Draytek 2820n Sitemap

This is a Draytek 2820n sitemap. Draytek offer a wide range of devices that are suitable for home and business use. They are excellent devices for home users that require more technical functionality than basic ADSL or FTTC routers and a good choice for businesses working to a budget and looking for something that provides good quality and functionality.

Draytek routers typically come with firewall functionality and wireless functionality, which makes them great all in one devices for companies or individuals aiming to keep their network small and simple.

The Draytek router web interface provides a relatively simple configuration interface to allow users to tailor the device to their requirements. The interface look and feel is similar across the Draytek router range. In this guide we will take a look at the interface for a Draytek Vigor 2820n – this device is suitable for Ethernet and EFM connections, DSL connections, FTTC connections, or a combination of these (Ethernet with DSL backup, for example).

The 2820n provides two WAN interfaces; one is a DSL interface which is designed for direct connection into a DSL connection. The other is labelled WAN2, and is an Ethernet interface which can be used to connect to any other WAN device, or into an Ethernet circuit or EFM circuit.

As well as these WAN ports, the Draytek 2820n has a 4 port switch built in for the LAN, and a USB port. The USB port can be used to connect a storage device for log files and networked file sharing.

The default IP address of the Draytek router is 192.168.1.1, and the username is ‘admin’ and the password is blank. It is recommended that a password is set immediately.

Once logged in (by typing https:// followed by the IP address into your browser), you will come to the Draytek status screen with a menu down the left:

Each section of the menu expands to show further options, offering a wealth of configuration options for all sorts of uses.

This guide will explain each menu option’s purpose, but detailed configurations for each part will not be covered here.

This guide was written using a Draytek 2820n running firmware version 3.3.7.6_232201.

WAN

General Setup

Enable or disable the WAN ports and provide names for them.
Some load balancing configuration options.

Internet Access

Configuration area for each WAN port’s Internet settings, such as static IP address, WAN IP Alias for additional WAN addresses, and username and password.

Multi PVCs

This area is used for various settings for multiple circuits that might be in use for various applications. It is possible to configure the different ports for different purposes.

Load-Balance Policy

Configure source and destination IP addresses to use different WAN ports to balance traffic through multiple connections.

LAN

General Setup

IP address for the LAN.
Additional IP addresses for NO-NAT can be configured here.
DHCP options.

Static Route

Static routes to networks outside of the Draytek’s configuration can be added here.

VLAN

VLAN tags can be applied to ports here if required.

Bind IP to MAC

Each MAC address (device) can be bound to use the same IP address when it connects. This is useful for security and applying other network policies.

LAN Port Mirror

Port mirroring is used for monitoring purposes. It allows you to mirror the traffic to another port so you can view the traffic and run monitoring applications against it.

NAT

Port Redirection

Port direction is used to direct a public port on the Internet to an internal LAN device on the same or different port.

DMZ Host

A LAN device can be configured as a DMZ device, this means it has no firewall features applied to it and all traffic is allowed through the Draytek to it.

Open Ports

This is a bit like a mix of the above two features. It opens ports to an inside host and allows a range of ports to be opened.

Address Mapping

If you have multiple WAN IP addresses using the WAN IP Alias, you can assign a range of LAN addresses to use a particular IP address as its NAT’d IP address – or assign a server, for instance, as a certain IP address.

Port Triggering

If a LAN device is required to communicate on the same port as another LAN device, this is not possible with Port Redirection. There may be a requirement to allow 2 devices to communicate on the same port, port triggering is used for this.

Firewall

General Setup

Enable and disable the firewall filters. The Call Filter listed here is for filters specific to when no Internet connection is present, you can prevent certain types of traffic from initiating a connection if required. The Data Filter are the filters set up once Internet is established.

Filter Setup

Custom rules can be added to block certain LAN users and certain destinations.

DoS Defence

A basic Denial of Service prevention feature can help you prevent issues from some smaller DoS attack attempts.

Objects Setting

IP Object

IP addresses can be configured as named objects to help configuration within some other parts of the Draytek, such as within the firewall filters.
However, objects cannot be used within ALL areas – for example, they cannot be used for Bandwidth Management.

IP Group

IP objects can be grouped together to further help custom configuration of firewall filters.

Service Type Object

Services (such as email, web, ftp) can be configured as named objects to help con figuration within some other parts of the Draytek, such as within the firewall filters.

Service Type Group

Service Type Objects can be grouped together to further help custom configuration of firewall filters.

Keyword Objects

Keyword objects can be created for custom URL and web filter rules.

Keyword Group

Keyword groups are used to group keyword objects.

File Extension Object

Using the URL content feature, certain file extensions can be restricted when coupled with this part of the configuration

CSM (Content Security Management)

APP Enforcement Profile

Profiles can be set up containing certain applications, programs, and types of traffic – these profiles can then be applied to firewall rules to block or permit, or otherwise control, the traffic.

URL Content Filter Profile

Profiles can be set up containing keywords, and other features, to assist administrators that want to control user web access.

Web Content Filter Profile

Profiles can be set up containing keywords, and other features, to assist administrators that want to control user web access.
This section is used to activate 3rd party web filter licenses that can make managing access to certain types of website easier.

Bandwidth Management

Sessions Limit

Allows control over the number of sessions LAN users can have.

Bandwidth Limit

Allows control over the bandwidth LAN users can use.

Quality of Service

QoS means certain LAN users or certain types of traffic can be prioritised over others. A certain amount of bandwidth can be reserved for certain services to ensure fewer problems.

APP QoS

This feature works with the feature above to make it easier to set up and manage. Rather than providing the ports and services yourself, you can select the application names.

Applications

Dynamic DNS

Dynamic DNS is useful if you do not have a static address on the WAN side. Using a Dynamic DNS provider, you can assign a DNS name to your router’s IP address. This means you can still take advantage of server features that require a static IP address.

Schedule

Schedules are a timed based configuration that is set up and then used with other features such as access rules and bandwidth management.

RADIUS

If you have a RADIUS server on your LAN, you can use this feature to ensure LAN users are directed to it to be authenticated.

UPnP

Universal Plug and Play is a feature designed to make it easier for new LAN devices to be connected without configuring the required ports and services manually. Only supported devices will properly take advantage of this feature.

IGMP

The Internet Group Management Protocol (IGMP) is a communications protocol sometimes used by hosts and routers on networks and can be used for one-to-many networking applications such as online video streaming and gaming, and allows more efficient use of resources when supporting these types of applications.

Wake on LAN

Wake on LAN can be used to power LAN devices up if they are switched off. This is only supported by LAN devices that have supported hardware. The Bind IP to MAC feature needs to be used also.

Short Message Service

Using an SMS provider, you can set the Draytek up to send an SMS alert if a WAN interface drops. This is only useful for DOWN alerts if you have more than one WAN interface and one interface remains UP. However, the alerts will be sent once the WAN is back up anyhow, so can still be a useful utility for users with one WAN interface.

VPN and Remote Access

Remote Access Control

Options to enable or disable the various types of VPN.

PPP General Setup

Options for remote VPN clients.

IPSec General Setup

Pre-shared key settings for remote VPN clients.

IPSec Peer Identity

These settings are used when using a certificate for VPN client authentication.

Remote Dial-in User

User accounts setup when configuring remote VPN client access.

LAN to LAN

When creating a site to site VPN to another office or cloud-based provider, you need to set up a LAN to LAN tunnel here. The other site needs configuring with compatible settings also.

Connection Management

Established tunnels and VPN connections will be shown here. Connections can be re-established and dropped if required.

Certificate Management

Local Certificate

This area is used to import your self-signed local certificate for use with authenticating VPN clients.

Trusted CA Certificate

This area is used to import your 3rd party signed certificate for use with authenticating VPN clients.

Certificate Backup

This area is used to backup your certificates.

Wireless LAN

General Setup

Set up your wireless SSID and wireless channel.

Security

Select your security method and wireless password.

Access Control

Block or permit specified MAC addresses from connecting wirelessly.

WPS

Wifi Protected Setup (WPS) is used to make it easier to connect new wireless clients. Rather than manually selecting the SSID and typing the password, you can press a button or use a PIN to connect.

WDS

Wireless Distribution System (WDS) is used when you have multiple devices with wireless capabilities and you wish to combine them together on the same network.

Advanced Setting

Further wireless options such as channel bandwidth.

WMM Configuration

WMM stands for Wi-Fi Multimedia. It is a standard created to define quality of service (QoS) in Wi-Fi networks. It is designed to improve audio, video and voice applications transmitted over Wi-Fi. WMM adds prioritized capabilities to Wi-Fi networks and optimizes their performance when multiple concurring applications, each with different latency and throughput requirements, compete for network resources.
This is enabled by default and the settings should not need to be changed.

AP Discovery

To make configuration of WDS easier, you can scan for the other access points and add them from this section.

Station List

This lists all the currently connected wireless clients.

USB Application

USB General Settings

General settings for the USB on the Draytek, such as number of connections that can be made.

USB User Management

User set up for access to attached USB drive.

File Explorer

Utility to connect to USB drive and upload files.

USB Disk Status

View the connection status of the attached drive and free space.

System Maintenance

System Status

Basic system overview for IP addresses, WAN statuses, firmware version etc.

HTTPS Encryption Setup

The type of encryption used when connecting over https.

TR-069

This area is used with the VigorACS central management system. This feature allows control of your device(s) over a cloud-based platform.

Administrator Password

Area to change the Draytek login credentials.

User Password

A basic user password for reduced web interface access.

Login Page Greeting

A message can be configured to appear on the login screen if required.

Configuration Backup

Area to backup or restore the configuration file for the device.

Syslog / Mail Alert

Syslogs can be sent to a syslog server or saved to the attached USB drive.
Email alerts can also be configured here for various security functions.

Time and Date

Configure the time and date, and set up the NTP server.

Management

Define the management ports, enable or disable ping on the WAN interface, enable or disable remote management, and set up SNMP for traffic monitoring.

Reboot System

Reboot the system, reboot the system to factory settings, and set up scheduled reboots.

Firmware Upgrade

Upgrade the installed firmware on the device.

Activation

Additional licenses can be activated here – such as the Web Filter license.

Diagnostics

Dial-out Trigger

This simply displays the last packet that triggered the router to connect to the Internet. This is unlikely to have any real relevance if your router is always on and connected.

Routing Table

This displays the current routing table.

ARP Cache Table

This displays all connected devices.

DHCP Table

This displays all the hosts connected that have been provided an address by DHCP.

NAT Sessions Table

Shows the current NAT table – this shows you the established connections that LAN clients are currently using.

Ping Diagnosis

Utility to ping devices for connectivity troubleshooting.

Data Flow Monitor

When enabled, you can view traffic used by each connected LAN device – and you can even apply a temporary block directly from here.

Traffic Graph

A basic graph to show WAN traffic over the last few hours or the last week.

Trace Route

Utility to trace the route to a given destination.

activereach specialises in helping companies with digital ready networks, including internet access circuits, VPNs, local areas networking LAN and wide area networking WAN. Call us on 0845 625 9025 or contact us to find out more.