DrayTek Seminar in Greece, Session 1

1

Connecting to the Internet

Henry Lo

Application Engineer

Seminar

2

• Multi LAN Subnets / VLAN- Port-Based - Tag-Based - Inter-LAN Routing - Hybrid Example — Setup multi-subnets with APs

• LAN-to-LAN VPN - PPTP and IPSec - VPN Trunk

• Remote Dial-in VPN- Smart VPN Client and SSL VPN

• Load-Balance/Route Policy

Outline — Session 1

3

Outline — Session 2

• Content Security Management (CSM)- Web Content Filter with DNS Filter - APP Enforcement

• User Management- Customized Login Page Logo - Create Accounts for Accommodations

• AP Management- Setup, Configure, and Maintenance - Management Methods

• WiFi Airtime Fairness• Bandwidth Management

4

Outline





5

Multi LAN Subnets / VLAN

• The Initial Status

6

Multi LAN Subnets/VLAN

• Port-Based

7


• Tag-Based

8


• A Hybrid Example- P1 in LAN1 for

Administrator Management

- P2~P4 in LAN2 for 3 Departments, Isolated from Each Other

- P5 in LAN1 for Internal Server (e.g., FTP Server)

- P6 in LAN3 for Guests

9

• Enable LAN2 and LAN3

• Enable Inter-LAN Routing


10

• A Hybrid Example- P1 Administrator - P2, P3 Staff - P4 for AP LANA - P5 for AP LANB


11


12

Outline





13

Supported VPN Protocol

• PPTP (TCP 1723)

• L2TP (UDP 1701)

• IPsec (UDP 500)

• L2TP over IPsec

• SSL VPN (TCP 443)

• mOTP

14

Supported VPN Protocols

None/Nice to Have/Must

LAN to LAN

PPTP

L2TP/IPSec

IPSec

SSLport configurable V2960/V3900 only

15

LAN-to-LAN VPN

• VPN for more subnets

VPN

172.16.10.1/24 192.168.1.1/24

Headquarters

Dial-in

Branch 1

Dial-out

172.16.15.1/24 192.168.5.1/24

VPN

16

LAN-to-LAN VPN• Hub and Spokes

VPN172.16.10.1/24

192.168.1.1/24

172.16.20.1/24

Branch 2

VPN 172.16.30.1/24

VPN

172.16.40.1/24

Branch 3

Branch 4

Headquarters

Branch 1

17

LAN-to-LAN VPN

• VPN Trunk — Backup

VPN 1

172.16.10.1/24 192.168.1.1/24

Dial-inBranch 1

Dial-out

VPN 2WAN 1WAN 2

Headquarters

18

LAN-to-LAN VPN

• VPN Trunk — Load Balance

VPN 1

172.16.10.1/24 192.168.1.1/24

Dial-inBranch 1

Dial-out

VPN 2WAN 1WAN 2

Headquarters

19

None/Nice to Have/Must

Host to LAN

PPTP

L2TP/IPSec

IPSec

SSLport configurable

PC Android Mac iOS

Must

DrayTek Smart VPN

Client

DrayTek Smart VPN

Client

Must Must

20

Remote Dial-In VPN

• Smart VPN Client for Android — SSL VPN

21

Outline





22

General View

23

Configuration Page

24

Configuration Page• Set Criteria

- Protocol - Source / Dest IP - Port

25

Configuration Page• Choose Route

- Interface - Gateway

• Give Priority- Higher than Routing Table? - Higher than other Policies?

26

Configuration Page• NAT or Routing?

- Regardless of the original LAN type

• Failover to Interface / Policy• Gradual / Immediate Failback

27

Idea of Priority• Compare between Routing Table and Route Policies

100

Index Interface12

Src IP Dest IP

WAN2 LAN2 AnyWAN1 LAN2 8.8.8.8

Priority

100INTERNET

WAN1 WAN2

LAN1 Servers

LAN2 PC

150

200

INTERNET

WAN1 WAN2

LAN1 Servers

LAN2 PC 28


Index Interface12

Src IP Dest IP

3

WAN2 LAN2 AnyWAN1 LAN2 8.8.8.8

Priority

200

150

200

INTERNET

WAN1 WAN2

LAN1 Servers

LAN2 PC 29


Index Interface12

Src IP Dest IP

3

WAN1 LAN2 8.8.8.8WAN2 LAN2 Any

Priority200

250

250

• Priority First, Sequence Second

30


• Priority First, Sequence Second - With Same Priority, Sequence Matters

31


32

Route Policy Diagnose

8.8.8.8

33

• Send SIP Traffic to the Less-Jitter WAN

Load Balance

34

Route Policy with VPN• Local Users to Remote Server

- Only Specified LAN IP are eligible to send traffic via the VPN tunnel

Manager IPTV

INTERNET

VPN

Tun

nel

VPN TunnelVPN Server

Netflix Servernetflix-380.vo.llnwd.net

Employees

http://netflix-380.vo.llnwd.net

35

Q&A

DrayTek Seminar in Greece, Session 1

Technology

lan vpn vpn trunk backup

lan vpn pptp

subnets vpn

lan vpn hub

vpn smart vpn client

vpn smart vpn client

aps lan

havemust lan