Call us: +61 2 9838 8899
FAX: +61 2 9838 8818

AuthorDrayTek Aust & NZ

Home»Articles Posted by DrayTek Aust & NZ

Increase the reliability and performance of your network

Reliability of network services will depend on both reliable network hardware as well as the Internet connections. DrayTek Multi-WAN routers offer both hardware redundancy as well as multiple internet connectivity options to provide maximum up-time. These features are High Availability, WAN Load Balance and Failover. In this article we will discuss each of these features.

High Availability

High Availability is required in mission critical network installations where network services cannot be interrupted due to a hardware failure. Organisations such as company headquarters, hospitals, utility companies, data centres etc. will benefit from High Availability as any outage will cause significant interruption and/or losses.


The High Availability Feature in DrayTek routers provide uninterrupted network access should a hardware failure occur. It does this by using Hardware redundancy to provide maximum up-time for critical installations.  Here a High Availability group is created consisting of the primary router and one or more secondary routers. If the primary router suffers a hardware failure, then the secondary backup router will come on-line and take over the network connections. Since the secondary router is synchronised to the primary router there will be minimal disruption to users and network operations including firewall protection, VPN connectivity, etc. Depending on the mode used, this can happen from a number of milliseconds to a number of seconds.

High Availability utilizes the Common Address Redundancy Protocol (CARP) which allows multiple hosts on the same local area network to share a set of IP addresses. Its primary purpose is to provide Failover redundancy, especially when used with firewalls and routers.  There are 2 modes: Hot Standby and Active Standby. In Hot Standby mode, a secondary router is connected but not active, whereas in Active Standby mode, the secondary routers are active and can take traffic for some of the LAN clients.

With DrayTek routers configured for High Availability, a common Virtual IP address is shared between all routers in the High Availability group. This virtual IP address is used by the all LAN clients in the network as the default gateway. The LAN clients do not have to be re-configured with a new default gateway should the primary router fails. So the LAN clients will only see a broadcast from the router to update the MAC address for the default gateway which is the virtual IP address. This results in minimum interruption for LAN clients.


With the latest firmware for the Vigor2960 and Vigor3900 only a single virtual IP address is required for High Availability and this simplifies the configuration of High Availability for these routers.


DrayTek routers supporting High Availability are shown below. These include the Vigor3900, Vigor2960, Vigor2860, Vigor2925, Vigor2952 and Vigor3220 routers.


More information is available in the application note:  What is High Availability?

Configuration examples are available in the following application notes:

WAN Load Balance

Network reliability can also be increased by using the WAN Load Balance feature of Dual WAN and Multi-WAN routers. There are a number of benefits of using WAN Load Balance, including:

  1. Reduced reliance on a single service provider
  2. Increased bandwidth capacity to the Internet
  3. Increased Internet speed using Session Based Load Balance
  4. Ability to use VPN Load Balance feature in supported routers

WAN Load Balance is supported over any combination of WAN connections. These can be ADSL, VDSL2, Ethernet WAN, Optic Fibre, 3G/4G via USB 3G/4G modem or LTE connection in the LTE routers.

When using WAN Load Balance, dual WAN and multi-WAN routers allow you to connect each WAN interface to a different service provider and maintain Internet connectivity.  For example you can subscribe to two different service providers, and if Internet connectivity through one service provider goes down, you can still have continuous Internet connectivity through the other service provider.

It does not matter that the data connection was through the WAN connection that failed since the session will be re-established through the other WAN connection.

Internet traffic is distributed over each WAN connection using one of two algorithms which are based by the line speed of each WAN Internet connection. There are two options for Load Balance Mode. These are:

  • “Auto Weight” where the router automatically determines the traffic distribution
  • “According to Line Speed” where the traffic distribution is determined by the pre-configured line speed setting for each WAN connection.


More details on the difference between “Auto Weight” and “According to Line Speed” Load Balance mode are available in the following application note:

An advantage of WAN Load Balance is that on a network with a large number of users, the Internet bandwidth is effectively increased since Internet traffic from each computer is sent over more than one WAN connection.

Session Based WAN Load Balance

For businesses requiring greater Internet speed, a new feature has been introduced recently in dual and Multi-WAN routers known as Session Based Load Balance. This feature provides WAN aggregation through session based Load Balance.

This feature is discussed in the Blog article: “How to double your Internet speed” which is available at:

The diagram below illustrates that Internet traffic from the LAN client is sent over both WAN 1 and WAN 2 through the Vigor router.




VPN Load Balance

A feature of using WAN Load Balance is the ability to enable VPN Load Balance in supported routers. Here a VPN tunnel to a remote site can be established over multiple WAN connections. This has the advantage of increased bandwidth over the combined VPN tunnel to the remote site as well has providing redundancy should a WAN connection fail. This also ensures that the VPN tunnel can keep running without interruption hence minimising interruption to business activities.

An application note covering VPN Load Balance between two Vigor routers is available at:

In addition a video that describes VPN Load Balance is available at:

WAN Failover

WAN failover is used where a business may have one or more primary WAN connections to the Internet and require minimal interruption to network services. This feature is available on single WAN, dual WAN or Multi-WAN routers.

A business with an Internet connection as the primary link may have a second WAN connection such as another ADSL line or a 3G/4G USB modem which they only want to come on-line when the primary connection goes down.  For example they may have a prepaid 4G modem with no ongoing costs attached to the router in standby mode. In case the primary WAN goes down, the router will be automatically triggered to bring up the backup connection. It can take up to 10 seconds for the backup link to come on-line so there will be a brief interruption during this process.  This is a little longer than when using WAN Load Balance mode where all WAN connections are active.

Even with single WAN routers such as the Vigor2760 and Vigor2120 you still have the option of WAN Failover to a 3G/4G USB modem.


On Multi-WAN routers you can select when you want the backup WAN to come on-line. The options are shown in the image below from the Vigor2860 router. The options are to failover when:

  • Any of the selected WANs are disconnected
  • All of the selected WANs are disconnected


More information on WAN Load Balance and failover is available in the application note:

DrayTek Wi-Fi Solutions

In the age of Internet and Intranet, Small to Medium Businesses (SMBs) all over the world need to connect devices to each other (Local Network) and to the outside world (the Internet). They need reliable network connections for the LAN and the WAN, and more importantly, the functions that allow the businesses to tick without missing a beat. These include security in access control, Firewall protection, Load Balance/Failover in case things go wrong, and capability to access files securely from anywhere, etc. Among all these functions, Wi-Fi, or Wireless LAN, have become a key technology SMBs rely on for fast deployment of network devices and sharing of resources.

With unique DrayOS firmware, DrayTek Corp. leads the field with business level routers that not only fulfil the basic requirements for LAN and WAN connectivities but also support business applications for the SMB market. Among these business applications, DrayTek continues to bring about state of the art Wi-Fi solutions to support the SMB market. Below is a list of these Wi-Fi solutions:

Central AP Management

Central AP Management (APM) provides a convenient and easy way to manage, monitor and configure up to 20 DrayTek Access Points (AP) in a local network from a central console.

With Central AP Management, AP profiles can be preconfigured on the router, and when a new AP is connected to the network, this configuration can be pushed to the AP. Other functions include:

  • Upgrading firmware
  • Backup and restore configuration
  • Monitor the traffic status
  • Rogue AP detection tool to mark an AP as friendly or rogue AP
  • AP load balance

Central AP Management is an integrated feature in Vigor2860, Vigor2925, Vigor2952 and Vigor3220 series routers.

Central AP Management supports up to 20 Wireless Access Points




Multiple SSID and VLAN

Multiple SSIDs allow the administrator to create logical networks to service different workgroups or guest users. For example, you may provide restricted free Wi-Fi access for guest users and secure Wi-Fi
for different departments within an organisation.

You can use the VLAN feature in DrayTek wireless routers and Access Points to separate your private network from the public network.


Operation Modes (for Access Points)

In Wi-Fi deployment, the signal strength and distance coverage are always the most important factors to consider. DrayTek’s Wi-Fi solution provides the following Operation Modes to cover various situations:

  • AP: AP acts as a bridge between wireless devices and wired Ethernet network, and exchanges data between them.
  • AP Bridge-Point to Point: AP will connect to another AP which uses the same mode, and all wired Ethernet clients of both AP s will be connected together.
  • AP Bridge-Point to Multi-Point: AP will connect to up to four APs which use the same mode, and all wired Ethernet clients of every AP will be connected together.


  • AP Bridge-WDS (Wireless Distribution System): AP will connect to up to four APs which use the same mode, and all wired Ethernet clients of every AP will be connected together.
    This mode is still able to accept wireless clients.For example, the AP Bridge – WDS mode extends the Wi-Fi internet access over a large area across office buildings or warehouses.
  • Universal Repeater Mode: As a universal repeater, the VigorAP will connect to the main Access Point and accept wireless clients at the same time, and therefore can extend signal coverage of the main Access Point.universal-repeater-operation-mode


Security and Access Control

Wi-Fi security is vital to prevent unauthorised users from stealing bandwidth from your Internet connection or accessing your network and confidential data. Draytek wireless routers and access points
provide WPA and WEP encryption to secure access to the Wi-Fi network. For higher level security, you can use the WPA/802.1x security method.

Security can be further enhanced by enforcing access control using the MAC address Filter to allow known devices to establish a connection. For example, to allow certain devices to access Wi-Fi SSID 1, you can add these to the white list. So any devices that do not have a matching MAC address will be denied access to SSID 1.  On the other hand, you can use the Black List to allow any device to connect to the SSID except for the device with a matching MAC address.


Wi-Fi Hotspot Web Portal

DrayTek’s Wi-Fi hotspot web portal provides an easy and convenient method for a business to provide free (or paid) Wi-Fi access to their customers. Customers can log in using their social login accounts (Google and Facebook) or by use of a PIN code. This eliminates the need to create multiple user accounts to provide free Wi-Fi access and makes it easier for customers to use your services.

The web portal page can be customised to the business requirements to display the business logo, background image and provide login methods.

You can set up free/paid Wi-Fi access for customers to your business and have some control over what they can do in your network. In addition, you can direct customers to your web portal to view services or products you have available as well as any promotions you have running. Access to the Internet can also be controlled by use of the firewall features to prevent unauthorised use of your network services.


Sample Web Portal Pages



DrayTek VigorAP 900 and VigorAP 902 access points include roaming capability.

There are two roaming methods:

  1. AP-assisted Client Roaming. This will disconnect an attached Wi-Fi device when a minimum threshold is reached and an adjacent access point is available to take over the connection. This provides uninterrupted Internet access when moving from one access point to the next.
  2. Fast Roaming (WPA/802.1x). This method uses Pairwise Master Key (PMK) caching where Access Points and Wi-Fi devices maintain the Pairwise Master Key Security Association PMKSAs for a period of time. This speed up re-connection when a Wi-Fi client roams away and –back from an access point.

Airtime Fairness

The Airtime Fairness feature overcomes the problem where slow Wi-Fi devices reduce network performance, putting faster Wi-Fi devices at a disadvantage. It provides equal airtime to all devices with
the resulting improvement in Wi-Fi performance. This option is useful in environments with a mix of 802.11ac, 802.11a, 802.11n and 802.11g Wi-Fi devices.

For example, in the diagram below, Client B uses only ¼ of the time compared client A, but only allocated ¼  of network time. With Air Time Fairness, both clients are getting same time for transmission. As client B is faster, it can transmit 4 times as compared to client A. Client A transmits the way it was doing before. The result of this technology is that the network performance will improve.

Mobile Applications to Remotely Access and Manage DrayTek Networks

DrayTek has released a number of free Apps for Apple (iOS and/or MacOS) and Android portable devices, such as Smartphones and tablet PCs, to assist network administrators on the move to manage their networks.

These include:

1) Smart VPN Client for iOS/Smart VPN Client for MacOS/Smart VPN Client for Android Devices
2) Vigor Manager for Apple Devices (iOS)/Vigor Manager for Android Devices
3) VigorACS SI App for Android Devices

In this article, I will give you an overview of each of these Apps and their application.

1) Smart VPN Client

This App can be used to establish a SSL-VPN tunnel from your smartphone or tablet PC to a supported DrayTek router which can be Vigor2832 series, Vigor2860 series, Vigor2925 series, Vigor2960 or Vigor3900 router.

When you are away from your office or visiting clients, you can quickly and securely connect to your office network resources to access documents or files. This gives you greater freedom to carry out your work from anywhere, provided there is either 3G/4G or Wi-Fi connectivity to the Internet.

This App comes in 3 versions:
a) Version 1.3.1 for iPhone/iPad with iOS 9.x – downloadable from iTunes App store at:
b) Version 1.1 for MacOS devices – downloadable from iTunes App store at:
c) Version 1.1 for Android – downloadable from Google Play store at:

1a) Smart VPN Client for Apple iOS 9.x

To assist the configuration of your Apple iPhone or iPad, DrayTek have provided a number of application notes to cover various scenarios in their knowledge base at:

In addition this app supports mOTP and certificate level verification.
Three levels for certificate verification are available:
1) Basic – Establish SSL-VPN as long as VPN server and authentication details are correct.
2) Match server name.
3) Verify Root CA – The root CA of the router must be imported and trusted by the iPhone to make SSL-VPN work.

Configuration menus for this App are shown below:



1b) Smart VPN Client for Apple MacOS

Configuration menus for this application are shown below:

smart-vpn-client-apple-macos-configuration-menu smart-vpn-client-apple-macos-configuration-menu-screenshot-2 smart-vpn-client-apple-macos-configuration-menu-screenshot-3

1c) Smart VPN Client for Android

Configuration menus for this application are shown below:



2) Vigor Manager

Vigor Manager utilises HTTPS protocol and allows you to manage and configure your DrayTek router using your smartphone or tablet PC.  Supported routers are: Vigor2860, Vigor2925, Vigor2760 series.

Tasks you can carry out include:

  • Auto-discover the Vigor router in your local network
  • configure/modify WAN/LAN/WLAN settings
  • backup/restore configuration with your mobile device
  • reboot device remotely
  • monitor online status of device

This App comes in 2 versions:

a) Vigor Manager for iOS 6.0 or later – downloadable from iTunes App store at:\


b) Vigor Manager App for Android – downloadable from Google Play store at:

2a) Vigor Manager for Apple iOS

Below are some screen shots of Vigor Manager on an iPhone showing some of the tasks that can be carried out on a Vigor2860n+ router.




2b) Vigor Manager for Android

This version is supported by the following firmware versions:

  • Vigor2860 series running firmware v3.7.4 and above
  • Vigor2925 series running firmware v3.7.4 and above
  • Vigor2850 series running firmware v3.6.6 and above

Below are some screen shots from the Vigor Manager App:


3) VigorACS SI App for Android


VigorACS SI is a TR-069 based centralized management system for DrayTek’s Vigor devices allowing System Integrators or Network Administrators to configure, monitor and manage DrayTek devices remotely. Now you can install this VigorACS SI App on your Android smartphone or tablet PC to connect to your ACS SI server and carry out many functions remotely.

This App is handy if you cannot always be at the VigorACS SI console and need to be notified of any alarms as they occur. This applies especially if you are a field service engineer visiting customer sites and still need the ability to monitor or troubleshoot your other customer sites when you cannot be at the main console. Tasks you can carry out with the VigorACS SI App include:  monitoring your network from any location, checking for alarms and alarm history, use device view, look at the logs, etc.

This app can be downloaded from Google Play store at:

Below are some screen shots from the VigorACS SI App.

Device View






VigorBX 2000ac (AC1600): IP PBX Router Solution for Startup Company & SMB


If you have just established a new start-up company or opened a new branch or store, you will need to consider your data communication needs for the business as well as what phone services you require to provide smooth telephone operations for your staff and customers.

In the midst of NBN rolling out throughout Australia, your location may only have access to ADSL2+ services in your location now, but may be upgraded in the future to either a Fibre to the premises connection or VDSL2, or even a hybrid service that utilises existing cabling infrastructure. In either situation, you will need a universal router that supports ADSL2+ access and also be capable of handling VDSL2 or broadband WAN.

In addition to data networking requirements you will also need a phone system that will take calls, allow transfer of calls, and showcase your small business with Auto Attendant function that puts you on par with larger companies. Features you need will include automated call handling with greetings based on the date and time, phone extensions, Hunt Groups for different departments, Call Forward/Pickup, Music on Hold and Voicemail.

Router Requirements

To meet all the requirements of a small to medium sized business, DrayTek now have the VigorBX 2000 Multi-WAN VDSL2/ADSL2+ & Gigabit Ethernet router with IP PBX functions. This unit has most of the features of the popular Vigor2860 series routers as well as the addition of an integrated IPPBX making it well suited for a start-up company or any small to medium size business.


On the networking side, the VigorBX 2000 has ADSL2+/VDSL2 and Gigabit Ethernet WAN interfaces as well as two USB ports for 3G or 4G USB modems to provide additional connectivity options for Internet access. All these WAN interfaces can be used concurrently for WAN Load Balancing or in Backup mode should the primary WAN connection go down. It also has an extensive Firewall to protect your business and Bandwidth Management options to prioritise your data flow.

For businesses that need to provide remote access for staff or if branch offices need to share data, the VPN feature is a valuable resource. Up to 32 VPN tunnels can be established to provide secure communication for remote and branch offices. All the major protocols including IPsec, PPTP, L2TP and SSL-VPN protocols are supported.

For multiple departments, the tag-based VLAN and multiple subnets can be used to create different workgroups and provide additional security within the company.

For businesses requiring wireless connectivity, the VigorBX 2000ac (AC1600) is available. This model has an integrated dual band IEEE 802.11ac wireless Access Point with concurrent dual-band (2.4GHz/5GHz) providing up to up to 1600Mbps throughput. You can set essential applications to use the less congested band (e.g. 5GHz) and remaining applications on the other band (e.g. 2.4GHz). The Wi-Fi access is protected by security and encryption protocols, including WEP/WPA/WPA2, MAC Address Control, Multiple SSID, Wireless LAN Isolation and 802.1x Authentication.

The Wireless Rate Control function allows connection rates for each network device to be individually configured as required. The WMM (Wi-Fi Multi-Media) function allows setting of priority levels for various applications: voice, video, data, etc., so time-critical applications can be assigned higher priority levels. Furthermore, the WDS (Wireless Distribution System) function allows you to extend the wireless coverage distance easily.

IP PBX Features

Incoming callers can be greeted by the Auto Attendant with your customised message and be directed to the required person. While the caller is waiting in the queue, they can listen to the Music on Hold or listen to your marketing promotions. You can also have a different greeting and menu options for out of office hours or holidays.

If the office is unattended, the caller can be asked to leave a voicemail message that you will receive as an email to listen to later. Alternatively, the incoming call can be diverted to your mobile phone.


The VigorBX 2000 is equipped with 1 FXS and 2 FXO ports for you to connect an analogue phone or fax machine (to the FXS port) and up to 2 incoming PSTN lines (to the FXO ports). In addition, up to 50 extensions can be configured for IP phones.

For branch offices, you can utilise the remote phone extension feature. IP phones at the remote site can register to the IP PBX over WAN connections. In addition, you can use the Softphone application to configure a mobile device such as a laptop or smartphone to be an IP phone or a remote extension. This allows callers to your office or your colleagues to reach you on your extension number.


Here is a summary of the IP PBX features of the VigorBX 2000 series:

  • 50 x extensions
  • 12 x SIP trunks
  • 2 x PSTN trunks
  • 8 x Custom trunks
  • IP PBX Wizard
  • Conference Calling
  • Call Queuing
  • Hunt Groups
  • Auto Attendant
  • Music on Hold
  • Voicemail
  • Configurable user prompts
  • Digit Map
  • Speed Dial
  • Virtual FAX

For more information regarding the VigorBX 2000 Router Series, please click here:



DrayTek VDSL2 Solutions

VDSL2 is one of the main alternatives for the aging ADSL2+ connections. For up to 1.6km, it offers faster speeds than ADSL2+ under the same line conditions.

Under the Multi-Technology Mix (MTM) in NBN deployment, VDSL technology has been adopted for a big proportion of the population, including multi-dwelling units, FTTB and FTTC deployments.

Here are the recommended VDSL2 Solutions that DrayTek can offer you:

Learn more about the Vigor2860 Series here:


Learn more about the Vigor2760 Series here:


Learn more about Vigor130 here:

For more information, please visit the following webpage links on our website:

1) VDSL2 Solution videos

2) Application Notes