DrayTek Level 1 – Routing and WAN Essentials

This is a compact engineer-focused DrayTek course for technical staff who already understand IP addressing, subnetting and basic routing. It explains how DrayTek routers are commonly deployed, how traffic enters and leaves the platform, and how to work confidently with core edge-routing functions.

The session concentrates on practical operational understanding: PPPoE and PPPoA, WAN setup, routing, NAT and port forwarding, load balancing, firewalling, point-to-point VPNs, VLANs, policy routing and diagnostics. It is designed as a high-value 4-hour technical module rather than a long beginner course.

Course purpose

Give network staff a practical mental model for DrayTek routing so they can configure common WAN and LAN functions more confidently, understand how features interact, and troubleshoot routing, NAT, firewall and VPN behaviour with better accuracy.

Duration

4 hours
Best suited to technically experienced learners who already know IP basics

Target audience

network engineers
technical support and escalation staff
MSP and field engineers deploying branch routers
infrastructure teams supporting WAN edge devices
administrators who need practical DrayTek routing knowledge rather than deep vendor certification theory

Prerequisites

Learners should already be comfortable with:

IPv4 addressing and subnet masks
default gateway concepts
basic LAN vs WAN terminology
common troubleshooting ideas such as ping, traceroute and DNS checks

The course assumes networking foundations and focuses on applying them to DrayTek platforms.

Learning outcomes

explain where a DrayTek router sits in a branch or SME network design
distinguish between common WAN handoff models including PPPoE, PPPoA, static IP and DHCP-based access
reason about interfaces, subnets, gateways and route selection on a DrayTek router
configure and troubleshoot NAT and port forwarding at a practical level
explain how load balancing, failover and policy decisions affect traffic path selection
understand firewall rule behaviour and the importance of rule order and direction
describe common point-to-point VPN use cases and the basic parameters involved
understand static routes, dynamic routing awareness and policy routes in a DrayTek context
apply VLAN concepts to segmentation, inter-VLAN routing and service separation
use built-in diagnostic tools to troubleshoot WAN, routing, NAT and VPN issues more methodically

Detailed module structure

Unit 1: DrayTek platform context and traffic flow

Topics:

where DrayTek routers typically sit in a branch or SME design
LAN side vs WAN side thinking
interfaces, zones and service roles
how packets move from client to router to upstream service
what features interact in the forwarding path:
- routing
- NAT
- firewall rules
- VPN policies

Core framing: most troubleshooting becomes easier once learners can visualise the packet path through interface, route, NAT and policy decisions.

Unit 2: WAN setup and access methods

Topics:

typical WAN handoff models on DrayTek routers
PPPoE:
- what it is
- where it is commonly used
- username, password and MTU considerations
PPPoA at a practical awareness level and where it historically appears
static IP WAN configuration
DHCP-assigned WAN configuration
DNS, gateway and service reachability checks

Unit 3: Routing, subnets and path selection

Topics:

subnet boundaries and directly connected networks
default route and next-hop logic
static routes and common branch-office use cases
policy routes and why traffic may need different treatment by source, destination or service
dynamic routing awareness:
- what dynamic routing solves
- where it may appear in larger environments
- why it is kept high-level in a 4-hour session

Operational message: if the wrong route is chosen, NAT, firewall and VPN changes often appear broken even when they are configured correctly.

Unit 4: NAT and port forwarding

Topics:

why NAT exists at the edge
source NAT for outbound traffic
destination NAT and port forwarding for inbound services
one-to-one thinking vs many-to-one thinking
common mistakes:
- wrong internal host
- wrong WAN interface
- missing firewall allowance
- double NAT confusion
how to verify whether the issue is routing, NAT or service-side

Unit 5: Multi-WAN, load balancing and policy decisions

Topics:

why organisations use multiple WAN connections
load balancing vs failover
session persistence and why some applications dislike path changes
link preference and service steering
using policy logic to pin traffic to the right WAN
practical examples:
- voice traffic preferring one WAN
- guest traffic preferring a cheaper link
- backup VPN traffic avoiding the primary path

Unit 6: Firewall behaviour and rule logic

Topics:

firewall purpose at the WAN edge
permit vs deny thinking
source, destination, service and schedule matching
rule order and why top-down evaluation matters
inbound service exposure and least-privilege design
relationship between firewall rules, NAT and VPN traffic

Key idea: a correct port forward alone does not make a service reachable if firewall policy, route choice or return path is wrong.

Unit 7: Point-to-point VPN essentials

Topics:

what a site-to-site or point-to-point VPN solves
LAN-to-LAN tunnel concepts
peer addressing, local and remote networks, and authentication
tunnel establishment at a high level
routing over the tunnel
common failure causes:
- mismatched subnets
- overlapping address space
- policy mismatch
- incorrect WAN binding

Unit 8: VLANs and segmented networks

Topics:

why VLANs are used for segmentation
separating staff, guest, voice and management networks
tagged vs untagged traffic at a practical level
router-on-a-stick style thinking and inter-VLAN routing awareness
where firewall policy fits between VLANs
how VLAN design affects DHCP, DNS, routing and security policy

Unit 9: Diagnostics and structured troubleshooting

Topics:

link state and interface checks
routing table inspection
ARP, gateway and DNS validation
ping and traceroute in context
checking whether traffic fails at WAN, route, NAT, firewall or VPN stage
using logs and counters to confirm rule matches
building a fault-finding sequence instead of guessing

Recommended method: test one layer at a time: interface, addressing, route, translation, policy, then application reachability.

Labs

review a PPPoE WAN configuration and identify the critical settings
trace the expected packet path for a user browsing out to the Internet
analyse a failed port-forwarding scenario and identify whether the issue is NAT, firewall or return routing
compare failover vs load balancing behaviour for two WAN links
review a point-to-point VPN scenario with mismatched local and remote networks
interpret a simple VLAN and inter-VLAN policy design
follow a structured troubleshooting sequence using ping, route checks and rule/log inspection

Assessment

Practical routing exercise

identify the correct WAN method for a scenario
explain the route and NAT path for a service flow
spot the likely cause of a broken port forward or VPN path
describe the next safe troubleshooting step

Engineering knowledge check

Explain how a DrayTek router would handle a packet from LAN host to WAN service, then describe how routing, NAT, firewall rules, VPN policy and diagnostics would be used to confirm where a failure occurs.

Practical DrayTek routing knowledge - Better WAN decisions - Faster troubleshooting

Built for engineers who need concise edge-routing, NAT, VPN and diagnostics capability in a single focused session

Training scope and tailoring

The training plan shown above is provided as a structured guide to the typical scope and direction of the course. Our training content is reviewed and refined over time, so the precise balance of modules, examples and exercises may vary when the course is delivered.

Where there are specific topics, technologies or operational outcomes that are particularly important to your team, these can normally be incorporated into the delivery plan by prior agreement. Training is not treated as a rigid, fixed package; it is adapted where appropriate to reflect the client environment, delegate experience level, group size and the objectives agreed in advance.