ZyXEL Communications P-2301R, P-2301RL-P1C User Manual

P-2301R/RL-P1C

VoIP Station Gateway

(With Lifeline)

Support Notes

Version 3.60

March 2007

Prestige 2301R/RL-P1C Support Notes

INDEX

Application Notes.........................................................................................................5

General Application Notes.....................................................................................5

Internet Connection........................................................................................5

Setup the ZyXEL device as a DHCP Relay.................................................10

Configure an Internal Server Behind SUA..................................................12

Configure a PPTP server Behind SUA........................................................14

About Filter & Filter Examples ...................................................................18

Using the Dynamic DNS (DDNS)...............................................................42

Network Management Using SNMP...........................................................43

Using syslog.................................................................................................50

Using IP Alias ..............................................................................................53

Using IP Multicast .......................................................................................57

Using Prestige traffic redirect......................................................................59

Using Universal Plug n Play (UPnP)...........................................................62

VoIP Application Notes........................................................................................69

Setup SIP Account.......................................................................................69

Phone port settings.......................................................................................74

Phone book Speed dial.................................................................................76

FAQ .............................................................................................................................78

ZyNOS FAQ ........................................................................................................78

What is ZyNOS?..........................................................................................78

How do I access the embedded web configurator?......................................78

What is the default LAN IP address and Password? Moreover, how do I

change it?.....................................................................................................79

How do I upload the ZyNOS firmware code via embedded web

configurator?................................................................................................79

How do I upgrade/backup the ZyNOS firmware by using FTP client

program via LAN?.......................................................................................79

How do I upload or backup ROMFILE via web configurator?...................80

How do I backup/restore configurations by using FTP client program via

LAN?............................................................................................................80

Why can't I make Telnet to Prestige from WAN?.......................................80

What should I do if I forget the system password?......................................81

What is SUA? When should I use SUA?.....................................................81

2

Prestige 2301R/RL-P1C Support Notes

What is the difference between NAT and SUA?.........................................81

How many network users can the SUA/NAT support?...............................82

What are Device filters and Protocol filters?...............................................82

Why can't I configure device filters or protocol filters?..............................82

Product FAQ ........................................................................................................82

Is the ZyXEL device an Internet Access Sharing Router?...........................82

Will the ZyXEL device work with my Internet connection?.......................83

What do I need to use the ZyXEL device?..................................................83

What is PPPoE? ...........................................................................................83

Does the ZyXEL device support PPPoE?....................................................83

How do I know I am using PPPoE?.............................................................84

Why does my provider use PPPoE?.............................................................84

Which Internet Applications can I use with the ZyXEL device?.................84

How can I configure the ZyXEL device?....................................................84

What network interface does the ZyXEL device support?..........................84

What can we do with Prestige?....................................................................84

Does Prestige support dynamic IP addressing?...........................................84

What is the difference between the internal IP and the real IP from my ISP?

......................................................................................................................85

How does e-mail work through the ZyXEL device?...................................85

What is the difference between the 'Standard' and 'RoadRunner' service?..85 Is it possible to access a server running behind SUA from the outside

Internet? If possible, how?...........................................................................86

What DHCP capability does the ZyXEL device support?...........................86

How do I used the reset button, more over what field of parameter will be

reset by reset button? ...................................................................................86

What network interface does the new Prestige series support?...................86

How does the ZyXEL device support TFTP?..............................................86

Can the ZyXEL device support TFTP over WAN?......................................86

How can I upload data to outside Internet over the one-way cable?...........87

How fast can the data go?............................................................................87

My Prestige can not get an IP address from the ISP to connect to the

Internet, what can I do?................................................................................87

What is BOOTP/DHCP?..............................................................................90

What is DDNS?............................................................................................90

When do I need DDNS service?..................................................................91

3

Prestige 2301R/RL-P1C Support Notes

What DDNS servers does the ZyXEL device support?...............................91

What is DDNS wildcard?.............................................................................91

Does the ZyXEL device support DDNS wildcard?.....................................91

Can the ZyXEL device SUA handle IPsec packets sent by the VPN

gateway behind Prestige?.............................................................................91

How do I setup my Prestige for routing IPsec packets over SUA?.............92

VoIP FAQ.............................................................................................................92

What is Voice over IP?................................................................................92

How does Voice over IP work?...................................................................92

Why use VoIP?............................................................................................92

What is the relationship between codec and VoIP?.....................................93

What advantage does Voice over IP can provide?.......................................93

What is the difference between H.323 and SIP?..........................................93

Can H.323 and SIP interoperate with one another?.....................................93

What is voice quality?..................................................................................93

How are voice quality normally rated?........................................................93

What is codec?.............................................................................................94

What is the relation of codec and VoIP? .....................................................94

What codec does Prestige support?..............................................................94

Which codec should I choose?.....................................................................94

What do I need in order to use SIP? ............................................................94

Unable to register with the SIP server?........................................................95

I can register but can not establish a call?....................................................95

I can make a call but the voice only goes one way not bothway?...............95

I can receive a call but the voice only goes one way not bothway?............95

If all the about have been tried, but register still fail what should I do?......95

I suspect there is a hardware problem with my Prestige what should I do? 96

Trouble Shooting........................................................................................................96

Unable to Get WAN IP from ISP.........................................................................96

Using Embedded Packet Trace ..........................................................................100

Debug PPPoE Connection .................................................................................115

CLI Command List..................................................................................................126

4

Prestige 2301R/RL-P1C Support Notes

Application Notes

General Application Notes

Internet Connection

A typical Internet access application of the ZyXEL device is shown below. For a small office, there are some components needs to be checked before accessing the Internet.

• Before you begin

• Setting up the Windows

• Setting up the ZyXEL device router

• Troubleshooting

• Before you begin

The ZyXEL device is shipped with the following factory default:

1. IP address = 192.168.1.1, subnet mask = 255.255.255.0 (24 bits)

2. DHCP server enabled with IP pool starting from 192.168.1.33

3. Default SMT menu password = 1234

• Setting up the PC (Windows OS)

1. Ethernet connection

All PCs must have an Ethernet adapter card installed.

5

Prestige 2301R/RL-P1C Support Notes

• If you only have one PC, connect the PC's Ethernet adapter to the ZyXEL device's LAN port with

a crossover (red one) Ethernet cable.

• If you have more than one PC, both the PC's Ethernet adapters and the ZyXEL device's LAN port

must be connected to an external hub with straight Ethernet cable.

2. TCP/IP Installation

You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:

• In the Control Panel/Network window, click Add button.

• In the Select Network Component Type windows, select Protocol and click Add.

• In the Select Network Protocol windows, select Microsoft from the manufacturers, then select

TCP/IP from the Network Protocols and click OK.

3. TCP/IP Configuration

Follow these steps to configure Windows TCP/IP:

• In the Control Panel/Network window, click the TCP/IP entry to select it and click Properties

button.

• In the TCP/IP Properties window, select obtain an IP address automatically.

Note: Do not assign arbitrary IP address and subnet mask to your PCs, otherwise, you will not be able to access the Internet.

• Click the WINS configuration tab and select Disable WINS Resolution.

• Click the Gateway tab. Highlight any installed gateways and click the Remove button until there

are none listed.

• Click the DNS Configuration tab and select Disable DNS.

• Click OK to save and close the TCP/IP properties window

• Click OK to close the Network window. You will be prompted to insert your Windows CD or disk.

When the drivers are updated, you will be asked if you want to restart the PC. Make sure your Prestige is powered on before answering Yes to the prompt. Repeat the above steps for each Windows PC on your network.

• Setting up the ZyXEL router

6

Prestige 2301R/RL-P1C Support Notes

The following procedure is for the most typical usage of the ZyXEL device where you have a single-user account (SUA). The ZyXEL device supports embedded web server that allows you to use Web browser to configure it. Before configuring the router using Browser please be sure there is no Telnet or Console login.

1. Retrieve Prestige Web

Please enter the LAN IP address of the ZyXEL router in the URL location to retrieve the web screen from the ZyXEL device. The default LAN IP of the ZyXEL device is 192.168.1.1. See the example below. Note that you can either use http://192.168.1.1 or https://192.168.1.1

2. Login first

The default password is same as the default SMT password '1234'.

7

Prestige 2301R/RL-P1C Support Notes

3. Configures Internet access by using WIZARD SETUP

8

Prestige 2301R/RL-P1C Support Notes

The Web screen shown below takes PPPoE as the example.

9

Prestige 2301R/RL-P1C Support Notes

Select “Dynamic＂ if the ISP provides the IP dynamically, otherwise select “Use Fixed IP address＂ and enter the static IP given by ISP in the box following“MY WAN IP Address＂field.

Setup the ZyXEL device as a DHCP Relay

• What is DHCP Relay?

DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2602 supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the

10

Prestige 2301R/RL-P1C Support Notes

LAN clients. When it is configured as DHCP relay, it is reponsable for forwarding the requests and responses negotiating between the DHCP clients and the server. See figure 1.

• Setup the ZyXEL device as a DHCP Client

1. Toggle the DHCP to Relay in menu 3.2 and enter the IP address of the DHCP server in the 'Relay Server Address' field.

Menu 3.2 - TCP/IP and DHCP Ethernet Setup

DHCP= Relay TCP/IP Setup:

Client IP Pool:

Starting Address= N/A IP Address= 192.168.1.1

Size of Client IP Pool= N/A IP Subnet Mask= 255.255.255.0

First DNS Server= N/A RIP Direction= Both

IP Address= N/A Version= RIP-1

Second DNS Server= N/A Multicast= None

IP Address= N/A Edit IP Alias= No

Third DNS Server= N/A

IP Address= N/A

DHCP Server Address= 192.168.1.2

11

Prestige 2301R/RL-P1C Support Notes

Press ENTER to Confirm or ESC to Cancel:

Configure an Internal Server Behind SUA

• Introduction

If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the port number. Also, since you need to specify the IP address of a server in the ZyXEL device, a server must have a fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered on.

In addition to the servers for specific services, SUA supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default server is not defined, the service request is simply discarded.

• Configuration

To make a server visible to the outside world, specify the port number of the service and the inside address of the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using the ZyXEL device's

WAN IP

address which can be obtained from menu 24.1.

12

Prestige 2301R/RL-P1C Support Notes

• For example (Configuring an internal Web server for outside access) :

• Port numbers for some services

Service Port Number

FTP 21

Telnet 23

SMTP 25

DNS (Domain Name Server) 53

www-http (Web) 80

13

Prestige 2301R/RL-P1C Support Notes

Configure a PPTP server Behind SUA

• Introduction

PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.

In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4.0 Remote Access Server.

Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure,optimized multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run correctly. Windows NT Domain Login level security is preserved even across the Internet.

Window98 PPTP Client / Internet / NT RAS Server Protocol Stack

PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system. Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial-up adapter that provides PPP support for the analog or ISDN modem.

14

Prestige 2301R/RL-P1C Support Notes

The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by the Dial-Up Networking 1.2 upgrade.

• Configuration

This application note explains how to establish a PPTP connection with a remote private network in the ZyXEL device SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for Prestige to forward to the appropriate private IP address of Windows NT server.

• Example

The following example shows how to dial to an ISP via the ZyXEL device and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the ZyXEL device.

o PPTP server setup (WinNT)

 Add the VPN service from Control Panel>Network  Add an user account for PPTP logged on user  Enable RAS port  Select the network protocols from RAS such as IPX, TCP/IP NetBEUI  Set the Internet gateway to Prestige

o PPTP client setup (Win9x)

15

Prestige 2301R/RL-P1C Support Notes

 Add one VPN connection from Dial-Up Networking by entering the correct

username & password and the IP address of the ZyXEL device's Internet IP address for logging to NT RAS server.

 Set the Internet gateway to the router that is connecting to ISP

o Prestige router setup

• Before making a VPN connection from Win9x to WinNT server, you need to connect Prestige

router to your ISP first.

• Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown

below.

When you have finished the above settings, you can ping to the remote Win9x client from WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achieve, you can place a VPN call from the remote Win9x client.

For example:

16

Prestige 2301R/RL-P1C Support Notes

C:\ping 203.66.113.2

When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic through that connection. Therefore, the output below shows the default gateway of the Win9x client after the dial-up connection has been established.

Before making a VPN connection from the Win9x client to the NT server, you need to know the exact Internet IP address that the ISP assigns to Prestige router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or SMT Menu

24.1. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can always use this IP address for reaching the VPN server.

In the following example, the IP address '140.113.1.225' is dynamically assigned by ISP. You must enter this IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is established, you can start the network protocol application such as IP, IPX and NetBEUI.

17

Prestige 2301R/RL-P1C Support Notes

About Filter & Filter Examples

How does ZyXEL filter work?

• Filter Structure

The ZyXEL device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. The following diagram illustrates the logic flow when executing a filter rule.

18

Prestige 2301R/RL-P1C Support Notes

• Filter Types and SUA

Conceptually, there are two categories of filter rules: device and protocol. The Generic filter rules belong to the

19

Prestige 2301R/RL-P1C Support Notes

device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the protocol category; they act on the IP and IPX packets.

In order to allow users to specify the local network IP address and port number in the filter rules with SUA connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point when the ZyXEL device is receiving and sending the packets; i.e. the ISDN interface. So, the execution sequence has to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow for the packet from LAN to WAN is:

• LAN device and protocol input filter sets.

• WAN protocol call and output filter sets.

• If SUA is enabled, SUA converts the source IP address from 192.168.1.33 to 203.205.115.6 and

port number from 1023 to 4034.

• WAN device output and call filter sets.

The sequence of the logic flow for the packet from WAN to LAN is:

• WAN device input filter sets.

• If SUA is enabled, SUA converts the destination IP address from 203.205.115.6 to 92.168.1.33 and port

number from 4034 to 1023.

• WAN protocol input filter sets.

• LAN device and protocol output filter sets.

20

Prestige 2301R/RL-P1C Support Notes

Generic and TCP/IP (and IPX) filter rules are in different filter sets. The SMT will detect and prevent the

mixing of different category rules within any filter set in Menu 21. In the following example, you will receive an error message 'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the same error if you try to activate a Generic filter rule in a filter set that has already had one or more active TCP/IP (or IPX) filter rules.

Menu 21.1.1:

Menu 21.1.1 - Generic Filter Rule

Filter #: 1,1

Filter Type= Generic Filter Rule

Active= Yes

Offset= 0

Length= 0

Mask= N/A

Value= N/A

More= No Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Menu 21.1.2:

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 0 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

21

Prestige 2301R/RL-P1C Support Notes

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= N/A

More= No Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Saving to ROM. Please wait...

Protocol and device rule cannot be active together

To separate the device and protocol filter categories; two new menus, Menu 11.5 and Menu 13.1, have been added, as well as some changes made to the Menu 3.1, Menu 11.1, and Menu 13. The new fields are shown below.

Menu 3.1:

Menu 3.1 - General Ethernet Setup

Input Filter Sets:

protocol filters=

device filters=

Output Filter Sets:

protocol filters=

device filters=

Menu 11.1:

Menu 11.1 - Remote Node Profile

Rem Node Name= LAN Route= IP

22

Menu 11.5:

Prestige 2301R/RL-P1C Support Notes

Active= Yes Bridge= No

Encapsulation= PPP Edit PPP Options= No

Incoming: Rem IP Addr= ?

Rem Login= test Edit IP/IPX/Bridge= No

Rem Password= ********

Outgoing: Session Options:

My Login= testt Edit Filter Sets= Yes

My Password= *****

Authen= CHAP/PAP

Press ENTER to Confirm or ESC to Cancel:

Menu 11.5 - Remote Node Filter

Input Filter Sets:

protocol filters=

device filters=

Output Filter Sets:

protocol filters=

device filters=

SMT will also prevent you from entering a protocol filter set configured in Menu 21 to the device filters field in Menu 3.1, 11.5, or entering a device filter set to the protocol filters field. Even though SMT will prevent the inconsistency from being entered in ZyNOS, it is unable to resolve the intermixing problems existing in the filter sets that were configured before. Instead, when ZyNOS translates the old configuration into the new format, it will verify the filter rules and log the inconsistencies. Please check the system log (Menu 24.3.1) before putting your device into use.

In order to avoid operational problems later, the ZyXEL device will disable its routing/bridging functions if there is an inconsistency among its filter rules.

23

Prestige 2301R/RL-P1C Support Notes

Filter for blocking the web service

• Configuration

Before configuring a filter, you need to know the following information:

1. The outbound packet type (protocol & port number)

2. The source IP address

Generally, the outbound packets for Web service could be as following:

a. HTTP packet, TCP (06) protocol with port number 80 b. DNS packet, TCP (06) protocol with port number 53 or c. DNS packet, UDP (17) protocol with port number 53

For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you have to enter an IP Address for the workstation you want to block. See the procedure for configuring this filter below.

o Create a filter set in Menu 21, e.g., set 1 o Create three filter rules in Menu 21.1.1, Menu 21.1.2, Menu 21.1.3

 Rule 1- block the HTTP packet, TCP (06) protocol with port number 80  Rule 2- block the DNS packet, TCP (06) protocol with port number 53  Rule 3- block the DNS packet, UDP (17) protocol with port number 53

o Apply the filter set in menu 4

1. Create a filter set in Menu 21

Menu 21 - Filter Set Configuration

Filter Filter

Set # Comments Set # Comments

------ ----------------- ------ -----------------

1 Web Request 7 _______________

2 _______________ 8 _______________

3 _______________ 9 _______________

4 _______________ 10 _______________

5 _______________ 11 _______________

24

Prestige 2301R/RL-P1C Support Notes

6 _______________ 12 _______________

Enter Filter Set Number to Configure= 1

Edit Comments=

Press ENTER to Confirm or ESC to Cancel:

2. Rule one for (a). http packet, TCP(06)/Port number 80

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 80

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

3.Rule 2 for (b).DNS request, TCP(06)/Port number 53

25

Prestige 2301R/RL-P1C Support Notes

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

4. Rule 3 for (c). DNS packet UDP(17)/Port number 53

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 17 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

26

Prestige 2301R/RL-P1C Support Notes

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

5. After the three rules are completed, you will see the rule summary in Menu 21.

Menu 21.1 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- -------------------------------------- - - -

1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D N

2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D N

3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,DP=53 N D F

6. Apply the filter set to the 'Output Protocol Filter Set' in the remote node setup .

A filter for blocking a specific client

Configuration

1. Create a filter set in Menu 21, e.g., set 1

Menu 21 - Filter Set Configuration

Filter Filter

27

Prestige 2301R/RL-P1C Support Notes

Set # Comments Set # Comments

------ ----------------- ------ -----------------

1 Block a client 7 _______________

2 _______________ 8 _______________

3 _______________ 9 _______________

4 _______________ 10 _______________

5 _______________ 11 _______________

6 _______________ 12 _______________

Enter Filter Set Number to Configure= 0

Edit Comments=

Press ENTER to Confirm or ESC to Cancel:

2. One rule for blocking all packets from this client

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 0 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

Source: IP Addr= 192.168.1.5

IP Mask= 255.255.255.255

Port #=

Port # Comp= None

TCP Estab= N/A

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

28

Prestige 2301R/RL-P1C Support Notes

Key Settings:

Source IP addr................Enter the client IP in this field

IP Mask..........................here the IP mask is used to mask the bits of the IP address given in the 'Source IP

Addr=' field, for one workstation it is 255.255.255.255.

Action Matched................Set to 'Drop' to drop all the packets from this client

Action Not Matched.........Set to 'Forward' to allow the packets from other clients

3. Apply the filter set number '1' to the 'Output Protocol Filter Set' field in the remote node setup.

A filter for blocking a specific MAC address

This configuration example shows you how to use a Generic Filter to block a specific MAC address of the LAN.

Before you Begin

Before you configure the filter, you need to know the MAC address of the client first. The MAC address can be provided by the NICs. If there is the LAN packet passing through the ZyXEL device you can identify the uninteresting MAC address from the ZyXEL device's LAN packet trace. Please have a look at the following example to know the trace of the LAN packets.

ras> sys trcp channel enet0 bothway

ras> sys trcp sw on

Now a client on the LAN is trying to ping Prestige………

ras> sys trcp sw off

ras> sys trcp disp

TIME: 37c060 enet0-RECV len:74 call=0

0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00

0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84

0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66

29

Prestige 2301R/RL-P1C Support Notes

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

TIME: 37c060 enet0-XMIT len:74 call=0

0000: [00 80 c8 4c ea 63] [00 a0 c5 01 23 45] 08 00 45 00

0010: 00 3c 00 07 00 00 fe 01 f0 ef ca 84 9b 63 ca 84

0020: 9b 5d 00 00 4d 5c 03 00 05 00 61 62 63 64 65 66

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

The detailed format of the Ethernet Version II:

+ Ethernet Version II

- Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45

(Destination MAC)

- Ethernet II Protocol Type: IP

+ Internet Protocol

- Version (MSB 4 bits): 4

- Header length (LSB 4 bits): 5

- Service type: Precd=Routine, Delay=Normal, Thrput=Normal, Reli=Normal

- Total length: 60 (Octets)

- Fragment ID: 60172

- Flags: May be fragmented, Last fragment, Offset=0 (0x00)

- Time to live: 32 seconds/hops

- IP protocol type: ICMP (0x01)

- Checksum: 0xE3EA

- IP address 202.132.155.93 (Source IP address) ---->

202.132.155.99(Destination IP address)

- No option

+ Internet Control Message Protocol

- Type: 8 - Echo Request

- Code: 0

- Checksum: 0x455C

- Identifier: 768

30