Overview of the Draytek 2925 Series Router. Part One: Overview, Features and Tests
In one of the previous reviews, published in two parts, available on the links: P1 and P2 , we got acquainted with a series of Draytek 2912 routers, and made sure that these are functional and reliable devices. We continue to acquaint you with the solutions of Draytek and move on to an even more powerful and functional series of Draytek 2925 routers.
Today, there are many multifunctional routers on the market that are designed “from one box” to provide the company with all the necessary network services. Among this variety, like a few years ago, Draytek products stand out. This is due to the fact that it was Draytek that was one of the first to launch the production of affordable, easy to set up, reliable and functional networked combines, even when such devices were produced on the market only by the largest vendors and could only afford them prosperous ”companies due to the high cost of acquisition, installation and subsequent maintenance. A series of routers Draytek 2925, which will be discussed - the middle ground for several reasons:
First, high performance: the router has Gigabit Ethernet ports and shows excellent network performance NAT, VPN and Wi-Fi.
')
Secondly, the rich functionality - Draytek 2925 makes it easy to deploy a huge number of network services, has built-in auto configuration, centralized management and monitoring of remote devices.
Thirdly, reliability - in addition to the traditional quality of hardware and Draytek software tested over the years, the model under consideration has the functions of hardware and software resource backup by creating a high availability cluster of several routers. And all this is offered to the buyer at a reasonable price. In addition, the feature of Draytek routers in general and the model in question in particular are ease of setup, intuitive interface, and excellent documentation in the form of a reference book and examples of how to. This is what attracts many administrators and engineers in Dryatek products. Model 2925 is a "combine" with the maximum number of network services in a single package.
This review will help you to get acquainted in detail with the Draytek 2925 series of routers using the example of the Draytek 2925n model, which is shown in the image below and includes two parts.
In the first part we will get acquainted with the schemes of using the router as a whole and its individual functions. Next, we will look at its characteristics in detail, look at the appearance and equipment, interfaces and connectors, then test the bandwidth of the device.
The second part will be devoted to a review of the web interface, its features and an example of setting up such functions and interfaces as WAN and LAN, Load-balancing, wireless network, VPN (PPTP, IPSec and SSL), firewall, NAT, special tools for auto configuration and centralized access point management - Central AP Management and VPN connections on remote routers - Central VPN Management, bandwidth management, multi-router cluster creation of high availability, as well as USB functions, router diagnostics and monitoring.
A series of routers Draytek 2925 is represented by several models, for clarity, we present a comparison of models in the form of a table.
As can be seen from the table, the first difference between the models of the 2925 series is the standards of the wireless network. So, the model 2925 does not have a Wi-Fi controller, the model with the “n” index supports the 802.11n standard (300 Mbit / s) in the 2.4 GHz frequency range. The model with the n-plus index is capable of operating in two frequency ranges: 2.4 GHz and 5 GHz, which increases the reliability of communication, reducing the effect of radio frequency interference. The model with the “ac” index supports the 802.11ac standard and can operate at a frequency of 2.4 GHz or at a frequency of 5 GHz with a speed of up to 1300 Mbit / s (3 x 433 Mbit / s).
The second difference between the models is the availability of VoIP ports - two FXS ports for connecting analog phones and one Life Line port for connecting a copper FXO line from a city PBX. Models with VoIP support have an “V” index in the model name.
All Ethernet WAN and LAN ports operate at 1 Gbit / s (10 \ 100 \ 1 000 Base-TX)
The Model 2925 is primarily a Gigabit office router with the maximum set of features that may be required to create a transparent and efficient network infrastructure for a small office. Unlike the low-end model 2912, an overview of which in two parts is available by reference: part 1 and part 2 , the router in question has higher performance, can serve more hosts on the local network and support more VPN connections. Also, the device has additional functions for centralized management of access points and VPN connections on Vigor devices. In the figure below, the combined use of the router is shown.
Fig. 2
So, the first location is the head office, it has a powerful Draytek 3900 router, there is also a single management and monitoring system for all Draytek routers used by a company called VigorACS SI, with which you can easily configure, update and monitor all routers in networks from one place. In this case, the number of devices on the network can reach several hundred. All offices are connected to each other through VPN-tunnels, in our example it is the head office, offices A and B, and we installed Draytek 2925n and 2925Vn-plus in them. In office A, the router is connected to two Internet providers, via two WAN ports via Ethernet. Traffic balancing between WAN interfaces is configured, so if one of the operators has a crash, Internet access will be preserved. All employees' workplaces are connected via Wi-Fi, and several independent wireless networks are configured with their SSIDs, in the example, this is the Wireless network for office staff, and the Guest network is Guest, with limited access and limits on the number of simultaneous sessions from the device and maximum bandwidth, so that guests do not interfere with the work of staff.
Using the CSM content security system, employees are blocked from accessing social networks, using an online web content filter, the router checks for websites that employees want to access, and blocks unwanted ones. A printer is connected via the USB port of the router, and the employees' PCs “see” it as a print server. Remote employees can connect to the company's local network via VPN clients on their home computers using PPTP or IPSec. In office B, the main provider is connected via Ethernet to WAN 1 port of Dryatek 2925Vn-plus, and through the USB port a 3G modem is connected, which is configured as WAN 3 and in case of a failure on the WAN 1 channel, the traffic will go through the 3G modem. Employees' PCs, IP phones and servers are in different VLANs, QoS is configured, as the office uses IP phones. For monitoring and analyzing the network activity of users, the Draytek Smart Monitor solution is applied with which it is easy to understand how much traffic the employees consume and which web resources they visit.
We now turn to a detailed review of the key functions of the router.
Fig. 3
Fig. 3-1
The 2925 series routers have two WAN Gigabit Ethernet interfaces — WAN1 and WAN2. Between interfaces, traffic balancing and redundancy are configured; if two Internet providers are used in the event of an accident on the channel of one of them, the Internet will work in the office. In addition to the redundancy of Ethernet providers, you can connect an Internet link reservation via a 3G / 4G modem, which is inserted into the USB port of the router and becomes the WAN3 port.
In addition, you can create routing rules (or address-based NAT translation) to specific WAN / LAN / VPN interfaces, for traffic from sources, and for destinations such as a host or subnet with optional indication of the protocol and port range. The rule additionally indicates the backup interface to which traffic should be sent in case of failure of the main one.
Each rule has a priority in the list, so if the first rule did not work, the next rule below the priority will apply.
All five LAN ports on the device also have a connection speed of 1 Gbit / s, which makes this router a device that can “grind” large amounts of traffic.
Fig. four
The router supports up to 50 VPN * LAN-to-LAN tunnels to securely connect the organization's networks via the Internet or create VPN connections from remote workstations of homeworkers using the PPTP / IPSec / L2P / L2TPover IPSec protocols. AES / DES / 3DES encryption and IKE authentication provide enhanced security. Using a dual WAN connection allows you to apply not only the load balancing scheme, but also redundancy. Therefore, if the main channel of the VPN channel becomes unavailable, it will replace the backup VPN channel.
By the way, the VPN functions in Draytek are very easy to configure. In just a couple of clicks, you can configure both LAN-to-LAN connections and access from remote workstations. Dryatek has its own VPN client to simplify connections from workplaces, it is called Draytek Smart VPN Client. The application is available for free download on draytek.com
Fig. 4-1
Central VPN Management’s built-in Draytek 2925 tool allows you to centrally manage VPN connections from remote Dryatek routers. Connecting routers is very simple: control is configured between the central Dryatek 2925 and the remote router, after which the remote router appears in the list of managed devices on the central Draytek. Next, with a few clicks, on the central Draytek 2925, the VPN tunnel to the remote router is activated. Also from the central router, you can get detailed information about the status of remote devices, make backup configurations, update firmware and so on.
The location of remote routers can be viewed on Google Maps on the corresponding tab in the device’s web interface.
Fig. five
Draytek 2925 routers, depending on the model, support an 802.11n or 802.11ac wireless network and have two or three omni-directional antennas. The settings of the wireless network functions in the router are large.
The device supports up to 5 independent wireless networks with their own settings, and each of the networks can limit the maximum bandwidth for outgoing and incoming traffic, as well as enable the schedule according to which these restrictions will work. For each of the 4x wireless networks, their own security settings are configured, including MAC address filters. For each network, you can enable the Wi-Fi usage quota based on the MAC address and the timeout for re-quota provisioning.
Fig. 6
You can also enable the web portal function to redirect to the desired web page of the user connecting to the Internet, as a company advertisement.
Fig. 7
Another important advantage is that any of the four wireless networks and the LAN subnet can be combined and isolated from other networks, which increases security. On the Draytek 2925 router there can be 5 LAN subnets.
Fig. eight
The image below shows a clear example of using multiple SSIDs and VLANs:
Fig. 8-1
Fig. 4-2
To facilitate the management and monitoring of wireless access points located in the local network, the Dryatek 2925 router has a built-in tool - AP Central Management. This tool, in a few clicks, allows you to connect and fully configure the access point. When connected to the local network of the access point, it is automatically detected by the router. The administrator creates the profile of the necessary settings for the access point or uses the default profile, then assigns the profile to the access point, the point automatically loads the profile, further maintenance and monitoring is carried out centrally with Dryatek 2925 for each individual point or group of points.
Currently supported AP800, AP810, AP900 and AP910C points. No license is required for this tool to work.
Fig. 9
The 2925 series routers support firewall with invisible testing of SPI (Stateful Packet Inspection) packets based on Object-based objects, such as a user (he gets specific IP during authorization), IP address or IP address groups, protocol and range ports and their groups, keywords and keyword groups, file extension profiles. These objects can be used to create firewall rules that can be turned on and off on a schedule.
The CSM content security system (Content Security Management) is an application-level firewall subsystem that allows you to block UR links by keywords and content type, for example, Java Applet, Cookies, Active X, you can also block various network applications, for example , IM / P2P or application level protocols, for example, MySQL, SMB, SSH, UltraVPN, the list of services and protocols is quite impressive. It is also possible to block DNS by keywords.
Another powerful tool that contains CSM is the GlobalView Web Content Filter system. It is designed to filter unwanted content at the thematic level, that is, for example, sites with the theme of porn, crime, gambling, and more. The administrator creates profiles where he specifies the subject of the sites and assigns them to the firewall rules, then indicates what to do if the rule matches, for example, block. Web Content Filter is licensed, but a trial license for testing can be obtained free of charge.
The router implements detection and automatic protection against DoS attacks, and the traffic threshold metrics, after which the event is considered an attack, can be configured manually. Also provides for sending notifications about the attack. In general, a firewall can operate in one of two global modes:
“Rule-Based, that is, based on rules, where objects, for example, the IP addresses of user stations, the administrator sets the rules based on different IP addresses.
»User-Based, that is, management based on user profiles, the administrator sets the rules for different user profiles. Before this, users must log in.
The router has a wide range of QoS QoS tuning capabilities to solve a typical situation — the correct prioritization of delay-critical traffic over the traffic of services that require such priorities. Moreover, the router, by default, automatically detects real-time traffic, and gives it priority over other types of traffic. For example, VoIP calls. In addition to the QoS settings, there are ample opportunities to control the bandwidth and set the limit on the expenditure of traffic for both individual IP addresses and groups of IP addresses. You can specify how much traffic and for how long will be given to one or another user at full speed, after the limit is exhausted, the speed will be reduced to a certain threshold. It is possible to limit the number of simultaneous sessions to specific IPs or IP ranges, as well as the maximum number of simultaneous default sessions.
To enable and disable rules, it is possible to create a seven-day schedule, up to 15 intervals.
Fig. ten
The Draytek 2925 router can be configured to provide high-availability network services by backing up the hardware and software resources of the main 2925 router using Draytek “spare” routers in the event of a primary outage. It is also possible to balance traffic between multiple routers and WAN connections.
That is, using the HA function eliminates the problem of a single point of failure. If the main router “burned out” or for other reasons has ceased to be operational, it will not lead to a network failure - the network will continue to work in normal mode.
Backup can work in two modes:
»Hot-Standby - the mode in which the interfaces and resources on the backup router are activated only when the main one is unavailable. Therefore, all WAN connections on the primary must be physically duplicated on the backup router (s). The entire configuration on the primary and backup routers is the same and is periodically synchronized from the primary to the backup router.
"Active-Standby - a mode in which, WAN-interfaces are active on the main, can also be active on the backup router, each of which has its own settings (for example, connected to different Internet service providers), users can route traffic through any of WAN interface. Resources on all routers are active, but LAN segments on all routers have shared virtual IP addresses. Configuration between routers is not synchronized. If one router becomes unavailable, then traffic from users begins to be routed through another router with its Internet connection.
Fig. 10-1
For example, the Hot-Standby mode. The 2925 Primary router is the primary router, the 2925 Secondary router is a backup router, the circuit is configured in Hot-Standby mode. When Primary "lays down", all resources will switch to the backup router, and it performs the role of the main one. When the principal is involved in the work, resources are returned to it, and the work continues in the normal mode. DARP - DrayTek Address Redundancy Protocol, which is used to configure state detection between routers.
The router has a USB port that can be used in one of three modes. First, connect a USB 3G / 4G modem to reserve an Internet connection or as a basic Internet connection, if there is no other way to connect to the Internet.
Secondly, connect the USB printer to the router, which becomes the print server and users will be able to use it by setting up access to it over the network.
Third, connect a USB drive and share files with FTP or NetBios / SMB.
Fig. eleven
Fig. 12
Smart Monitor was created primarily to solve network problems by monitoring and analyzing network traffic, the application helps administrators to find and solve problems with network applications. For example, monitor traffic of various types, create detailed reports on the use of traffic by users to export them and even send by e-mail; protocols and take this information into account when configuring the router so that users feel comfortable working. For illustration below are several screenshots.
Fig. 13
The application helps to solve problems of misuse of working time and unwanted leakage of confidential information. For example, monitor the abuse of IM messengers and the transfer of confidential information outside the company, the time spent on social networks, find users who download channels by downloading large files or streaming video, etc. Using SmartMonitor, you can monitor user activity: read e-mail, chat in IM messengers, view the files they have downloaded.
For illustration below are some screenshots.
Fig. 14
The interception function is useful for data recovery in case of their loss by the user or solving controversial situations. For example, listening to VoIP conversations or recovering accidentally deleted emails. Naturally, you can view the addresses of sites that were visited by specific users. With regard to the separation of rights: in the application, you can create accounts with privileges to view information only for certain users, for example, only sales staff.
The Smart Monitor application captures and analyzes traffic that is mirrored from the specified LAN ports of the router to the Mirror port. The port of the server on which the Smart Monitor application is installed is connected to the Mirror port, traffic from this port is saved, and then “disassembled” by the application. Therefore, there can be two ports on the server: one for mirroring the traffic for the second for control. The important point is that only the traffic of the LAN pots is mirrored from the router, the wireless traffic is not mirrored, therefore, it is not processed.
The application consists of several components, such as Apahe web server with PHP, WinPcap, installed on your computer in a few clicks. The Smart Monitor interface works through a web browser. To do this, open the server's IP in the browser, then enter the login and password to access the system. The minimum hardware requirements for a system of 30 hosts are modest: Intel P4 1.4GHz / AMD CPU, 20 GB for HDD and 1GB of RAM. Supported OS Windows XP / 7, Linux.
By the way, the application is free software.
For more information, I recommend to use the online demo at http://eu.draytek.com Curve 50000/Logon.php
Fig. 15
The centralized Draytek VigorACS SI system is designed to manage, configure and monitor the fleet of Draytek devices for large enterprises, operators and service providers who need to simplify and automate the installation and maintenance of equipment. Using the VigorACS SI system significantly reduces equipment maintenance costs from the service provider (operator) or system integrator. In general, the system deserves a separate review as it is very functional.
The following advantages of using the Draytek VigorACS SI system can be highlighted:
»Centralized management. The VigorACS SI architecture allows you to centrally manage various types of Draytek devices, such as routers, even if the devices are behind NAT. Management of any device is made from a single interface. Management can be as a group of devices, as well as a separate device.
»Reduced support costs. One of the main tasks of the VigorACS SI system is to reduce the number of calls to the technical support service and the time needed to eliminate problems that arise. The system allows administrators to easily find and fix problems thanks to a simple intuitive interface, the ability to differentiate access rights and audit settings made by other users. The system provides detailed statistics on the operation of all devices, notification of events, and alarm notifications, the ability to remotely control devices.
"Automation of the entire cycle of setting and operating equipment. The system can be useful both to service providers and system integrators who want to simplify and automate the installation and maintenance of equipment as much as possible.
»Save time. Automatic configuration allows you to significantly reduce the time spent on installing new devices and reconfiguring existing ones, and as a result, save money.
»Monitoring and analysis. The system allows you to monitor and analyze the status of all devices on the network and notify about events such as accidents or device unavailability, overload or errors. This allows you to take measures or prevent an accident until the moment when the client finds it and contacts the technical support service.
Fig. sixteen
Key features of the system:
The VigorACS SI system uses the standard TR-069 protocol to control devices.
Fig. 17
The system is licensed and is a commercial product. The system is accessed via Internet Explorer / Firefox / Safari / Opera web browser, which must support Adobe Flash Player 9.0.
Server OS requirements:
Minimum hardware requirements:
The demo interface of the system can be viewed at http://acstest.draytek.com:8001/web/ACS.html
Below are detailed technical specifications of the Draytek 2925 series.
WAN interface to connect to the Internet
Firewall
VPN features
There is a small remark: in accordance with the legislation of the Russian Federation, software and hardware supporting encryption means imported into the Russian Federation must comply with the standards established by control and supervisory authorities, therefore, in the case of this router, all encryption functions are removed in the software. This can be circumvented by installing full-time software that can be downloaded from draytek.com.
USB functions
Bandwidth Management
Network management
Content Security Management
Network characteristics
Wireless Network (For models with index n, n-plus and ac)
VoIP features (for models with index V)
The device comes in a box with marketing elements, such as images of the router, information about its key functions, as well as a detailed description of the possibilities. The type of packaging indicates that the device, including, is sold in stores, where a potential buyer must first be attracted by beautiful and high-quality packaging.
Fig. 18
I draw your attention to the fact that the 2925 box shows the most sophisticated version of the Vigor2925Vac, so the exact name of the model should be seen on the sticker located on one of the sides of the box.
Fig. nineteen
It is enough to pick up the package and read what is written on it in order to fully understand what the device hiding in the package can do. The lists of functions shown on the package have been described in detail above.
Fig. 20 and 21
On the side, on the box, is the EAC symbol, indicating that the products marked with this sign have passed all assessment procedures established in the technical regulations of the Customs Union. Also information about the distributor of equipment - LLC Digital Angel. As before, all Draytek equipment is manufactured in Taiwan.
On the other side of the package, information about the model of the device - in our case, model 2925n, serial number, firmware version installed at the factory, information about the region for use - Russia.
Fig. 22 and 23
When you first open the box, the first thing that strikes you is the quality of the packaging. Everything is well and neatly packed. By the way - a remarkable fact that often the device will work as well or as bad as it was packed. From experience, I can say that this is how it usually happens. And it concerns not only routers.
Fig. 24
After extracting the contents of each element is in its own packaging. Package standard for the router. On the image below is the Draytek 2925n, there are no antennas in the Draytek 2925 package, as this modification does not support a wireless network. For modifications n, n-plus and ac there will be three antennas in the box, and on the side panel of the router there are corresponding threaded heads for mounting antennas.
Fig. 26
The image below is a kit without packaging materials.
Fig. 27
The package includes the following items:
As for the network adapter, its input voltage is from 100 to 240 volts, input current 0.6A, power 18 Watt. At the output of the network adapter produces 12 volts and 1.5 A DC. The adapter is very compact. His image is presented below.
Fig. 28
The router’s “carcass” itself has a somewhat futuristic design due to a barely noticeable bevel from the front panel to the side, slightly convex side edges, three different textures of the case material: a black glossy front panel, a top wavy panel and a gray bottom panel connecting diagonally from the top to sides of the "box". The device made hidden ventilation holes in the upper, side and lower parts of the body. In general, the router body is heated moderately. Ventilation is passive, so the device does not make noise during operation. The manufacturer's logo is printed on the top and side panels in the form of a volume inscription in silver. It looks very stylish, and in general the design of the model 2925 is successful - it seems to be not strict, but it looks stylish and looks nice, the glossy front panel with the logo hints at the “premium” of the device.
Fig. 29
The glossy front panel has a number of indicators of the status and control of the router subsystems.
Fig. thirty
We give a description of these indicators.
LED status block
Gigabit Ethernet Ports Panel
LAN (1-5) - if the diode is on, the port is active; if it is off, the port is disabled; if it is flashing, data is transmitted through the port. In the 100 Mbit / s mode, one left diode is lit, in the 1 Gbit / s mode, both diodes are lit.
WAN (1-2) - if the diode is on, the port is active, if it is turned off, the port is disabled, if it is flashing, data is transmitted through the port. In the 100 Mbit / s mode, one left diode is lit, in the 1 Gbit / s mode, both diodes are lit.
The display is quite simple, but extremely useful for the initial diagnosis and assessment of the state of the router.
The following image shows the bottom panel of the router.
Fig. 31
Over the entire area there are ventilation holes for the heat sink, in the middle there is a sticker with the exact indication of the model of the device, the power consumption - in our case up to 15 watts. Output consumed constant voltage and current of 12-15 V and 1-1.3 A, respectively. It is noteworthy that on the sticker there is an email Draytek technical support, where you can contact for help. The antenna mounting thread is covered with silicone caps. For mounting the router on the wall or ceiling in the kit there are two screws and two dowels. On the bottom panel, along the edges, there are four holes for fixing the case on the heads of the self-tapping screws.
Now consider the interfaces and buttons of the router. All of them, except for the power connector and antenna connectors of the wireless network are in one place - on the front panel of the router. For the Model 2925n, on the rear panel, on the edges, there are two connectors of threaded wireless antennas where the omni-directional antennas from the router kit are screwed. There is also a socket for connecting a network adapter labeled PWR . Nearby is a switch to turn on or turn off power to the router. On models with an index of n-plus or ac connector for the antenna three. Image below is the back panel of the router.
Fig. 32-1
On the front panel is a block of LED indicators, which was described in detail above. To the right of the indicator block, there are two USB 2.0 ports for connecting a drive, printer or 3G / 4G modem. Next, the block of Gigabit Ethernet ports, the WAN1 and WAN2 ports are used to connect the device to the Internet service providers, the LAN1 - 5 ports are used to connect to the local network. The multifunction Wireless LAN ON / OFF / WPS button (only for the model with the index n, n-plus, ac) is used to enable or disable the wireless network on the device, to do this, press the button twice if the WLAN diode goes out, the wireless network is disabled, if it is on, the network is turned on. If you press the button once, the router will wait for two minutes to configure it using the WPS function.
The Factory Reset button resets the device to the factory settings, to reset the router, turn it on and hold the button pressed for more than 5 seconds, when you see that the ACT diode flashes quickly, release the button. The router will reboot with the factory settings.
Fig. 32
The following several photos show the view of the router with the antennas installed. The design of the device is strict, apparently it emphasizes the orientation of the device to the business of users, network engineers and system administrators, and not home users. The device does not catch the eye with its unusual appearance and will fit into the interior of any office. The relatively compact size of the router allows you to put or hang it almost anywhere, besides passive cooling, and as a consequence the lack of noise at work, allow you to use it anywhere.
Fig. 33
Fig. 34
Below is a view of the router with the cables connected.
Fig. 36
Additionally, it is worth noting the quality of plastic and materials, it is at a good level.The parts fit well together, there is no squeak and backlash when compressing the case, the cables fit tightly into the connectors and do not fall out, the antennas can be fixed at the right angle, and they do not “roll” to the sides.
By the way, the router, if necessary, you can install a 19 inch rack, for this you need to purchase a special mount Rack-mount Plate, in which the Draytke 2925 case is installed, then the whole structure is mounted in a rack. The mount can be used for all 2925 and 2860 series routers.
Fig. 36-1
Testing the maximum bandwidth of the Draytek 2925n. Iperf 2.0.2 + Jperf visualization was used for testing, as endpoints: a virtual machine with Debian x64 with a console iperf and a laptop with Windows 8.1 with Jperf, from which the graphs were copied. The scheme is simple: on one host there is an iperf server, on the second an iperf client. Of course, tests cannot be called reference ones - a virtual machine running on the VMWare Workstation 12 Pro platform was used. On the virtual machine was allocated 1 core processor Core i5 and 4 GB of RAM. The second physical machine is a laptop with a Core i5 processor and 12 GB of RAM.
During testing, the firmware version of the router was 3.8.2.3 , the model of the Draytek 2925n router .
Test of a wired network, LAN-WAN with NAT, LAN scheme → Draytek 2925n → WAN1, duration 00:02:00. The average speed is 507 Mbit / s, and there are no jumps or failures, which is a very good indicator. For comparison, with a direct connection through the switch of two test machines, iperf showed an average speed of 850 Mbit / s.
Fig. 37
Additionally, test in 10 parallel threads along the same lines.
Fig. 37-1
If you add up the average speeds of each stream, you get about the same speed as in single stream mode.
Wireless network test, Wireless LAN-WAN, Wireless LAN scheme → Draytek 2925n → WAN, the wireless network adapter on the laptop worked in 802.11n mode, WPA2 / PSK security.
I used a regular laptop with a wireless controller Intel Realtek RTL8723BE 802.11 b / g / n Wi-Fi Adapter, because in reality, the average user will use such equipment. The test duration is about 2 minutes, the average real speed is 49.731 Mbit / s, at a connection speed of a laptop adapter to a wireless network of 72 Mbit / s.
On this test, as in the previous dips in speed is not observed.
Fig. 38
Another test, this time with six parallel threads
Figure 38-1
In sum, all the streams give roughly the same speed as in single-stream mode.
But the same test of the wireless network, but without encryption, the difference in bandwidth is not significant, despite the lack of encryption.
Fig. 39
VPN testing, VPN scheme PPTP client (without encryption) → Draytek 2925n → WAN1.
Fig. 40
The average speed was 174.00 Mbit \ s.
Now encryption, VPN scheme IPSec client (with DES encryption) → Draytek 2925n → WAN
The average speed is 88.2 Mbit / s, the result is very good.
Fig. 41
Now, too, but 10 parallel threads.
Fig. 41-1
In sum, all the streams give approximately the same speed as in the single stream mode.
So, in this part of the review, we examined in detail the Draytek 2925n series router from such aspects as the positioning of the device on the market, the pattern of use of the router, its key functions and examples of their use, got acquainted with the detailed technical specification of the device, looked at the configuration and appearance of the router, detailed functions of indicators and device interfaces. Everything we see clearly demonstrates that the device has very wide capabilities, coupled with “gigabit”, which may be needed by an SMB and SMB + enterprise or a small branch of a large company that have “outgrown” the network connection speed of 100 Mbit / s and need hundreds of megabits on the local network and on the WAN interfaces to the ISP. Therefore,The device has great potential for use in demanding corporate networks. Load testing showed good results, I did not expect other results, because the device is not at all an entry level, so it must be productive.
In the next part of the review, we will look at the device’s web interface.
Today, there are many multifunctional routers on the market that are designed “from one box” to provide the company with all the necessary network services. Among this variety, like a few years ago, Draytek products stand out. This is due to the fact that it was Draytek that was one of the first to launch the production of affordable, easy to set up, reliable and functional networked combines, even when such devices were produced on the market only by the largest vendors and could only afford them prosperous ”companies due to the high cost of acquisition, installation and subsequent maintenance. A series of routers Draytek 2925, which will be discussed - the middle ground for several reasons:
First, high performance: the router has Gigabit Ethernet ports and shows excellent network performance NAT, VPN and Wi-Fi.
')
Secondly, the rich functionality - Draytek 2925 makes it easy to deploy a huge number of network services, has built-in auto configuration, centralized management and monitoring of remote devices.
Thirdly, reliability - in addition to the traditional quality of hardware and Draytek software tested over the years, the model under consideration has the functions of hardware and software resource backup by creating a high availability cluster of several routers. And all this is offered to the buyer at a reasonable price. In addition, the feature of Draytek routers in general and the model in question in particular are ease of setup, intuitive interface, and excellent documentation in the form of a reference book and examples of how to. This is what attracts many administrators and engineers in Dryatek products. Model 2925 is a "combine" with the maximum number of network services in a single package.
This review will help you to get acquainted in detail with the Draytek 2925 series of routers using the example of the Draytek 2925n model, which is shown in the image below and includes two parts.
In the first part we will get acquainted with the schemes of using the router as a whole and its individual functions. Next, we will look at its characteristics in detail, look at the appearance and equipment, interfaces and connectors, then test the bandwidth of the device.
The second part will be devoted to a review of the web interface, its features and an example of setting up such functions and interfaces as WAN and LAN, Load-balancing, wireless network, VPN (PPTP, IPSec and SSL), firewall, NAT, special tools for auto configuration and centralized access point management - Central AP Management and VPN connections on remote routers - Central VPN Management, bandwidth management, multi-router cluster creation of high availability, as well as USB functions, router diagnostics and monitoring.
A series of routers Draytek 2925 is represented by several models, for clarity, we present a comparison of models in the form of a table.
| Model \ Function | Vigor 2925 | Vigor 2925n | Vigor 2925 n-plus | Vigor 2925 Vn-plus | Vigor 2925ac | Vigor 2925 Vac |
| WLAN | - | 802.11n (2.4 GHz) | 802.11n (2.4 GHz + 5 GHz) | 802.11n (2.4 GHz + 5 GHz) | 802.11ac (2.4 GHz + 5 GHz) | 802.11ac (2.4 GHz + 5 GHz) |
| VoIP | - | - | - | 2 x FXS 1 x FXO | - | 2 x FXS 1 x FXO |
| Number of external antennas | - | 2 | 3 | 3 | 3 | 3 |
As can be seen from the table, the first difference between the models of the 2925 series is the standards of the wireless network. So, the model 2925 does not have a Wi-Fi controller, the model with the “n” index supports the 802.11n standard (300 Mbit / s) in the 2.4 GHz frequency range. The model with the n-plus index is capable of operating in two frequency ranges: 2.4 GHz and 5 GHz, which increases the reliability of communication, reducing the effect of radio frequency interference. The model with the “ac” index supports the 802.11ac standard and can operate at a frequency of 2.4 GHz or at a frequency of 5 GHz with a speed of up to 1300 Mbit / s (3 x 433 Mbit / s).
The second difference between the models is the availability of VoIP ports - two FXS ports for connecting analog phones and one Life Line port for connecting a copper FXO line from a city PBX. Models with VoIP support have an “V” index in the model name.
Key features of the device
- All-in-one network "combine"
- Powerful, high-throughput full gigabit router -
All Ethernet WAN and LAN ports operate at 1 Gbit / s (10 \ 100 \ 1 000 Base-TX)
- 802.11ac wireless network up to 1300 Mbps (only for models with “ac” index) or 802.11n (including 2.4 GHz + 5 GHz dual-band version for models with n-plus index) with the ability to create multiple wireless networks on one device
- VoIP support: availability of FXS and FXO ports for the model with the “V” index
- WAN interface with redundancy and balancing of traffic between multiple WAN interfaces
- The possibility of implementing high availability High Availability (HA) network services by means of hardware and software backup resources Draytek 2925
- Powerful Surge Protector
- CSM (Content Security Management) security management system
- Supports up to 50 VPN tunnels (using PPTP / L2TP / IPsec protocols) with hardware encryption and the ability to back up VPN connections (equipment officially imported into the Russian Federation only supports PPTP without encryption)
- Support up to 25 SSL VPN tunnels
- Two multifunctional USB ports for connecting a printer or sharing files
- Possibility to connect 3G / 4G USB modems as WAN 3 via USB port
- VLAN port and tag based support
- Bandwidth Management with Intelligent VoIP QoS Mode
- IPv4 and IPv6 support
- Extensive web-based management or CLI command line
- Ability to use with the server for centralized management and monitoring of VigorACS SI
- Central VPN Management built-in function to manage VPN functions on 16 Vigor remote routers
- Integrated Central AP Management for centralized management of Vigor wireless access points
- Ability to connect to the Smart Monitor traffic analyzer and monitor up to 50 hosts
- TR-69 and TR-104 control protocol support
Draytek 2925 Usage Scheme
The Model 2925 is primarily a Gigabit office router with the maximum set of features that may be required to create a transparent and efficient network infrastructure for a small office. Unlike the low-end model 2912, an overview of which in two parts is available by reference: part 1 and part 2 , the router in question has higher performance, can serve more hosts on the local network and support more VPN connections. Also, the device has additional functions for centralized management of access points and VPN connections on Vigor devices. In the figure below, the combined use of the router is shown.
So, the first location is the head office, it has a powerful Draytek 3900 router, there is also a single management and monitoring system for all Draytek routers used by a company called VigorACS SI, with which you can easily configure, update and monitor all routers in networks from one place. In this case, the number of devices on the network can reach several hundred. All offices are connected to each other through VPN-tunnels, in our example it is the head office, offices A and B, and we installed Draytek 2925n and 2925Vn-plus in them. In office A, the router is connected to two Internet providers, via two WAN ports via Ethernet. Traffic balancing between WAN interfaces is configured, so if one of the operators has a crash, Internet access will be preserved. All employees' workplaces are connected via Wi-Fi, and several independent wireless networks are configured with their SSIDs, in the example, this is the Wireless network for office staff, and the Guest network is Guest, with limited access and limits on the number of simultaneous sessions from the device and maximum bandwidth, so that guests do not interfere with the work of staff.
Using the CSM content security system, employees are blocked from accessing social networks, using an online web content filter, the router checks for websites that employees want to access, and blocks unwanted ones. A printer is connected via the USB port of the router, and the employees' PCs “see” it as a print server. Remote employees can connect to the company's local network via VPN clients on their home computers using PPTP or IPSec. In office B, the main provider is connected via Ethernet to WAN 1 port of Dryatek 2925Vn-plus, and through the USB port a 3G modem is connected, which is configured as WAN 3 and in case of a failure on the WAN 1 channel, the traffic will go through the 3G modem. Employees' PCs, IP phones and servers are in different VLANs, QoS is configured, as the office uses IP phones. For monitoring and analyzing the network activity of users, the Draytek Smart Monitor solution is applied with which it is easy to understand how much traffic the employees consume and which web resources they visit.
We now turn to a detailed review of the key functions of the router.
Powerful office router with gigabit WAN and LAN ports and Internet connection redundancy, traffic balancing.
Fig. 3
Fig. 3-1
The 2925 series routers have two WAN Gigabit Ethernet interfaces — WAN1 and WAN2. Between interfaces, traffic balancing and redundancy are configured; if two Internet providers are used in the event of an accident on the channel of one of them, the Internet will work in the office. In addition to the redundancy of Ethernet providers, you can connect an Internet link reservation via a 3G / 4G modem, which is inserted into the USB port of the router and becomes the WAN3 port.
In addition, you can create routing rules (or address-based NAT translation) to specific WAN / LAN / VPN interfaces, for traffic from sources, and for destinations such as a host or subnet with optional indication of the protocol and port range. The rule additionally indicates the backup interface to which traffic should be sent in case of failure of the main one.
Each rule has a priority in the list, so if the first rule did not work, the next rule below the priority will apply.
All five LAN ports on the device also have a connection speed of 1 Gbit / s, which makes this router a device that can “grind” large amounts of traffic.
Building a secure VPN network between offices or connecting remote workstations
Fig. four
The router supports up to 50 VPN * LAN-to-LAN tunnels to securely connect the organization's networks via the Internet or create VPN connections from remote workstations of homeworkers using the PPTP / IPSec / L2P / L2TPover IPSec protocols. AES / DES / 3DES encryption and IKE authentication provide enhanced security. Using a dual WAN connection allows you to apply not only the load balancing scheme, but also redundancy. Therefore, if the main channel of the VPN channel becomes unavailable, it will replace the backup VPN channel.
By the way, the VPN functions in Draytek are very easy to configure. In just a couple of clicks, you can configure both LAN-to-LAN connections and access from remote workstations. Dryatek has its own VPN client to simplify connections from workplaces, it is called Draytek Smart VPN Client. The application is available for free download on draytek.com
* In the official deliveries of routers to the territory of the Russian Federation, all software encryption tools that do not support GOST standards have been removed, therefore such firmware can only find PPTP support without encryption. This can be circumvented by installing full-time software that can be downloaded from draytek.com.
Central VPN Management
Fig. 4-1
Central VPN Management’s built-in Draytek 2925 tool allows you to centrally manage VPN connections from remote Dryatek routers. Connecting routers is very simple: control is configured between the central Dryatek 2925 and the remote router, after which the remote router appears in the list of managed devices on the central Draytek. Next, with a few clicks, on the central Draytek 2925, the VPN tunnel to the remote router is activated. Also from the central router, you can get detailed information about the status of remote devices, make backup configurations, update firmware and so on.
The location of remote routers can be viewed on Google Maps on the corresponding tab in the device’s web interface.
Secure networking for the office
Fig. five
Draytek 2925 routers, depending on the model, support an 802.11n or 802.11ac wireless network and have two or three omni-directional antennas. The settings of the wireless network functions in the router are large.
The device supports up to 5 independent wireless networks with their own settings, and each of the networks can limit the maximum bandwidth for outgoing and incoming traffic, as well as enable the schedule according to which these restrictions will work. For each of the 4x wireless networks, their own security settings are configured, including MAC address filters. For each network, you can enable the Wi-Fi usage quota based on the MAC address and the timeout for re-quota provisioning.
Fig. 6
You can also enable the web portal function to redirect to the desired web page of the user connecting to the Internet, as a company advertisement.
Fig. 7
Another important advantage is that any of the four wireless networks and the LAN subnet can be combined and isolated from other networks, which increases security. On the Draytek 2925 router there can be 5 LAN subnets.
Fig. eight
The image below shows a clear example of using multiple SSIDs and VLANs:
Fig. 8-1
Centralized management and monitoring of wireless access points
Fig. 4-2
To facilitate the management and monitoring of wireless access points located in the local network, the Dryatek 2925 router has a built-in tool - AP Central Management. This tool, in a few clicks, allows you to connect and fully configure the access point. When connected to the local network of the access point, it is automatically detected by the router. The administrator creates the profile of the necessary settings for the access point or uses the default profile, then assigns the profile to the access point, the point automatically loads the profile, further maintenance and monitoring is carried out centrally with Dryatek 2925 for each individual point or group of points.
Currently supported AP800, AP810, AP900 and AP910C points. No license is required for this tool to work.
Powerful firewall with content filtering at the application level
Fig. 9
The 2925 series routers support firewall with invisible testing of SPI (Stateful Packet Inspection) packets based on Object-based objects, such as a user (he gets specific IP during authorization), IP address or IP address groups, protocol and range ports and their groups, keywords and keyword groups, file extension profiles. These objects can be used to create firewall rules that can be turned on and off on a schedule.
The CSM content security system (Content Security Management) is an application-level firewall subsystem that allows you to block UR links by keywords and content type, for example, Java Applet, Cookies, Active X, you can also block various network applications, for example , IM / P2P or application level protocols, for example, MySQL, SMB, SSH, UltraVPN, the list of services and protocols is quite impressive. It is also possible to block DNS by keywords.
Another powerful tool that contains CSM is the GlobalView Web Content Filter system. It is designed to filter unwanted content at the thematic level, that is, for example, sites with the theme of porn, crime, gambling, and more. The administrator creates profiles where he specifies the subject of the sites and assigns them to the firewall rules, then indicates what to do if the rule matches, for example, block. Web Content Filter is licensed, but a trial license for testing can be obtained free of charge.
The router implements detection and automatic protection against DoS attacks, and the traffic threshold metrics, after which the event is considered an attack, can be configured manually. Also provides for sending notifications about the attack. In general, a firewall can operate in one of two global modes:
“Rule-Based, that is, based on rules, where objects, for example, the IP addresses of user stations, the administrator sets the rules based on different IP addresses.
»User-Based, that is, management based on user profiles, the administrator sets the rules for different user profiles. Before this, users must log in.
Bandwidth Management and QoS Quality Assurance
The router has a wide range of QoS QoS tuning capabilities to solve a typical situation — the correct prioritization of delay-critical traffic over the traffic of services that require such priorities. Moreover, the router, by default, automatically detects real-time traffic, and gives it priority over other types of traffic. For example, VoIP calls. In addition to the QoS settings, there are ample opportunities to control the bandwidth and set the limit on the expenditure of traffic for both individual IP addresses and groups of IP addresses. You can specify how much traffic and for how long will be given to one or another user at full speed, after the limit is exhausted, the speed will be reduced to a certain threshold. It is possible to limit the number of simultaneous sessions to specific IPs or IP ranges, as well as the maximum number of simultaneous default sessions.
To enable and disable rules, it is possible to create a seven-day schedule, up to 15 intervals.
Fig. ten
Possibility of hardware and software resource reservation High Availability (HA)
The Draytek 2925 router can be configured to provide high-availability network services by backing up the hardware and software resources of the main 2925 router using Draytek “spare” routers in the event of a primary outage. It is also possible to balance traffic between multiple routers and WAN connections.
That is, using the HA function eliminates the problem of a single point of failure. If the main router “burned out” or for other reasons has ceased to be operational, it will not lead to a network failure - the network will continue to work in normal mode.
Backup can work in two modes:
»Hot-Standby - the mode in which the interfaces and resources on the backup router are activated only when the main one is unavailable. Therefore, all WAN connections on the primary must be physically duplicated on the backup router (s). The entire configuration on the primary and backup routers is the same and is periodically synchronized from the primary to the backup router.
"Active-Standby - a mode in which, WAN-interfaces are active on the main, can also be active on the backup router, each of which has its own settings (for example, connected to different Internet service providers), users can route traffic through any of WAN interface. Resources on all routers are active, but LAN segments on all routers have shared virtual IP addresses. Configuration between routers is not synchronized. If one router becomes unavailable, then traffic from users begins to be routed through another router with its Internet connection.
Fig. 10-1
For example, the Hot-Standby mode. The 2925 Primary router is the primary router, the 2925 Secondary router is a backup router, the circuit is configured in Hot-Standby mode. When Primary "lays down", all resources will switch to the backup router, and it performs the role of the main one. When the principal is involved in the work, resources are returned to it, and the work continues in the normal mode. DARP - DrayTek Address Redundancy Protocol, which is used to configure state detection between routers.
The possibility of multipurpose use of the USB port in the modes of the print server, file storage, 3G / 4G modem connection
The router has a USB port that can be used in one of three modes. First, connect a USB 3G / 4G modem to reserve an Internet connection or as a basic Internet connection, if there is no other way to connect to the Internet.
Secondly, connect the USB printer to the router, which becomes the print server and users will be able to use it by setting up access to it over the network.
Third, connect a USB drive and share files with FTP or NetBios / SMB.
Fig. eleven
Smart Monitor Traffic Analysis System
Fig. 12
Smart Monitor was created primarily to solve network problems by monitoring and analyzing network traffic, the application helps administrators to find and solve problems with network applications. For example, monitor traffic of various types, create detailed reports on the use of traffic by users to export them and even send by e-mail; protocols and take this information into account when configuring the router so that users feel comfortable working. For illustration below are several screenshots.
Fig. 13
The application helps to solve problems of misuse of working time and unwanted leakage of confidential information. For example, monitor the abuse of IM messengers and the transfer of confidential information outside the company, the time spent on social networks, find users who download channels by downloading large files or streaming video, etc. Using SmartMonitor, you can monitor user activity: read e-mail, chat in IM messengers, view the files they have downloaded.
For illustration below are some screenshots.
Fig. 14
The interception function is useful for data recovery in case of their loss by the user or solving controversial situations. For example, listening to VoIP conversations or recovering accidentally deleted emails. Naturally, you can view the addresses of sites that were visited by specific users. With regard to the separation of rights: in the application, you can create accounts with privileges to view information only for certain users, for example, only sales staff.
The Smart Monitor application captures and analyzes traffic that is mirrored from the specified LAN ports of the router to the Mirror port. The port of the server on which the Smart Monitor application is installed is connected to the Mirror port, traffic from this port is saved, and then “disassembled” by the application. Therefore, there can be two ports on the server: one for mirroring the traffic for the second for control. The important point is that only the traffic of the LAN pots is mirrored from the router, the wireless traffic is not mirrored, therefore, it is not processed.
The application consists of several components, such as Apahe web server with PHP, WinPcap, installed on your computer in a few clicks. The Smart Monitor interface works through a web browser. To do this, open the server's IP in the browser, then enter the login and password to access the system. The minimum hardware requirements for a system of 30 hosts are modest: Intel P4 1.4GHz / AMD CPU, 20 GB for HDD and 1GB of RAM. Supported OS Windows XP / 7, Linux.
By the way, the application is free software.
For more information, I recommend to use the online demo at http://eu.draytek.com Curve 50000/Logon.php
Login: guest Pass: guest Fig. 15
Centralized management and monitoring system VigorACS SI
The centralized Draytek VigorACS SI system is designed to manage, configure and monitor the fleet of Draytek devices for large enterprises, operators and service providers who need to simplify and automate the installation and maintenance of equipment. Using the VigorACS SI system significantly reduces equipment maintenance costs from the service provider (operator) or system integrator. In general, the system deserves a separate review as it is very functional.
The following advantages of using the Draytek VigorACS SI system can be highlighted:
»Centralized management. The VigorACS SI architecture allows you to centrally manage various types of Draytek devices, such as routers, even if the devices are behind NAT. Management of any device is made from a single interface. Management can be as a group of devices, as well as a separate device.
»Reduced support costs. One of the main tasks of the VigorACS SI system is to reduce the number of calls to the technical support service and the time needed to eliminate problems that arise. The system allows administrators to easily find and fix problems thanks to a simple intuitive interface, the ability to differentiate access rights and audit settings made by other users. The system provides detailed statistics on the operation of all devices, notification of events, and alarm notifications, the ability to remotely control devices.
"Automation of the entire cycle of setting and operating equipment. The system can be useful both to service providers and system integrators who want to simplify and automate the installation and maintenance of equipment as much as possible.
»Save time. Automatic configuration allows you to significantly reduce the time spent on installing new devices and reconfiguring existing ones, and as a result, save money.
»Monitoring and analysis. The system allows you to monitor and analyze the status of all devices on the network and notify about events such as accidents or device unavailability, overload or errors. This allows you to take measures or prevent an accident until the moment when the client finds it and contacts the technical support service.
Fig. sixteen
Key features of the system:
- TR-69 protocol support
- Compatible with Draytek devices supporting TR-69
- Remote auto setup and device status monitoring
- Dynamic and scheduled customization of services
- VPN Configuration Wizard to easily create secure connections
- Daily reports and performance review
- Real-time alarm notifications
- Topology management with device connectivity rendering.
- Device Firmware Management
- Multi-user rights sharing
The VigorACS SI system uses the standard TR-069 protocol to control devices.
Fig. 17
The system is licensed and is a commercial product. The system is accessed via Internet Explorer / Firefox / Safari / Opera web browser, which must support Adobe Flash Player 9.0.
Server OS requirements:
- Microsoft Windows 2003 / XP / Vista / 7
- 32/64-bit openSUSE or other Linux distributions with Java v1.5 / Mariadb (MySQL) v5.5 is recommended, for large installations over 5000 nodes, it is not recommended to use Windows
Microsoft Windows 2003 / XP / Vista
Minimum hardware requirements:
- Intel Pentium 4 CPU 1.0 GHz and higher
- 2 GB DDR2 RAM
- Hard disk: 80GB and more
The demo interface of the system can be viewed at http://acstest.draytek.com:8001/web/ACS.html
Username: guest Password: guest Detailed functional specification of the Draytek 2925 series
Below are detailed technical specifications of the Draytek 2925 series.
WAN interface to connect to the Internet
- IPv4- DHCP Client, Static IP, PPPoE, PPTP, L2TP, 802.1p / q Multi-VLAN Tagging
- IPv6- Tunnel mode: PPP, TSPC, AICCU, 6in4, 6rd
- Dual stack: DHCPv6 Client, Static IPv6, DSLite
- USB WAN via 3G / 4G modem
- PPP
- Policy based outbound balancing
- WAN Interface Redundancy
- Limiting WAN traffic
- Supports up to 50,000 NAT sessions
Firewall
- Multi-NAT, DMZ Host, Port Forwarding
- Object-based Firewall
- MAC address filtering
- Invisible State Packing Inspection (SPI) Packet Inspection (Flow Track)
- DoS / DDoS Prevention
- Anti-spoofing IPs
- Email notifications and logging via Syslog
- Binding IP address to MAC address
- Scheduled Management
- IPv6 Firewall
- user management
VPN features
There is a small remark: in accordance with the legislation of the Russian Federation, software and hardware supporting encryption means imported into the Russian Federation must comply with the standards established by control and supervisory authorities, therefore, in the case of this router, all encryption functions are removed in the software. This can be circumvented by installing full-time software that can be downloaded from draytek.com.
- Up to 50 VPN tunnels (up to 25 VPN SSL tunnels)
- Protocols: PPTP, IPSec, L2TP, L2TP over IPSec, SSL
- Encryption: MPPE and AES / DES / 3DES hardware
- Authentication: MD5, SHA-1
- IKE Authentication: Pre-shared Key and Digital Signature (X.509)
- Work and control in LAN-to-LAN, Host-to-LAN modes
- IPsec NAT-traversal (NAT-T)
- Detection of disabled peers Dead Peer Detection (DPD)
- Backup Mode VPN Backup Mode
- DHCP over IPSec
- Pass-through VPN Pass-through
- VPN Configuration Wizard
- mOTP
USB functions
- Sharing a printer
- File Sharing:
- FAT32 support
- Support sharing via FTP
- Samba sharing support - 3.5G (HSDPA) / 4G (LTE) modem connections as WAN3 interface
Bandwidth Management
- QoS provisioning functions:
- Guaranteed band for VoIP traffic
- Class-based guaranteed band for user-defined traffic categories
- Support for DSCP marking
- 4 levels of prioritization for each type of traffic - Band reservation
- Reassigning QoS Labels for LOS TOS / DSCP Protocols
- Intelligent bandwidth limiting
Network management
- Web Based Management (HTTP / HTTPS)
- Router Quick Setup Wizard
- Console CLI management interface via telnet / ssh
- Administrative Access Control
- Backup and restore configuration
- Built-in diagnostic functions
- Firmware update via TFTP / FTP / HTTP / TR-069 protocols
- Syslog Logging
- SNMP V2 / V3 support
- Control session timeout setting
- Two-level restriction of management rights: administrator and user
- TR069 protocol support
- TR104 protocol support
- Smart Monitor support up to 50 terminals
- Central AP Management - Draytek's integrated access point management system
- Central VPN Management - integrated management of VPN functions on Draytek remote routers
Content Security Management
- IM / P2P applications
- Filter by content URL:
- Filter by keywords in (white and black lists)
- Content blocking by types (extensions): Java applets, Kukki, Active X, Compressed, Executable, Multimedia
- the ability to specify networks for which the rules do not apply - GlobalView Global Content Filter (using CYREN technology)
Network characteristics
- DHCP Client / Relay / Server
- RADVD for IPv6
- DHCPv6 Server
- Static IPv6 Addressing
- IGMP Proxy V2 / V3
- IGMP snooping
- Dynamic DNS
- NTP Client
- RADIUS Client
- DNS Caching / Proxy
- UPnP 30 Sessions
- Routing protocols:
- Static routing
- RIP V2 - Tagged VLAN (802.1q) on LAN
Wireless Network (For models with index n, n-plus and ac)
- IEEE802.11ac standard for models with ac / Vac index
- IEEE802.11n Concurrent Dual Band standard (2.4GHz and 5GHz) for models with the n-plus / Vn-plus index
- IEEE802.11n 2.4 GHz standard for model with index n
- View a list of wireless clients
- Wireless isolation
- Wireless security
- WEP 64/128 bit
- WPA-TKIP / WPA2-AES / Mixed Mode (WPA + WPA2)
- 802.1x authentication - Wireless SSID hiding
- Multiple SSID Configuration
- MAC Address Filter
- Access Point Detection
- Combining access points using WDS (Wireless Distribution System)
- SSID VLAN grouping with LAN port
- Network bandwidth control
- WMM
- WPS
VoIP features (for models with index V)
- SIP signaling protocol, RTP / RTCP media, ZRTP + SRTP encryption support
- Up to 12 SIP accounts
- Audio codec support: G.711, G.723.1, G.726, G.729 A / B, VAD / CNG support
- DTMF Modes: Inband, RFC-2833, SIP Info
- FAX / Modem: Tone Detection and G.711 Pass-through Fax Mode
- FXO short circuit to FXS (PSTN Loop-through) in case of power failure on the router
- Manipulating numbers in terms of dialing
- Notebook
- Additional Services (DVO): Call Hold, Second Call Notification, Call Transfer, Call Forwarding (conditional and unconditional), DND, Hotline (Hotline), indication of unread voice messages MWI
Package, appearance and packaging
The device comes in a box with marketing elements, such as images of the router, information about its key functions, as well as a detailed description of the possibilities. The type of packaging indicates that the device, including, is sold in stores, where a potential buyer must first be attracted by beautiful and high-quality packaging.
Fig. 18
I draw your attention to the fact that the 2925 box shows the most sophisticated version of the Vigor2925Vac, so the exact name of the model should be seen on the sticker located on one of the sides of the box.
Fig. nineteen
It is enough to pick up the package and read what is written on it in order to fully understand what the device hiding in the package can do. The lists of functions shown on the package have been described in detail above.
 |  |
Fig. 20 and 21
On the side, on the box, is the EAC symbol, indicating that the products marked with this sign have passed all assessment procedures established in the technical regulations of the Customs Union. Also information about the distributor of equipment - LLC Digital Angel. As before, all Draytek equipment is manufactured in Taiwan.
On the other side of the package, information about the model of the device - in our case, model 2925n, serial number, firmware version installed at the factory, information about the region for use - Russia.
 |  |
Fig. 22 and 23
When you first open the box, the first thing that strikes you is the quality of the packaging. Everything is well and neatly packed. By the way - a remarkable fact that often the device will work as well or as bad as it was packed. From experience, I can say that this is how it usually happens. And it concerns not only routers.
Fig. 24
After extracting the contents of each element is in its own packaging. Package standard for the router. On the image below is the Draytek 2925n, there are no antennas in the Draytek 2925 package, as this modification does not support a wireless network. For modifications n, n-plus and ac there will be three antennas in the box, and on the side panel of the router there are corresponding threaded heads for mounting antennas.
Fig. 26
The image below is a kit without packaging materials.
Fig. 27
The package includes the following items:
Draytek 2925n router - 1 pc.
Antenna (for model 2925n) - 2 pcs.
RJ-45 patch cord - 1 pc.
AC adapter - 1 pc.
Set for wall mounting - 1 pc.
Brochures - 2 pcs.
Technical description in Russian - 1 pc.
As for the network adapter, its input voltage is from 100 to 240 volts, input current 0.6A, power 18 Watt. At the output of the network adapter produces 12 volts and 1.5 A DC. The adapter is very compact. His image is presented below.
Fig. 28
The router’s “carcass” itself has a somewhat futuristic design due to a barely noticeable bevel from the front panel to the side, slightly convex side edges, three different textures of the case material: a black glossy front panel, a top wavy panel and a gray bottom panel connecting diagonally from the top to sides of the "box". The device made hidden ventilation holes in the upper, side and lower parts of the body. In general, the router body is heated moderately. Ventilation is passive, so the device does not make noise during operation. The manufacturer's logo is printed on the top and side panels in the form of a volume inscription in silver. It looks very stylish, and in general the design of the model 2925 is successful - it seems to be not strict, but it looks stylish and looks nice, the glossy front panel with the logo hints at the “premium” of the device.
Fig. 29
The glossy front panel has a number of indicators of the status and control of the router subsystems.
Fig. thirty
We give a description of these indicators.
LED status block
ACT (Activity) - If the diode is blinking, the router is operating normally; if turned off, the router is turned off.
WAN1 - indication of the status of the port WAN1, if the diode is on, the port is active, if it is off, the port is turned off, if it is flashing, data is transmitted through the port
WAN2 - indication of the status of the port WAN2, if the diode is on, the port is active, if it is turned off, the port is disabled, if it is flashing, data is transmitted through the port
WCF - if the diode is on, the Web Content Filter is active
QoS - if the diode is lit, the QoS provisioning function
VPN - if the diode is on, the VPN tunnel is active, if data is flashing through the VPN tunnel.
DMZ - if the diode is on, the function is active, if it is flashing, data is being transmitted.
USB - if the diode is on, the device is connected to the port and ready to work, if the diode is flickering, data is transmitted through the port.
WLAN (only for models with indexes n, n-plus and ac) - if the diode is on, the wireless network is ready, if the diode is flashing slowly, traffic is transmitted through the wireless network. If the ACT and WLAN diodes blink simultaneously and quickly, then the WPS (Wi-Fi Protected Setup) function works, it will automatically stop working after two 2 minutes.
Gigabit Ethernet Ports Panel
LAN (1-5) - if the diode is on, the port is active; if it is off, the port is disabled; if it is flashing, data is transmitted through the port. In the 100 Mbit / s mode, one left diode is lit, in the 1 Gbit / s mode, both diodes are lit.
WAN (1-2) - if the diode is on, the port is active, if it is turned off, the port is disabled, if it is flashing, data is transmitted through the port. In the 100 Mbit / s mode, one left diode is lit, in the 1 Gbit / s mode, both diodes are lit.
The display is quite simple, but extremely useful for the initial diagnosis and assessment of the state of the router.
The following image shows the bottom panel of the router.
Fig. 31
Over the entire area there are ventilation holes for the heat sink, in the middle there is a sticker with the exact indication of the model of the device, the power consumption - in our case up to 15 watts. Output consumed constant voltage and current of 12-15 V and 1-1.3 A, respectively. It is noteworthy that on the sticker there is an email Draytek technical support, where you can contact for help. The antenna mounting thread is covered with silicone caps. For mounting the router on the wall or ceiling in the kit there are two screws and two dowels. On the bottom panel, along the edges, there are four holes for fixing the case on the heads of the self-tapping screws.
Interfaces and connectors of the router
Now consider the interfaces and buttons of the router. All of them, except for the power connector and antenna connectors of the wireless network are in one place - on the front panel of the router. For the Model 2925n, on the rear panel, on the edges, there are two connectors of threaded wireless antennas where the omni-directional antennas from the router kit are screwed. There is also a socket for connecting a network adapter labeled PWR . Nearby is a switch to turn on or turn off power to the router. On models with an index of n-plus or ac connector for the antenna three. Image below is the back panel of the router.
Fig. 32-1
On the front panel is a block of LED indicators, which was described in detail above. To the right of the indicator block, there are two USB 2.0 ports for connecting a drive, printer or 3G / 4G modem. Next, the block of Gigabit Ethernet ports, the WAN1 and WAN2 ports are used to connect the device to the Internet service providers, the LAN1 - 5 ports are used to connect to the local network. The multifunction Wireless LAN ON / OFF / WPS button (only for the model with the index n, n-plus, ac) is used to enable or disable the wireless network on the device, to do this, press the button twice if the WLAN diode goes out, the wireless network is disabled, if it is on, the network is turned on. If you press the button once, the router will wait for two minutes to configure it using the WPS function.
The Factory Reset button resets the device to the factory settings, to reset the router, turn it on and hold the button pressed for more than 5 seconds, when you see that the ACT diode flashes quickly, release the button. The router will reboot with the factory settings.
Fig. 32
The following several photos show the view of the router with the antennas installed. The design of the device is strict, apparently it emphasizes the orientation of the device to the business of users, network engineers and system administrators, and not home users. The device does not catch the eye with its unusual appearance and will fit into the interior of any office. The relatively compact size of the router allows you to put or hang it almost anywhere, besides passive cooling, and as a consequence the lack of noise at work, allow you to use it anywhere.
Fig. 33
Fig. 34
Below is a view of the router with the cables connected.
Fig. 36
Additionally, it is worth noting the quality of plastic and materials, it is at a good level.The parts fit well together, there is no squeak and backlash when compressing the case, the cables fit tightly into the connectors and do not fall out, the antennas can be fixed at the right angle, and they do not “roll” to the sides.
By the way, the router, if necessary, you can install a 19 inch rack, for this you need to purchase a special mount Rack-mount Plate, in which the Draytke 2925 case is installed, then the whole structure is mounted in a rack. The mount can be used for all 2925 and 2860 series routers.
Fig. 36-1
Device Bandwidth Testing
Testing the maximum bandwidth of the Draytek 2925n. Iperf 2.0.2 + Jperf visualization was used for testing, as endpoints: a virtual machine with Debian x64 with a console iperf and a laptop with Windows 8.1 with Jperf, from which the graphs were copied. The scheme is simple: on one host there is an iperf server, on the second an iperf client. Of course, tests cannot be called reference ones - a virtual machine running on the VMWare Workstation 12 Pro platform was used. On the virtual machine was allocated 1 core processor Core i5 and 4 GB of RAM. The second physical machine is a laptop with a Core i5 processor and 12 GB of RAM.
During testing, the firmware version of the router was 3.8.2.3 , the model of the Draytek 2925n router .
Test of a wired network, LAN-WAN with NAT, LAN scheme → Draytek 2925n → WAN1, duration 00:02:00. The average speed is 507 Mbit / s, and there are no jumps or failures, which is a very good indicator. For comparison, with a direct connection through the switch of two test machines, iperf showed an average speed of 850 Mbit / s.
Fig. 37
Additionally, test in 10 parallel threads along the same lines.
Fig. 37-1
If you add up the average speeds of each stream, you get about the same speed as in single stream mode.
Wireless network test, Wireless LAN-WAN, Wireless LAN scheme → Draytek 2925n → WAN, the wireless network adapter on the laptop worked in 802.11n mode, WPA2 / PSK security.
I used a regular laptop with a wireless controller Intel Realtek RTL8723BE 802.11 b / g / n Wi-Fi Adapter, because in reality, the average user will use such equipment. The test duration is about 2 minutes, the average real speed is 49.731 Mbit / s, at a connection speed of a laptop adapter to a wireless network of 72 Mbit / s.
On this test, as in the previous dips in speed is not observed.
Fig. 38
Another test, this time with six parallel threads
Figure 38-1
In sum, all the streams give roughly the same speed as in single-stream mode.
But the same test of the wireless network, but without encryption, the difference in bandwidth is not significant, despite the lack of encryption.
Fig. 39
VPN testing, VPN scheme PPTP client (without encryption) → Draytek 2925n → WAN1.
Fig. 40
The average speed was 174.00 Mbit \ s.
Now encryption, VPN scheme IPSec client (with DES encryption) → Draytek 2925n → WAN
The average speed is 88.2 Mbit / s, the result is very good.
Fig. 41
Now, too, but 10 parallel threads.
Fig. 41-1
In sum, all the streams give approximately the same speed as in the single stream mode.
So, in this part of the review, we examined in detail the Draytek 2925n series router from such aspects as the positioning of the device on the market, the pattern of use of the router, its key functions and examples of their use, got acquainted with the detailed technical specification of the device, looked at the configuration and appearance of the router, detailed functions of indicators and device interfaces. Everything we see clearly demonstrates that the device has very wide capabilities, coupled with “gigabit”, which may be needed by an SMB and SMB + enterprise or a small branch of a large company that have “outgrown” the network connection speed of 100 Mbit / s and need hundreds of megabits on the local network and on the WAN interfaces to the ISP. Therefore,The device has great potential for use in demanding corporate networks. Load testing showed good results, I did not expect other results, because the device is not at all an entry level, so it must be productive.
In the next part of the review, we will look at the device’s web interface.
Source: https://habr.com/ru/post/397481/
All Articles