Taking backups of the router's configuration is recommended; It's good practice to take a backup so that if major change to the router, such as making significant configuration changes (VLAN, Firewall changes, etc), needs to be reversed it can be done so quickly. It is also good practice to make sure that there is a copy of the backup prior to a firmware update.
The ".cfg" configuration backup file taken from a DrayTek Vigor router running DrayOS firmware (Vigor 2830, Vigor 2860 etc) is encrypted so that it cannot be read in any way and can only be used to load configuration settings onto a DrayTek Vigor router. Loading this configuration will restore all configuration details (detailed in the FAQ below) of the router that the configuration backup was taken from, with the original router's management password.
Although DrayTek Vigor router configuration files are encrypted, configuration files should be stored securely to protect network and user account security. In addition to ensuring backups are stored securely, this can be further mitigated by securing the configuration with a password, so that it can only be loaded onto a router when the correct password is supplied, which is explained in the "Configuration Backup and Restoration" section below.
Click on a link to jump to the relevant section for your product:
Configuration Backup and Restoration |
Guidance on how to backup and restore configuration files from DrayTek Vigor routers. |
Backing up Certificates |
How to back up and restore the router's certificates. Certificates stored on the router are not backed up in the router's configuration file. |
Frequently Asked Questions |
Answers to some common questions relating to backing up a DrayTek router's configuration:
|
To back up the configuration of a DrayTek Vigor router running DrayOS firmware, access the router's web interface and go to [System Maintenance] > [Configuration Backup]. Click the Backup button to download the router's configuration file through the browser:
Save the configuration file through the web browser onto the computer when prompted:
Password Protection
DrayTek routers with firmware versions 3.7.8 and later have the option to encrypt the configuration file with a password, which requires the password to be supplied to load the router's configuration file. Clicking the "Protect with password" option will then show the password entry fields.
To restore the saved configuration of a DrayTek Vigor router, go to [System Maintenance] > [Configuration Backup] and click "Browse..." to locate the configuration file on the computer. Click the Restore button to load the configuration on the router.
The "Restore configuration except the login password" option can restore the configuration of the router with its factory default management password of "admin" if the configuration file was taken from the same router hardware that it is being loaded on to.
If the configuration backup file has been renamed from its original filename, the router will promrpt to confirm whether the configuration file should be loaded. If the configuration file is the correct one for the router, click OK to continue the configuration loading process.
Restoring password protected configuration backup files
If the configuration file has been protected with a password, a pop-up prompt will appear to enter the password. This password must be entered to continue to the load the configuration backup on the router.
Once the configuration file has been loaded onto the router, the configuration will over-write all settings currently configured on the router. The settings from the configuration backup will take effect once the router is restarted, including the IP address of the router, VLAN and password settings.
Click the Restart button to reboot the router with the new configuration.
Certificates that have been generated on the router and signed by a Trusted Certificate Authority must be backed up separately from the router's main configuration file. This is because the router uses a private key that is separate from the router's main configuration when generating the Certificate Signing Request (CSR). More information on generating and signing certificates can be found here.
Because the private key is used to validate certificates, loading a signed certificate without the corresponding private key is not possible, the router will not allow certificates to be imported that do not have a matching private key or certificate signing request.
The backup of the router's certificates is stored as an encrypted .cfg file and is specific to DrayTek routers with DrayOS firmware, the individual certificates and private keys cannot be extracted.
To back up a router's certificates, go to [Certificate Management] > [Certificate Backup]. Enter a password to encrypt the certificate backup with, which will be required to restore the backup and click the Backup button to download the router's certificates:
This will download the certificates as a .cfg file to the web browser:
To restore a DrayTek router certificate backup, go to [Certificate Management] > [Certificate Backup]. Click the "Browse..." button to locate and select the file, enter the password that the backup was taken with and click the Restore button to load the backup onto the router.
If the password is correct for the certificate backup, the router will display a confirmation that the certificates have loaded successfully.
The loaded certificates will then be visible with the correct state in the [Certificate Management] > [Local Certificates] section:
All settings of the router, including:
This error message will display when the configuration file has been renamed in any way, the configuration file can still be loaded onto a router without issue.
No, the router's main configuration cannot be saved or extracted in a plain-text format.
This configuration file can be loaded onto the same router or a replacement router of the same series i.e. Vigor 2860n to Vigor 2860ac. Any settings that were unavailable on the original router, such as additional wireless configuration settings, are populated automatically with the DrayTek factory default settings for that model.
It is possible to load a backed up configuration from an older model DrayTek Vigor router such as the Vigor 2820 onto a newer Vigor router of similar series, such as a Vigor 2860, to simplify the process of upgrading between router models. This is explained in depth here: Transferring configuration backups between routers.
Licenses such as the GlobalView Web Content Filter are linked to the router hardware that the license was activated on; loading the configuration file on different router hardware will not move the GlobalView license entitlement to the new router. In situations where the original router hardware is lost or unavailable, it is recommended to contact the support team for assistance.
DrayTek Vigor routers that support High Availability and are configured for "Hot Standby" mode, where only one router is active at any one time, can be configured to share the same Web Content Filter license. This is explained in depth in the "MyVigor License Sharing" section of the High Availability - Hot Standby mode setup guide.
How do you rate this article?