Draytek 2820n Sitemap
This is a Draytek 2820n sitemap. Draytek offer a wide range of devices that are suitable for home and business use. They are excellent devices for home users that require more technical functionality than basic ADSL or FTTC routers and a good choice for businesses working to a budget and looking for something that provides good quality and functionality.
Draytek routers typically come with firewall functionality and wireless functionality, which makes them great all in one devices for companies or individuals aiming to keep their network small and simple.
The Draytek router web interface provides a relatively simple configuration interface to allow users to tailor the device to their requirements. The interface look and feel is similar across the Draytek router range. In this guide we will take a look at the interface for a Draytek Vigor 2820n – this device is suitable for Ethernet and EFM connections, DSL connections, FTTC connections, or a combination of these (Ethernet with DSL backup, for example).
The 2820n provides two WAN interfaces; one is a DSL interface which is designed for direct connection into a DSL connection. The other is labelled WAN2, and is an Ethernet interface which can be used to connect to any other WAN device, or into an Ethernet circuit or EFM circuit.
As well as these WAN ports, the Draytek 2820n has a 4 port switch built in for the LAN, and a USB port. The USB port can be used to connect a storage device for log files and networked file sharing.
The default IP address of the Draytek router is 192.168.1.1, and the username is ‘admin’ and the password is blank. It is recommended that a password is set immediately.
Once logged in (by typing https:// followed by the IP address into your browser), you will come to the Draytek status screen with a menu down the left:
Each section of the menu expands to show further options, offering a wealth of configuration options for all sorts of uses.
This guide will explain each menu option’s purpose, but detailed configurations for each part will not be covered here.
This guide was written using a Draytek 2820n running firmware version 3.3.7.6_232201.
WAN
General Setup
Enable or disable the WAN ports and provide names for them.
Some load balancing configuration options.
Internet Access
Configuration area for each WAN port’s Internet settings, such as static IP address, WAN IP Alias for additional WAN addresses, and username and password.
Multi PVCs
This area is used for various settings for multiple circuits that might be in use for various applications. It is possible to configure the different ports for different purposes.
Load-Balance Policy
Configure source and destination IP addresses to use different WAN ports to balance traffic through multiple connections.
LAN
General Setup
IP address for the LAN.
Additional IP addresses for NO-NAT can be configured here.
DHCP options.
Static Route
Static routes to networks outside of the Draytek’s configuration can be added here.
VLAN
VLAN tags can be applied to ports here if required.
Bind IP to MAC
Each MAC address (device) can be bound to use the same IP address when it connects. This is useful for security and applying other network policies.
LAN Port Mirror
Port mirroring is used for monitoring purposes. It allows you to mirror the traffic to another port so you can view the traffic and run monitoring applications against it.
NAT
Port Redirection
Port direction is used to direct a public port on the Internet to an internal LAN device on the same or different port.
DMZ Host
A LAN device can be configured as a DMZ device, this means it has no firewall features applied to it and all traffic is allowed through the Draytek to it.
Open Ports
This is a bit like a mix of the above two features. It opens ports to an inside host and allows a range of ports to be opened.
Address Mapping
If you have multiple WAN IP addresses using the WAN IP Alias, you can assign a range of LAN addresses to use a particular IP address as its NAT’d IP address – or assign a server, for instance, as a certain IP address.
Port Triggering
If a LAN device is required to communicate on the same port as another LAN device, this is not possible with Port Redirection. There may be a requirement to allow 2 devices to communicate on the same port, port triggering is used for this.
Firewall
General Setup
Enable and disable the firewall filters. The Call Filter listed here is for filters specific to when no Internet connection is present, you can prevent certain types of traffic from initiating a connection if required. The Data Filter are the filters set up once Internet is established.
Filter Setup
Custom rules can be added to block certain LAN users and certain destinations.
DoS Defence
A basic Denial of Service prevention feature can help you prevent issues from some smaller DoS attack attempts.
Objects Setting
IP Object
IP addresses can be configured as named objects to help configuration within some other parts of the Draytek, such as within the firewall filters.
However, objects cannot be used within ALL areas – for example, they cannot be used for Bandwidth Management.
IP Group
IP objects can be grouped together to further help custom configuration of firewall filters.
Service Type Object
Services (such as email, web, ftp) can be configured as named objects to help con figuration within some other parts of the Draytek, such as within the firewall filters.
Service Type Group
Service Type Objects can be grouped together to further help custom configuration of firewall filters.
Keyword Objects
Keyword objects can be created for custom URL and web filter rules.
Keyword Group
Keyword groups are used to group keyword objects.
File Extension Object
Using the URL content feature, certain file extensions can be restricted when coupled with this part of the configuration
CSM (Content Security Management)
APP Enforcement Profile
Profiles can be set up containing certain applications, programs, and types of traffic – these profiles can then be applied to firewall rules to block or permit, or otherwise control, the traffic.
URL Content Filter Profile
Profiles can be set up containing keywords, and other features, to assist administrators that want to control user web access.
Web Content Filter Profile
Profiles can be set up containing keywords, and other features, to assist administrators that want to control user web access.
This section is used to activate 3rd party web filter licenses that can make managing access to certain types of website easier.
Bandwidth Management
Sessions Limit
Allows control over the number of sessions LAN users can have.
Bandwidth Limit
Allows control over the bandwidth LAN users can use.
Quality of Service
QoS means certain LAN users or certain types of traffic can be prioritised over others. A certain amount of bandwidth can be reserved for certain services to ensure fewer problems.
APP QoS
This feature works with the feature above to make it easier to set up and manage. Rather than providing the ports and services yourself, you can select the application names.
Applications
Dynamic DNS
Dynamic DNS is useful if you do not have a static address on the WAN side. Using a Dynamic DNS provider, you can assign a DNS name to your router’s IP address. This means you can still take advantage of server features that require a static IP address.
Schedule
Schedules are a timed based configuration that is set up and then used with other features such as access rules and bandwidth management.
RADIUS
If you have a RADIUS server on your LAN, you can use this feature to ensure LAN users are directed to it to be authenticated.
UPnP
Universal Plug and Play is a feature designed to make it easier for new LAN devices to be connected without configuring the required ports and services manually. Only supported devices will properly take advantage of this feature.
IGMP
The Internet Group Management Protocol (IGMP) is a communications protocol sometimes used by hosts and routers on networks and can be used for one-to-many networking applications such as online video streaming and gaming, and allows more efficient use of resources when supporting these types of applications.
Wake on LAN
Wake on LAN can be used to power LAN devices up if they are switched off. This is only supported by LAN devices that have supported hardware. The Bind IP to MAC feature needs to be used also.
Short Message Service
Using an SMS provider, you can set the Draytek up to send an SMS alert if a WAN interface drops. This is only useful for DOWN alerts if you have more than one WAN interface and one interface remains UP. However, the alerts will be sent once the WAN is back up anyhow, so can still be a useful utility for users with one WAN interface.
VPN and Remote Access
Remote Access Control
Options to enable or disable the various types of VPN.
PPP General Setup
Options for remote VPN clients.
IPSec General Setup
Pre-shared key settings for remote VPN clients.
IPSec Peer Identity
These settings are used when using a certificate for VPN client authentication.
Remote Dial-in User
User accounts setup when configuring remote VPN client access.
LAN to LAN
When creating a site to site VPN to another office or cloud-based provider, you need to set up a LAN to LAN tunnel here. The other site needs configuring with compatible settings also.
Connection Management
Established tunnels and VPN connections will be shown here. Connections can be re-established and dropped if required.
Certificate Management
Local Certificate
This area is used to import your self-signed local certificate for use with authenticating VPN clients.
Trusted CA Certificate
This area is used to import your 3rd party signed certificate for use with authenticating VPN clients.
Certificate Backup
This area is used to backup your certificates.
Wireless LAN
General Setup
Set up your wireless SSID and wireless channel.
Security
Select your security method and wireless password.
Access Control
Block or permit specified MAC addresses from connecting wirelessly.
WPS
Wifi Protected Setup (WPS) is used to make it easier to connect new wireless clients. Rather than manually selecting the SSID and typing the password, you can press a button or use a PIN to connect.
WDS
Wireless Distribution System (WDS) is used when you have multiple devices with wireless capabilities and you wish to combine them together on the same network.
Advanced Setting
Further wireless options such as channel bandwidth.
WMM Configuration
WMM stands for Wi-Fi Multimedia. It is a standard created to define quality of service (QoS) in Wi-Fi networks. It is designed to improve audio, video and voice applications transmitted over Wi-Fi. WMM adds prioritized capabilities to Wi-Fi networks and optimizes their performance when multiple concurring applications, each with different latency and throughput requirements, compete for network resources.
This is enabled by default and the settings should not need to be changed.
AP Discovery
To make configuration of WDS easier, you can scan for the other access points and add them from this section.
Station List
This lists all the currently connected wireless clients.
USB Application
USB General Settings
General settings for the USB on the Draytek, such as number of connections that can be made.
USB User Management
User set up for access to attached USB drive.
File Explorer
Utility to connect to USB drive and upload files.
USB Disk Status
View the connection status of the attached drive and free space.
System Maintenance
System Status
Basic system overview for IP addresses, WAN statuses, firmware version etc.
HTTPS Encryption Setup
The type of encryption used when connecting over https.
TR-069
This area is used with the VigorACS central management system. This feature allows control of your device(s) over a cloud-based platform.
Administrator Password
Area to change the Draytek login credentials.
User Password
A basic user password for reduced web interface access.
Login Page Greeting
A message can be configured to appear on the login screen if required.
Configuration Backup
Area to backup or restore the configuration file for the device.
Syslog / Mail Alert
Syslogs can be sent to a syslog server or saved to the attached USB drive.
Email alerts can also be configured here for various security functions.
Time and Date
Configure the time and date, and set up the NTP server.
Management
Define the management ports, enable or disable ping on the WAN interface, enable or disable remote management, and set up SNMP for traffic monitoring.
Reboot System
Reboot the system, reboot the system to factory settings, and set up scheduled reboots.
Firmware Upgrade
Upgrade the installed firmware on the device.
Activation
Additional licenses can be activated here – such as the Web Filter license.
Diagnostics
Dial-out Trigger
This simply displays the last packet that triggered the router to connect to the Internet. This is unlikely to have any real relevance if your router is always on and connected.
Routing Table
This displays the current routing table.
ARP Cache Table
This displays all connected devices.
DHCP Table
This displays all the hosts connected that have been provided an address by DHCP.
NAT Sessions Table
Shows the current NAT table – this shows you the established connections that LAN clients are currently using.
Ping Diagnosis
Utility to ping devices for connectivity troubleshooting.
Data Flow Monitor
When enabled, you can view traffic used by each connected LAN device – and you can even apply a temporary block directly from here.
Traffic Graph
A basic graph to show WAN traffic over the last few hours or the last week.
Trace Route
Utility to trace the route to a given destination.
activereach specialises in helping companies with digital ready networks, including internet access circuits, VPNs, local areas networking LAN and wide area networking WAN. Call us on 0845 625 9025 or contact us to find out more.