User Management & Access Control


Some DrayTek routers have built-in User Management which allows you to provide internet access to wireless and wired users based on their own unique login, stored in the router, or on an external Radius/LDAP server.

This is useful for devices such as shared computers that may have different filtering allowances and quotas that need to be applied depending on which user is logged in, instead of simply checking the IP address of the computer making the request.

Accounts can be restricted by schedules, maximum usage times or bandwidth quotas to control internet access and limit bandwidth usage. Firewall and Content Filtering can be applied to specific users, with a rule for each user, or to a group of users with the same filtering applied to each user.

As an example of its application, the Sales department might not be allowed access to social networking sites except at lunch time, or in a school, teachers and staff have more access permitted than pupils. In a home environment, children's access to the internet could be limited to 2 hours online per day, regardless of the device used.

User Profile Management & Content Filtering

User Management is used to filter access based on user account instead of IP address. If a client accesses the internet, they will not be able to do so until their account has been validated by the router. Exceptions to this can be made where necessary for specific IP addresses or subnets so that User Management could be applied only to specific VLANs, such as a guest network.

The User Management profiles can be configured on the router, or the router can validate accounts through RADIUS or LDAP authentication, with the latter being able to apply different filtering levels to LDAP authenticated users based on their Group.

If the router supports it, the User Profile accounts configured can also be used for authentication of wireless clients using 802.1X or on other devices, such as the Vigor AP910C Access Point with the router's RADIUS server.

Each user account can have a Firewall Rule applied to it, which makes it possible to set up Content Filtering and other firewall settings that would apply to a group of users.

By default, the router will apply the Firewall's Default Rule settings to the user, but if a different Firewall Rule is selected, it will apply the Content Filtering and other settings configured in that rule.

In this example, the Filter Rules have been configured to allow different levels of access to different groups:

  • Staff - basic Content Filtering applied
  • Students - strict Content Filtering applied with the Web Content Filter and DNS Filter and App Enforcement, to block unwanted software usage and access to websites such as Facebook

The capability of any particular product will vary; please refer to specifications of each product for feature support.