ZyXEL Communications P-2302R-P1C User Manual
P-2302R-P1C
VoIP Station Gateway
Support Notes
Version 3.60
Oct. 2007
P2302R-P1C Support Notes
2
INDEX
Application Notes ......................................................................................................... 6
General Application Notes .....................................................................................6
Internet Connection ........................................................................................ 6
Setup the the ZyXEL Device as a DHCP Relay .......................................... 11
Configure an Internal Server Behind SUA .................................................. 13
Configure a PPTP server Behind SUA ........................................................ 14
About Filter & Filter Examples ................................................................... 18
Using the Dynamic DNS (DDNS) ............................................................... 41
Network Management Using SNMP ........................................................... 42
Using SysLog ............................................................................................... 49
Using IP Alias .............................................................................................. 52
Using IP Multicast ....................................................................................... 56
Using Traffic Redirect Feature ..................................................................... 58
Using Universal Plug n Play (UPnP) ........................................................... 61
VoIP Application Notes ........................................................................................67
Setup SIP Account ....................................................................................... 67
Advanced voice settings configuration ........................................................ 71
Voice QoS .................................................................................................... 77
Phone port settings ....................................................................................... 78
Common Phone ............................................................................................ 79
Country Code ............................................................................................... 80
Call Forwarding ........................................................................................... 81
Call Hold ...................................................................................................... 84
Call Waiting ................................................................................................. 85
Three Way Conference ................................................................................ 86
Call Transfer ................................................................................................ 88
Internal Call ................................................................................................. 91
MWI ............................................................................................................. 91
Music on hold .............................................................................................. 92
Early Media .................................................................................................. 93
Call Park / Call Pickup ................................................................................. 94
Phone book Speed dial ................................................................................. 96
FAQ ............................................................................................................................. 99
ZyNOS FAQ ........................................................................................................99
What is ZyNOS? .......................................................................................... 99
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
3
How do I access the embedded web configurator? ...................................... 99
What is the default LAN IP address and Password? Moreover, how do I
change it? ..................................................................................................... 99
How do I upload the ZyNOS firmware code via embedded web
configurator? .............................................................................................. 100
How do I upgrade/backup the ZyNOS firmware by using FTP client
program via LAN? ..................................................................................... 100
How do I upload or backup ROMFILE via web configurator? ................. 100
How do I backup/restore configurations by using FTP client program via
LAN?.......................................................................................................... 101
Why can't I make Telnet to The ZyXEL Device from WAN? .................. 101
What should I do if I forget the system password? .................................... 101
What is SUA? When should I use SUA? ................................................... 102
What is the difference between NAT and SUA? ....................................... 102
How many network users can the SUA/NAT support? ............................. 102
What are Device filters and Protocol filters? ............................................. 103
Why can't I configure device filters or protocol filters? ............................ 103
Product FAQ ......................................................................................................103
What is the ZyXEL Device Internet Access Sharing Router? ................... 103
Will the ZyXEL Device work with my Internet connection? .................... 103
What do I need to use the ZyXEL Device? ............................................... 104
What is PPPoE? ......................................................................................... 104
Does the ZyXEL Device support PPPoE? ................................................. 104
How do I know I am using PPPoE? ........................................................... 104
Why does my provider use PPPoE?........................................................... 104
Which Internet Applications can I use with the ZyXEL Device? .............. 104
How can I configure the ZyXEL Device? ................................................. 105
What network interface does the ZyXEL Device support? ....................... 105
What can we do with the ZyXEL Device? ................................................ 105
Does the ZyXEL Device support dynamic IP addressing? ........................ 105
What is the difference between the internal IP and the real IP from my ISP?
.................................................................................................................... 105
How does e-mail work through the ZyXEL Device? ................................ 105
What is the difference between the 'Standard' and 'RoadRunner' service? 106
Is it possible to access a server running behind SUA from the outside
Internet? If possible, how? ......................................................................... 106
What DHCP capability does the ZyXEL Device support? ........................ 106
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
4
How do I used the reset button, more over what field of parameter will be
reset by reset button? ................................................................................. 106
What network interface does the new ZyXEL Device support? ................ 106
How does the ZyXEL Device support TFTP? ........................................... 107
Can the ZyXEL Device support TFTP over WAN? ................................... 107
How can I upload data to outside Internet over the one-way cable? ......... 107
How fast can the data go? .......................................................................... 107
My ZyXEL Device can not get an IP address from the ISP to connect to
the Internet, what can I do? ........................................................................ 108
What is BOOTP/DHCP?............................................................................ 110
What is DDNS?.......................................................................................... 110
When do I need DDNS service? ................................................................ 111
What DDNS servers does the ZyXEL Device support? ............................ 111
What is DDNS wildcard? ........................................................................... 111
Does the ZyXEL Device support DDNS wildcard? .................................. 111
Can the ZyXEL Device SUA handle IPsec packets sent by the VPN
gateway behind ZyXEL Device? ............................................................... 111
How do I setup my ZyXEL Device for routing IPsec packets over SUA? 112
VoIP FAQ ........................................................................................................... 112
What is Voice over IP? .............................................................................. 112
How does Voice over IP work? ................................................................. 112
Why use VoIP? .......................................................................................... 112
What is the relationship between codec and VoIP? ................................... 113
What advantage does Voice over IP can provide? ..................................... 113
What is the difference between H.323 and SIP? ........................................ 113
Can H.323 and SIP interoperate with one another? ................................... 113
What is voice quality? ................................................................................ 113
How are voice quality normally rated? ...................................................... 113
What is codec? ........................................................................................... 114
What is the relation of codec and VoIP? ................................................... 114
What codec does the ZyXEL Device support? .......................................... 114
Which codec should I choose? ................................................................... 114
What do I need in order to use SIP? .......................................................... 114
Unable to register with the SIP server?...................................................... 115
I can register but can not establish a call? .................................................. 115
I can make a call but the voice only goes one way not in both ways? ....... 115
I can receive a call but the voice only goes one way not bothway? .......... 115
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
5
If all the about have been tried, but register still fail what should I do? .... 115
I suspect there is a hardware problem with my ZyXEL Device what should
I do? ........................................................................................................... 116
Trouble Shooting ...................................................................................................... 116
Unable to Get WAN IP from ISP ....................................................................... 116
Using Embedded Packet Trace .......................................................................... 119
Debug PPPoE Connection .................................................................................134
CLI Command List .................................................................................................. 145
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
6
Application Notes
General Application Notes
Internet Connection
A typical Internet access application of the ZyXEL Device is shown below. For a small office, there are some
components needs to be checked before accessing the Internet.
Before you begin
Setting up the Windows
Setting up the ZyXEL Device
Troubleshooting
Before you begin
The ZyXEL Device is shipped with the following factory default:
1. IP address = 192.168.1.1, subnet mask = 255.255.255.0 (24 bits)
2. DHCP server enabled with IP pool starting from 192.168.1.33
3. Default SMT menu password = 1234
Setting up the PC (Windows OS)
1. Ethernet connection
All PCs must have an Ethernet adapter card installed.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
7
If you only have one PC, connect the PC's Ethernet adapter to the ZyXEL Device's LAN port with
a crossover (red one) Ethernet cable.
If you have more than one PC, both the PC's Ethernet adapters and the ZyXEL Device's LAN port
must be connected to an external hub with straight Ethernet cable.
2. TCP/IP Installation
You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already
installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:
In the Control Panel/Network window, click Add button.
In the Select Network Component Type windows, select Protocol and click Add.
In the Select Network Protocol windows, select Microsoft from the manufacturers, then select
TCP/IP from the Network Protocols and click OK.
3. TCP/IP Configuration
Follow these steps to configure Windows TCP/IP:
In the Control Panel/Network window, click the TCP/IP entry to select it and click Properties
button.
In the TCP/IP Properties window, select obtain an IP address automatically.
Note: Do not assign arbitrary IP address and subnet mask to your PCs, otherwise, you will not be able to access
the Internet.
Click the WINS configuration tab and select Disable WINS Resolution.
Click the Gateway tab. Highlight any installed gateways and click the Remove button until there
are none listed.
Click the DNS Configuration tab and select Disable DNS.
Click OK to save and close the TCP/IP properties window
Click OK to close the Network window. You will be prompted to insert your Windows CD or disk.
When the drivers are updated, you will be asked if you want to restart the PC. Make sure your
ZyXEL Device is powered on before answering Yes to the prompt. Repeat the above steps for
each Windows PC on your network.
Setting up the ZyXEL Device
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
8
The following procedure is for the most typical usage of the ZyXEL Device where you have a single-user
account (SUA). The ZyXEL Device supports embedded web server that allows you to use Web browser to
configure it. Before configuring the router using Browser please be sure there is no Telnet or Console login.
1. Retrieve ZyXEL Device Web
Please enter the LAN IP address of the ZyXEL Device in the URL location to retrieve the web screen from the
ZyXEL Device. The default LAN IP of the ZyXEL Device is 192.168.1.1. See the example below. Note that
you can either use http://192.168.1.1 or https://192.168.1.1
2. Login first
The default password is the default SMT password, '1234'.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
9
3. Configure the ZyXEL Device for Internet access by using WIZARD SETUP
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
10
The Web screen shown below takes PPPoE as the example.
Select “Dynamic" if the ISP provides the IP dynamically, otherwise select “Use Fixed IP address" and
enter the static IP given by ISP in the box following“MY WAN IP Address"field.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
11
Setup the the ZyXEL Device as a DHCP Relay
What is DHCP Relay?
DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2302
supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the
LAN clients. When it is configured as DHCP relay, it is responsible for forwarding the requests and responses
negotiating between the DHCP clients and the server. See figure 1.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
12
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP= Relay TCP/IP Setup:
Client IP Pool:
Starting Address= N/A IP Address= 192.168.1.1
Size of Client IP Pool= N/A IP Subnet Mask= 255.255.255.0
First DNS Server= N/A RIP Direction= Both
IP Address= N/A Version= RIP-1
Second DNS Server= N/A Multicast= None
IP Address= N/A Edit IP Alias= No
Third DNS Server= N/A
IP Address= N/A
DHCP Server Address= 192.168.1.2
Press ENTER to Confirm or ESC to Cancel:
Setup the ZyXEL Device as a DHCP Client
1. Toggle the DHCP to Relay in menu 3.2 and enter the IP address of the DHCP server in the 'Relay Server
Address' field.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
13
Configure an Internal Server Behind SUA
Introduction
If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even
though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the
port number. Also, since you need to specify the IP address of a server in the ZyXEL Device, a server must
have a fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered
on.
In addition to the servers for specific services, SUA supports a default server. A service request that does not
have a server explicitly designated for it is forwarded to the default server. If the default server is not defined,
the service request is simply discarded.
Configuration
To make a server visible to the outside world, specify the port number of the service and the inside address of
the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using
the ZyXEL Device's
For example (Configuring an internal Web server for outside access) :
WAN IP
All contents Copyright 2007 ZyXEL Communications Corporation.
address which can be obtained from menu 24.1.
P2302R-P1C Support Notes
14
Service
Port Number
FTP
21
Telnet
23
SMTP
25
DNS (Domain Name Server)
53
www-http (Web)
80
Port numbers for some services
Configure a PPTP server Behind SUA
Introduction
PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within
Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
15
In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server
such as the Windows NT Server 4.0 Remote Access Server.
Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure, optimized
multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be
encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run
correctly. Windows NT Domain Login level security is preserved even across the Internet.
Window98 PPTP Client / Internet / NT RAS Server Protocol Stack
PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a
connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system.
Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This
second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first
dial-up adapter that provides PPP support for the analog or ISDN modem.
The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by
the Dial-Up Networking 1.2 upgrade.
Configuration
This application note explains how to establish a PPTP connection with a remote private network in the ZyXEL
Device SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server)
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
16
behind SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for ZyXEL Device to
forward to the appropriate private IP address of Windows NT server.
Example
The following example shows how to dial to an ISP via the ZyXEL Device and then establish a tunnel to a
private network. There will be three items that you need to set up for PPTP application, these are PPTP server
(WinNT), PPTP client (Win9x) and the ZyXEL Device.
o PPTP server setup (WinNT)
Add the VPN service from Control Panel>Network
Add an user account for PPTP logged on user
Enable RAS port
Select the network protocols from RAS such as IPX, TCP/IP NetBEUI
Set the Internet gateway to ZyXEL Device
o PPTP client setup (Win9x)
Add one VPN connection from Dial-Up Networking by entering the correct
username & password and the IP address of the ZyXEL Device's Internet IP
address for logging to NT RAS server.
Set the Internet gateway to the router that is connecting to ISP
o ZyXEL router setup
Before making a VPN connection from Win9x to WinNT server, you need to connect ZyXEL
router to your ISP first.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
17
Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown
below.
When you have finished the above settings, you can ping to the remote Win9x client from
WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the
Internet. If the Internet connection between two LANs is achieved, you can place a VPN call from the
remote Win9x client.
For example:
C:\ping 203.66.113.2
When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic
through that connection. Therefore, the output below shows the default gateway of the Win9x client
after the dial-up connection has been established.
Before making a VPN connection from the Win9x client to the NT server, you need to know the exact
Internet IP address that the ISP assigns to ZyXEL router in SUA mode and enter this IP address in the
VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or SMT Menu
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
18
24.1. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can
always use this IP address for reaching the VPN server.
In the following example, the IP address '140.113.1.225' is dynamically assigned by ISP. You must
enter this IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is
established, you can start the network protocol application such as IP, IPX and NetBEUI.
About Filter & Filter Examples
How does ZyXEL filter work?
Filter Structure
The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72
filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of
packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
The following diagram illustrates the logic flow when executing a filter rule.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
19
Filter Types and SUA
Conceptually, there are two categories of filter rules: device and protocol. The Generic filter rules belong to the
device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the
protocol category; they act on the IP and IPX packets.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
20
In order to allow users to specify the local network IP address and port number in the filter rules with SUA
connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the
SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point
when the ZyXEL Device is receiving and sending the packets; i.e. the ISDN interface. So, the execution
sequence has to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow
for the packet from LAN to WAN is:
LAN device and protocol input filter sets.
WAN protocol call and output filter sets.
If SUA is enabled, SUA converts the source IP address from 192.168.1.33 to 203.205.115.6 and
port number from 1023 to 4034.
WAN device output and call filter sets.
The sequence of the logic flow for the packet from WAN to LAN is:
WAN device input filter sets.
If SUA is enabled, SUA converts the destination IP address from 203.205.115.6 to 92.168.1.33 and port
number from 4034 to 1023.
WAN protocol input filter sets.
LAN device and protocol output filter sets.
Generic and TCP/IP (and IPX) filter rules are in different filter sets. The SMT will detect and prevent the
mixing of different category rules within any filter set in Menu 21. In the following example, you will receive
an error message 'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or
IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
21
Menu 21.1.1 - Generic Filter Rule
Filter #: 1,1
Filter Type= Generic Filter Rule
Active= Yes
Offset= 0
Length= 0
Mask= N/A
Value= N/A
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 0 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= N/A
same error if you try to activate a Generic filter rule in a filter set that has already had one or more active
TCP/IP (or IPX) filter rules.
Menu 21.1.1:
Menu 21.1.2:
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
22
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Saving to ROM. Please wait...
Protocol and device rule cannot be active together
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Menu 11.1 - Remote Node Profile
Rem Node Name= LAN Route= IP
Active= Yes Bridge= No
Encapsulation= PPP Edit PPP Options= No
Incoming: Rem IP Addr= ?
Rem Login= test Edit IP/IPX/Bridge= No
Rem Password= ********
To separate the device and protocol filter categories; two new menus, Menu 11.5 and Menu 13.1, have been
added, as well as some changes made to the Menu 3.1, Menu 11.1, and Menu 13. The new fields are shown
below.
Menu 3.1:
Menu 11.1:
All contents Copyright 2007 ZyXEL Communications Corporation.
23
Outgoing: Session Options:
My Login= testt Edit Filter Sets= Yes
My Password= *****
Authen= CHAP/PAP
Press ENTER to Confirm or ESC to Cancel:
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Menu 11.5:
P2302R-P1C Support Notes
SMT will also prevent you from entering a protocol filter set configured in Menu 21 to the device filters field in
Menu 3.1, 11.5, or entering a device filter set to the protocol filters field. Even though SMT will prevent the
inconsistency from being entered in ZyNOS, it is unable to resolve the intermixing problems existing in the
filter sets that were configured before. Instead, when ZyNOS translates the old configuration into the new
format, it will verify the filter rules and log the inconsistencies. Please check the system log (Menu 24.3.1)
before putting your device into use.
In order to avoid operational problems later, the ZyXEL Device will disable its routing/bridging functions if
there is an inconsistency among its filter rules.
filter for blocking the web service
Configuration
Before configuring a filter, you need to know the following information:
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
24
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
------ ----------------- ------ -----------------
1 Web Request 7 _______________
2 _______________ 8 _______________
3 _______________ 9 _______________
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Filter Set Number to Configure= 1
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
1. The outbound packet type (protocol & port number)
2. The source IP address
Generally, the outbound packets for Web service could be as following:
a. HTTP packet, TCP (06) protocol with port number 80
b. DNS packet, TCP (06) protocol with port number 53 or
c. DNS packet, UDP (17) protocol with port number 53
For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you have to enter an IP
Address for the workstation you want to block. See the procedure for configuring this filter below.
o Create a filter set in Menu 21, e.g., set 1
o Create three filter rules in Menu 21.1.1, Menu 21.1.2, Menu 21.1.3
Rule 1- block the HTTP packet, TCP (06) protocol with port number 80
Rule 2- block the DNS packet, TCP (06) protocol with port number 53
Rule 3- block the DNS packet, UDP (17) protocol with port number 53
o Apply the filter set in menu 4
1. Create a filter set in Menu 21
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
25
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 80
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
2. Rule one for (a). http packet, TCP(06)/Port number 80
3.Rule 2 for (b).DNS request, TCP(06)/Port number 53
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
26
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
4. Rule 3 for (c). DNS packet UDP(17)/Port number 53
5. After the three rules are completed, you will see the rule summary in Menu 21.
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
27
Menu 21.1 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------- - - -
1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D N
3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,DP=53 N D F
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
------ ----------------- ------ -----------------
1 Block a client 7 _______________
2 _______________ 8 _______________
3 _______________ 9 _______________
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Filter Set Number to Configure= 0
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
6. Apply the filter set to the 'Output Protocol Filter Set' in the remote node setup .
A filter for blocking a specific client
Configuration
1. Create a filter set in Menu 21, e.g., set 1
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
28
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 0 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
Source: IP Addr= 192.168.1.5
IP Mask= 255.255.255.255
Port #=
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
2. One rule for blocking all packets from this client
Key Settings:
Source IP addr................Enter the client IP in this field
IP Mask..........................here the IP mask is used to mask the bits of the IP address given in the 'Source IP
Addr=' field, for one workstation it is 255.255.255.255.
Action Matched................Set to 'Drop' to drop all the packets from this client
Action Not Matched.........Set to 'Forward' to allow the packets from other clients
3. Apply the filter set number '1' to the 'Output Protocol Filter Set' field in the remote node setup.
A filter for blocking a specific MAC address
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
29
ras> sys trcp channel enet0 bothway
ras> sys trcp sw on
Now a client on the LAN is trying to ping Prestige………
ras> sys trcp sw off
ras> sys trcp disp
TIME: 37c060 enet0-RECV len:74 call=0
0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00
0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84
0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66
0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76
0040: 77 61 62 63 64 65 66 67 68 69
TIME: 37c060 enet0-XMIT len:74 call=0
0000: [00 80 c8 4c ea 63] [00 a0 c5 01 23 45] 08 00 45 00
0010: 00 3c 00 07 00 00 fe 01 f0 ef ca 84 9b 63 ca 84
0020: 9b 5d 00 00 4d 5c 03 00 05 00 61 62 63 64 65 66
0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76
0040: 77 61 62 63 64 65 66 67 68 69
+ Ethernet Version II
- Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45
(Destination MAC)
- Ethernet II Protocol Type: IP
This configuration example shows you how to use a Generic Filter to block a specific MAC address of the
LAN.
Before you Begin
Before you configure the filter, you need to know the MAC address of the client first. The MAC address can be
provided by the NICs. If there is the LAN packet passing through the ZyXEL Device you can identify the
uninteresting MAC address from the ZyXEL Device's LAN packet trace. Please have a look at the following
example to know the trace of the LAN packets.
The detailed format of the Ethernet Version II:
All contents Copyright 2007 ZyXEL Communications Corporation.
P2302R-P1C Support Notes
30
+ Internet Protocol
- Version (MSB 4 bits): 4
- Header length (LSB 4 bits): 5
- Service type: Precd=Routine, Delay=Normal, Thrput=Normal, Reli=Normal
- Total length: 60 (Octets)
- Fragment ID: 60172
- Flags: May be fragmented, Last fragment, Offset=0 (0x00)
- Time to live: 32 seconds/hops
- IP protocol type: ICMP (0x01)
- Checksum: 0xE3EA
- IP address 202.132.155.93 (Source IP address) ---->
202.132.155.99(Destination IP address)
- No option
+ Internet Control Message Protocol
- Type: 8 - Echo Request
- Code: 0
- Checksum: 0x455C
- Identifier: 768
- Sequence Number: 1280
- Optional Data: (32 bytes)
TIME: 37c060 enet0-RECV len:74 call=0
0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00
0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84
0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66
0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76
0040: 77 61 62 63 64 65 66 67 68 69
Configurations
From the above first trace, we know a client is trying to ping request the ZyXEL router. And from the second
trace, we know the ZyXEL router will send a reply to the client accordingly. The following sample filter will
utilize the 'Generic Filter Rule' to block the MAC address [00 80 c8 4c ea 63].
1. First, from the incoming LAN packet we know the uninteresting source MAC address starts at the 7th Octet
2. We are now ready to configure the 'Generic Filter Rule' as below.
All contents Copyright 2007 ZyXEL Communications Corporation.
Loading...