Vigor 2866 Router\n\n\n\n Key Specifications:\n\n G.fast (Ultrafast Fibre), VDSL2 (Superfast Fibre), ADSL & Ethernet Router\n Multi-WAN Gigabit Performance Router with Load-Balancing & Failover\n Up to 950 Mbps Firewall Throughput for Ethernet WAN\n 5+1 Gigabit RJ-45 LAN Ports\n Up to 800 Mbps VPN Throughput with IPsec acceleration\n 32 LAN-to-LAN & Remote Teleworker VPN Tunnels\n 16 Dray Tek SSL VPN or Open VPN Tunnels\n 8 LAN Subnets with VLANs (Port-based / 802.1q)\n SPI Firewall & Content Filtering\n Optional Vigor Care Available\n Can be centrally Managed by Vigor ACS\n\n\n\n\n\n\n Description:\n\n\n\n G.fast & Ethernet Load Balancer\n\n\n\n The Vigor 2866 is a G.fast, VDSL2/ADSL2+ & Ethernet WAN router featuring VPN, advanced routing features, firewall, content filtering, bandwidth management & more. Connect the Vigor 2866 to Superfast Fibre with its integrated G.fast & VDSL modem. Or connect to Virgin Media Cable & Ultrafast FTTP with Ethernet WAN.\n\n Featuring high throughput with Load Balancing & Failover connectivity, suitable for handling Fibre to the Premises (FTTP) & Gigabit Internet connections. Offering up to 950 Mbps per-WAN of Hardware Accelerated throughput while retaining its full feature set.\n\n\n\n Route Policy
- Powerful Routing Management\n\n\n\n The Vigor 2866 series provides full policy-based control of where & how outbound traffic is routed with Route Policy:\n\n\n\n\n VPN Routing\n\n Send all or select traffic through VPN services.\n\n\n\n Hostname Routing\n\n Route access to individual websites, Internet domains (i.e. www.bbc.co.uk) & hostnames through a VPN tunnel or a specific WAN.\n\n\n\n Service Routing\n\n Push specific services or ports, such as DNS, through a set WAN, an alternative Gateway or VPN Tunnel.\n\n\n\n Failover & Failback\n\n Extensive control of Failover with multiple Failover rules & paths. Manage how connections are moved back to the primary connection after a failover has occurred with Failback settings.\n\n\n\n\n\n\n\n\n\n Ideal VPN router for SMB\n\n\n\n A feature central to Dray Tek routers is its VPN (Virtual Private Networking) capabilities. A VPN enables you to link remote offices & branch offices back to HQ, or home-based/mobile teleworkers back to your office.\n\n The Vigor 2866 is an ideal VPN router, with 300 Mbps standard IPsec VPN throughput & up to 50 concurrently active VPN tunnels.\n\n I Psec Hardware Acceleration boosts performance, up to 800 Mbps for 16 VPN tunnels, allowing securely encrypted tunnels between sites to make full use of high-speed Internet connections.\n\n\n\n It supports all common industry-standard VPN protocols, for it to connect to VPN services, link remote offices & handle connections from all types of VPN clients. Supporting IPsec IKEv 1 & IKEv 2 protocols with EAP & XAuth authentication, Dray Tek's SSL VPN & L2TP for both LAN to LAN & Dial-In teleworker VPNs. In addition, teleworkers can connect to the router with Open VPN.\n\n User management for Dial-In Teleworkers is managed through the router's web interface, with m OTP 2-factor authentication available for IPsec, L2TP & SSL VPN Teleworker connections. Alternatively, authentication for Dial-In Teleworker connections can be forwarded to your Active Directory (LDAP) or RADIUS or TACACS+ server.\n\n\n\n\n Connect VPNs from behind NAT with Dray Tek's VPN Matcher\n\n\n\n A typical requirement for connecting a VPN tunnel between two points is that the VPN server must be directly accessible on the public Internet. Sometimes this can be achieved with NAT Port Forwarding if the router is located behind another router, but if the router is connected to 4G Mobile Broadband or is behind Carrier-Grade NAT (CG-NAT), connecting to that VPN server may be impossible.\n\n\n\n\n Dray Tek's new VPN Matcher service helps Dray Tek routers behind NAT to allow Dial-In Teleworkers to connect, or connect two Dray Tek VPN routers that are behind NAT & could not normally establish a VPN tunnel.\n\n Connect an Open VPN Teleworker to a Dray Tek router behind NAT\n\n Connect two Dray Tek router's behind NAT with a LAN-to-LAN VPN\n\n\n\n\n\n\n Connecting Remote Sites with LAN to LAN VPN\n\n\n\n Supporting up to 32 concurrently active VPN tunnels, the Vigor 2866 series is ideal for connecting multiple sites or home offices together with fast & secure IPsec VPN tunnels.\n\n Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing & seamless access to other resources & devices.\n\n\n\n\n\n\n Dray Tek SSL VPN for Dial-In Teleworkers & LAN to LAN\n\n\n\n The Vigor 2866 supports up to 16 active Dray Tek SSL VPN tunnel connections. These are encrypted tunnels linking your teleworkers or remote Dray Tek Vigor routers back to your main office using SSL/TLS technology
- the same encryption that you use for secure websites such as your bank.\n\n Teleworkers can easily create a secure SSL VPN tunnel to the Dray Tek Vigor 2866 using the free Dray Tek Smart VPN Client app. Available for Windows, mac OS, Apple i OS (iPad, iPhone) & Android devices.\n\n\n\n\n\n\n 5+1 Gigabit LAN Ports with VLANs\n\n\n\n The Vigor 2866 series provides up to 6 Gigabit LAN ports for wired links to Computers, Servers & Network Attached Storage.\n\n With 5 dedicated LAN ports & one flexible LAN/WAN port, the Vigor 2866 can connect up to 6 devices directly with a single Ethernet WAN configuration, or 5 devices with a dual Ethernet WAN configuration.\n\n With Multiple LAN subnets & VLANs, the Vigor 2866 can manage up to 8 separate networks. For instance, an internal network with a separate network for Guests to use, completely separate from the private network. Each network with its own Content Filtering, Firewall, Quality of Service & Route Policy applied.\n\n The router has full support for 802.1Q VLAN tagging so that these subnets can be passed to other devices that support VLAN tags, such as the Dray Tek Vigor Switch G1080 8-port switch, for additional network ports.\n\n\n\n The Wireless LAN also links to these VLANs, making the same Guest & Private networks possible simply using different wireless SSIDs. Or connect up a Dray Tek Vigor AP wireless access point, such as the Vigor AP 903 to do the same, spanning the router's own wireless & any connected wireless APs.\n\n\n\n\n Designed for Central Management\n\n\n\n The Vigor 2866 series (along with most other Dray Tek routers, Access points & switches) can be centrally managed by our Vigor ACS central management platform.\n\n This scalable solution provides visibility, control & reporting of your entire Dray Tek product estate, ideal for dealers/SIs managing customers' devices or any user who wants to know what's going on with their devices. Vigor ACS also provides features like automated/bulk firmware updates, VPN management & alarms for connectivity or other issues.\n\n\n\n\n\n\n Robust & Comprehensive IPv 4 / IPv 6 Firewall\n\n\n\n Security is always taken seriously with Dray Tek routers. The firewall protects against attacks including Do S (Denial of Service) attacks, IP-based attacks & access by unauthorised remote systems. Wireless, Ethernet & VPN are also protected by various protection systems.\n\n The Dray Tek object-based firewall enables you to create combinations of Firewall rules & Content Filtering to suit a home or small office environment, applying Content Filtering to the whole network, only specified devices or just the network that guests can connect to.\n\n The Vigor 2866 supports both IPv 4 & IPv 6 with Dual-Stack IPv 4/IPv 6. Advanced networking features, such as the object-based Firewall, Quality of Service, Content Filtering & VLANs support both IPv 4 & IPv 6 networks.\n\n\n\n\n\n\n Web Content Filtering with DNS Filter\n\n\n\n The content control features of the Vigor 2866 allow you to set restrictions on website access, blocking the download of certain files or data types, blocking specific websites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal & according to time schedules.\n\n Content filtering can also block sites using HTTPS/SSL where URLs are encrypted (and normal routers cannot block).\n\n Using the Global View service, you can block whole categories of websites (e.g. gambling, adult sites etc.), subject to an annual subscription, which is continuously updated with new or changed site categorisations or sites that have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.\n\n\n\n\n\n\n High Availability
- Hardware Failover\n For even greater resilience, the Vigor 2866 series provides High Availability (HA), with both a primary & secondary router able to provide connectivity to your network & subnets.\n\n In the event of the primary unit failing, the secondary unit will take its place on the network, automatically switching over to resume Internet, routing & VPN connectivity with no intervention required. This can remove the possibility of a single point of failure within your routers.\n\n\n\n With Config Sync, the two routers are managed as a single unit, so that any changes made to the primary router will automatically propagate to the secondary router, ensuring it&153;s ready to take over at any time.\n\n\n\n\n Dray DDNS
- Dray Tek Dynamic DNS Address\n Dray Tek provides a free Dynamic DNS address to each Vigor 2866 router, allowing you to link the router's current IP address to a memorable "drayddns.com" hostname, such as "myrouter.drayddns.com".\n\n\n\n This address automatically updates whenever the Internet connection's IP changes, so if one WAN&153;s IP address allocation is dynamic, or the IP changes when switching from the primary WAN connection to a backup, you can easily locate & access your Vigor 2866 router. Just use the hostname to access the router's VPN services, management & any other services you have made accessible through the router.\n\n The Vigor 2866 can also authenticate your Dray DDNS hostname with free SSL/TLS certificates provided by Lets Encrypt, the router manages & automates the certificate process. Keeping the certificate up to date & ready for use with SSL VPN & other services.\n\n\n\n\n\n\n Manage Guest Wi Fi with Hotspot Web Portal\n\n\n\n Dray Tek routers make it easy to manage Guest Wireless with Hotspot Web Portal. The fully customisable captive portal can be applied to the router's LAN / VLAN interfaces, for use with wireless access points.\n\n Authentication can be handled by Google/ Facebook or an external web Portal service such as violet Wi Fi with RADIUS.\n\n Upon connecting to the wireless network, users are presented with your company's branding & information. From there, depending on what you've set, they can simply click-through, provide their details or enter a PIN with Voucher generated by the router.\n\n Once connected, the router can allow access until a user reaches their"a limit of time connected or bandwidth used.\n\n\n\n\n\n\n\n Quality of Service & Bandwidth Control\n\n\n\n Prioritise latency-sensitive applications on your network with Quality of Service.\n\n App Qo S simplifies setting up Quality of Service significantly, simply select which applications or services to prioritise, such as Zoom & Skype.\n\n Use 4 separate queues to give priority to servers & PCs (IP address), services such as Vo IP or DNS, or packet tagging used by IP phones with 802.1p & DSCP support\n\n Auto Voice VLAN allows the router to automatically prioritise Vo IP calls as they pass through the router without additional configuration.\n\n Control throughput with Bandwidth Limit, by setting speed limits for all clients individually, groups of IPs, or a shared bandwidth limit for a whole subnet, such as a Guest network.\n\n\n\n\n\n\n Central AP & Switch Management\n\n\n\n The Vigor 2866 manages Dray Tek Vigor AP access points & Vigor Switch switches connected locally to the router. This enables you to centrally control, manage & administer multiple AP & Switch devices installed around your building/campus from just one router.\n Central AP Management\n The Dray Tek router operating as the wireless controller can provision up to 20 Dray Tek Vigor AP access points with Central AP Management profiles, with an option to Auto Provision
- auto-configuring newly installed Vigor AP access points with the Auto Provisioning profile, upon initial connection to the Dray Tek Vigor router's network.\n Central Switch Management\n Dray Tek Vigor Switch switches can be provisioned & managed through the router with Dray Tek&153;s Central Switch Management system, which allows you to:\n\n Easily provision VLAN configuration & other port settings directly from the router.\n Set bandwidth rate limits & schedules for individual ports.\n Log switch events for alert notifications if network problems occur\n At a glance see the devices connected on your network with a virtual topology.\n\n\n\n\n\n\n\n\n\n\n Technical
Specification (UK Hardware Spec.):\n Physical Interfaces\n\n WAN1: G.fast / VDSL2 / VDSL2 35b / ADSL2+, RJ-11\n WAN2/LAN Switchable Port: 1x Gigabit Ethernet (1G/100M/10M), RJ-45\n LAN Ports: 5x Gigabit Ethernet (1G/100M/10M), RJ-45\n 2x USB (Universal Serial Bus) 2.0 Ports for 3G/4G Modem, thermometer or Printer)\n Recessed Factory Reset button\n\n Performance\n\n NAT Performance:\n\n 1.3 Gb/s Max Sync Rate with G.fast (dependant on ISP & Exchange equipment)\n 100 Mb/s Max Sync Rate with VDSL2\n 300 Mb/s Max Sync Rate with VDSL2 35b\n 950 Mb/s NAT Throughput for Ethernet WAN with Hardware Acceleration\n 1.8 Gb/s Total Multi-WAN NAT Throughput\n 700 Mb/s NAT Throughput per WAN without Hardware Acceleration\n 60, 000 NAT Sessions\n 8000 Hardware Accelerated NAT Sessions\n\n\n VPN Performance:\n\n 300 Mb/s IPsec (AES256) VPN Performance\n 800 Mb/s Hardware Accelerated IPsec VPN Performance
- New!\n 130 Mb/s SSL VPN Performance\n Max. 32 Concurrent VPN Tunnels\n Max. 16 Concurrent SSL VPN / Open VPN Tunnels\n\n\n\n WAN Interfaces\n\n WAN1: G.fast / VDSL2 / VDSL2 35b / ADSL2+\n WAN2: Gigabit Ethernet\n WAN5: 4G/LTE USB (Universal Serial Bus) Modem (not included)\n WAN6: 4G/LTE USB (Universal Serial Bus) Modem (not included)\n\n Internet Connection\n\n Load Balancing: IP-based, Session-based\n Hardware Acceleration\n 802.1p/q Multi-VLAN Tagging\n Multi-VLAN/PVC\n WAN Active on Demand: Link Failure, Traffic Threshold\n Connection Detection: PPP, ARP Detect, Ping Detect\n WAN Data Budget\n Dynamic DNS\n Dray DDNS " with automated Lets Encrypt Certificates\n Full Feature-set Hardware Acceleration:\n\n Hardware Accelerated Quality of Service\n Multi-WAN Data Budget\n Traffic Graph & Data Flow Monitor\n Bandwidth Limit\n\n\n IPv 4 Connection Types: PPPo A, PPPo E, MPo A, DHCP, Static IP, PPTP/L2TP (Ethernet WAN only)\n IPv 6 Connection Types:\n\n Ethernet: PPP, DHCPv 6, Static IPv 6, TSPC, AICCU, 6rd, 6in 4 Static Tunnel\n USB (Universal Serial Bus) 4G/LTE Modem: TSPC, AICCU\n\n\n\n G.fast, VDSL & ADSL Features\n\n BT Infinity Option 1 & Option 2 Compatible\n Compliant with Openreach SIN 527 & SIN 498\n Auto Detection of G.fast, VDSL & ADSL line modes\n Support for G.INP & Vectoring\n G.fast Standards:\n\n ITU-T G.9700, G.9701 G.fast\n Profile: 212 M Hz & 106 M Hz\n\n\n VDSL Standards:\n\n ITU-T G.993.1 VDSL\n ITU-T G.993.2, G.997.1 VDSL2\n Band Plan: G.998, G.997\n Annex A, Annex B, Annex C\n VDSL2 Profile: 8a, 8b, 8c, 8d, 12a, 12b, 17a, 35b\n OLR, UPBO, DPBO Supported\n US0 Supported\n Loop Diagnostic Mode\n DSL Forum WT-114\n\n\n ADSL Standards: \n\n Annex A\n ANSI T1.413 Issue 2\n ITU-T G.992.1 G.dmt (ADSL)\n ITU-T G.992.2 G.lite\n ITU-T G.992.3 ADSL2\n ITU-T G.992.5 ADSL2+\n\n\n ATM Protocols:\n\n RFC-2684/RFC-1483 Multiple Protocol over AAL5\n RFC-2516 PPP over Ethernet\n RFC-2364 PPP over AAL5\n Support for RFC4638 for MTU up to 1500\n\n\n\n Firewall & Content Filtering\n\n IP-based or User-based Firewall Policy\n User-based Time"a\n Do S Attack Defence\n Spoofing Defence\n Content Filtering:\n\n Application Content Filter\n URL Content Filter\n DNS Keyword Filter\n Web Features\n Web Category Filter (requires Global View subscription)\n\n\n\n NAT Features\n\n NAT Port Redirection\n Open Ports\n Port Triggering\n DMZ Host\n UPn P\n ALG (Application Layer Gateway): SIP, RTSP, FTP, H.323\n VPN Pass-Through: PPTP, L2TP, IPsec\n\n LAN Management\n\n 802.1q Tag-based, Port-based VLAN\n Up to 8 LAN Subnets (NAT or Routing mode selectable per LAN interface)\n Up to 16 VLANs\n DMZ Port\n DHCP Server:\n\n Multiple IP Subnet\n Custom DHCP Options\n Bind-IP-to-MAC\n DHCP Pool Count up to 1022 addresses for LANs 1-3\n DHCP Pool Count up to 253 addresses for LANs 4-8\n DHCP Relay per LAN\n\n\n LAN IP Alias\n Wired 802.1x Port Authentication\n Port Mirroring\n Local DNS Server\n Conditional DNS Forwarding\n Hotspot Web Portal\n Hotspot Authentication: Click-Through, Social Login, SMS PIN, Voucher PIN, RADIUS, External Portal Server\n\n Networking Features\n\n Policy-based Routing: Protocol, IP Address, Port, Domain/ Hostname, Country\n High Availability: Active-Standby, Hot-Standby\n DNS Security (DNSSEC)\n Local RADIUS server\n SMB File Sharing (Requires external storage)\n Multicast: IGMP Proxy, IGMP Snooping & Fast Leave, Bonjour\n Routing
Features: IPv 4 & IPv 6 Static Routing, Inter-VLAN Routing, RIP v 1/v 2/ng, BGP\n\n VPN\n\n Up to 32 active VPN tunnels
- including up to 16 SSL VPN or Open VPN Tunnels\n Up to 16 Hardware Accelerated 800 Mb/s IPsec tunnels " New!\n LAN-to-LAN
- Dial-In VPN Server & Dial-Out VPN Client\n Teleworker-to-LAN " Dial-In VPN Server\n User Authentication: Local, RADIUS, LDAP, TACACS+, m OTP\n IKE Authentication: Pre-Shared Key & Digital Signature (X.509)\n Encryption: MPPE, DES, 3DES, AES (128/192/256)\n Authentication: SHA-256, SHA-1\n VPN Trunk (Redundancy): Load Balancing, Failover\n Dead Peer Detection (DPD)\n IPsec NAT-Traversal (NAT-T)\n Virtual IP Mapping " Resolve VPN IP subnet/range conflicts\n DHCP over IPsec\n Dray Tek VPN Matcher " Connect to a VPN router that&153;s behind NAT/CG-NAT
- New!\n VPN Protocols:\n\n IPsec IKEv 1, IKEv 2, IKEv 2 EAP\n IPsec-XAuth\n Dray Tek SSL VPN\n Open VPN (Remote Dial-In User only)\n GRE over IPsec\n PPTP\n L2TP, L2TP over IPsec\n\n\n\n Bandwidth Management\n\n IP-based Bandwidth Limit\n IP-based Session Limit\n User-based Data"a\n\n Quality of Service (Qo S)\n\n Classify via TOS, DSCP, 802.1p, IP Address, Service Type\n 4 Priority Queues\n App Qo S\n Vo IP Prioritization\n Class-based Outbound Traffic Tagging: DSCP & IP Precedence\n\n Management\n\n Local Service: HTTP, HTTPS, Telnet, SSH, FTP, TR-069\n Config File Export & Import\n Import Config from Vigor 2862 & Vigor 2860\n Auto Backup Config to USB (Universal Serial Bus) Storage " New!\n Firmware Upgrade via TFTP, HTTP, TR-069\n 2-Level Administration Privilege\n Access Control
Features: Access List, Brute Force Protection\n Syslog\n SMS, E-mail Notification Alert\n SNMP: v 1, v 2c, v 3\n Managed by Vigor ACS\n\n Router Central Management Features\n\n AP Management: Up to 20 Vigor AP access points\n Switch Management: Up to 10 Vigor Switch network switches\n VPN Management: Up to 8 Vigor routers\n\n Operating Requirements\n\n Rack-Mountable (Optional Vigor RM1 mounting bracket required)\n Wall or Shelf Mountable with included fittings\n Temperature Operating: 0 &176;C ~ 45 &176;C\n Storage: -25 &176;C ~ 70 &176;C\n Humidity 10% ~ 90% (non-condensing)\n Power Consumption: 22.8 watts maximum\n Operating Power: DC 12V (via external PSU, supplied)\n Power Requirements: 100-240VAC\n Weight: 620g\n Dimensions:\n\n 241mm Width\n 165mm Depth\n 44mm Height\n\n\n\n Warranty\n\n Two (2) Year Manufacturer's RTB\n Optional Vigor Care Enhanced Warranty Available\n\n Vigor Care B3 3 Year Subscription: VCARE-B3\n Vigor Care B5 5 Year Subscription: VCARE-B5\n\n\n\n Box Contents\n\n Vigor 2866 router\n Quick Start Guide\n Screws & wall plugs for wall mounting\n 2m Cat-5e RJ-45 Network Cable\n DC 12V Power Supply with UK Plug\n\n\n