DrayTek RoadShow 2015 @ Portugal (Setembro) - Sessão 1

1

Session 1

Henry Lo

Application Engineer

Seminar

Rui Jorge

Technical Manager

2

• Multi WAN- WAN Types - Load Balance and Backup - Triple Play - WAN Budget

• Multi LAN Subnets / VLAN- Port-Based - Tag-Based - Inter-LAN Routing - Hybrid Example — Setup multi-

subnets with APs

• Network Topology and Switch Management

Outline — Session 1

• LAN-to-LAN VPN - Supported Protocol - Hub and Spokes - VPN Trunk

• Remote Dial-in VPN- Smart VPN Client - SSL VPN

• Load-Balance/Route Policy

3


• High Availability• User Management

- Customized Login Page Logo - Create Accounts for Accommodations

• AP Management- Setup, Configure, and Maintenance - Management Methods

• WiFi Airtime Fairness• AP Station Statistics• Bandwidth Management

4






subnets with APs



5

• xDSL - ADSL, ADSL2/2+ - VDSL2

• Ethernet (10/100/1000) • Fiber • USB 3G/4G Dongle

Available WAN Interface

6

• xDSL - ADSL, ADSL2/2+ - VDSL2

• Ethernet (10/100/1000) • Fiber • USB 3G/4G Dongle


What if:• Physical Connection Down • No Dongle Available

7

• WiFi WAN (V2860 / V2925)- Choose Wireless Mode


8


• WiFi WAN (V2860 / V2925)- Choose Wireless Mode - AP Discovery

9


• WiFi WAN (V2860 / V2925)- Choose Wireless Mode - AP Discovery - Select AP

10


• WiFi WAN (V2860 / V2925)- Choose Wireless Mode - AP Discovery - Select AP - Auto Channel

11


• WiFi WAN (V2860 / V2925)- Choose Wireless Mode - AP Discovery - Select AP - Auto Channel - Business Continue

12

• Auto Weight / According to Line Speed

Load Balance and Backup

13

• Auto Weight


14

• According to Line Speed


15

• According to Line Speed


16

• Verify the Load Balance


17

• 4 Mechanisms for WAN Load Balance - CAH, cached - BAL, balanced - DNS - Policy


18

• Multi-Layers Backup


19

• Multi-Layers Backup


20

Triple Play

21

• WAN Type - VPI/VCI for ADSL - Tag for VDSL / Ethernet / Fiber

• Port-Based Bridge - to IPTV Setup Box

• Open WAN Interface - for IP Phones

• Access Mode - PPPoE - DHCP / Static

Triple Play

22

• Open WAN Interface

Triple Play

Exemplos de ligações em “Triple-Play” em Portugal

NOS Fibra

➢ Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN) directamente a Porta LAN4 do Router/Modem do Operador (ZON HUB), e configurar campos conforme exemplo em baixo :l

Router/Modem ZON HUB :


NOS Fibra


Router Broadband DrayTek (ex: série Vigor2925, Vigor2120, Vigro2960, etc) :

NOS Fibra


MEO Fibra (modo Single-Edge) > apenas acesso a Dados/Internet

➢ Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN) directamente ao ONT da MEO e configurar campos conforme exemplo em baixo :l


MEO Fibra (modo Single-Edge) > acesso a Dados/Internet + IPTV

➢ Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN) directamente ao ONT da MEO e configurar campos conforme exemplo em baixo :l


MEO Fibra (modo Single-Edge) > acesso a Dados/Internet + IPTV

➢ Ligar BOX de IPTV numa das portas do Switch do Router DrayTek e configurar conforme exemplo em baixo :l


MEO Fibra (modo Single-Edge) > acesso a Dados/Internet + IPTV + Voz

➢ Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN) a um Switch sem Gestão e configurar campos conforme exemplo anterior :



➢Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN –e- Portas VoIP/FXS) directamente ao ONT da MEO e configurar campos conforme exemplo em baixo :



➢Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN –e- Portas VoIP/FXS) directamente ao ONT da MEO e configurar campos conforme exemplo em baixo :


Vodafone Fibra

➢ Nota : Huawei HG8247H (Fibra Nova Geração) – só via Duplo-NAT


Vodafone Fibra > apenas acesso a Dados/Internet

➢ Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN) directamente ao ONT da Vodafone e configurar campos conforme exemplo em baixo :


Vodafone Fibra > apenas acesso a Dados/Internet + IPTV + Voz

➢ Ligar Porta WAN do Router DrayTek (modelo Broadband com porta Ethernet WAN –e- Portas VoIP/FXS) directamente ao ONT da Vodafone e configurar campos conforme exemplo em baixo :








38

• Set Quota • Action • Billing Cycle

WAN Budget

39

• Keep Tracking on the Usages

WAN Budget Limit

40







subnets with APs


41

Multi LAN Subnets / VLAN

• The Initial Status

42

Multi LAN Subnets/VLAN

• Port-Based

43


• Tag-Based

44

Multi LAN Subnets/VLAN• Tips to Configure Hybrid VLAN

- Reserve P1 for Administrator Management, no tag

45

Multi LAN Subnets/VLAN• Tips to Configure Hybrid VLAN

- Reserve P1 for Administrator Management, no tag - Reserve VLAN0 for other Vigor AP/Switch plug-n-play, no tag

46

• Enable LAN2 and LAN3

• Enable Inter-LAN Routing


47

• A Hybrid Example- P1 Administrator - P3 AP with 4 SSID


48


49



subnets with APs


Outline




50

Your Network Topology

51

Switch Management

• Existing VLAN Setup on Router:

• Trunk Port in Darker-Grey

52

Switch Management

53

Switch Management

• Auto Show All VID for each VLAN


54

Switch Management


• Auto Show All VID for each VLAN

• Select VLAN for each Port

• Finish!

55

Outline



subnets with APs




56

Supported VPN Protocol

• PPTP (TCP 1723)

• L2TP (UDP 1701)

• IPsec (UDP 500)

• L2TP over IPsec

• SSL VPN (TCP 443)

• mOTP

57

Supported VPN Protocols

None/Nice to Have/Must

LAN to LAN

PPTP

L2TP/IPSec

IPSec

SSLport configurable

58

LAN-to-LAN VPN

• VPN for more subnets

VPN

172.16.10.1/24 192.168.1.1/24

Headquarters

Dial-in

Branch 1

Dial-out

192.168.5.1/24

VPN

59

LAN-to-LAN VPN• Hub and Spokes

VPN172.16.10.1/24

192.168.1.1/24

172.16.20.1/24

Branch 2

VPN 172.16.30.1/24

VPN

172.16.40.1/24

Branch 3

Branch 4

Headquarters

Branch 1

60

LAN-to-LAN VPN

• VPN Trunk — Backup

VPN 1

172.16.10.1/24 192.168.1.1/24

Dial-inBranch 1

Dial-out

VPN 2WAN 1WAN 2

Headquarters

61

LAN-to-LAN VPN

• VPN Trunk — Load Balance

VPN 1

172.16.10.1/24 192.168.1.1/24

Dial-inBranch 1

Dial-out

VPN 2WAN 1WAN 2

Headquarters

62

None/Nice to Have/Must

Host to LAN

PPTP

L2TP/IPSec

IPSec

SSLport configurable

PC Android Mac iOS

Must

DrayTek Smart VPN

Client

DrayTek Smart VPN

Client

Must Must

63

Remote Dial-In VPN

• Smart VPN Client for Android — SSL VPN

64

Outline



subnets with APs




65

General View

66

Configuration Page

67

Configuration Page• Set Criteria

- Protocol - Source / Dest IP - Port

68

Configuration Page• Choose Route

- Interface - Gateway

• Give Priority- Higher than Routing Table? - Higher than other Policies?

69

Configuration Page• NAT or Routing?

- Regardless of the original LAN type

• Failover to Interface / Policy• Gradual / Immediate Failback

70

Idea of Priority• Compare between Routing Table and Route Policies

100

Index Interface12

Src IP Dest IP

WAN2 LAN2 AnyWAN1 LAN2 8.8.8.8

Priority

100INTERNET

WAN1 WAN2

LAN1 Servers

LAN2 PC

150

200

INTERNET

WAN1 WAN2

LAN1 Servers

LAN2 PC 71


Index Interface12

Src IP Dest IP

3

WAN2 LAN2 AnyWAN1 LAN2 8.8.8.8

Priority

200

150

200

INTERNET

WAN1 WAN2

LAN1 Servers

LAN2 PC 72


Index Interface12

Src IP Dest IP

3

WAN1 LAN2 8.8.8.8WAN2 LAN2 Any

Priority200

250

250

• Priority First, Sequence Second

73


• Priority First, Sequence Second - With Same Priority, Sequence Matters

74


75

Route Policy Diagnose

8.8.8.8

76

• Send SIP Traffic to the Less-Jitter WAN

Load Balance

77

Route Policy with VPN• Local Users to Remote Server

- Only Specified LAN IP are eligible to send traffic via the VPN tunnel

Manager IPTV

INTERNET

VPN

Tun

nel

VPN TunnelVPN Server

Netflix Servernetflix-380.vo.llnwd.net

Employees

http://netflix-380.vo.llnwd.net

78

Q&A

Technology

DrayTek RoadShow 2015 @ Portugal (Setembro) - Sessão 1