Nhm 14 - ti RouterDanh sch thnh vin Hng Gia Ph Trnh y Tn Nguyn
Minh Ton Nguyn Cng Duy
Nm bt nhu cu bng thng ngy cng ln v cc thu bao ADSL ngy cng gim,
DrayTek tung thm dng Vigor2950 dnh cho doanh nghip. So vi Vigor
2910 v Vigor 2910G th Vigor 2950 (firmware 3.0.1) c thit k mi hn.
Sn phm dng hnh ch nht (273x166x44,6 mm) v kh nng tay (1,5 kg) vi v
bc hp kim mu xm bc thay tng en truyn thng. Vigor 2950 c 2 cng WAN
(10/100Mbps), 5 cng LAN (10/100/1000Mbps), cng LAN/Monitor
(100Mbps) v cng tc ngun. Trong , cng LAN/Monitor (tng t chc nng
port mirroring trn switch) dnh cho qun tr mng gim st lu lng trn ton
mng. im ni bt trong Vigor 2950 l h tr cn bng ti, "p ng" bng thng
theo yu cu (BoD Bandwidth on Demand) v vt li kt ni khi mt trong 2
ng truyn b li. Bn cnh , s dng ng truyn hiu qu, Vigor 2950 c chnh
sch qun l bng thng nh gii hn s phin (session) lm vic, nh bng thng
(ti xung/ln) v qun l cht lng dch v (FTP, Telnet, HTTP, DNS, POP3,
IPSec...) cho tng a ch IP. Vi li th v bng thng cng nh cc chc nng
qun l linh hot v hiu qu, Vigor 2950 h tr s knh kt ni mng ring o
(VPN Server) nhiu hn cc router Vigor 2910 c TestLab th nghim trc y.
Sn phm c kh nng h tr 200 knh
VPN ng thi theo dng Remote Dial-In User v LAN-to-LAN vi cc giao
thc (IPSec/PPTP/L2TP), cc ch m ha (AES/DES/3DES) v xc thc
(SHA-1/MD5) cao cp nhm tng hiu nng v m bo an ton d liu cho kt ni
VPN. Tng t cc sn phm Vigor 2910, Vigor 2950 cng c tch hp h thng tng
la SPI (Stateful Packet Inspection) mnh m, thun tin cho ngi dng vi
rt nhiu chnh sch bo mt. Trong , c chc nng qun l an ton ni dung CSM
(Content Security Management) cho cc ng dng tn gu IM (MSN, Y!M,
ICQ...), VoIP (jajah, Skype), dch v chia s mng ngang hng P2P
(SoulSeek, eDonkey, BitTorrent...) Ngoi ra, trnh ngi dng truy cp
web "en", sn phm h tr lc ni dung bng a ch URL; lc Java, Cookie,
ActiveX, tp tin nn, thc thi v a phng tin; lc website bng a ch IP v
Subnet Mask; hn ch truy cp theo thi gian biu (Time Schedule
Control); chnh sch phng chng tn cng DoS/DDoS, gi email cnh bo v ghi
li nht k... h tr cho vic thit lp cc chnh sch hn ch truy cp v cc ng
dng, Vigor 2950 cng h tr mng ni b o (VLAN), gn IP cho a ch MAC
(Bind IP to MAC), h tr Port Redirect (Port Forwarding)...Ngoi ra,
sn phm cng h tr y cc tnh chc nng khi ng my tnh t xa qua mng (Wake
On LAN). Vi trnh ci t t ng, vic thit lp kt ni ln lt trn 2 cng WAN
kh n gin. Tt c cc cng u trng thi n (stealth). th nghim chc nng VPN
cho router, TestLab thc hin kt ni trn 2 ng ADSL khc nhau. Mt ng gi
lp lm VPN Server v ng cn li lm VPN Client. Vic thit lp kt ni din ra
nhanh chng, tc kt ni kh nhanh (ty thuc vo ng truyn ADSL ti tng thi
im).
2 cng WAN v 5 cng LAN DrayTek va a ra gii php VPN Trunk-Backup
& VPN Trunk-Load balance c tch hp trong sn phm Vigor2950, nng
tm kt ni VPN vi nhng u im vt tri so vi cc thit b cng tch hp tnh nng
VPN cng loi. Mt tnh nng mi, rt hp dn sp c DrayTek tch hp vo sn phm
V2950 trong cc phin bn firmware tip theo l cng ngh SSL VPN. Vi tnh
nng ny bn c th kt ni VPN theo dng Host-to-LAN t Internet v vn phng
thng qua giao din web
vi 1 ti khon c cung cp trc m khng cn s dng bt k phn mm VPN
client no. Thng tin chi tit vui lng tham kho thm bi Cng ngh SSL
VPN. Hnh 1: Mt trc ca Vigor2950
Hnh 1: M hnh Dual Wan
Hnh 4: M hnh VPN Trunking - VPN Load Balancing &
Fail-Over
Hnh 3: M hnh SSL VPN
Hnh 7: M hnh ng dng CSM
1. Giao thc WAN Ethernet 2. Dual WAN
Outbound policy based Load Balance
3. VPN
Giao thc: PPTP, IPSec, L2TP, L2TP over IPSec H tr 200 knh VPN ng
thi VPN Trunking SSL VPN LDAP VPN Throughput NAT-Traversal (NAT-T)
PKI Certificate : Digital signature (X.509) IKE Authentication :
Pre-shared key; IKE phase 1 aggressive/standard modes & phase 2
selectable lifetimes Authentication : Hardware-based MD5, SHA-1
Encryption : MPPE and hardware-based AES/DES/3DES RADIUS Client
DHCP over IPSec
4. Lc ni dung Kha cc ng dng Lc web bng ni dung ca t kha URL
(Whitelist and Blacklist) Lc ni dung Web 5. Tng la Web
Authentication
Stateful Packet Inspection (SPI) Content Security Management
(CSM) Multi-NAT Port Redirection Open Ports DMZ Host Policy-based
IP Packet Filter DoS/DDoS Prevention IP Address Anti-spoofing Bind
IP to MAC address
6. Qun tr h thng Web-based User Interface (HTTP/HTTPS) User
Administration CLI ( Command Line Interface, Telnet/SSH) DHCP
Client/Relay/Server Dynamic DNS
Administration Access Control Cu hnh Backup/Restore Port-based
VLAN Nng cp firmware thng qua TFTP/FTP Remote Maintenance Wake On
LAN Logging via Syslog SNMP Management
7. Qun l bng thng IEEE802.1p Priority QoS: o Guarantee Bandwidth
for VoIP o Class-based Bandwidth Guarantee by User-defined o H tr 4
cp u tin (Inbound/Outbound) o Vay mn bng thng Gii hn
Bandwidth/Session 8. Chc nng Routings Router Advanced Routing and
Forwarding DNS DHCP NTP Policy-based Routing Dynamic Routing Static
Routing
Traffic Categories
9. Internet CSM (Content Security Management) Featuring Lc web
bng ni dung ca t kha URL (Whitelist and Blacklist) Ngn chn truy cp
vo cc trang web bng cch s dng a ch IP trc tip ca h Ngn chn t ng ti
v cc application Ngn chn cookie trang web Chn cc loi download thong
dng khng cho phpChn cc chng trnh nhn tin tc thi (v d nh IRC, MSN /
Yahoo Messenger) 10. H tr Bo hnh 2 nm h tr t vn k thut qua email.
Upgrade Firmware: Upgrade Firmware min ph t Internet
Hng dn cu hnh nhanh Dual WAN Router DrayTek Vigor2910/2950
SeriesA/ M hnh kt ni:
B/ ng nhp vo giao din cu hnh 1.Chn cu hnh card mng theo DHCP,
trn mn hnh Desktop, kch phi chuc My Network Place chn Properties nh
hnh minh ha
2. Chn biu tng card mng kt ni trc tip v Router DrayTek v chn
Properties nh hnh sau
3. Chn giao thc kt ni TCP/IP --> Properties
4. Chuyn ch card mng s dng DHCP
Client nh hnh bn di
5. M trnh duyt Web ca bn ln (v d: IE, Firefox, MyIE...) ==>
nhp vo a ch IP: 192.168.1.1 ==>Enter, xut hin hp thai yu cu bn
nhp Username v Password, mc nh thit b mi khng c Password, bn nhn
tip Enter vo trang cu hnh thit b
C. Cu hnh cn bng ti 1. Bn vo mc WAN => vo tip mc General
Setup 2. Chn Enable c hai WAN l Yes kch hot ch cn bng ti 3. Load
Banlancing Mode : bn c th chn hai c ch, c ch Auto Weight l thit b s
t ng la chn bng thng ca ng truyn tt nht, c ch According to Line
Speed khi bn bit ng line no tt hn v t nhp vo gi tr ng truyn
D. Cu hnh chi tit tng ng truyn
1. Sau khi cu hnh hon tt bn nhp OK lu cu hnh. Sau vo mc Internet
Access cu hnh tng ng truyn. Trong trang ny bn s thy trong mc Access
Mode cho php bn la chn cc ch kt ni nh PPPoE, Static or Dynamic IP,
hay PPTP. Ty nhu cu s dng bn chn ch thch hp
2.Sau khi chn ch kt ni, bn chn vo Details Page cu hnh chi tit.
Trong trng hp ny chng ti cu hnh theo PPPoE (Trng hp ny modem ADSL
ng trc ca bn phi ch Brigde - xem hng dn Chuyn Modem sang Brigde
mode) , bn chn Enable v nhp Username v Password do nh cung cp cp
cho bn vo l xong. Tng t cho WAN2.
3.Sau khi cu hnh xong, bn vo mc Online Status xem trng thi kt
ni. Nu cc dng u bo xanh nh hnh bn d l bn cu hnh thnh cng.
