Draytek is the innovative company that brought to us the Vigor 2200USB, a router that allowed users to have an Ethernet presentation on the BT IPStream 500 service which came with a USB modem. With the release of wires-only services they have continued to build excellent and easy-to-use products. The unit reviewed by ADSLguide is the mid-range Draytek Vigor 2600we which is an ADSL router with a built in Wireless Access Point (WAP) and 4-port 10/100 switch for wired networks. We would like to thank SEG Communications for providing this unit.
The Draytek Vigor 2600-series routers consists of four models with varying options to suit different budgets and requirements from a simple home router to a version suitable for businesses with incoming ISDN lines to allow for teleworking. All are based on the same easy-to-use software featureset. Although the Vigor 2600 is not the only router to offer ISDN backup, at time of writing we are not aware of any others that can match this price for the feature.
Feature Table for Vigor 2600-series
ADSL = G.DMT compatible ADSL modem suitable for connection to the ADSL services supplied by ISPs listed on ADSLguide
ISDN = ISDN TA allowing the router to be connected to BT Home Highway, BT Business Highway or BT ISDN2e services
WAP = Wireless Access Point. With a suitably equipped laptop, PCMCIA card or other 802.11b hardware, you can browse the Internet without wires within the range of the network
VPN = Virtual Private Network based on PPTP/IPSEC. More information here.
SWITCH = 4-port 10/100 Fast Ethernet switch with auto-MDI/MDI-X
* Please note that the prices shown here are correct as at 27/11/02 and are intended to indicate the difference between the various models rather than current market prices. They are based on the online discount price from SEG excluding VAT and delivery.
The Vigor is a highly spec'd router full of features without cutting corners:
The package is quite comprehensive and includes everything you need to plug a computer with an Ethernet adaptor and get on-line using a wires-only ADSL connection. If you also want to use other devices on the phone line, you will also require a splitter (or "microfilter") for each other extension (telephones, faxes, Sky Digital boxes, etc.) at a cost of around £10 each. You should be able to order these with the router from any reputable supplier. The kit includes:
Contents of the Vigor 2600We package
Getting Connected - Setup
The router comes with a "Quick start guide" which is very easy to understand using clear diagrams (see below) to illustrate how the router connects to your network, its role in a virtual private network and how to set it up.
Diagram from the Quick start guide showing how the Vigor connects to your local network
Firstly, I have to admit I'm not a great fan of manuals or automated setup tools. In fact, I only use them if I can't get something to work without them. True to my style, I tried setting it up without referring to any documentation, but I soon realised it would be faster to look up the initial IP address than try to guess it and sure enough on page 10 of the Quick start guide, there it was: 192.168.1.1. As the router doesn't have a serial port, the only way to configure it is using a network connection (although untested, this should be possible using a wireless adaptor by setting the SSID to 'default') but this is the case with many routers. The Quick start guide also includes step-by-step troubleshooting instructions for setting the router up on various Microsoft Windows versions and the Apple Macintosh OS9 and OSX operating systems.
Users of Microsoft Windows should find the setup of the router even easier with the Smart Start Wizard on the CD-ROM which sets up the connection to the router via the ARP protocol making it easy to install if your local network does not currently use the 192.168.1.0/24 range of IP addresses. On the downside, I failed to get this to work under Windows XP and the message "Your windows not support this tool" message is shown. This simply means you have to configure the IP address manually and won't affect the use of the router beyond the two minutes it takes to change the IPs. If you already have an existing network, use the Smart Start Wizard to configure the router with an IP address. Otherwise, just let your computer obtain an IP using DHCP. Once configured, you need to do some basic steps on the web setup. Go to the router's website (http://192.168.1.1 or whatever the IP you have assigned is). You will be asked for a username (admin) and password (leave blank) after which you will be presented with the main menu:
We now need to proceed through the basic setup. The first step is to give your router a system password to prevent anyone else tampering with it. Click the "Administrator Password Setup" link and set up a new password:
Once done, click OK. You can change TCP/IP and DHCP settings at this point also if required (e.g. as shown below if you want to change the IP ranges that the built-in DHCP server assigns)
Next, configure the wireless access point, whether or not you intend to use it (see more on security below). You need to change the SSID, configure access control lists, and if possible, set up WEP encryption.
Your ISP Connection
The final step in the basic router configuration is to set up the connection to your ISP who will have probably have provided you with two important pieces of information, a username (email@example.com) and a password (which is probably case sensitive). Click the "Internet Access Setup" option, and select "Auto Detect ATM/DSL Settings". Follow the prompts until it asks you whether you have a fixed IP or not, at which point click Cancel. It should now have detected the settings:
Settings for the BT's ADSL network
You can set/edit these manually when adding your ISP account details. Type in the ISP name as well as the Username/Password provided by them. Also, you probably want to tick the "Always On" box as there's no reason to disconnect the router when you're not using the Internet. Ignore the fixed IP settings as an ISP will send then to you each time you login anyway.
The ISP setup screen
Once you have finished, click OK and then proceed to the Online Status screen (link off the main menu) to see whether you are connected. If not, click "Dial PPPoA" and wait for the screen to update. Once connected, your screen should look something like this:
The Online Status screen
Having connected up to the Internet, now would be a good time to set the clock of the Vigor router. You can update it using your computer's time, or configure it to use a Network Time Protocol (NTP) server. A list of these can be found here. Unfortunately the Vigor doesn't allow you to use a hostname (e.g. ntp2.ja.net) so you will have to look up the IP address and enter it into the Time Setup section of the web configuration.
If you need to run servers behind your router, now is the time to set up any port forwardings, etc. If you are having difficulties, make sure you take a look at the manual and troubleshooting guide on the CD-ROM (or downloadable here) as they provide answers to many questions you may have (including getting multiple IPs to work, why Half-Life or Counterstike aren't working, etc.)
The router features a packet-level firewall that inspects each packet and makes a determination as to whether it will be permitted to pass through. This allows the router to block unsolicited packets by keeping a log of the active connections. It also has built-in denial of service and anti-IP spoofing protection and allows security alerts to be logged to a syslog server (see below). A default 'deny' policy (although port 1723 PPTP is allowed) ensures that when the router is powered up, it does not allow inbound connections although the wireless connection remains insecure until you manually either turn it off, or set up access lists, encryption, etc.
The IP filter/firewall is quite complex allowing a number of rulesets, etc. and is one aspect of the router I am slightly disappointed with. It should offer an easier to use interface to set up simple filters as many users don't require long complex lists of rules. Help is not far away at http://www.draytek.co.uk/support/filtering1.html.
One of the key features of the router is the built in 802.11b compliant Wireless Access Point enabling users in the vicinity to use laptops or desktops equipped with a suitable wireless card to access the Internet and each other us without cabling. This is a particularly attractive feature in offices with roaming users, adding capacity temporarily and many other situations. The latency increases by about 2ms (10% in typical DSL situations) and is hardly noticeable, although gamers may benefit from using a wired network. Also, reports indicate problems with Bluetooth devices nearby, although I didn't have any problems during the review.
However, you should proceed with caution in implementing a wireless network--There is a significant danger in allowing outsiders access both to your internal network thereby bypassing firewalls and perimeter security, and in allowing abuse of your Internet connectivity. A variety of security measures are available in the Vigor to help you protect against this. Firstly, you can restrict access to specific MAC addresses of network cards used in your office. This is a very basic level of security which helps if your user base if relatively fixed. It is however not very difficult to borrow a MAC address from an authorised network card, so should not be relied upon. Secondly, you can hide the SSID network name, although again this is not a foolproof solution. Provided your wireless card supports it, 128-bit WEP encryption is a slightly stronger way to protect the data transferred between hosts which protects against sniffing. A combination of all of these is the ideal solution.
The wireless connection is active and insecure by default, so make sure you either turn it off or restrict its access as soon as you install it. On the up-side, because the wireless support is modularly built into the router, it leaves the possibility that it could be upgraded to work at the new higher speed of 22Mbps although no plans exist for offering this as an upgrade at the moment.
Inside the Vigor: Wireless module
Many routers nowadays support logging to a syslog daemon. The Vigor is no exception, and for ease of use, it includes a Windows syslog server that is as easy to configure as entering the IP address of the host running the software into the router, and launching it from the Start menu.
Draytek provide a syslog tool for Windows with its Vigor routers
Telnet (CLI) Interface
The Command Line Interface (or "telnet" interface) allows users to access some configuration options not available on the web configuration pages. These include settings such as the Maximum Transfer Unit (MTU) and forcing specific hosts to have specific IP addresses when making DHCP requests.
The telnet/CLI interface allows access to advanced features for those looking to tweak particular settings such as the MTU
Virtual Private Network (VPN)
Draytek pushes VPN as a major function of the Vigor routers, a particularly attractive option for small companies with a few sites spread around or those with Teleworkers accessing their internal network. The router supports up to eight simultaneous connections. More information on setting this up can be found on the Draytek website where you can find detailed instructions for setting up various operating systems as VPN clients, etc.
The Quick start guide features colour diagrams explaining how the Vigor relates to your network
The Vigor offers a couple of ways in which the firmware can be upgraded. You can do this manually using TFTP (client software for Windows is included) or automatically using the Router Firmware Upgrade Utility. The process takes a couple of minutes and is very simple. You can backup the configuration from the router before upgrading and download this as a file to your PC. You can either use a ".all" file which simply updates the firmware and keeps the current configuration, or a ".rst" file which also resets the configuration.
Using the automated utility, the process is very simple:
Performance & Functionality
The performance of the Vigor in general is good in both latency and bandwidth terms. The review was carried out with two firmware versions (the latest being 2.2.5). I can't report on the performance of the ISDN features as the model on review did not support this option, I would not expect it to have any problems providing a top grade connection. The router can work in both NAT and routed modes, so it will work with applications as any other router and the basic features of services such as ICQ and MSN Messenger do not present any problems. Configuring a DMZ default host will also allow one computer on your NAT network to use those applications that require incoming direct connections. On the down-side you can only configure ten ports for redirection, which is a little disappointing.
The Vigor 2600we is an excellent router full of features and ideal for businesses running on-site mail servers, etc. who may require access to their network from the outside as well as implementing a wireless network quickly in a small office. With the addition of the ISDN feature in the 2600W model, users can dial in directly, or the ISDN channels can be used to provide a better service level when the ADSL connection fails. The ISDN model is also useful for those living in an area not currently served by ADSL who can use the ISDN facility in the meantime. Having used it for a few weeks, I have no doubt over its excellent reliability. It is also good value for money. On top of all this, it even looks great.
|Useful Links||Draytek UK|
|Vigor Router Support FAQ|
|Draytek UK User Forum|
|VPN Documentation & Tools|
The contents of this review should not be relied upon in making a purchasing decision—You should always discuss your requirements with your service provider and hardware supplier.