DrayTek Vigor2930 Firewall Router

Vigor 2930Vsn Router Firewall
●
●
●
●
●
●
●
●
●
●
Broadband Router/Firewall
Dual Ethernet WAN ports
Comprehensive and
Robust Firewall
Content Filtering (by
matched keyword or data
type)
SurfControl Web Site
Category Filtering
Ethernet and WLAN Virtual
LAN segmentation
(common/distinct)
Configurable QoS Features
(For traffic prioritisation)
VPN Dial-in/dial-out with
VPN hardware co-processor
802.11n Draft 2.0 Wireless
LAN
Highly configurable but
easy to install and monitor
Overview
The Vigor 2930VSn is a high-performance dual-WAN firewall. The two dedicated ethernet WAN ports can provide load
balancing, WAN failover or bandwidth aggregation (increasing total bandwidth onto the Internet). Versions with SIPCompliant VoIP (Voice-over-IP) and ISDN support are also available. High Speed total WAN througput of up to 70Mb/s is
available, and IPSec VPN throughput of up to 40Mb/s. Extensive QoS support and comprehensive Web Content filtering
features help you make the most efficient use of your bandwidth.
The Vigor 2930VSn is in an all-new DrayTek housing design with all LEDs and sockets provided conveniently on the front.
This makes desk usage, wall mouting or rack-mousing (optional bracket required) all equally covenient.
Wireless LAN
Wireless LAN
The Vigor2930VSn features the latest 802.11n Draft 2.0 wireless LAN specification and has been certified by the WiFi
alliance for cross compatibility and WiFi compliance (including WPA/WPA2 and WMM).
802.11n Draft 2.0 provides a total wireless bandwidth of up to 300Mb/s using new methods such as packet aggregation
and channel bonding. Throughput depends on your own environment (factors such as obstructions, number of hosts and
distance all make a significant difference), but actual transfer speeds of 100Mb/s are achievable (based on our real world
tests). In addition, 802.11n Draft 2.0 provides greater coverage and resilience to interference compared to previous
wireless standards thanks to the MIMO technology and the Vigor's triple-antennae diversity arrangement. This offset
arrangement of aerials provides offset paths between hosts so that interference can be overcome.
Page 1 of 7
©2008 SEG. Reproduction prohibited without written permission.
15/06/2009
Wireless Security is comprehensive too; the Vigor 2930 Series provides several independent levels of security including
encryption (up to WPA2), authentication (802.11x) and methods such as MAC address locking and DHCP fixing to restrict
access to authorised users only. The Web interface lets you see how many and which clients are currently connected as
well as their current bandwidth usage. An 'instant' block lets you disconnect a wireless user temporarily in case of query.
The Wireless VLAN facility allows you to isolate wireless clients from each other or from the 'wired' LAN.
Your laptop PC's built-in wireless may not support 802.11n Draft 2.0 wireless, in which case you will need to add a new
wireless LAN interface such as the DrayTek N61 USB adaptor.
For specialist coverage applications, optional aerials can be used with the Vigor 2930 to potentially increase the range of
wireless coverage (depending on enviroment) or provide directional coverage in order that your wireless transmission is
focussed and concentrated into one direction only, for example into a room or across open space.
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
802.11n Compliant (Draft 2.0)
WiFi Alliance Approved
Latest 'MIMO' Technology with three aerials (2T3R)
Packet Aggregation and Channel Bonding
Optional Higher Gain or directional aerials available
Also Compatible with 802.11b and 802.11g Standards
Active Client list in Web Interface
Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
64/128-bit WEP Encryption
WPA/WPA2 Encryption
Switchable Hidden SSID
Restricted access list for clients (by MAC address)
Time Scheduling (WLAN can be disabled at certain times of day)
Access Point Discovery
WDS (Wireless Distribution system) for WLAN Bridging (Firmware Upgradable, ETA March 2008)
802.1x Radius Authentication
Wireless Rate-Control
Automatic Power Management
802.11e WMM (Wi-Fi Multimedia)
Important Note : Wireless performance (speed and range) always depends on your specific environment
and will vary considerably. Factors affecting performance include wireless traffic, other networks nearby,
site construction, walls, ceilings and other electronic equipment nearby. The product may not be
upgradable to future 802.11n Draft standards or be compatible with products from other manufacturers.
Speeds quoted are the maximum wireless capacity, including RX/TX capacity, protocol overheads and all
clients/hosts connected.
VoIP
Voice-over-IP Features
The Voice-over-IP (VoIP) facilities on the Vigor 2930VSn model within the series are extensive. Standard SIP compliance,
with up to 12 simultaneous registrars (e.g. DrayTEL etc.) is supported, plus multiple codec support and many supplemental
services enabling you to make thorough use of your Internet connection for Voice calls. Short codes (speed dials) and VoIP
LCR ('Least Cost Routing') are also supported.
Page 2 of 7
©2008 SEG. Reproduction prohibited without written permission.
15/06/2009
Vigor 2930VS Schematic
From left : Two analogue VoIP ports, two ISDN Sockets (One S0, one
switchable S0/NT), dual Ethernet WAN ports and four LAN Ethernet ports.
ISDN Operation
ISDN
The Vigor2930 ('S' models) have two ISDN ports. Ports 1 and 2 can both be used as ISDN host ports, i.e. you can plug in
any digital ISDN device such as an ISDN telephone or ISDN analogue adaptor (to convert to analogue phones). This is
Page 3 of 7
©2008 SEG. Reproduction prohibited without written permission.
15/06/2009
known as 'S0' mode. ISDN Port 2 can also be configured to be an ISDN Line Port ('NT mode') whereby you connect it to a
BT ISDN line (or BT Highway). This ISDN access can be used for backup Internet access or it can be used as your primary/
only Internet connectivity. See the diagram later on this page to understand the topology more clearly.
Note: In the UK, ISDN is not very commonly used, except for company switchboard feeds. Consequently, standalone ISDN
products are not as widely available as they are in countries like Germany where ISDN is very common. Therefore, if you wish to
obtain an ISDN telephone or analogue adaptor, they are available but you may have to check with a few suppliers. Models sold
in the UK include the "Todos Phantom", "Todos Surflite" (Phone with two additional analogue phone ports), Tiptel 195. There are
lots of German products with analogue ports (also known as 'a/b' ports). Sourcing such products is at your own risk; this
information is for example guidance only.
Vigor 2930VS Schematic
From left : Two analogue VoIP ports, two ISDN Sockets (One S0, one
switchable S0/NT), dual Ethernet WAN ports and four LAN Ethernet ports.
Page 4 of 7
©2008 SEG. Reproduction prohibited without written permission.
15/06/2009
Specification
Vigor2930 Series Specification
●
●
●
Physical Interfaces:
❍
LAN: 4-port 10/100 Base-TX Switch
❍
WAN: 2-port 10/100 Base-TX Ethernet
❍
VoIP: 2-port FXS Phone Ports ('V' models only)
❍
ISDN: 2-Ports. One fixed S0, one configurable NT / TE mode
Dual-WAN Ports:
❍
10/100Base-T Ethernet
❍
Outbound Policy-Based Load-Balance
❍
WAN Connection Fail-over
❍
BoD (Bandwidth on Demand)
VoIP Features ('V' Models only):
❍
Protocols: SIP, RTP / RTCP
❍
12 SIP Registrar Accounts (for up to 12 VoIP providers)
❍
G.168 Line Echo-cancellation
❍
Automatic Gain Control
❍
Jitter Buffer ( 125ms )
❍
Voice Codecs:
■
G.711 A / μ Law
■
G.723.1
■
G.726
■
G.729 A / B
❍
Wireless LAN Features :
■
802.11n Compliant (Draft 2.0)
■
Latest 'MIMO' Technology with three aerials (2T3R)
■
Packet Aggregation and Channel Bonding
■
Optional Higher Gain or directional aerials available ■
Compatible with 802.11b and 802.11g Standards
■
Active Client list in Web Interface
■
Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
■
64/128-bit WEP Encryption
■
WPA/WPA2 Encryption
■
Switchable Hidden SSID
■
Restricted access list for clients (by MAC address)
■
Time Scheduling (WLAN can be disabled at certain times of day)
■
Access Point Discovery
■
WDS (Wireless Distribution system) for WLAN Bridging (Firmware Upgradable)
■
802.1x Radius Authentication
■
Wireless Rate-Control
■
Automatic Power Management
■
802.11e WMM (Wi-Fi Multimedia)
❍
VAD / CNG
❍
Tone Generation: DTMF , Dial , Busy , Ring Back , Call Progress
❍
DTMF Transmission: In Band / Out Band ( RFC-2833 ) / SIP info
❍
FAX / Modem Support G.711 Pass-through
❍
T.38 for FAX
❍
Supplemental Services:
■
Caller ID
■
Call Hold / Retrieve
■
Call Waiting
■
Call Waiting with Caller ID
■
Call Transfer
■
Call Forwarding ( Always , On Busy and On No Answer )
■
DND (Do not Disturb)
■
Call Barring ( Incoming / Outgoing )
■
MWI ( Message Waiting Indicator ) ( RFC-3842 )
■
Hotline (Dial preset number when handset lifted)
Page 5 of 7
©2008 SEG. Reproduction prohibited without written permission.
15/06/2009
●
●
●
●
●
ISDN Features :
❍
RJ-45 S/T Interfaces
❍
ISDN Loop-Through
❍
ISDN On-net / Off-net
❍
Euro ISDN Compatible
❍
Automatic ISDN Backup for Internet Access
❍
Support 64 / 128Kbps ( Multilink-PPP)
❍
BoD ( Bandwidth on Demand )
❍
Remote Dial-In / LAN-to-LAN Connection
❍
Remote Activation (Dial back on ISDN Caller ID recognition)
❍
ISDN Port Passthrough During Power Cut
WAN Protocols:
❍
DHCP Client
❍
Static IP
❍
PPPoE
❍
PPTP
❍
L2TP *
❍
BPA
Firewall & Security Features:
❍
CSM (Content Security Management):
■
URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
■
Surfcontrol Support - Block Web sites by category (subject to subscription)
■
Prevent accessing of web sites by using their direct IP address (thus URLs only)
■
Blocking automatic download of Java applets and ActiveX controls
■
Blocking of web site cookies
■
Block http downloads of file types :
■
Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
■
Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
■
Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
■
Time Schedules for enabling/disabling the restrictions
■
Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazza, WinMX etc. )
■
Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
❍
Multi-NAT, DMZ Host
❍
Port Redirection and Open Port Configuration
❍
Policy-Based Firewall
❍
MAC Address Filter
❍
SPI ( Stateful Packet Inspection )
❍
DoS / DDoS Protection
❍
IP Address Anti-spoofing
❍
E-Mail Alert and Logging via Syslog
❍
Bind IP to MAC Address
VPN Support:
❍
Up to 50 Simultaneous VPN Tunnels
❍
Protocols : PPTP, IPSec, L2TP, L2TP over IPSec
❍
Encryption : MPPE and Hardware-Based AES / DES / 3DES
❍
Authentication : Hardware-Based MD5 , SHA-1
❍
IKE Authentication : Pre-shared Key and Digital Signature ( X.509 )
❍
PFS (Perfect Forward Secrecy)
❍
IKE Phase 1 Agressive/Standard Modes & Phase 2 Selectable lifetimes
❍
LAN-to-LAN (Dial-in & Dial-Out), Teleworker-to-LAN
❍
DHCP over IPSec
❍
NAT-Traversal (NAT-T)
❍
Dead Peer Detection (DPD)
❍
VPN Pass-Through
Bandwidth Management:
❍
QoS
❍
Guaranteed Bandwidth for VoIP
❍
Class-based Bandwidth Guarantee by User-Defined Traffic Categories
❍
DiffServ Code Point Classifying
❍
4-level Priority for each Direction (Inbound / Outbound)
❍
Bandwidth Borrowed
❍
Temporary (5 minute) Quick Blocking of any LAN Client
❍
Bandwidth / Session Limitation
Page 6 of 7
©2008 SEG. Reproduction prohibited without written permission.
15/06/2009
●
●
Network/Router Management:
❍
Web-Based User Interface (HTTP / HTTPS)
❍
CLI ( Command Line Interface ) / Telnet / SSH*
❍
Administration Access Control
❍
Configuration Backup / Restore
❍
Built-in Diagnostic Function
❍
Firmware Upgrade via TFTP / FTP
❍
Logging via Syslog
❍
SNMP Management with MIB-II
Network Features:
❍
DHCP Client / Relay / Server
❍
Dynamic DNS
❍
NTP Client (Syncrhonise Router Time)
❍
Call Scheduling (Enable/Trigger Internet Access by Time)
❍
RADIUS Client
❍
DNS Cache / Proxy
❍
Microsoft™ UPnP
❍
Port-Based VLAN (Ethernet LAN ports exclusive/inclusive groups)
●
●
Routing Protocols:
❍
Static Routing
❍
RIP V2
Operating Requirements:
❍
Rack Mountable (Optional mount bracket required)
❍
Temperature Operating : 0°C ~ 45°C
❍
Storage : -25°C ~ 70°C
❍
Humidity 10% ~ 90% ( non-condensing )
❍
Power Consumption: 18 Watt Max.
❍
Dimensions: L240.96 * W165.07 * H43.96 ( mm )
❍
Operating Power: DC 15V (via external PSU, supplied)
❍
Warrantyu : 2 Years Manufacturer's RTB included
❍
Power Requirements : 220-240VAC
Accessories
Rack Mounting Kit
The RM1 Rackmount Bracket enabled you to fit any Vigor2930 series router into a standard 19" rack or cabinet. The
bracket takes up one rack slot (1U). The front mounted sockets remain fully accessible. For wireless models, we then
recommend extension aerials (or aerial extensions).
Page 7 of 7
©2008 SEG. Reproduction prohibited without written permission.
15/06/2009