ZyXEL P-2302RL-P1 Support Notes

P-2302RL-P1

VoIP Station Gateway

With Lifeline

Support Notes

Version 3.60

Oct. 2007

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

2

INDEX

Application Notes ......................................................................................................... 6

General Application Notes .....................................................................................6

Internet Connection ........................................................................................ 6

Setup the the ZyXEL Device as a DHCP Relay .......................................... 11

Configure an Internal Server Behind SUA .................................................. 13

Configure a PPTP server Behind SUA ........................................................ 14

About Filter & Filter Examples ................................................................... 18

Using the Dynamic DNS (DDNS) ............................................................... 41

Network Management Using SNMP ........................................................... 42

Using SysLog ............................................................................................... 49

Using IP Alias .............................................................................................. 52

Using IP Multicast ....................................................................................... 56

Using Traffic Redirect Feature ..................................................................... 58

Using Universal Plug n Play (UPnP) ........................................................... 61

VoIP Application Notes ........................................................................................67

Setup SIP Account ....................................................................................... 67

Advanced voice settings configuration ........................................................ 71

Voice QoS .................................................................................................... 77

Phone port settings ....................................................................................... 78

Common Phone ............................................................................................ 79

Country Code ............................................................................................... 80

Call Forwarding ........................................................................................... 81

Call Hold ...................................................................................................... 84

Call Waiting ................................................................................................. 85

Three Way Conference ................................................................................ 86

Call Transfer ................................................................................................ 88

Internal Call ................................................................................................. 91

MWI ............................................................................................................. 91

Music on hold .............................................................................................. 92

Early Media .................................................................................................. 93

Call Park / Call Pickup ................................................................................. 94

Do Not Disturb (DND) ................................................................................ 96

Phone book Speed dial ................................................................................. 97

PSTN Lifeline Application Notes ........................................................................99

Usage of PSTN Lifeline ............................................................................... 99

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

3

Lifeline configuration .................................................................................. 99

Relay to PSTN ........................................................................................... 100

How to connect Lifeline and WAN connection ......................................... 100

FAQ ........................................................................................................................... 102

ZyNOS FAQ ......................................................................................................102

What is ZyNOS? ........................................................................................ 102

How do I access the embedded web configurator? .................................... 102

What is the default LAN IP address and Password? Moreover, how do I

change it? ................................................................................................... 102

How do I upload the ZyNOS firmware code via embedded web

configurator? .............................................................................................. 102

How do I upgrade/backup the ZyNOS firmware by using FTP client

program via LAN? ..................................................................................... 103

How do I upload or backup ROMFILE via web configurator? ................. 103

How do I backup/restore configurations by using FTP client program via

LAN?.......................................................................................................... 104

Why can't I make Telnet to The ZyXEL Device from WAN? .................. 104

What should I do if I forget the system password? .................................... 104

What is SUA? When should I use SUA? ................................................... 104

What is the difference between NAT and SUA? ....................................... 105

How many network users can the SUA/NAT support? ............................. 105

What are Device filters and Protocol filters? ............................................. 105

Why can't I configure device filters or protocol filters? ............................ 105

Product FAQ ......................................................................................................106

What is the ZyXEL Device Internet Access Sharing Router? ................... 106

Will the ZyXEL Device work with my Internet connection? .................... 106

What do I need to use the ZyXEL Device? ............................................... 106

What is PPPoE? ......................................................................................... 106

Does the ZyXEL Device support PPPoE? ................................................. 107

How do I know I am using PPPoE? ........................................................... 107

Why does my provider use PPPoE?........................................................... 107

Which Internet Applications can I use with the ZyXEL Device? .............. 107

How can I configure the ZyXEL Device? ................................................. 107

What network interface does the ZyXEL Device support? ....................... 107

What can we do with the ZyXEL Device? ................................................ 108

Does the ZyXEL Device support dynamic IP addressing? ........................ 108

What is the difference between the internal IP and the real IP from my ISP?

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

4

.................................................................................................................... 108

How does e-mail work through the ZyXEL Device? ................................ 108

What is the difference between the 'Standard' and 'RoadRunner' service? 108 Is it possible to access a server running behind SUA from the outside

Internet? If possible, how? ......................................................................... 109

What DHCP capability does the ZyXEL Device support? ........................ 109

How do I used the reset button, more over what field of parameter will be

reset by reset button? ................................................................................. 109

What network interface does the new ZyXEL Device support? ................ 109

How does the ZyXEL Device support TFTP? ........................................... 109

Can the ZyXEL Device support TFTP over WAN? ................................... 109

How can I upload data to outside Internet over the one-way cable? ......... 110

How fast can the data go? .......................................................................... 110

My ZyXEL Device can not get an IP address from the ISP to connect to

the Internet, what can I do? ........................................................................ 111

What is BOOTP/DHCP?............................................................................ 113

What is DDNS?.......................................................................................... 113

When do I need DDNS service? ................................................................ 114

What DDNS servers does the ZyXEL Device support? ............................ 114

What is DDNS wildcard? ........................................................................... 114

Does the ZyXEL Device support DDNS wildcard? .................................. 114

Can the ZyXEL Device SUA handle IPsec packets sent by the VPN

gateway behind ZyXEL Device? ............................................................... 114

How do I setup my ZyXEL Device for routing IPsec packets over SUA? 114

VoIP FAQ ........................................................................................................... 115

What is Voice over IP? .............................................................................. 115

How does Voice over IP work? ................................................................. 115

Why use VoIP? .......................................................................................... 115

What is the relationship between codec and VoIP? ................................... 115

What advantage does Voice over IP can provide? ..................................... 116

What is the difference between H.323 and SIP? ........................................ 116

Can H.323 and SIP interoperate with one another? ................................... 116

What is voice quality? ................................................................................ 116

How are voice quality normally rated? ...................................................... 116

What is codec? ........................................................................................... 116

What is the relation of codec and VoIP? ................................................... 117

What codec does the ZyXEL Device support? .......................................... 117

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

5

Which codec should I choose? ................................................................... 117

What do I need in order to use SIP? .......................................................... 117

Unable to register with the SIP server?...................................................... 117

I can register but can not establish a call? .................................................. 118

I can make a call but the voice only goes one way not in both ways? ....... 118

I can receive a call but the voice only goes one way not bothway? .......... 118

If all the about have been tried, but register still fail what should I do? .... 118

I suspect there is a hardware problem with my ZyXEL Device what should

I do? ........................................................................................................... 119

Trouble Shooting ...................................................................................................... 119

Unable to Get WAN IP from ISP ....................................................................... 119

Using Embedded Packet Trace ..........................................................................122

Debug PPPoE Connection .................................................................................137

CLI Command List .................................................................................................. 148

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

6

Application Notes

General Application Notes

Internet Connection

A typical Internet access application of the ZyXEL Device is shown below. For a small office, there are some

components needs to be checked before accessing the Internet.

 Before you begin  Setting up the Windows  Setting up the ZyXEL Device  Troubleshooting

 Before you begin

The ZyXEL Device is shipped with the following factory default:

1. IP address = 192.168.1.1, subnet mask = 255.255.255.0 (24 bits)

2. DHCP server enabled with IP pool starting from 192.168.1.33

3. Default SMT menu password = 1234

 Setting up the PC (Windows OS)

1. Ethernet connection

All PCs must have an Ethernet adapter card installed.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

7

 If you only have one PC, connect the PC's Ethernet adapter to the ZyXEL Device's LAN port with

a crossover (red one) Ethernet cable.

 If you have more than one PC, both the PC's Ethernet adapters and the ZyXEL Device's LAN port

must be connected to an external hub with straight Ethernet cable.

2. TCP/IP Installation

You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already

installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:

 In the Control Panel/Network window, click Add button.  In the Select Network Component Type windows, select Protocol and click Add.  In the Select Network Protocol windows, select Microsoft from the manufacturers, then select

TCP/IP from the Network Protocols and click OK.

3. TCP/IP Configuration

Follow these steps to configure Windows TCP/IP:

 In the Control Panel/Network window, click the TCP/IP entry to select it and click Properties

button.

 In the TCP/IP Properties window, select obtain an IP address automatically.

Note: Do not assign arbitrary IP address and subnet mask to your PCs, otherwise, you will not be able to access

the Internet.

 Click the WINS configuration tab and select Disable WINS Resolution.  Click the Gateway tab. Highlight any installed gateways and click the Remove button until there

are none listed.

 Click the DNS Configuration tab and select Disable DNS.  Click OK to save and close the TCP/IP properties window  Click OK to close the Network window. You will be prompted to insert your Windows CD or disk.

When the drivers are updated, you will be asked if you want to restart the PC. Make sure your ZyXEL Device is powered on before answering Yes to the prompt. Repeat the above steps for each Windows PC on your network.

 Setting up the ZyXEL Device

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

8

The following procedure is for the most typical usage of the ZyXEL Device where you have a single-user

account (SUA). The ZyXEL Device supports embedded web server that allows you to use Web browser to

configure it. Before configuring the router using Browser please be sure there is no Telnet or Console login.

1. Retrieve ZyXEL Device Web

Please enter the LAN IP address of the ZyXEL Device in the URL location to retrieve the web screen from the

ZyXEL Device. The default LAN IP of the ZyXEL Device is 192.168.1.1. See the example below. Note that

you can either use http://192.168.1.1 or https://192.168.1.1

2. Login first

The default password is the default SMT password, '1234'.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

9

3. Configure the ZyXEL Device for Internet access by using WIZARD SETUP

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

10

The Web screen shown below takes PPPoE as the example.

Select “Dynamic＂ if the ISP provides the IP dynamically, otherwise select “Use Fixed IP address＂ and enter the static IP given by ISP in the box following“MY WAN IP Address＂field.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

11

Setup the the ZyXEL Device as a DHCP Relay

 What is DHCP Relay?

DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2302

supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the

LAN clients. When it is configured as DHCP relay, it is responsible for forwarding the requests and responses

negotiating between the DHCP clients and the server. See figure 1.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

12

 Setup the ZyXEL Device as a DHCP Client

1. Toggle the DHCP to Relay in menu 3.2 and enter the IP address of the DHCP server in the 'Relay Server

Address' field.

Menu 3.2 - TCP/IP and DHCP Ethernet Setup

DHCP= Relay TCP/IP Setup:

Client IP Pool:

Starting Address= N/A IP Address= 192.168.1.1

Size of Client IP Pool= N/A IP Subnet Mask= 255.255.255.0

First DNS Server= N/A RIP Direction= Both

IP Address= N/A Version= RIP-1

Second DNS Server= N/A Multicast= None

IP Address= N/A Edit IP Alias= No

Third DNS Server= N/A

IP Address= N/A

DHCP Server Address= 192.168.1.2

Press ENTER to Confirm or ESC to Cancel:

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

13

Configure an Internal Server Behind SUA

 Introduction

If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even

though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the

port number. Also, since you need to specify the IP address of a server in the ZyXEL Device, a server must

have a fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered

on.

In addition to the servers for specific services, SUA supports a default server. A service request that does not

have a server explicitly designated for it is forwarded to the default server. If the default server is not defined,

the service request is simply discarded.

 Configuration

To make a server visible to the outside world, specify the port number of the service and the inside address of

the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using

the ZyXEL Device's

WAN IP

address which can be obtained from menu 24.1.

 For example (Configuring an internal Web server for outside access) :

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

14

 Port numbers for some services

Service

Port Number

FTP

21

Telnet

23

SMTP

25

DNS (Domain Name Server)

53

www-http (Web)

80

Configure a PPTP server Behind SUA

 Introduction

PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within

Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

15

In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server

such as the Windows NT Server 4.0 Remote Access Server.

Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure, optimized

multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be

encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run

correctly. Windows NT Domain Login level security is preserved even across the Internet.

Window98 PPTP Client / Internet / NT RAS Server Protocol Stack

PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a

connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system.

Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This

second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first

dial-up adapter that provides PPP support for the analog or ISDN modem.

The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by

the Dial-Up Networking 1.2 upgrade.

 Configuration

This application note explains how to establish a PPTP connection with a remote private network in the ZyXEL

Device SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server)

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

16

behind SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for ZyXEL Device to

forward to the appropriate private IP address of Windows NT server.

 Example

The following example shows how to dial to an ISP via the ZyXEL Device and then establish a tunnel to a

private network. There will be three items that you need to set up for PPTP application, these are PPTP server

(WinNT), PPTP client (Win9x) and the ZyXEL Device.

o PPTP server setup (WinNT)

 Add the VPN service from Control Panel>Network  Add an user account for PPTP logged on user  Enable RAS port  Select the network protocols from RAS such as IPX, TCP/IP NetBEUI  Set the Internet gateway to ZyXEL Device

o PPTP client setup (Win9x)

 Add one VPN connection from Dial-Up Networking by entering the correct

username & password and the IP address of the ZyXEL Device's Internet IP address for logging to NT RAS server.

 Set the Internet gateway to the router that is connecting to ISP

o ZyXEL router setup

 Before making a VPN connection from Win9x to WinNT server, you need to connect ZyXEL

router to your ISP first.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

17

 Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown

below.

When you have finished the above settings, you can ping to the remote Win9x client from

WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the

Internet. If the Internet connection between two LANs is achieved, you can place a VPN call from the

remote Win9x client.

For example:

C:\ping 203.66.113.2

When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic

through that connection. Therefore, the output below shows the default gateway of the Win9x client

after the dial-up connection has been established.

Before making a VPN connection from the Win9x client to the NT server, you need to know the exact

Internet IP address that the ISP assigns to ZyXEL router in SUA mode and enter this IP address in the

VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or SMT Menu

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

18

24.1. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can

always use this IP address for reaching the VPN server.

In the following example, the IP address '140.113.1.225' is dynamically assigned by ISP. You must

enter this IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is

established, you can start the network protocol application such as IP, IPX and NetBEUI.

About Filter & Filter Examples

How does ZyXEL filter work?

 Filter Structure

The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72

filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of

packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.

The following diagram illustrates the logic flow when executing a filter rule.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

19

 Filter Types and SUA

Conceptually, there are two categories of filter rules: device and protocol. The Generic filter rules belong to the

device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the

protocol category; they act on the IP and IPX packets.

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

20

In order to allow users to specify the local network IP address and port number in the filter rules with SUA

connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the

SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point

when the ZyXEL Device is receiving and sending the packets; i.e. the ISDN interface. So, the execution

sequence has to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow

for the packet from LAN to WAN is:

 LAN device and protocol input filter sets.  WAN protocol call and output filter sets.  If SUA is enabled, SUA converts the source IP address from 192.168.1.33 to 203.205.115.6 and

port number from 1023 to 4034.

 WAN device output and call filter sets.

The sequence of the logic flow for the packet from WAN to LAN is:

 WAN device input filter sets.  If SUA is enabled, SUA converts the destination IP address from 203.205.115.6 to 92.168.1.33 and port

number from 4034 to 1023.

 WAN protocol input filter sets.  LAN device and protocol output filter sets.

Generic and TCP/IP (and IPX) filter rules are in different filter sets. The SMT will detect and prevent the

mixing of different category rules within any filter set in Menu 21. In the following example, you will receive

an error message 'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or

IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

21

same error if you try to activate a Generic filter rule in a filter set that has already had one or more active

TCP/IP (or IPX) filter rules.

Menu 21.1.1:

Menu 21.1.1 - Generic Filter Rule

Filter #: 1,1

Filter Type= Generic Filter Rule

Active= Yes

Offset= 0

Length= 0

Mask= N/A

Value= N/A

More= No Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Menu 21.1.2:

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 0 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= N/A

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

22

More= No Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Saving to ROM. Please wait...

Protocol and device rule cannot be active together

To separate the device and protocol filter categories; two new menus, Menu 11.5 and Menu 13.1, have been

added, as well as some changes made to the Menu 3.1, Menu 11.1, and Menu 13. The new fields are shown

below.

Menu 3.1:

Menu 3.1 - General Ethernet Setup

Input Filter Sets:

protocol filters=

device filters=

Output Filter Sets:

protocol filters=

device filters=

Menu 11.1:

Menu 11.1 - Remote Node Profile

Rem Node Name= LAN Route= IP

Active= Yes Bridge= No

Encapsulation= PPP Edit PPP Options= No

Incoming: Rem IP Addr= ?

Rem Login= test Edit IP/IPX/Bridge= No

Rem Password= ********

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

23

Outgoing: Session Options:

My Login= testt Edit Filter Sets= Yes

My Password= *****

Authen= CHAP/PAP

Press ENTER to Confirm or ESC to Cancel:

Menu 11.5:

Menu 11.5 - Remote Node Filter

Input Filter Sets:

protocol filters=

device filters=

Output Filter Sets:

protocol filters=

device filters=

SMT will also prevent you from entering a protocol filter set configured in Menu 21 to the device filters field in

Menu 3.1, 11.5, or entering a device filter set to the protocol filters field. Even though SMT will prevent the

inconsistency from being entered in ZyNOS, it is unable to resolve the intermixing problems existing in the

filter sets that were configured before. Instead, when ZyNOS translates the old configuration into the new

format, it will verify the filter rules and log the inconsistencies. Please check the system log (Menu 24.3.1)

before putting your device into use.

In order to avoid operational problems later, the ZyXEL Device will disable its routing/bridging functions if

there is an inconsistency among its filter rules.

filter for blocking the web service

 Configuration

Before configuring a filter, you need to know the following information:

P2302RL-P1 Support Notes

All contents Copyright  2007 ZyXEL Communications Corporation.

24

1. The outbound packet type (protocol & port number)

2. The source IP address

Generally, the outbound packets for Web service could be as following:

a. HTTP packet, TCP (06) protocol with port number 80

b. DNS packet, TCP (06) protocol with port number 53 or

c. DNS packet, UDP (17) protocol with port number 53

For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you have to enter an IP

Address for the workstation you want to block. See the procedure for configuring this filter below.

o Create a filter set in Menu 21, e.g., set 1 o Create three filter rules in Menu 21.1.1, Menu 21.1.2, Menu 21.1.3

 Rule 1- block the HTTP packet, TCP (06) protocol with port number 80  Rule 2- block the DNS packet, TCP (06) protocol with port number 53  Rule 3- block the DNS packet, UDP (17) protocol with port number 53

o Apply the filter set in menu 4

1. Create a filter set in Menu 21

Menu 21 - Filter Set Configuration

Filter Filter

Set # Comments Set # Comments

------ ----------------- ------ -----------------

1 Web Request 7 _______________

2 _______________ 8 _______________

3 _______________ 9 _______________

4 _______________ 10 _______________

5 _______________ 11 _______________

6 _______________ 12 _______________

Enter Filter Set Number to Configure= 1

Edit Comments=

Press ENTER to Confirm or ESC to Cancel:

P2302RL-P1 Support Notes

25

2. Rule one for (a). http packet, TCP(06)/Port number 80

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 80

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

3.Rule 2 for (b).DNS request, TCP(06)/Port number 53

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

P2302RL-P1 Support Notes

26

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

4. Rule 3 for (c). DNS packet UDP(17)/Port number 53

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 17 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

5. After the three rules are completed, you will see the rule summary in Menu 21.

P2302RL-P1 Support Notes

27

Menu 21.1 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- -------------------------------------- - - -

1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D N

2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D N

3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,DP=53 N D F

6. Apply the filter set to the 'Output Protocol Filter Set' in the remote node setup .

A filter for blocking a specific client

Configuration

1. Create a filter set in Menu 21, e.g., set 1

Menu 21 - Filter Set Configuration

Filter Filter

Set # Comments Set # Comments

------ ----------------- ------ -----------------

1 Block a client 7 _______________

2 _______________ 8 _______________

3 _______________ 9 _______________

4 _______________ 10 _______________

5 _______________ 11 _______________

6 _______________ 12 _______________

Enter Filter Set Number to Configure= 0

Edit Comments=

Press ENTER to Confirm or ESC to Cancel:

P2302RL-P1 Support Notes

28

2. One rule for blocking all packets from this client

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 0 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

Source: IP Addr= 192.168.1.5

IP Mask= 255.255.255.255

Port #=

Port # Comp= None

TCP Estab= N/A

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

Key Settings:

Source IP addr................Enter the client IP in this field

IP Mask..........................here the IP mask is used to mask the bits of the IP address given in the 'Source IP

Addr=' field, for one workstation it is 255.255.255.255.

Action Matched................Set to 'Drop' to drop all the packets from this client

Action Not Matched.........Set to 'Forward' to allow the packets from other clients

3. Apply the filter set number '1' to the 'Output Protocol Filter Set' field in the remote node setup.

A filter for blocking a specific MAC address

P2302RL-P1 Support Notes

29

This configuration example shows you how to use a Generic Filter to block a specific MAC address of the

LAN.

Before you Begin

Before you configure the filter, you need to know the MAC address of the client first. The MAC address can be

provided by the NICs. If there is the LAN packet passing through the ZyXEL Device you can identify the

uninteresting MAC address from the ZyXEL Device's LAN packet trace. Please have a look at the following

example to know the trace of the LAN packets.

ras> sys trcp channel enet0 bothway

ras> sys trcp sw on

Now a client on the LAN is trying to ping Prestige………

ras> sys trcp sw off

ras> sys trcp disp

TIME: 37c060 enet0-RECV len:74 call=0

0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00

0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84

0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

TIME: 37c060 enet0-XMIT len:74 call=0

0000: [00 80 c8 4c ea 63] [00 a0 c5 01 23 45] 08 00 45 00

0010: 00 3c 00 07 00 00 fe 01 f0 ef ca 84 9b 63 ca 84

0020: 9b 5d 00 00 4d 5c 03 00 05 00 61 62 63 64 65 66

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

The detailed format of the Ethernet Version II:

+ Ethernet Version II

- Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45

(Destination MAC)

- Ethernet II Protocol Type: IP

P2302RL-P1 Support Notes

30

+ Internet Protocol

- Version (MSB 4 bits): 4

- Header length (LSB 4 bits): 5

- Service type: Precd=Routine, Delay=Normal, Thrput=Normal, Reli=Normal

- Total length: 60 (Octets)

- Fragment ID: 60172

- Flags: May be fragmented, Last fragment, Offset=0 (0x00)

- Time to live: 32 seconds/hops

- IP protocol type: ICMP (0x01)

- Checksum: 0xE3EA

- IP address 202.132.155.93 (Source IP address) ---->

202.132.155.99(Destination IP address)

- No option

+ Internet Control Message Protocol

- Type: 8 - Echo Request

- Code: 0

- Checksum: 0x455C

- Identifier: 768

- Sequence Number: 1280

- Optional Data: (32 bytes)

Configurations

From the above first trace, we know a client is trying to ping request the ZyXEL router. And from the second

trace, we know the ZyXEL router will send a reply to the client accordingly. The following sample filter will

utilize the 'Generic Filter Rule' to block the MAC address [00 80 c8 4c ea 63].

1. First, from the incoming LAN packet we know the uninteresting source MAC address starts at the 7th Octet

TIME: 37c060 enet0-RECV len:74 call=0

0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00

0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84

0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

2. We are now ready to configure the 'Generic Filter Rule' as below.

ZyXEL P-2302RL-P1 Support Notes

Specifications and Main Features

Frequently Asked Questions

User Manual