DrayTek Vigor 2925ac

Vigor 2925ac Ethernet Router Firewall & Load-Balancer.

The Vigor 2925ac is Draytek’s new dual-Ethernet WAN firewall for load-balancing or failover. It’s also a fully featured firewall, VPN concentrator and content filtering device. The Vigor 2925ac includes support for professional features such as VLAN tagging, Gigabit Ethernet built-in concurrent 2.4Ghz and 5Ghz wireless LAN .

A 5-port Gigabit Ethernet switch on the LAN side provides high speed connectivity for your server, other local PCs or for uplink to a larger Ethernet switch. Comprehensive security features include content filtering, web application controls and an object based firewall management system.

IPv6 – Next Generation Internet Routing

The Vigor 2925ac supports IPv6 – the successor to the current IPv4 addressing system that has been used since the Internet was first created. IPv4 address space is full up and IPv6 allows for much more efficient routing and a larger address space. IPv6 is supported both from your own ISP, but if your ISP does not (yet) support IPv6, the Vigor 2925 also supports IPv6 broker/tunnel services to provide IPv6 accss using either TSPC or AICCU via 3rd party IPv6 providers.

IPv6 on the Vigor 2925ac provides the following features:

• Operation on any one of the WAN ports (ADSL/VDSL, Ethernet or 3G)
• Connectivity to direct native IPv6 ISPs
• Built-in tunneling to 3rd party IPv6 brokers suppporting TSPC or AICCU methods
• Default stateful firewall for all IPv6 LAN Clients/Devices
• DHCPv6 Client or Static IPv6 Client
• DHCPv6 & RADVD for client configuration
• IP Filtering Rules
• QoS for IPv6 with DiffServ
• Router Management over IPv6 (Telnet/HTTP) with IPv6 Access List
• Simultaneous (concurrent) operation with IPv4 (“Dual-Stack”)
• Concurrent 2.4Ghz and 5Ghz Wireless LAN

Web Content Filtering

The content control features of the Vigor 2925ac allows you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal. Using DrayTek’s GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription to the Globalview service, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.

WAN Load Balancing & Backup

The Vigor 2925ac features WAN connectivity via its two WAN Ethernet ports and two USB ports for connection of a compatible 3G or 4G modem. The ethernet ports can connect to DSL modems (e.g. Vigor 130), a cable modem or any other Ethernet-based Internet feed. The multiple WAN interfaces can be used either for WAN-Backup or load balancing. Load-balancing or failover supports IPv4 only currently (not IPv6).

WAN-Backup provides contingency (redundancy) in case of your primary ADSL line or ISP suffering temporary outage). Internet Traffic will be temporarily routed via the secondary Internet access. When normal services is restored to your primary ADSL line, all traffic is switched back to that.

The USB port provides Internet connectivity (main, backup or load balanced) by connecting to a compatible USB modem (or mobile) for access to the high speed 3G cellular networks from UK providers such as Vodafone, O2, 3 and EE. If you don’t have ADSL at all, the USB/3G access method can be used as your primary/only Internet connection, ideal for temporary locations, mobile applications or where broadband access is not available. In addition you can instead connect a compatible analogue modem to use analogue dial-up connections for failover in the event of your broadband failing.

Reliable and High-Performance WiFi

The Vigor 2925ac features 802.11ac wireless LAN, backward compatible with 802.11b/g/n standard and additionally support simultaneous dual-band operation, meaning that it can provide connectivity in both the 2.4Ghz (most common) and 5Ghz bands at the same time so that compatible client devices can take advantage of the far less congested 5Ghz band.

Real-world throughput depends on your own environment (factors such as obstructions, number of hosts and distance all make a significant difference), but actual transfer speeds of over 100Mb/s are achievable (based on our real world tests). In addition, aerial diversity provides more resilience to interference. Optional alternative aerials can provide higher gain or directional beams for specific applications.

Wireless Security

The Vigor 2925ac provide several independent levels of security including encryption (up to WPA2), authentication (802.11x) and methods such as MAC address locking and DHCP fixing to restrict access to authorised users only. The Web interface lets you see how many and which clients are currently connected as well as their current bandwidth usage. An ‘instant’ block lets you disconnect a wireless user temporarily in case of query. The Wireless VLAN facility allows you to isolate wireless clients from each other or from the ‘wired’ LAN.

The Vigor Vigor 2925ac wireless versions also allow guest access with password protection so that visitors can use your WiFi access, but only with a password which you set for them. When the user connects to your wireless LAN, they are firstly presented with your login screen before any Internet access is permitted. This is in addition to any encryption system you have running.

The Multiple SSID features enables you to have up to four distinct or common virtual wireless access points. For example, you could have one for company usage, with access to your company LAN and another for public access which allows internet surfing only. Setting up wireless security is made easier thanks to the WPS feature (WiFi protected setup) whereby your client PC can get it’s security keys by pressing a button on the front of the router.

With the increasing popularity of wireless LANs, you will want to choose the least congested wireless channel (Nos. 1-13) for yours so the Vigor can scan and provide a list of all devices in the vicinity so that you can choose the best channel.

• 802.11a/b/g/n Compliant
• Hardware wireless co-processor for increased throughput
• Concurrent 2.5Ghz and 5Ghz Wireless LAN
• ‘MIMO’ Technology with three aerials (3T3R) for diversity
• Packet Aggregation and Channel Bonding
• Optional Higher Gain or directional aerials available
• Backward compatible with 802.11b and 802.11g Standards
• Active Client list in Web Interface
• Wireless LAN Isolation (from each other and/or wired LAN)
• 64/128-bit WEP Encryption
• WPA/WPA2 Encryption
• WPS – WiFi Protected Setup for client security setup
• Switchable Hidden SSID
• Restricted access list for clients (by MAC address)
• Time Scheduling (WLAN can be disabled at certain times of day)
• Access Point Discovery
• WDS (Wireless Distribution system) for Bridging and Repeating
• 802.1x Radius Authentication
• Wireless Rate-Control
• Automatic Power Management
• 802.11e WMM (Wi-Fi Multimedia)
• Wireless Management of 20 compatible DrayTek APs

Wireless LAN WDS Facility

Vigor2925n supports WDS (Wireless Distribution System) which enables you to use the wireless capability to bridge to another network, within wireless range.

802.11ac

The Vigor 2925ac features the same specification as the standard Vigor 2925 product with the addition of 802.11ac wireless LAN. 802.11ac provides increased speed and performance over the existing 802.11n, which is the most commonly used standard currently.
The Vigor 2925ac provides the following features on 802.11ac:

• 802.11ac Compliant (as well as 802.11n, a, b and g)
• 1300Mb/s Total Wireless Capacity (3x433Mb/s)
• 3 Spatial Streams (3×3)
• DFS/TPC Support, allowing use of all of bands 1 and 2
• Supports extended channels (36-64 & 100-140)
• Selectable 20/40/80 Mhz Channel Bandwidth
• Dynamic adjustment of channel bandwidth
• A-MSDU Selectable
• Mixed-Mode / Green field Selectable
• Simultaneous Operation with 2.4Ghz (802.11n/b/g)
• Wireless LAN Co-processor**

**Wireless co-processor; provides data processing offload for increased performance, particularly in multi-user environments. It also enables higher performance WDS – Up to 500Mb/s which is particularly useful if forming point-to-point wireless bridges.

Source: DrayTek UK