• 1 x Gigabit Ethernet/SFP combo WAN port
  • 1 x Gigabit Ethernet WAN port

  • Multi-WAN Load Balancing & Failover
  • 4 x GbE/PoE LAN ports with 60,000 NAT sessions (P model)

  • Complies with 802.3at Power over Ethernet Plus (P model)

  • Supports PoE power up to 30 Watts for each port, and total PoE power budget up to 60 watts (P model)

  • Total PoE power budget up to 60 watts
  • 1 x USB port (USB3.0) support 3G/4G LTE mobile broadband access

  • 200 x VPN tunnels including 50 x SSL-VPN with Central VPN Management, VPN Load Balance and Redundancy

  • High Availability Mode
  • Object-oriented Firewall with Content Security Management (CSM)

  • IPv6 & IPv4
  • Comprehensive QoS features

  • Multi subnet WAN/LAN through 802.1Q
  • 1 x USB port (USB2.0) support file sharing, external storage, network printer or thermometer
  • Central AP Management (up to 30 Access Points)
  • Central Switch Management (up to 10 Switches)
  • Supports VigorACS 2 Central Management System for remote management
  • Rack-mountable
  • 2 years back to base warranty


The Vigor2952P Dual-WAN broadband router features a Gigabit Ethernet WAN interface and a Gigabit Ethernet/SFP combo port for Optic Fibre or Gigabit Ethernet WAN connection. It also features 4 Gigabit Ethernet LAN ports as well as comprehensive Firewall and VPN capabilities. With 2 Ethernet WAN ports, this router is fit for technology types FTTP, HFC, Satellite and Direct Wireless deployed by NBN in Australia and UFB in New Zealand.

The Dual-WAN and 3G/4G capacity with Load Balance and Failover allow for flexible and secure Internet access options. In addition, features such as the Object-oriented SPI Firewall, comprehensive 100 VPN tunnels, and Gigabit LAN speed, make this router an ideal solution for SOHO to business applications.

The Vigor2952P router is a PoE capable router with 4 x PoE LAN ports providing a total of 60 Watts of power, and is an ideal solution where PoE devices such as Wireless Access Points or IP cameras are deployed on the network.

The Central Management features provide a centralized console to manage your network. This includes: AP Management to configure and to manage up to 20 DrayTek Access Points, VPN Management to configure and to manage up to 8 VPN tunnels and Switch Management to configure and to manage up to 10 DrayTek switches.

The Smart Monitor traffic analyzer can be used with Vigor2952P to record and report network traffic and activity, improving network efficiency and security. Up to 100 nodes can be monitored using Smart Monitor.

This router comes with a metal housing and can be easily rack mounted in a standard 19” rack or cabinet.

Dual-WAN with 2 x Gigabit Ethernet WAN ports (WAN 1 selectable for SFP port), plus 2 x USB ports for Load Balancing & Failover

Vigor2952P – Power over Ethernet (PoE) Function

The diagram below shows a typical application for a business consisting of 4 departments where an IP camera is required at each location.
In this scenario, a single Vigor2952P router is required. There is no need to install additional hardware to power the PD devices, hence reducing costs as well as complexity in the installation. The router meets all the networking requirements for the business including firewall protection, VLANs to separate the departments and VPN connectivity to allow up to 100 simultaneous connections to branch offices or remote employees.

WAN Connectivity

The Vigor2952 router supports 2 types of WAN Interfaces: 2 x Gigabit Ethernet WAN interfaces and the USB port 2 (USB2) for 3G/4G mobile dongles. You can set WAN 1 to be a Gigabit Ethernet port, or a SFP port to accommodate an optic fibre module for fibre installations.

With between 2 to 4 WAN interfaces connected, you can configure for Load Balancing or Failover. For example, you can use WAN 1 as your primary Internet connection and have a failover connection over a 4G LTE connection.

Power over Ethernet

The Power over Ethernet (PoE) feature in the router eliminates the need to install separate PoE injectors or switches when only a few PoE powered devices need to be installed in the network. Up to 4 PoE devices such as Wireless Access Points or IP cameras or other PoE enabled devices can be placed anywhere in the premises without the need to install a power point nearby. Power is supplied over the UTP data cabling.

Each of the 4 LAN ports conforms to the 802.3at PoE Standard providing up to 30 watts per port. Since the PoE power budget is 60 watts, we can connect two high powered devices such as PTZ IP cameras drawing 30 watts each or 4 lower powered devices such as Wi-Fi access points that draw a maximum of 15 watts each.

The screen shot below shows the PoE status screen on the Vigor2952P router with 3 PD access points attached. It provides the power used by each device as well as the current drawn.

An additional feature is the PoE device check. Here the router will ping each PD device and if the device fails to respond, it indicates that the device has hung. When the specified number of ping retries is reached, the router will power cycle the failed device to bring it online again.


The Vigor2952 has 4 x Gigabit LAN ports and supports up to 60,000 NAT sessions.

The Vigor2952 supports both port-based and 802.1q tagged VLANs. Port based VLANs allow the assignment of a VLAN and IP subnet to each router LAN port. On the other hand, 802.1q tagged VLANs can extend up to 8 VLANs and 8 IP subnets to an attached switch port.

Quality of Service (QoS)

QoS functions allow the network administrators to set priorities for certain types of traffic to guarantee the required level of performance for data flow. For example real-time traffic such as VoIP or Video Conferencing can be prioritised as these have less tolerance over delays caused by network congestion.

A traffic type can be assigned to each of the three QoS classes and have bandwidth pre-allocated and reserved.


The Vigor2952 has powerful firewall features including: object-oriented SPI (Stateful Packet Inspection) firewall, DoS (Denial of Services), CSM (Content Security Management), and WCF (Web Content Filter).

SPI Firewall monitors incoming and outgoing packets at Layer 3 (OSI model) and passes or blocks the data packets based on the configuration.

The DoS feature protects the network for malicious access requests from DoS attacks.

CSM enables network administrators to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications. For instance, you can stop network users from accessing inappropriate contents, or ensure that network traffic is not affected by undesirable or unauthorized P2P downloads.

WCF classifies all websites on the Internet into 64 categories, and allows network administrators to select categories to protect the users from undesirable website content. DrayTek uses the CYREN WCF database for its Vigor routers, and each router includes a free 30 day trial license.

The object-based firewall provides flexibility by using Objects in the firewall settings. Objects can be created and placed in groups by IP, service type, keyword, file extension, etc. This allows a filter rule to be applied to many IP addresses, reducing number of firewall filters required. In addition, these objects and groups can be reused for other firewall settings resulting in reduced amount of work required to create multiple firewall rules.

Firewall rules can be applied according to a Time Schedule to control access to the Internet or network services according to predetermined time slots. Up to 4 time schedules can be applied to each firewall filter rule. For example social media can be restricted during work hours and be allowed during off work hours in a company.


Vigor2952 supports up to 200 simultaneous VPN tunnels of common protocols such as IPSec/PPTP/L2TP, and 50 tunnels of SSL VPN protocol. The dedicated VPN co-processor supports the hardware encryption of AES/DES/3DES, hardware key hash of SHA-1/MD5, and LDAP authentication, and ensures that VPN traffic is secure and performance is maximised.

The SSL technology allows secure Web encryption such as those used for on-line banking. With Vigor2952, you can create SSL VPN in Full Tunnel mode or Proxy mode.

Furthermore, since the Vigor2952 supports multiple Ethernet and 3G/4G WANs, you can create VPN Trunking for VPN Load Balance and VPN Backup. For instance, you can use a number of connections to a site to increase the bandwidth, or have a backup connection when the primary connection fails.

Central VPN Management

Instead of normal method for VPN connection through web browsers, Vigor2952 supports Central VPN Management (CVM) through TR-069 protocol. From a CVM page, you can create VPN tunnels with just a few mouse clicks on the icons representing your local network (e.g. a public place such as a café) and remote locations (e.g. branch or home office), and the router will establish the connection automatically. This takes away the tedious process required for VPN tunnel creation.

As well as simplifying creation of VPN tunnels, CVM provides a console to monitor multiple CPE devices and VPN tunnels. This includes displaying the CPE devices on a Google Map.

Other features include scheduling of CPE configuration backup/restore tasks as well as scheduled firmware upgrade of the CPE devices. Up to 8 DrayTek CPE devices are supported.

Central AP Management

Vigor2952 supports Central AP Management (APM) with a console to auto-configure and manage up to 20 directly connected (via LAN cables) Draytek wireless Access Points, including VigorAP 800, VigorAP 810, VigorAP 900, VigorAP 910C VigorAP 902 and VigorAP903.

The APM Dashboard displays the status, such as traffic and number of attached stations, of all the attached Access Points.

With Auto Provisioning enabled on the attached Access Points, WLAN profiles can be created and applied to the selected Access Points from the central console.

The AP Maintenance feature allows a number of actions, including Configuration Backup and Restore, Firmware Upgrade, Remote Reboot and Factory Reset, to be programmed for selected Access Points.

The connected Access Points can also be displayed on a map or floor plan showing their locations and basic descriptions. Other features include Traffic Graph, Rogue AP detection, Event Log, Total Traffic, Station number and Access Point Load Balancing.

Central Switch Management

Central Switch Management provides a convenient and easy way to manage and configure supported VigorSwitches, and save time and reduces troubleshooting efforts.

From a console page on Vigor2952, you can assign VLANs to the switch ports and at the same time update the router configuration, with a few mouse clicks within the graphical user interface. Similarly you can create 802.1q trunk ports in the same way.

The switch status page shows the status of all the attached switches, including switch name, IP address, the model number and system up time. You can see how many ports and are in use in each switch as well as port status and how many clients are connected.

You can backup or restore switch configurations, or reboot, or reset to factory default settings, any of the switches.

Remote Access Management

The Vigor2952 supports a number of management options to control access to the router both locally and remotely.

The TR-069 feature integrates with the VigorACS-SI centralised management system, and allow system integrators or network administrators to configure, monitor and manage the Vigor2952 remotely from the comfort of their offices or homes. It can also be used to Auto-Provision the Vigor2952 remotely by sending configuration data to the router.

There are 3 wizards: a Configuration Wizard, a VPN Wizard and a Firmware Upgrade Wizard. These allow network administrators to quickly and easily carry out complex tasks.

Alarm & Log Management features ensure real time notifications and alerts to specified phone numbers or email accounts in relation to faults or status of the connected CPEs.

A number of diagnostic functions, including Data Flow Monitor, Traffic Graph and Syslog Explorer, allow the network administrator to monitor and troubleshoot network conditions remotely.

Like all Vigor routers, Vigor2952 supports management options include HTTP, HTTPS, FTP, SSH, Telnet and SNMP.

High Availability Mode

High Availability is essential in mission critical applications where the network as well as Internet connectivity needs to be available 100% of the time. Should a hardware failure occur in a primary router, a standby router will immediately come on line to provide uninterrupted network connectivity.

High Availability mode in the Vigor2952 router provides hardware redundancy by the use of one or more Vigor2952 routers to be configured for Hot-Standby or Active-Standby.

Key features of High Availability mode are:

  • WCF License share (Hot-Standby only)
    Network administrators can create a High Availability group on MyVigor website and include at most 8 routers to join the group and share the same WCF license. Only 1 router (the primary) can use the license at a time, and when the primary router goes down, the secondary router will come up and register to MyVigor server and continuous to provide firewall protection to LAN clients. It means only one WCF license is required per High Availability group.
  • Configuration Sync (Hot-Standby only)
    Every configuration/modification made on the primary router will be synchronized to the other group member(s) ensuring that network functionality is identical should the primary router fails.
  • DDNS Update
    For dynamic WAN IP users, High Availability group members can share the same DDNS account, that when the secondary router become primary, it will update the DDNS profile so the network can continue to be accessible via the same DDNS domain.


WAN 11x GbE/SFP Combo port1x GbE/SFP Combo port
WAN 21x GbE port1x GbE port
Gigabit LAN44xPoE+
VPN Tunnels200200


WAN Port1x GbE/SFP Combo port + 1x GbE port
LAN Port4x GbE (Vigor2952)
4x PoE-Out GbE (vigor2952P)
USB Port1x USB 3.0 + 1x USB 2.0
NAT Throughput500 Mbps
NAT Throughput w/ Hardware Acceleration900 Mbps
IPsec VPN Performance200 Mbps (AES 256 bits)
SSL VPN Performance60 Mbps
Max. Number of NAT Sessions60,000
Max. Concurrent VPN Tunnels200
Max. Concurrent OpenVPN + SSL VPN50
PoE (Vigor2952P only)
Power Budget60 watts
Schedule Enable/Disable
PD Device Check
Internet Connection
IPv6PPP, DHCPv6, Static IP, TSPC, AICCU, 6rd, 6in4 Static Tunnel
3G/4G/LTE WAN with USB modem2
Load BalancingIP-based, Session-based
WAN Active on DemandLink Failure, Traffic Threshold
Connection DetectionARP, Ping
WAN Data Budget
Dynamic DNS
LAN Management
VLAN802.1q Tag-based, Port-based
Max. Number of VLAN8
DHCP ServerMultiple IP Subnet, Custom DHCP Options, Bind-IP-to-MAC
LAN IP Alias
PPPoE Server
Port Mirroring
Local DNS Server
Conditional DNS Forwarding
Hotspot Web Portal
Hotspot AuthenticationClick-Through, Social Login, SMS PIN
RoutingIPv4 Static Routing, IPv6 Static Routing, Inter-VLAN Routing, RIP, BGP
Policy-based RoutingProtocol, IP Address, Port, Domain, Country
High Availability
DNS Security (DNSSEC)
MulticastIGMP Proxy, IGMP Snooping & Fast Leave, Bonjour
Local RADIUS server
SMB File Sharing (Requires external storage)
ProtocolsPPTP, L2TP, IPsec, L2TP over IPsec, SSL, GRE, IKEv2, IKEv2-EAP, OpenVPN
User AuthenticationLocal, RADIUS, LDAP, TACACS+, mOTP
IKE AuthenticationPre-Shared Key, X.509
IPsec AuthenticationSHA1, SHA256, MD5
VPN RedundancyLoad Balancing, Failover
Single-Armed VPN
NAT-Traversal (NAT-T)
Firewall & Content Filtering
NATPort Redirection, Open Ports, Port Triggering, DMZ Host, UPnP
ALG (Application Layer Gateway)SIP, RTSP, FTP, H.323
VPN Pass-ThroughPPTP, L2TP, IPsec
IP-based Firewall Policy
Content FilteringApplication, URL, DNS Keyword, Web Features, Web Category (subscription required)
DoS Attack Defense
Bandwidth Management
IP-based Bandwidth Limit
IP-based Session Limit
QoS (Quality of Service)TOS, DSCP, 802.1p, IP Address, Port, Application
VoIP Prioritization
Local ServiceHTTP, HTTPS, Telnet, SSH, TR-069
Config File Export & Import
Config File CompatibilityVigor2925, Vigor2920, Vigor2930, Vigor2950, Vigor2955 Series
Firmware UpgradeTFTP, HTTP, TR-069
2-Level Administration Privilege
Access ControlAccess List, Brute Force Protection
Notification AlertSMS, E-mail
SNMPv2, v2c, v3
Managed by VigorACS
Central AP Management30 VigorAP
Central Switch Management10 VigorSwitch
Rack Mountable Mouting Kit Included
Power SupplyAC56V @1.79A
Max. Power Consumption19 watts (Vigor2952)
100 watts (Vigor2952P)
Dimension273mm x 171mm x 45mm
Operating Temperature0 to 45°C
Storage Temperature-25 to 70°C
Operating Humidity (non-condensing)10 to 90% (non-condensing)

DrayTek Vigor2952P Review Published in PC World website on 09 Dec 2017


DrayTek Vigor2952P Review Published in APC Magazine Issue 443 – July 2017


DrayTek Vigor2952P Business Level Router With PoE ports – a Multi-Feature Solution for Small to Medium Sized Businesses

Many small to medium sized business nowadays require a comprehensive data network to efficiently run the business. The data network needs to be fast, secure, reliable and often requires functionality such as firewall, VPN, Wi-Fi, VLAN, etc. In addition, the data network may include Power over Ethernet (PoE) devices such as IP phones, Wi-Fi access points, IP cameras etc. To power these devices a PoE switch or PoE injector is required.
For businesses requiring a high speed multi-feature solution, the DrayTek Vigor2952P will be an ideal choice. The Vigor2952P is a high speed router that has 4 PoE ports and with a throughput of 600Mb/s. The PoE enabled Gigabit LAN ports have a combined power budget of 60 Watts. This is sufficient to power up to 4 PoE devices such as the business IP surveillance system and Wi-Fi access points or a small number of IP phones.

Other hardware features of the Vigor2952P are dual Gigabit WAN ports and a shared SFP slot that can be used to connect to optic fibre. The two USB ports can be used as a WAN interface to connect to the Internet via an attached 3G/4G USB modem or they can be used to connect to a shared USB printer or storage device.

Power over Ethernet Applications

The diagram below shows a typical application for a business consisting of 4 departments where an IP camera is required at each location.
In this scenario, a single Vigor2952P router is required. There is no need to install additional hardware to power the PD devices, hence reducing costs as well as complexity in the installation. The router meets all the networking requirements for the business including firewall protection, VLANs to separate the departments and VPN connectivity to allow up to 100 simultaneous connections to branch offices or remote employees.

Central AP Management and PoE

In another scenario, the business may have a number DrayTek access points such as the VigorAP902 installed in the premises to provide Wi-Fi connectivity for each department which may be spread over a wide area such as in a warehouse environment. Each of the access points can be powered from the Vigor2952P router, eliminating the need to install a power point at each location or install additional PoE equipment.

A useful feature for this scenario is the Central AP Management in the Vigor2952P router. In addition to providing power to the attached DrayTek access points, the router can also be used to centrally manage each access point from a central console. The screen shot below shows the Status page in the router. It displays the attached access points and provides links for logging into them if required.

A number of other features in the AP management are listed below:

Vigor2952 Series for Branch Offices Deployment

Business Continuity – High Availability