Call us: +61 2 9838 8899
FAX: +61 2 9838 8818

Vigor2952P

Dual-WAN Broadband Fibre Router with Security Firewall, 4 x PoE LAN ports (power budget up to 60 Watts), 100 x VPN and 50 x SSL-VPN tunnels

  • 1 x Gigabit Ethernet/SFP combo WAN port
  • 1 x Gigabit Ethernet WAN port
  • Multi-WAN Load Balancing & Failover
  • 4 x Gigabit PoE Ethernet LAN ports with 60,000 NAT sessions
  • Complies with 802.3at Power over Ethernet Plus
  • Supports PoE power up to 30 watts for each port
  • Total PoE power budget up to 60 watts
  • 1 x USB port (USB3.0) support 3G/4G LTE mobile broadband access
  • 100 x VPN and 50 x SSL-VPN tunnels with Central VPN Management, VPN Load Balance and Redundancy
  • High Availability Mode
  • Object-oriented Firewall with Content Security Management (CSM)
  • IPv6 & IPv4
  • Comprehensive QoS features
  • Multi subnet WAN/LAN through 802.1Q
  • 1 x USB port (USB2.0) support file sharing, external storage, network printer or thermometer
  • Central AP Management (up to 30 Access Points)
  • Central Switch Management (up to 10 Switches)
  • Smart Monitor Traffic Analyzer (up to 100 nodes)
  • Works with VigorACS SI management system
  • Rack-mountable
  • 2 years back to base warranty
  • Overview
  • The Vigor2952P Dual-WAN broadband router features a Gigabit Ethernet WAN interface and a Gigabit Ethernet/SFP combo port for Optic Fibre or Gigabit Ethernet WAN connection. It also features 4 Gigabit Ethernet LAN ports as well as comprehensive Firewall and VPN capabilities. With 2 Ethernet WAN ports, this router is fit for technology types FTTP, HFC, Satellite and Direct Wireless deployed by NBN in Australia and UFB in New Zealand.

    The Dual-WAN and 3G/4G capacity with Load Balance and Failover allow for flexible and secure Internet access options. In addition, features such as the Object-oriented SPI Firewall, comprehensive 100 VPN tunnels, and Gigabit LAN speed, make this router an ideal solution for SOHO to business applications.

    The Vigor2952P router is a PoE capable router with 4 x PoE LAN ports providing a total of 60 Watts of power, and is an ideal solution where PoE devices such as Wireless Access Points or IP cameras are deployed on the network.

    The Central Management features provide a centralized console to manage your network. This includes: AP Management to configure and to manage up to 20 DrayTek Access Points, VPN Management to configure and to manage up to 8 VPN tunnels and Switch Management to configure and to manage up to 10 DrayTek switches.

    The Smart Monitor traffic analyzer can be used with Vigor2952P to record and report network traffic and activity, improving network efficiency and security. Up to 100 nodes can be monitored using Smart Monitor.

    This router comes with a metal housing and can be easily rack mounted in a standard 19” rack or cabinet.

    Dual-WAN with 2 x Gigabit Ethernet WAN ports (WAN 1 selectable for SFP port), plus 2 x USB ports for Load Balancing & Failover

    draytek_Vigor2952_multi-WAN

    Vigor2952P – Power over Ethernet (PoE) Function

    Power over Ethernet Applications

    The diagram below shows a typical application for a business consisting of 4 departments where an IP camera is required at each location.
    In this scenario, a single Vigor2952P router is required. There is no need to install additional hardware to power the PD devices, hence reducing costs as well as complexity in the installation. The router meets all the networking requirements for the business including firewall protection, VLANs to separate the departments and VPN connectivity to allow up to 100 simultaneous connections to branch offices or remote employees.

  • Features
  • 1. WAN Connectivity

    The Vigor2952 router supports 2 types of WAN Interfaces: 2 x Gigabit Ethernet WAN interfaces and the USB port 2 (USB2) for 3G/4G mobile dongles. You can set WAN 1 to be a Gigabit Ethernet port, or a SFP port to accommodate an optic fibre module for fibre installations.

    With between 2 to 4 WAN interfaces connected, you can configure for Load Balancing or Failover. For example, you can use WAN 1 as your primary Internet connection and have a failover connection over a 4G LTE connection.

    2. Power over Ethernet

    The Power over Ethernet (PoE) feature in the router eliminates the need to install separate PoE injectors or switches when only a few PoE powered devices need to be installed in the network. Up to 4 PoE devices such as Wireless Access Points or IP cameras or other PoE enabled devices can be placed anywhere in the premises without the need to install a power point nearby. Power is supplied over the UTP data cabling.

    Each of the 4 LAN ports conforms to the 802.3at PoE Standard providing up to 30 watts per port. Since the PoE power budget is 60 watts, we can connect two high powered devices such as PTZ IP cameras drawing 30 watts each or 4 lower powered devices such as Wi-Fi access points that draw a maximum of 15 watts each.

    The screen shot below shows the PoE status screen on the Vigor2952P router with 3 PD access points attached. It provides the power used by each device as well as the current drawn.


    An additional feature is the PoE device check. Here the router will ping each PD device and if the device fails to respond, it indicates that the device has hung. When the specified number of ping retries is reached, the router will power cycle the failed device to bring it online again.

    3. LAN and VLAN

    The Vigor2952 has 4 x Gigabit LAN ports and supports up to 60,000 NAT sessions.

    The Vigor2952 supports both port-based and 802.1q tagged VLANs. Port based VLANs allow the assignment of a VLAN and IP subnet to each router LAN port. On the other hand, 802.1q tagged VLANs can extend up to 8 VLANs and 8 IP subnets to an attached switch port.

    4. Quality of Service (QoS)

    QoS functions allow the network administrators to set priorities for certain types of traffic to guarantee the required level of performance for data flow. For example real-time traffic such as VoIP or Video Conferencing can be prioritised as these have less tolerance over delays caused by network congestion.

    A traffic type can be assigned to each of the three QoS classes and have bandwidth pre-allocated and reserved.

    5. Firewall

    The Vigor2952 has powerful firewall features including: object-oriented SPI (Stateful Packet Inspection) firewall, DoS (Denial of Services), CSM (Content Security Management), and WCF (Web Content Filter).

    SPI Firewall monitors incoming and outgoing packets at Layer 3 (OSI model) and passes or blocks the data packets based on the configuration.

    The DoS feature protects the network for malicious access requests from DoS attacks.

    CSM enables network administrators to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications. For instance, you can stop network users from accessing inappropriate contents, or ensure that network traffic is not affected by undesirable or unauthorized P2P downloads.

    WCF classifies all websites on the Internet into 64 categories, and allows network administrators to select categories to protect the users from undesirable website content. DrayTek uses the CYREN WCF database for its Vigor routers, and each router includes a free 30 day trial license.

    The object-based firewall provides flexibility by using Objects in the firewall settings. Objects can be created and placed in groups by IP, service type, keyword, file extension, etc. This allows a filter rule to be applied to many IP addresses, reducing number of firewall filters required. In addition, these objects and groups can be reused for other firewall settings resulting in reduced amount of work required to create multiple firewall rules.

    Firewall rules can be applied according to a Time Schedule to control access to the Internet or network services according to predetermined time slots. Up to 4 time schedules can be applied to each firewall filter rule. For example social media can be restricted during work hours and be allowed during off work hours in a company.

    6. VPN & SSL-VPN

    Vigor2952 supports up to 100 simultaneous VPN tunnels of common protocols such as IPSec/PPTP/L2TP, and 50 tunnels of SSL VPN protocol. The dedicated VPN co-processor supports the hardware encryption of AES/DES/3DES, hardware key hash of SHA-1/MD5, and LDAP authentication, and ensures that VPN traffic is secure and performance is maximised.

    The SSL technology allows secure Web encryption such as those used for on-line banking. With Vigor2952, you can create SSL VPN in Full Tunnel mode or Proxy mode.

    Furthermore, since the Vigor2952 supports multiple Ethernet and 3G/4G WANs, you can create VPN Trunking for VPN Load Balance and VPN Backup. For instance, you can use a number of connections to a site to increase the bandwidth, or have a backup connection when the primary connection fails.

    7. Central VPN Management

    Instead of normal method for VPN connection through web browsers, Vigor2952 supports Central VPN Management (CVM) through TR-069 protocol. From a CVM page, you can create VPN tunnels with just a few mouse clicks on the icons representing your local network (e.g. a public place such as a café) and remote locations (e.g. branch or home office), and the router will establish the connection automatically. This takes away the tedious process required for VPN tunnel creation.

    As well as simplifying creation of VPN tunnels, CVM provides a console to monitor multiple CPE devices and VPN tunnels. This includes displaying the CPE devices on a Google Map.

    Other features include scheduling of CPE configuration backup/restore tasks as well as scheduled firmware upgrade of the CPE devices. Up to 8 DrayTek CPE devices are supported.

    8. Central AP Management

    Vigor2952 supports Central AP Management (APM) with a console to auto-configure and manage up to 20 directly connected (via LAN cables) Draytek wireless Access Points, including VigorAP 800, VigorAP 810, VigorAP 900, VigorAP 910C & VigorAP 902.

    The APM Dashboard displays the status, such as traffic and number of attached stations, of all the attached Access Points.

    With Auto Provisioning enabled on the attached Access Points, WLAN profiles can be created and applied to the selected Access Points from the central console.

    The AP Maintenance feature allows a number of actions, including Configuration Backup and Restore, Firmware Upgrade, Remote Reboot and Factory Reset, to be programmed for selected Access Points.

    The connected Access Points can also be displayed on a map or floor plan showing their locations and basic descriptions. Other features include Traffic Graph, Rogue AP detection, Event Log, Total Traffic, Station number and Access Point Load Balancing.

    9. Central Switch Management (New Firmware will be released soon)

    Central Switch Management provides a convenient and easy way to manage and configure supported VigorSwitches, and save time and reduces troubleshooting efforts.

    From a console page on Vigor2952, you can assign VLANs to the switch ports and at the same time update the router configuration, with a few mouse clicks within the graphical user interface. Similarly you can create 802.1q trunk ports in the same way.

    The switch status page shows the status of all the attached switches, including switch name, IP address, the model number and system up time. You can see how many ports and are in use in each switch as well as port status and how many clients are connected.

    You can backup or restore switch configurations, or reboot, or reset to factory default settings, any of the switches.

    10. Remote Access Management

    The Vigor2952 supports a number of management options to control access to the router both locally and remotely.

    The TR-069 feature integrates with the VigorACS-SI centralised management system, and allow system integrators or network administrators to configure, monitor and manage the Vigor2952 remotely from the comfort of their offices or homes. It can also be used to Auto-Provision the Vigor2952 remotely by sending configuration data to the router.

    There are 3 wizards: a Configuration Wizard, a VPN Wizard and a Firmware Upgrade Wizard. These allow network administrators to quickly and easily carry out complex tasks.

    Alarm & Log Management features ensure real time notifications and alerts to specified phone numbers or email accounts in relation to faults or status of the connected CPEs.

    A number of diagnostic functions, including Data Flow Monitor, Traffic Graph and Syslog Explorer, allow the network administrator to monitor and troubleshoot network conditions remotely.

    Like all Vigor routers, Vigor2952 supports management options include HTTP, HTTPS, FTP, SSH, Telnet and SNMP.

    11. High Availability Mode

    High Availability is essential in mission critical applications where the network as well as Internet connectivity needs to be available 100% of the time. Should a hardware failure occur in a primary router, a standby router will immediately come on line to provide uninterrupted network connectivity.

    High Availability mode in the Vigor2952 router provides hardware redundancy by the use of one or more Vigor2952 routers to be configured for Hot-Standby or Active-Standby.

    Key features of High Availability mode are:

    • WCF License share (Hot-Standby only)
      Network administrators can create a High Availability group on MyVigor website and include at most 8 routers to join the group and share the same WCF license. Only 1 router (the primary) can use the license at a time, and when the primary router goes down, the secondary router will come up and register to MyVigor server and continuous to provide firewall protection to LAN clients. It means only one WCF license is required per High Availability group.
    • Configuration Sync (Hot-Standby only)
      Every configuration/modification made on the primary router will be synchronized to the other group member(s) ensuring that network functionality is identical should the primary router fails.
    • DDNS Update
      For dynamic WAN IP users, High Availability group members can share the same DDNS account, that when the secondary router become primary, it will update the DDNS profile so the network can continue to be accessible via the same DDNS domain.
  • Reviews
  • DrayTek Vigor2952P Review Published in APC Magazine Issue 443 – July 2017

     

     

    Click here to read the full review

  • Specifications
  • Connectivity

    1. Ethernet WAN
      • IPv4
        • DHCP Client, Static IP, PPPoE, PPTP, L2TP, 802.1q Multi-VLAN Tagging
      • IPv6
        • Tunnel Mode: TSPC, AICCU, 6rd, Static 6in4
        • Dual Stack: PPP, DHCPv6 Client, Static IPv6
      • WAN Connection Failover
      • WAN Budget
      • Load Balance/Route Policy
    2. Ethernet LAN
      • IPv4/IPv6 DHCP Server
      • Static Routing/RIP
      • Multiple Subnets
      • Port/Tag-based VLAN
    3. PoE
      • Standard: 802.3at
      • PoE Ports: 4 ports
      • Power Budget: 60 Watt (Max. 30Watt per port)
      • Mode : Auto or Manual
      • Schedule
      • Status
      • PD Device Check
      • Notification (Add a new Category in Notification Object)
      • PoE information on Dashbaord
    4. USB
      • 3.5G/4G LTE(PPP, DHCP) as WAN3/ WAN4
      • Printer Server/File Sharing

    Management

    1. System Maintenance
      • HTTP/HTTPS with 2-level Management (Admin/User)
      • Logging via Syslog
      • SNMP Management MIB-II (v2/v3)
      • CLI (Command Line Interface, Telnet/SSH)
      • Administration Access Control
      • Web-based Diagnostic Functionality
      • Firmware Upgrade via TFTP/FTP/HTTP/TR-069
      • CWMP Support (TR-069/TR-104)
      • LAN Port Monitoring
    2. Network Management
      • Bandwidth Management by Session/Bandwidth
      • User Management by Time/Data Quota
      • LAN DNS and DNS Proxy/Cache
      • Dynamic DNS
      • IGMP Snooping/Proxy v2 and v3
      • QoS (DSCP/Class-based/4-level Priority)
      • Guarantee Bandwidth for VoIP
      • Support Smart Monitor (Up to 100 nodes)
      • Central AP Management
      • Central VPN Management
      • Switch Management (New Firmware will be released soon)

    Security

    • Multi-NAT, DMZ Host, Port-redirection and Open Port
    • Object-based Firewall, Object IPv6, Group IPv6
    • MAC Address Filter
    • SPI (Stateful Packet Inspection) (Flow Track)
    • DoS/DDoS Prevention
    • IP Address Anti-spoofing
    • E-mail Alert and Logging via Syslog
    • Bind IP to MAC Address
    • Time Schedule Control
    • Content Security (IM/P2P, URL, Keywords, Cookies, etc.)

    VPN

    • Up to 100 VPN Tunnels
    • Protocol: PPTP, IPsec, L2TP, L2TP over IPsec
    • Encryption: MPPE and Hardware-based AES/DES/3DES
    • Authentication: MD5, SHA-1
    • IKE Authentication: Pre-shared Key and Digital Signature (X.509)
    • LAN-to-LAN, Teleworker-to-LAN
    • DHCP over IPsec
    • IPsec NAT-traversal (NAT-T)
    • Dead Peer Detection (DPD)
    • VPN Pass-through
    • VPN Wizard
    • mOTP
    • Supports 50 SSL VPN Tunnels
    • VPN Trunk: VPN Backup and Load Balance

    Hardware Interface

    • 1 x Combo WAN, 10/100/1000Base-Tx, RJ-45 or SFP (WAN1)(Fiber Port is High Priority)
    • 1 x 10/100/1000Base-Tx, RJ-45 (WAN2)
    • 4 x 10/100/1000Base-Tx LAN, RJ-45 (P1 is Configurable as DMZ Port)
    • 2 x USB Host (USB1 is 2.0 and USB2 is 3.0)
    • 1 x Factory Reset Button
  • Deployment Examples
  • Deployment Examples

    DrayTek Vigor2952P Business Level Router With PoE ports – a Multi-Feature Solution for Small to Medium Sized Businesses

    Many small to medium sized business nowadays require a comprehensive data network to efficiently run the business. The data network needs to be fast, secure, reliable and often requires functionality such as firewall, VPN, Wi-Fi, VLAN, etc. In addition, the data network may include Power over Ethernet (PoE) devices such as IP phones, Wi-Fi access points, IP cameras etc. To power these devices a PoE switch or PoE injector is required.
    For businesses requiring a high speed multi-feature solution, the DrayTek Vigor2952P will be an ideal choice. The Vigor2952P is a high speed router that has 4 PoE ports and with a throughput of 600Mb/s. The PoE enabled Gigabit LAN ports have a combined power budget of 60 Watts. This is sufficient to power up to 4 PoE devices such as the business IP surveillance system and Wi-Fi access points or a small number of IP phones.

    Other hardware features of the Vigor2952P are dual Gigabit WAN ports and a shared SFP slot that can be used to connect to optic fibre. The two USB ports can be used as a WAN interface to connect to the Internet via an attached 3G/4G USB modem or they can be used to connect to a shared USB printer or storage device.

    Power over Ethernet Applications

    The diagram below shows a typical application for a business consisting of 4 departments where an IP camera is required at each location.
    In this scenario, a single Vigor2952P router is required. There is no need to install additional hardware to power the PD devices, hence reducing costs as well as complexity in the installation. The router meets all the networking requirements for the business including firewall protection, VLANs to separate the departments and VPN connectivity to allow up to 100 simultaneous connections to branch offices or remote employees.

    Central AP Management and PoE

    In another scenario, the business may have a number DrayTek access points such as the VigorAP902 installed in the premises to provide Wi-Fi connectivity for each department which may be spread over a wide area such as in a warehouse environment. Each of the access points can be powered from the Vigor2952P router, eliminating the need to install a power point at each location or install additional PoE equipment.

    A useful feature for this scenario is the Central AP Management in the Vigor2952P router. In addition to providing power to the attached DrayTek access points, the router can also be used to centrally manage each access point from a central console. The screen shot below shows the Status page in the router. It displays the attached access points and provides links for logging into them if required.

    A number of other features in the AP management are listed below:

    Vigor2952 Series for Branch Offices Deployment


    vigor2952-interface

    Business Continuity – High Availability


    CVM (Central VPN Management)


    Security & Firewall


    VPN Trunk (Load Balance/Backup)

  • Web Demo
  • Open Link in New Tab http://eu.draytek.com:12952/