Draytek 2820n Sitemap
This is a Draytek 2820n sitemap. Draytek offer a wide range of devices that are suitable for home and business use. They are excellent devices for home users that require more technical functionality than basic ADSL or FTTC routers and a good choice for businesses working to a budget and looking for something that provides good quality and functionality.
Draytek routers typically come with firewall functionality and wireless functionality, which makes them great all in one devices for companies or individuals aiming to keep their network small and simple.
The Draytek router web interface provides a relatively simple configuration interface to allow users to tailor the device to their requirements. The interface look and feel is similar across the Draytek router range. In this guide we will take a look at the interface for a Draytek Vigor 2820n – this device is suitable for Ethernet and EFM connections, DSL connections, FTTC connections, or a combination of these (Ethernet with DSL backup, for example).
The 2820n provides two WAN interfaces; one is a DSL interface which is designed for direct connection into a DSL connection. The other is labelled WAN2, and is an Ethernet interface which can be used to connect to any other WAN device, or into an Ethernet circuit or EFM circuit.
As well as these WAN ports, the Draytek 2820n has a 4 port switch built in for the LAN, and a USB port. The USB port can be used to connect a storage device for log files and networked file sharing.
The default IP address of the Draytek router is 192.168.1.1, and the username is ‘admin’ and the password is blank. It is recommended that a password is set immediately.
Once logged in (by typing https:// followed by the IP address into your browser), you will come to the Draytek status screen with a menu down the left:
Each section of the menu expands to show further options, offering a wealth of configuration options for all sorts of uses.
This guide will explain each menu option’s purpose, but detailed configurations for each part will not be covered here.
This guide was written using a Draytek 2820n running firmware version 18.104.22.168_232201.
Enable or disable the WAN ports and provide names for them.
Some load balancing configuration options.
Configuration area for each WAN port’s Internet settings, such as static IP address, WAN IP Alias for additional WAN addresses, and username and password.
This area is used for various settings for multiple circuits that might be in use for various applications. It is possible to configure the different ports for different purposes.
Configure source and destination IP addresses to use different WAN ports to balance traffic through multiple connections.
IP address for the LAN.
Additional IP addresses for NO-NAT can be configured here.
Static routes to networks outside of the Draytek’s configuration can be added here.
VLAN tags can be applied to ports here if required.
Bind IP to MAC
Each MAC address (device) can be bound to use the same IP address when it connects. This is useful for security and applying other network policies.
LAN Port Mirror
Port mirroring is used for monitoring purposes. It allows you to mirror the traffic to another port so you can view the traffic and run monitoring applications against it.
Port direction is used to direct a public port on the Internet to an internal LAN device on the same or different port.
A LAN device can be configured as a DMZ device, this means it has no firewall features applied to it and all traffic is allowed through the Draytek to it.
This is a bit like a mix of the above two features. It opens ports to an inside host and allows a range of ports to be opened.
If you have multiple WAN IP addresses using the WAN IP Alias, you can assign a range of LAN addresses to use a particular IP address as its NAT’d IP address – or assign a server, for instance, as a certain IP address.
If a LAN device is required to communicate on the same port as another LAN device, this is not possible with Port Redirection. There may be a requirement to allow 2 devices to communicate on the same port, port triggering is used for this.
Enable and disable the firewall filters. The Call Filter listed here is for filters specific to when no Internet connection is present, you can prevent certain types of traffic from initiating a connection if required. The Data Filter are the filters set up once Internet is established.
Custom rules can be added to block certain LAN users and certain destinations.
A basic Denial of Service prevention feature can help you prevent issues from some smaller DoS attack attempts.
IP addresses can be configured as named objects to help configuration within some other parts of the Draytek, such as within the firewall filters.
However, objects cannot be used within ALL areas – for example, they cannot be used for Bandwidth Management.
IP objects can be grouped together to further help custom configuration of firewall filters.
Service Type Object
Services (such as email, web, ftp) can be configured as named objects to help con figuration within some other parts of the Draytek, such as within the firewall filters.
Service Type Group
Service Type Objects can be grouped together to further help custom configuration of firewall filters.
Keyword objects can be created for custom URL and web filter rules.
Keyword groups are used to group keyword objects.
File Extension Object
Using the URL content feature, certain file extensions can be restricted when coupled with this part of the configuration
CSM (Content Security Management)
APP Enforcement Profile
Profiles can be set up containing certain applications, programs, and types of traffic – these profiles can then be applied to firewall rules to block or permit, or otherwise control, the traffic.
URL Content Filter Profile
Profiles can be set up containing keywords, and other features, to assist administrators that want to control user web access.
Web Content Filter Profile
Profiles can be set up containing keywords, and other features, to assist administrators that want to control user web access.
This section is used to activate 3rd party web filter licenses that can make managing access to certain types of website easier.
Allows control over the number of sessions LAN users can have.
Allows control over the bandwidth LAN users can use.
Quality of Service
QoS means certain LAN users or certain types of traffic can be prioritised over others. A certain amount of bandwidth can be reserved for certain services to ensure fewer problems.
This feature works with the feature above to make it easier to set up and manage. Rather than providing the ports and services yourself, you can select the application names.
Dynamic DNS is useful if you do not have a static address on the WAN side. Using a Dynamic DNS provider, you can assign a DNS name to your router’s IP address. This means you can still take advantage of server features that require a static IP address.
Schedules are a timed based configuration that is set up and then used with other features such as access rules and bandwidth management.
If you have a RADIUS server on your LAN, you can use this feature to ensure LAN users are directed to it to be authenticated.
Universal Plug and Play is a feature designed to make it easier for new LAN devices to be connected without configuring the required ports and services manually. Only supported devices will properly take advantage of this feature.
The Internet Group Management Protocol (IGMP) is a communications protocol sometimes used by hosts and routers on networks and can be used for one-to-many networking applications such as online video streaming and gaming, and allows more efficient use of resources when supporting these types of applications.
Wake on LAN
Wake on LAN can be used to power LAN devices up if they are switched off. This is only supported by LAN devices that have supported hardware. The Bind IP to MAC feature needs to be used also.
Short Message Service
Using an SMS provider, you can set the Draytek up to send an SMS alert if a WAN interface drops. This is only useful for DOWN alerts if you have more than one WAN interface and one interface remains UP. However, the alerts will be sent once the WAN is back up anyhow, so can still be a useful utility for users with one WAN interface.
VPN and Remote Access
Remote Access Control
Options to enable or disable the various types of VPN.
PPP General Setup
Options for remote VPN clients.
IPSec General Setup
Pre-shared key settings for remote VPN clients.
IPSec Peer Identity
These settings are used when using a certificate for VPN client authentication.
Remote Dial-in User
User accounts setup when configuring remote VPN client access.
LAN to LAN
When creating a site to site VPN to another office or cloud-based provider, you need to set up a LAN to LAN tunnel here. The other site needs configuring with compatible settings also.
Established tunnels and VPN connections will be shown here. Connections can be re-established and dropped if required.
This area is used to import your self-signed local certificate for use with authenticating VPN clients.
Trusted CA Certificate
This area is used to import your 3rd party signed certificate for use with authenticating VPN clients.
This area is used to backup your certificates.
Set up your wireless SSID and wireless channel.
Select your security method and wireless password.
Block or permit specified MAC addresses from connecting wirelessly.
Wifi Protected Setup (WPS) is used to make it easier to connect new wireless clients. Rather than manually selecting the SSID and typing the password, you can press a button or use a PIN to connect.
Wireless Distribution System (WDS) is used when you have multiple devices with wireless capabilities and you wish to combine them together on the same network.
Further wireless options such as channel bandwidth.
WMM stands for Wi-Fi Multimedia. It is a standard created to define quality of service (QoS) in Wi-Fi networks. It is designed to improve audio, video and voice applications transmitted over Wi-Fi. WMM adds prioritized capabilities to Wi-Fi networks and optimizes their performance when multiple concurring applications, each with different latency and throughput requirements, compete for network resources.
This is enabled by default and the settings should not need to be changed.
To make configuration of WDS easier, you can scan for the other access points and add them from this section.
This lists all the currently connected wireless clients.
USB General Settings
General settings for the USB on the Draytek, such as number of connections that can be made.
USB User Management
User set up for access to attached USB drive.
Utility to connect to USB drive and upload files.
USB Disk Status
View the connection status of the attached drive and free space.
Basic system overview for IP addresses, WAN statuses, firmware version etc.
HTTPS Encryption Setup
The type of encryption used when connecting over https.
This area is used with the VigorACS central management system. This feature allows control of your device(s) over a cloud-based platform.
Area to change the Draytek login credentials.
A basic user password for reduced web interface access.
Login Page Greeting
A message can be configured to appear on the login screen if required.
Area to backup or restore the configuration file for the device.
Syslog / Mail Alert
Syslogs can be sent to a syslog server or saved to the attached USB drive.
Email alerts can also be configured here for various security functions.
Time and Date
Configure the time and date, and set up the NTP server.
Define the management ports, enable or disable ping on the WAN interface, enable or disable remote management, and set up SNMP for traffic monitoring.
Reboot the system, reboot the system to factory settings, and set up scheduled reboots.
Upgrade the installed firmware on the device.
Additional licenses can be activated here – such as the Web Filter license.
This simply displays the last packet that triggered the router to connect to the Internet. This is unlikely to have any real relevance if your router is always on and connected.
This displays the current routing table.
ARP Cache Table
This displays all connected devices.
This displays all the hosts connected that have been provided an address by DHCP.
NAT Sessions Table
Shows the current NAT table – this shows you the established connections that LAN clients are currently using.
Utility to ping devices for connectivity troubleshooting.
Data Flow Monitor
When enabled, you can view traffic used by each connected LAN device – and you can even apply a temporary block directly from here.
A basic graph to show WAN traffic over the last few hours or the last week.
Utility to trace the route to a given destination.