Expired

XV. VigorACS and VigorConnect

Expired

VigorACS 3 - Connect a VigorAP Access Point to VigorACS 3

Products:
VigorACS 3
VigorAP 710
VigorAP 800
VigorAP 802
Show all

Keywords:
ACS-SI
Apply settings to APs
VigorAP
provisioning
Show all

There may be many DrayTek routers, firewalls, switches and wireless access points deployed in the networks you're managing.

VigorACS 3 is designed to centrally manage and provision all of your DrayTek networking devices, with centralised device management through the standard TR-069 protocol, enabling you to make configuration changes to individual devices or to roll out mass configuration changes to many devices. For further details on the VigorACS 3 central management platform and what you can do with it, click here

Connecting a VigorAP to VigorACS 3 as a CPE (Consumer Premises Equipment) node allows you to remotely configure the access point as if it was being managed locally, automate configuration backups and schedule tasks for groups of Vigor routers, switches & APs, such as firmware upgrades.

This article demonstrates how to configure DrayTek VigorAP access points to connect to VigorACS, or alternatively, configure the DrayTek Vigor router they're connected to, to provision the VigorACS details to each connected VigorAP. Please note that managing a VigorACS network's connection details such as Network Username and Password, requires Group Administrator status for that network.

Configuration of a VigorACS Network

To connect a DrayTek VigorAP to VigorACS, it will need to authenticate with the server with a Username and Password to join a Network (or Group).

By default, the ACS server's Root Network has a Username of "acs" and a Password of "password".
The network that an access point joins initially is determined by the Username and Password specified

In the VigorACS 3 management console, click on the Globe icon to go to [Network Management]. Then once the network list has loaded, select the Network that you have permission to manage from the list, or enter the network name into the search box to locate it.

In the example shown here, a switch connecting to VigorACS 3 with a Username and Password of acsnetwork / networkpasswordhere will join the "My ACS Network" Network.

ACS 3 Network page

The Enable SD-WAN and Bulk Data settings do not need to be changed here. See the VigorACS 3 - Setting up SD-WAN article for more details.

Network Management Tip: To change the network a router is in, you can drag & drop the router around in the Network list, from one network to another. Or you can change the TR-069 Username / Password on the CPE.

Connecting a VigorAP to VigorACS

Log in to the VigorAP Access Point's web interface and select this menu:

[System Maintenance] -> [TR-069]

Then complete the VigorACS server details, as shown in the example below.

  • In this example the VigorACS servers IP address is 198.51.100.1
    VigorACS Server URL: https://<IP address or Hostname>/ACSServer/services/ACSServlet
  • Enable the CPE Settings option and where available select HTTPS
  • Ensure STUN setting is enabled and the STUN server IP address is entered. (STUN IP is the IP address of the Vigor ACS server). On the VigorACS Server, ensure that inbound traffic to UDP port 3478 is permitted. If there is a firewall in front of the VigorACS Server then the firewall would need to allow UDP port 3478 through.

The Username and Password should be set to match the credentials which were set in VigorACS for the network the Access Point is being placed into.

Provisioning VigorACS Configuration with a Vigor Router

An alternative to setting up each Access Point with the TR-069 settings, is to use a DrayTek Router with wireless management to set the TR-069 parameters on all Access Points within its management.

On the Vigor router that the APs are connected to, go to:

[System Maintenance] -> [TR-069]

Enter the TR-069 parameter, and enable apply settings to APs. Please note the admin logon password for all APs must be the same for the controller to add these TR-069 parameters to the APs.

The screen shot below is an example of the settings, where 198.51.100.1 is the IP address used to connect to the VigorACS server. Enter the IP address or hostname (i.e. acs.example.com) for your VigorACS server.

It's generally recommended to enable STUN for the APs if they will be connecting over the Internet / NAT.

The password for each AP will need to be the same, and if the setting are made to Access Points on a default setting then the password will be "admin".

Once the unit is in ACS, you may create profiles with a more secure password and roll this out to the required Access Points.

 

How do you rate this article?

1 1 1 1 1 1 1 1 1 1

First Published: 28/05/2021
Last Updated: 15/06/2021