The 2830n plus shares many features with the last Draytek we reviewed, the Vigor 2920. Although the 2920 was reviewed with 188.8.131.52 firmware. The current web demo running 184.108.40.206 firmware presents a feature set very similar to the 2830n plus'.
The table below, pulled from the 2830 plus' web page summarizes its feature set.
|Multi-WAN||Outbound Policy-based Load-balance|
|BoD (Bandwidth On Demand)|
|WAN Connection Fail-over|
|WAN Protocol||ADSL2+ (WAN-1)||DHCP Client|
|PPPoE / PPPoA|
|Giga Ethernet (WAN-2)||DHCP Client|
|VPN||Up to 32 VPN Tunnels|
|Protocol : PPTP, IPSec, L2TP, L2TP over IPSec|
|Encryption : MPPE and Hardware-based AES / DES / 3DES|
|Authentication : MD5, SHA-1|
|IKE Authentication : Pre-shared Key and Digital Signature (X.509)|
|DHCP over IPSec|
|IPSec NAT-traversal (NAT-T)|
|Dead Peer Detection (DPD)|
|Firewall||Multi-NAT / DMZ Host / Port-redirection / Open Port|
|MAC Address Filter|
|SPI (Stateful Packet Inspection) (Flow Track)|
|DoS / DDoS Prevention|
|IP address Anti-spoofing|
|E-Mail Alert and Logging via Syslog|
|Bind IP to MAC Address|
|Time Schedule Control||Firewall v3|
|Bandwidth Management||QoS||Guarantee Bandwidth for VoIP|
|Class-based Bandwidth Guarantee by User-Defined Traffic Categories|
|DiffServ Code Point Classifying|
|4-level Priority for Each Direction (Inbound / Outbound)|
|Bandwidth / Session Limitation|
|Layer-2 (802.1 p) and Layer-3 (TOS/DSCP) QoS Mapping|
|CSM (Content Security Management)||IM/P2P Application V3 (App Enforcement)|
|GlobalView Web Content Filter (Powered by Commtouch)|
|URL Content Filter||URL Keyword Blocking (Whitelist and Blacklist)|
|Java Applet, Cookies, Active X, Compressed, Executable, Multimedia File Blocking|
|Time Schedule Control|
|Network Feature||Packet Forwarding Acceleration|
|DHCP Client / Relay / Server|
|IGMP Version 2 and Version 3|
|UPnP 30 sessions|
|VLAN Tagging (802.1q) on LAN|
|Routing Protocol||Static Routing|
|USB||3.5G/4G * as WAN - 3|
|File System||Support FAT32/FAT16 File System|
|Support FTP Function for File Sharing|
|Network Management||Web-based User Interface (HTTP / HTTPS)|
|Quick Start Wizard|
|CLI (Command Line Interface , Telnet / SSH)|
|Administration Access Control|
|Configuration Backup / Restore|
|Built-in Diagnostic Function|
|Firmware Upgrade via TFTP / FTP / HTTP / TR-069|
|Logging via Syslog|
|SNMP Management MIB-II|
|Management Session Time Out|
|2-level Management (Admin/User Mode)|
|Tag-based (802.1 q) VLAN|
|Layer-2 (802.1 p) QoS|
Table 1: Vigor 2830n plus feature set
It's hard to tell whether the 2830n plus brings additional routing features to the party over the 2920, since the downloadable product matrix doesn't include the 2830 and the online spec sheets have slightly different formats. But given the design and firmware similarities, it appears that routing and VPN feature sets are essentially the same, with both products supporting a total of 32 site-to-site and client-to-gateway tunnels that can be mixes of PPTP, IPSec, L2TP and L2TP over IPSec.
One difference I could find by comparing the 2920 and 2830n online simulators was the 2830's WAN > Multi-PVC menu (Figure 4) vs. the 2920's WAN > Multi-VLAN menu (Figure 5). (PVCs [Permanent Virtual Circuit] are used in ATM networks.)
Figure 4: Vigor 2830 Multi-PVC menu
I think this difference is primarily due to the 2830's ADSL2+ modem.
Figure 5: Vigor 2920 Multi-VLAN menu
It also looks like Draytek has granted Doug's wish for 802.1q VLAN tagging (Figure 6). The 220.127.116.11 2920 firmware also expands the number of VLANs to 8 and enables SSID's to be assigned to VLANs, but doesn't support tagging on the LAN side.
Figure 6: 2830 VLAN with tagging
The 2830 supports three WAN connections, but only one each of Gigabit Ethernet, ADSL2+ and USB WWAN. The three connections can be configured for fail-over, "Outbound Policy-based Load-balance" and bandwidth-on-demand modes. I didn't check any of these modes since Doug did a good job of that in the 2920 review. While you're over there, you might as well read through the rest of the feature details, since the 2830 supports them too.
I asked Draytek about jumbo frame support because there aren't any controls visible in the Web GUI. The answer was that they are supported, but you still need to set them up via the command line interface as Doug described.
The 2830's Firewall features use the same hierarchical model, i.e. creating Objects and Profiles and then applying them to Rules. The menus are the same—NAT, Firewall, Objects, Users and Content Security Management (CSM.)—but I found a subtle difference in the NAT menu.
Figure 7 shows the Address Mapping page that is not present in the 2830n. This menu appears to support mapping multiple WAN IP addresses to internal LAN subnet ranges. But I say appears, because the feature isn't described in the 2920 User Guide that I downloaded.
Figure 7: 2920 Address mapping menu
All the other Firewall-related menus appear to be the same, including the ability to activate subscription-based content filtering. You get a free 30 day trial of the CommTouch service when you register your new router. But after 30 days, the subscription costs $95 - $110 / year.
Doug liked the logging features better than I did, probably because he used the free syslog server software that you can download from Draytek. I tried to view logs via the web GUI, which first involved a trip to the System Maintenance > SysLog / Mail Alert page to enable syslog and point it to the 2830 itself. I then hit the Diagnostics > Web Firewall Syslog page (not present in the 2920) to view the log. Figure 8 shows the log from a successful L2TP / IPsec client connection as an example.
Figure 8: Example log
But I wouldn't recommend this method. Each time I changed the Syslog Type dropdown, the log appeared to be cleared rather than just filtered. And this log method was no help in diagnosing failed VPN connects. I asked Draytek about this and they said the best approach is to use the Syslog tool.
The other tools in the Diagnostics menu that Doug liked in the 2920 (route table, arp cache, DHCP table, and NAT sessions, ping and traceroute tool) are also found in the 2830, along with the data flow monitor and traffic graph (Figure 9).