Draytek 2926n Ethernet Router / Firewall WiFi

Part: H201250

Item added to basket

Draytek produce some of the most specification-rich products in their class, please use these tabs to view full specifactions.

Vigor 2926 Series Ethernet Router Firewall & Load-Balancer

The Vigor 2926 series is our dual-Ethernet WAN firewall for load-balancing or failover. It's also a fully featured firewall, VPN concentrator and content filtering device.

This latest router series includes support for professional features such as VLAN tagging, Gigabit Ethernet, built-in wireless LAN (Vigor 2926n or Vigor 2926ac). An alternative WAN connectivity is by a USB 3G/4G/LTE cellular modem which can be your primary WAN feed, backup or load-balanced with your fixed line.

This latest router series includes support for other professional features such as VLAN taggingQoS (Quality of Service Assurance),  High AvailabilityDNS FilterPolicy Based Routing, and User Access Control.  Wired and Wireless models also include our new Hotspot features. If you deploy DrayTek Wireless Access Points, the Vigor 2926 can act as the Central Management Controller (click on any of those links for an explanation of each feature).

Vigor 2926 front panel sockets

 

A 5-port Gigabit Ethernet switch on the LAN side provides high speed connectivity for your server, other local PCs or for uplink to a larger Ethernet switch. Comprehensive security features include content filtering, web application controls and an object based firewall management system. Port 5 is switchable with 'WAN2' to use it as an Ethernet WAN port instead of a LAN port*.

*requires f/w 3.8.8 or later, otherwise 5th Ethernet port is for WAN2 only.

 

Robust & Comprehensive Firewall

Security is always taken seriously with DrayTek routers. The firewall protects against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems. The DrayTek object-based firewall allows even more setup flexibility than ever, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations. The Vigor 2926 also allows selective direction firewall rules of LAN to WAN, WAN to LAN or LAN to LAN/VPN.

 

Central Management with VigorACS

The Vigor 2926 series (along with most other DrayTek routers, Access points and switches) can be centrally managed by our VigorACS central management platform.  This scalable solution provides visibility, control and reporting of your entire DrayTek product estate, ideal for dealers/SIs manageing customers' devices or any user who wants to know what's going on with their devices.   VigorACS also provides features like automated/bulk firmware updates, VPN management and alarms for connectivity or other issues.  For full details of VigorACS, click here.

 

Web Content Filtering

GlobalView Categories

The content control features of the Vigor 2926 series allows you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal and according to time schedules.  Content filtering can also block sites using HTTPS/SSL where URLs are encrypted (and normal routers cannot block). 

Using the GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.

 

WAN Load Balancing & Backup

 

The Vigor 2926 features WAN connectivity via its two WAN Ethernet ports and two USB ports for connection of a compatible 3G or 4G modem. The ethernet ports can connect to DSL modems (e.g. Vigor 130), a cable modem or any other Ethernet-based Internet feed. The multiple WAN interfaces can be used either for WAN-Backup or Load Balancing. Load-balancing or failover supports IPv4 only currently (not IPv6).

Vigor 2925 Load Balancing with two Internet connections
The Vigor 2926 makes use of two simultaneous WAN connections

WAN-Backup provides contingency (redunancy) in case of your primary Internet connection or ISP suffering temporary outage). Internet Traffic will be temporarily routed via the secondary Internet access. When normal services is restored to your primary Internet line, all traffic is switched back to that.

 

 

 

The USB port provides Internet connectivity (main, backup or load balanced) by connecting to a compatible USB modem (or cellphone) for access to the high speed 3G/4G/LTE cellular networks from UK providers such as Vodafone, O2, 3 and EE. If you don't have a wired Internet connection at all, the USB/3G/4G access method can be used as your primary/only Internet connection, ideal for temporary locations, mobile applications or where broadband access is not available. Alternatively, if you will be making more regular use of 3G/4G/LTE, consider the Vigor 2862Ln model with its built-in cellular modem & SIM slot.

 

User Management/Authentication

The Vigor 2926 has built-in user management which allows you to provide conditional internet access with Time and Data usage quotas to different users, based on their own unique login (stored in the router, or on an external Radius server). For full details of this feature, click here.

 

Rack Mounting Kit

Vigor 2820 in RM1 Rack mounting bracket

The RM1 Rackmount Bracket enables you to fit any Vigor 2926 series router into a standard 19" rack or cabinet. The bracket takes up one rack slot (1U) and includes a cable retainer at the back to keep the power cord captive. The front mounted sockets of the router remain fully accessible. For wireless models, we then recommend extension aerials (or aerial extensions).

 

 

 

USB Port for Ad-Hoc Storage / Logging

USB Memory

The Vigor 2926's USB port can also be used to add storage memory to the unit in the form of a USB memory key (as shown right). The Vigor 2926 then provides FTP access file uploading/downloading which can be from the local LAN or from anywhere on the Internet - ideal for a simple to deploy file depository. If you do have a USB memory key connected, you can also have the router save it's system logs (syslog) to that memory instead of to a connecting computer; useful for technical personnel (SysAdmins).

VPN - Linking remote offices, HQ, teleworkers and mobile staff

A feature central to DrayTek routers is the VPN (Virtual Private Networking) features. A VPN enables you to link two remote offices, branch offices back to HQ or home-based/mobile teleworkers back to your office. Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing and seamless access to other resources and devices.

The Vigor 2926 allows you to have up to 50 simultaneous VPN tunnels to remote offices or teleworkers. It supports all common industry standard protocols, encryption types and authentication methods (see specification tab for full support list). Teleworkers can authenticate directly with your LDAP server if preferred.

VPN Schematic

The Vigor 2926 supports VPN trunking; this allows you to create tunnels down muliple WAN connections to a remote site in order to increase bandwidth. VPN trunking also provides failover (backup) of your VPN route down a secondary WAN connection. You can learn more about DrayTek VPN here.  Teleworkers can also use 2FA (Two factor authentication) such as MOTP

 

DrayTek SSL VPN - Link teleworkers and remote networks with TLS encryption

The Vigor 2926 supports up to 25 DrayTek SSL VPN tunnel connections. These are encrypted tunnels linking your teleworkers or remote DrayTek Vigor routers back to your main office using SSL/TLS technology - the same encryption that you use for secure web sites such as your bank.

Site to site VPN tunnels can connect branch offices to a main office, with DrayTek SSL VPN encryption securing the connection between the two offices, a TLS encrypted HTTPS tunnel which can be more secure than PPTP, and easier to configure than an IPsec VPN tunnel.

Teleworkers can easily create a secure DrayTek SSL VPN tunnel to the DrayTek Vigor 2926 using the DrayTek Smart VPN Client app.
DrayTek Smart VPN Client is free and supports Windows OS, macOS, Apple iOS (iPad, iPhone) and Android. You can learn more about the DrayTek Smart VPN Client here.

DrayTek SSL VPN is simple to configure, providing a more secure alternative to the now obsolete Point to Point Tunneling Protocol (PPTP VPN); which has known weaknesses and is now considered to be insecure. Setup is similar to a PPTP VPN tunnel in that it authenticates with an SSL VPN Username and Password.

You can learn more about DrayTek SSL VPNs here.

Dual-band MU-MIMO Wireless (Vigor 2926ac model)

The Vigor 2926ac supports simultaneous operation of the newer 5Ghz band as well as the more common 2.4Ghz band. The 5Ghz band is far less congested so if your PCs or other devices support the 5Ghz band, you can use that.The Vigor 2926ac operate both bands at the same time, so your devices can use either.    802.11ac also provides greater capacity (speed) with a total link rate of 1733Mb/s (vs. 300 in 802.11n 2.4Ghz). The Vigor 2926ac also supports MU-MIMO, SU-MIMO, TX Beam Forming, and up to 4 spatial streams, all of which can make your wireless faster.  It also supported the extended 5Ghz channels, reduucing congestion even further.

 

Wireless Security

The Vigor 2926 Series wireless models provides several independent levels of security including encryption (up to WPA2), authentication (802.11x) and methods such as MAC address locking and DHCP fixing to restrict access to authorised users only. The Web interface lets you see how many and which clients are currently connected as well as their current bandwidth usage. An 'instant' block lets you disconnect a wireless user temporarily in case of query. The Wireless VLAN facility allows you to isolate wireless clients from each other or from the 'wired' LAN.

The Multiple SSID features enable you to have up to four distinct or common virtual wireless access points per wireless band. For example, you could have one for company usage, with access to your company LAN and another for public access which allows internet surfing only. Setting up wireless security is made easier thanks to the WPS feature (WiFi protected setup) whereby your client PC can get it's security keys by pressing a button on the front of the router.

For a comprehensive guest system, the Vigor 2926 supports DrayTek's hotspot web portal.  There's also 'Airtime Fairness' to prevent individual users from using too much bandwidth and on the dual-band model, band-steeries tries to balance clients across both bands to reduce congestion.

For specialist or more demanding coverage applications, optional aerials can be used with the Vigor 2926 to potentially increase the range of wireless coverage (depending on environment) or provide directional coverage in order that your wireless transmission is focussed and concentrated into one direction only, for example into a room or across open space. With the increasing popularity of wireless LANs, you will want to choose the least congested wireless channel for yours so the Vigor can scan and provide a list of all devices in the vicinity so that you can choose the best channel (see screenshot below which shows an example in the 2.4Ghz band).

 

Wireless Features

  • Optional Higher Gain or directional aerials available - Click Here.
  • Time scheduled operation
  • Wireless Hotspot
  • Airtime Fairness
  • Band Steering
  • Active Client list in Web Interface
  • Wireless LAN Isolation (from each other or wired LAN)
  • WPA2 Encryption
  • Switchable Hidden SSID
  • Restricted access list for clients (by MAC address)
  • Access Point Discovery
  • WDS (Wireless Distribution system) for Bridging and Repeating
  • 802.1x Radius Authentication
  • Wireless Rate-Control
  • Automatic Power Management
  • 802.11e WMM (Wi-Fi Multimedia)

The Vigor2860n provides a local survey of other devices so that you can choose the least congested channel.
Above : The Vigor 2926 wireless models provide a local survey of other 
access points so that you can choose the least congested channel

 

Wireless LAN WDS Facility

Vigor 2926 wireless models support WDS (Wireless Distribution System) which enables you to use the wireless capability to bridge to another network, within wireless range. You need an additional compatible wireless router for this. For further details, see here.

Central Switch Management with a DrayTek Vigor Router

DrayTek Vigor router Central Switch Management provisions and monitors VigorSwitch switches through a DrayTek Vigor router, with profiles that can be applied to multiple switches and VLAN configuration all handled within the router.

This can simplify the setup of multiple subnets and VLANs, without needing in-depth knowledge of VLAN tagging and reduces setup time, with the time consuming step of configuring VLANs for each port handled by the router instead.

 

Switch Hierarchy

The Switch Hierarchy view provides a visual overview of interconnections between DrayTek VigorSwitch switches with the devices connected to each LAN port:

Switch Management Profiles

Switch Management profiles can be used configure schedules to enable or disable ports (including PoE) and set bandwidth limits for the ports. Descriptive names can be configured on the router which can be seen from the Switch Hierarchy view:

 

VLAN configuration of a VigorSwitch can be provisioned from the DrayTek Vigor router, with the router automatically configuring the Uplink port and being aware of the VLAN tags that the Vigor router and the connected LAN port have available:

Vigor 2926 Dual-WAN Series - Technical Specification (UK Hardware Spec.)

 

  • Physical Interfaces:
    • LAN Ports (Switch)
      • 5 X Gigabit Ethernet (1000Mb/s) Ports (Configurable Physical DMZ on Port4)
        LAN Port 5 Switchable with WAN2 (req. f/w 3.8.8 or later)
    • WAN Ports:
      • WAN1 : Gigabit Ethernet (1000Mb/s) Ethernet
      • WAN2 : Gigabit Ethernet (1000Mb/s) Ethernet for load balance and WAN failover
        Switchable with LAN Port 5
      • WAN3 : USB 2.0 Port for 3G/4G Modem, thermometer or Printer
      • WAN4 : USB 2.0 Port for 3G/4G Modem or Printer
      • Wireless WAN - Wireless interface can provide WAN connectivity
  • Performance:
    • Firewall: Up to 400Mb/s max
    • IPSec VPN: Up to 60Mb/s max
  • Load Balance/Failover Features:
    • Outbound Policy-Based Load-Balance to direct traffic via:
      • NAT or Routing
      • WAN Interface
      • LAN Interface
      • Specific LAN Gateway
      • VPN Tunnel
    • IP-Based or Session-Based Load Balance modes NEW!
    • WAN Connection Fail-over
    • BoD (Bandwidth on Demand)
    • Configurable Load-Balance pool, specify WAN interfaces to load balance
    • WAN Budget
  • Wireless LAN Features ('n' and 'ac' Models Only):
    • 2.4GHz 802.11n and 5GHz 802.11ac (Vigor 2926ac only)
    • 2.4GHz 802.11n  (Vigor 2926 'n' models)
    • Backward Compatibility for 802.11b/g (Vigor 2926 'n' models)
    • Backward Compatibility for 802.11a/b/g/n (Vigor 2926ac only)
    • Wireless Features on Vigor 2926ac:
      • 802.11ac (5Ghz)
      • 4x4 MU-Mimo (5Ghz)
      • Up to 4 Spatial Streams
      • TX Beam Forming
      • 1733Mb/s (5Ghz) + 300Mb/s (2.4Ghz) Total Link Rate
      • Dual-band (2.4/5Ghz) simultaneous wireless
      • 256QAM
      • Extended DFS frequency range
    • TX Beam Forming
    • Multiple SSID : Create up to 4 virtual wireless LANs (independent or joined)
    • Packet Aggregation and Channel Bonding
    • Optional Higher Gain or directional aerials available - Click Here.
    • Active Client list in Web Interface
    • Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
    • 64/128-bit WEP Encryption
    • WPA/WPA2 Encryption
    • Switchable Hidden SSID
    • Restricted access list for clients (by MAC address)
    • Time Scheduling (WLAN radio can be disabled at certain times of day)
    • Time Scheduling for individual SSIDs
    • Access Point Discovery
    • WDS (Wireless Distribution system) for WLAN Bridging and Repeating
    • 802.1x Radius Authentication
    • Wireless VLAN
    • Wireless Rate-Control
    • Automatic Power Management
    • 802.11e WMM (Wi-Fi Multimedia)
    • Station Control, limit wireless client access time per day
    • Airtime Fairness NEW!
    • Band Steering NEW!
    • Wireless WAN mode for WAN2, switchable with Ethernet (Wireless models only) NEW!
  • WAN Protocols (Ethernet):
    • DHCP Client
    • Static IP
    • PPPoE
    • PPTP
    • BPA
  • Firewall & Security Features:
    • CSM (Content Security Management):
      • URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
      • Block Web sites by category (e.g. Adult, Gambling etc. Subject to subscription)
      • Prevent accessing of web sites by using their direct IP address (thus URLs only)
      • Blocking automatic download of Java applets and ActiveX controls
      • Blocking of web site cookies
      • Block http downloads of file types :
        • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
        • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
        • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
      • Time Schedules for enabling/disabling the restrictions
      • Block popular P2P (Peer-to-Peer) file sharing programs
      • Block Instant Messaging programs (e.g. IRC, Skype/Yahoo Messenger etc.)
    • DNS Filter: Use DNS to enforce categorisation
    • Web Portal
    • Multi-NAT (32 WAN IPs per WAN1 & WAN2)
    • DMZ Host
    • DMZ Port (via LAN port P1, switchable)
    • 40 Port Redirection rules
    • 40 Open Port rules (10 port ranges per rule)
    • Policy-Based Firewall
    • MAC Address Filter
    • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
    • DoS / DDoS Protection
    • IP Address Anti-spoofing
    • E-Mail Alert and Logging via Syslog
    • Bind IP to MAC Address
    • User Management:
      • Up to 200 Profiles
      • Supports external authentication via LDAP or RADIUS
      • Per User Bandwidth and Time Quota
      • Schedule Control to delete or disable account automatically
  • Bandwidth Management:
    • Quality of Service (QoS - For devices in the NAT subnets according to source or destination IP)
      • Guaranteed Bandwidth for VoIP
      • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
      • Layer 2&3 (802.1p & TOS/DCSP)
      • DiffServ Code Point Classifying
      • 4-level Priority for each Direction (Inbound / Outbound)
      • Bandwidth Borrowed
      • App QoS: Classify traffic by Application NEW!
    • Temporary (5 minute) Quick Blocking of any LAN Client
    • Bandwidth Limit (Shared or individual limit)
    • Smart Bandwidth Limitation (Triggered by Traffic / Session)
    • Session Limit
  • Network/Router Management:
    • Web-Based User Interface (HTTP / HTTPS)
    • CLI ( Command Line Interface ) / Telnet / SSH
    • Web Console: Access CLI through Web Interface
    • Administration Access Control
    • Brute Force Protection
    • Configuration Backup / Restore
    • Configuration Import from Vigor 2920 and Vigor 2925
    • Built-in Diagnostic Function
    • Firmware Upgrade via Web Interface, TFTP, FTP
    • Logging via Syslog
    • Supports SmartMonitor (up to 50 IPs monitored)
    • SNMP v3 Management with MIB-II
    • TR-069
    • TR-104
    • Access Point Management: Centrally Manage up to 20 DrayTek VigorAPs
    • Switch Management: Centrallly Manage up to 10 DrayTek VigorSwitches NEW!
  • VPN Facilities:
    • Up to 50 Concurrent VPN Tunnels (incoming or outgoing)
    • Tunnelling Protocols:
      • PPTP
      • IPSec
      • L2TP
      • L2TP over IPSec
      • DrayTek SSL
      • GRE NEW!
    • IPSec Main and Agressive modes
    • IKE Phase 1 DiffieHelman Groups 1,2,5 & 14
    • IKE Phase 2 DiffieHelman Groups 1,2,5 & 14 (will match phase 1 selection)
    • IKEv2 & IKEv2 NEW!
    • Encryption : MPPE, DES / 3DES (168bits) and Hardware-Based AES (128/192/256bits)
    • Authentication : Hardware-Based MD5, SHA-1 and SHA-256
    • IKE Authentication : Pre-shared Key or X.509 Digital Signature
    • SSL VPN for teleworkers - Up to 25 simultaneous users. Proxy or tunnel
    • LAN-to-LAN & Teleworker-to-LAN connectivity
    • DHCP over IPSec
    • NAT-Traversal ( NAT-T )
    • Dead Peer Detection (DPD)
    • VPN Pass-Through
    • MOTP (Mobile One Time Password) for two factor authentication (2FA)
    • Virtual IP Mapping, map a remote IP subnet/range to another range to resolve IP subnet/range conflicts
    • Port forwarding (Port Redirection, Open Ports) to remote clients connected via an IPsec LAN to LAN VPN NEW!
  • Network Features:
    • Port-Based VLAN (Inclusive/Exclusive Groups)
    • 802.1q VLAN Tagging
    • Port Mirroring
    • 802.1X Port Authentication
    • Multi Subnet DHCP Servers with DHCP Relay
    • LAN Clients :  Up to 1022 per subnet (for subnets 1-3)
    • Custom DHCP Option support
    • Dynamic DNS
    • DNSSEC support NEW!
    • DNS Transparent Proxy
    • DNS Caching
    • LAN DNS (supports CNAME)
    • NTP Client (Synchronise Router Time)
    • Call Scheduling (Enable/Trigger Internet Access by Time)
    • RADIUS Client
    • LDAP Client
    • TACACS+ Client
    • High Availability NEW!
    • Internal RADIUS Server NEW!
    • Microsoft™ UPnP Support
    • Maximum MTU 1534
    • Routing Protocols: 
      • Static Routing (30 routes)
      • RIP V2
      • RIPng for IPv6 NEW!
      • BGP NEW!
  • Operating Requirements:
    • Rack Mountable (Optional Vigor RM1 mounting bracket required)
    • Wall Mountable
    • Temperature Operating : 0°C ~ 45°C
    • Storage : -25°C ~ 70°C
    • Humidity 10% ~ 90% (non-condensing)
    • Power Consumption: 18 Watt Max.
    • Dimensions: L240.96 * W165.07 * H43.96 ( mm )
    • Operating Power: DC 12V (via external PSU, supplied)
    • Warranty : Two (2) Years RTB
    • Power Requirements : 220-240VAC

Related Products

Need this by Saturday?

Order by 17:00 next Friday and select next day delivery at checkout*

*Subject to delivery address

Power Distribution Specialists Call us for BULK or BESPOKE pricing FREE Delivery on orders over £50 + VAT