer and then remote peer
	tries to find a highest-priority match with its policies.

Phase 2 (IPSec) Encryption - Negotiation IPSec security methods including Authentication Header (AH) or Encapsulating Security Payload (ESP) for the following IKE exchange and mutual examination of the secure tunnel

Vigor2130 Series User’s Guide

157

Image 165

Draytek 2130 manual Authentication, Identities, Advanced Settings

Contents

Page Vigor2130 Series High Speed Gigabit Router User’s Guide Version Date 31/08/2009Vigor2130 Series User’s Guide Copyright Information Safety Instructions and ApprovalSafety WarrantyRegulatory Information European Community DeclarationsTable of Contents Vigor2130 Series User’s Guide 4 AdminModeOperation4.3.1 Hardware NAT 5 Trouble Shooting 1 Preface 1.1 Web Configuration Buttons Explanation1.2.1 For Vigor2130 1.2 LED Indicators and ConnectorsStatus Explanationfactory default configuration Factory ResetConnector for a power adapter Power SwitchStatus 1.2.2 For Vigor2130nExplanation Interfacefactory default configuration Factory ResetConnector for a power adapter Power SwitchStatus 1.2.3 For Vigor2130VnExplanation InterfaceDescription Interface1.3 Hardware Installation Stand Installation c d e fVigor2130 Series User’s Guide 2. Open Start-Settings- Printer and Faxes 1.4 Printer InstallationVigor2130 Series User’s Guide 4. Click Local printer attached to this computer and click Next7. Click Standard and choose Generic Network Card 8. Then, in the following dialog, click FinishVigor2130 Series User’s Guide 9. Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router 2 Configuring Basic Settings 2.2 Accessing Web Page2.1 Two-Level Management 2.3 Changing Password Main screen for admin mode operation full configurationMain screen for user mode operation simple configuration 5. Type New Password in New Password and Confirm New Password fields. Then click OK to continue 2.4 Quick Start Wizard 2.4.1 Setting up the Password2.4.3 Setting up the Internet Connection 2.4.2 Setting up the Time ZoneEnable Static IPIP Address Subnet MaskPPPoE DHCPEnable Clone MAC Addresssetting is It means Max Transmit Unit for packet. The defaultIt means Max Transmit Unit for packet. The default setting isPPTP/L2TP Choose Show to make the SSID being seen by wireless clients 2.4.4 Setting up the Wireless ConnectionPage Type WPA-PSKWPA Algorithm WPA Pre-shared KeyThe UDP port number that the RADIUS server is using. The WPA- RADIUSShared Secret 2.5 Online Status 2.4.5 Save the Wizard Configuration2.6 Saving Configuration 3 User Mode Operation 3.1 WANBasics of Internet Protocol IP Network What are Public IP Address and Private IP Address From 10.0.0.0 to From 172.16.0.0 to From 192.168.0.0 toGet Your Public IP Address from ISP Network Connection by 3G USB ModemStatic 3.1.1 Internet AccessType in the primary IP address for the router if you want to use DHCP Type in the username provided by ISP in this fieldPPPoE UsernameIt means Max Transmit Unit for packet. The default It means Max Transmit Unit for packet. The default setting isPPTP/L2TP APN means Access Point Name which is provided and 3G USB Modemrequired by some ISPs Speed Configured 3.1.2 PortsPort Link3.1.3 3G Backup Discard - It determines whether the MAC drops frames after anexcessive collision has occurred. If yes, a frame is dropped after Basics of LAN 3.2 LANAPN means Access Point Name which is provided and required by some ISPsWhat are Virtual LANs and Rate Control What is Routing Information Protocol RIPYou can configure the router to serve as a DHCP server for the 3.2.1 General SetupType in an address code that determines the size of the network Enter a value of the IP address pool for the DHCP server to startSpeed Configured 3.2.2 PortsPort LinkPower Control 3.2.3 MAC Address TableDisabled All power savings mechanisms disabled ActiPHY Link down power savings enabledDisable Automatic Aging 3.2.4 VLANStatic MAC Table Config Age TimeIndex 3.2.5 Static RouteDestination Address Display the destination address of the static routeAdd Static Routes to Private and Public Networks 3.2.6 Bind IP to MAC 3.3 NAT and MAC address listed in ARP table can be selected and addedand select the one, and click Remove. The selected item will be 3.3.2 Open Ports 3.3.1 Hardware NATName Specify the name for the defined network serviceProtocol Specify the transport layer protocol. It could be TCP, UDP and3.3.3 DMZ Host 3.4.1 Session Limit 3.4 Bandwidth Management3.4.2 Bandwidth Limit 3.4.3 Port Rate Control 3.4.4 QoS Control List Shaper Rate TxShaper Unit Display the type of that QCE QoS Control Entries QCE TypeType Value Display the value specified for the QCEAdding a New QCE TCP/UDP Port Editing a QCE 3.4.5 Ports PriorityMoving Up/Down a QCE Deleting a QCEDefault Class 3.4.6 QoS StatisticsQueuing Mode Use the drop down list to choose suitable modeRx Packets Rx Low 3.5.1 Dynamic DNS 3.5 Applications3.5.2 Schedule Snooping Enabled 3.5.3 IGMP SnoopingCheck the box to enable this function Check the box to enable unregistered IPMC traffic flooding3.5.4 IGMP Status 3.5.5 UPnP ConfigurationDisplay current IGMP groups. Maximum number of group for each VLAN can be set isCant work with Firewall Software 3.6.1 Basic Concepts 3.6 Wireless LANSecurity Overview 3.6.2 General SetupWireless Mode Wireless Security ConfigurationSSID Broadcast SSIDAuthentication Mode Default KeyWPA Mode Key1-Key4Either 8~63 ASCII characters, such as 012345678..or Vigor2130 Series User’s Guide Filter Type 3.6.3 Access Control3.6.4 Station List 3.6.5 Access Point Discovery 3.7.1 USB General Settings3.7 USB Application The user can enter a directory name in this field. Then 3.7.2 FTP User Managementafter clicking OK, the router will create the specific/new folder in the USB diskette. In addition, if the user types “/”Note When write protect status for the USB diskette is here, he/she can access into all of the disk folders and files3.7.3 Disk Status 3.7.4 Disk SharesType a name to be used as shared folder name in Samba service 3.8.1 User Configuration 3.8 UserAdding a New User 3.9 System Maintenance Editing/Deleting User Settings3.9.1 System Status Wireless LAN 3.9.2 User Password 3.9.3 Configuration BackupBackup the Configuration Restore Configuration 3.9.4 Syslog / Mail Alert Check the box to activate function of mail alert 3.9.5 Time and Date Select the time zone where the router is locatedVigor2130 Series User’s Guide 3.9.7 Reboot System 3.9.6 ManagementAccess List 3.9.8 Firmware Upgrade Vigor2130 Series User’s Guide 4.1 WAN 4 Admin Mode OperationBasics of Internet Protocol IP Network From 10.0.0.0 to From 172.16.0.0 to From 192.168.0.0 toWhat are Public IP Address and Private IP Address Get Your Public IP Address from ISPNetwork Connection by 3G USB Modem 4.1.1 Internet Access StaticType the subnet mask PPPoE DHCPsetting is It means Max Transmit Unit for packet. The defaultIt means Max Transmit Unit for packet. The default setting isPPTP/L2TP APN means Access Point Name which is provided and 3G USB Modemrequired by some ISPs You can use the drop down list to choose the required speed for 4.1.2 Ports4.1.3 3G Backup InternetSIM PIN code APN means Access Point Name which is provided and 4.2 LANrequired by some ISPs Basics of LANWhat is Static Route What is Routing Information Protocol RIPVigor2130 Series User’s Guide What are Virtual LANs and Rate Control 4.2.1 General SetupSpeed Configured 4.2.2 PortsStart IP Address IP Pool CountsAuto Disable Automatic Aging 4.2.3 MAC Address TableStatic MAC Table Config Age Time4.2.4 VLAN Add Static Routes to Private and Public Networks 4.2.5 Static RouteVigor2130 Series User’s Guide 4.2.6 Bind IP to MAC 4.3 NAT 4.3.2 Open Ports 4.3.1 Hardware NATName Specify the name for the defined network serviceProtocol Specify the transport layer protocol. It could be TCP, UDP andEnable 4.3.3 DMZ HostCheck to enable the DMZ Host function DMZ IP4.4 Firewall Denial of Service DoS Defense4.4.1 DoS Defense Basics for Firewall4.4.2 Ports Configuration Counts the number of frames that match this Access Control include Disabled, and 1 to 10. The default value is DisabledRate Limited ID Port CopyPlease specify a rate number for each ID. The default setting is 4.4.3 Rate Control ObjectRate limiter ID will be applied to WAN port and LAN port “1”packet per secondAdding a New Access Control Profile 4.4.4 Access Control ListAction - it means the session limitation for this access control list will be applied to if matching with the rule defined in this page MAC Parameter Specify the destination MAC filter for this ACEVLAN Parameter Detailed Explanation for Frame Type Ethernet Type FilterARP/RARP Sender IP Filter Request/Replydefined in Sender IP Address and Sender IP Mask Sender IP Address1 means ARP/RARP frames/packets where the hardware 0 means ARP/RARP frames/packets where the hardware0 ARP/RARP frames where the hardware address space is 1 ARP/RARP frames where the hardware address space isIP Fragment IP TTLIP Option OFFSET field is greater than zero must be able to matchSIP Address SIP FilterSIP Mask DIP FilterICMP Code Value ICMP Code FilterIP TTL IP FragmentSIP Filter IP OptionSIP Address SIP MaskSource Port No Source Port FilterSource Port Range Dest. Port FilterIP TTL IP FragmentIP Option SIP Address SIP FilterSIP Mask DIP Filter0 TCP frames where the SYN field is set must not be able 0 TCP frames where the FIN field is set must not be ableDest. Port Filter Specify the TCP port destination filter for this ACE0 TCP frames where the ACK field is set must not be able 0 TCP frames where the PSH field is set must not be ableTCP PSH TCP ACKIP TTL IP Protocol ValueIP Fragment IP OptionSIP Filter 4.5 Bandwidth ManagementSIP Address SIP Mask4.5.1 Session Limit Enable 4.5.2 Bandwidth LimitDisable Default TX limit4.5.4 QoS Control List 4.5.3 Port Rate ControlVigor2130 Series User’s Guide QCE Type Adding a New QCEDisplay the type of that QCE QoS Control Entries Type ValueTCP/UDP Port Editing a QCE Moving Up/Down a QCE 4.5.5 Ports PriorityDeleting a QCE Indicate the interface for the physical port, WAN port, LANQueuing Mode 4.5.6 QoS StatisticsUse the drop down list to choose suitable mode Queue WeightedRx Packets Rx Low 4.6.1 Dynamic DNS 4.6 Applications4.6.2 Schedule Snooping Enabled 4.6.3 IGMP SnoopingCheck the box to enable this function Check the box to enable unregistered IPMC traffic flooding4.6.4 IGMP Status 4.6.5 UPnP ConfigurationDisplay current IGMP groups. Maximum number of group for each VLAN can be set iskilobits/second. Such information can be requested by Enter the maximum sustained WAN download speed inUPnP clients Enter the maximum sustained WAN upload speed in4.7.1 Remote Access Control 4.7 VPN and Remote AccessAdding a New User 4.7.2 PPTP Remote Dial-inVigor2130 Series User’s Guide Editing/Deleting User SettingsMobile VPN Type 4.7.3 IPSec Remote Dial-inAuthentication Advanced SettingsIdentities during phase 1 of the VPN connection Establishment. The Display the encryption and authentication algorithm used4.7.4 Remote Dial-in Status algorithm is used during exchange of key exchangeAdding a VPN Tunnel 4.7.5 LAN to LANDisplay the encryption and authentication algorithm used during phase 1 of the VPN connection Establishment. TheName EnabledRemote IP Type4.8.1 Basic Concepts 4.8 Wireless LANSecurity Overview Enable Wireless LAN 4.8.2 General SetupWireless Mode SSID BroadcastDefault Key Wireless Security ConfigurationAuthentication Mode z NoneWPA Algorithm WPA ModeWPA Preshared Key z WPA-RADIUSServer IP Address WPA AlgorithmDestination Port Shared SecretVigor2130 Series User’s Guide 4.8.3 Access Control4.8.4 Station List 4.9 USB Application 4.8.5 Access Point Discovery4.9.2 FTP User Management 4.9.1 USB General SettingsEnable FTP Enable Disk Sharing4.9.4 Disk Shares 4.9.3 Disk StatusNote When write protect status for the USB diskette is here, he/she can access into all of the disk folders and filesThe user can enter a directory name in this field. Then after clicking OK, the router will create the specific/new4.10.1 User Configuration 4.10 UserAdding a New User Vigor2130 Series User’s Guide Editing/Deleting User Settings4.11.1 System Status 4.11 System Maintenance4.11.2 System Password 4.11.3 User PasswordDisplay the subnet mask address of the WAN interface Backup the Configuration 4.11.4 Configuration BackupRestore Configuration 4.11.5 Syslog/Mail AlertEnable Syslog Access… Time Zone 4.11.6 Time and DateAdd NTP server Click the button to add a new NTP server4.11.8 Reboot System 4.11.7 ManagementClick this button to remove an NTP server 4.11.9 Firmware Upgrade 4.12.1 Ping 4.12 DiagnosticsA - installed by addrconf D - dynamically installed by daemon or redirect4.12.2 Routing Table Display the netmask for the destination net4.12.4 Traffic Overview 4.12.3 System LogTime Level4.12.5 Detailed Statistics Rx Unicast 4.12.6 MAC Address Table VLAN TypeMAC Address Port MembersIt displays the name of the computer accepted the assigned 4.12.7 DHCP TableBlock - can prevent specified PC accessing into Internet 4.12.8 Data Flow Monitorconnection. Or you can check Auto-refresh to reload the 4.12.9 Ports State5.1 Checking If the Hardware Status Is OK or Not 5 Trouble ShootingFor Windows 1. Double click on the current used MacOs on the desktop For MacOs2. Open the Application folder and get into Network Vigor2130 Series User’s Guide5.3 Pinging the Router from Your Computer For MacOs TerminalFor Windows Vigor2130 Series User’s Guide 5.4 Checking If the ISP Settings are OK or NotFor PPPoE Users For Static Users1. Choose Static IP as the connection type 1. Choose PPPoE as the connection type5.5 Backing to Factory Default Setting If Necessary Software ResetFor PPTP/L2TP Users 5.6 Contacting Your Dealer Hardware Reset