prestige router fundamental & case study felix chang / manfred recla
TRANSCRIPT
![Page 1: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/1.jpg)
Prestige router fundamental &case study
Felix Chang / Manfred Recla
![Page 2: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/2.jpg)
Outline - I
• User interface– SMT/PWC/PNC
• System information– ZyXEL Networking Operating System– Debug mode/Command Interpreter mode
• Application case study– Case 1: ISP connection
• Procedure for trouble shooting• ISDN EPA and PPP• Frequently used CI command
![Page 3: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/3.jpg)
Outline - II
– Case 2: LAN-to-LAN• MP (PPP trace)
• Incoming call bumping (EPA trace)
– Case 3: Call back• Caller ID call back
• MS CBCP call back– Prestige to Prestige
– Win9x DUN to Prestige
– Case 4: Filter rule• Packet filter example
• Filter and syslog
![Page 4: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/4.jpg)
Outline - III
– Case 5: LAN-to-LAN with Cisco 2503• P100 to TA + serial port of Cisco 2503
• P153 + TA to Cisco 2503 BRI
• Mutual authentication
• P100 to Cisco BRI for MP
![Page 5: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/5.jpg)
User interface
• PNC demo
![Page 6: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/6.jpg)
System information - ZyNOS
• ZyNOS– Operating System with Network Protocol
support– Remote Access Service code - RAS code– Configuration file - Romfile0– Boot module
![Page 7: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/7.jpg)
ZyNOS architecture
Operating System
System Service NDIS driver Boot Module
Connection Manager Network Protocols
Applications
![Page 8: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/8.jpg)
ZyNOS key data structure
p1 p2 p3
ch1 ch2 ch3
if1 if2
Layer1
Layer2
Layer3
NDIS
Network
H/W
![Page 9: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/9.jpg)
ZyNOS key data structure
board
board
line
line
line
channelchannel
channelchannel
channelchannel
![Page 10: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/10.jpg)
Iface & channel
P100ih> ip route statusDest FF Len Interface Gateway Metric stat Timer Use192.168.30.1 01 32 wanif1 192.168.30.1 1 03a9 0 2192.168.20.1 00 32 wanif0 192.168.20.1 1 03a9 0 2192.168.50.0 02 24 wanIdle 192.168.50.1 2 002b 0 0192.168.30.0 01 24 wanif1 192.168.30.1 2 00ab 0 1192.168.20.0 00 24 wanif0 192.168.20.1 2 00ab 0 1192.168.10.0 00 24 enif0 192.168.10.1 1 041b 0 0
May 15 13:08:01 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C01 Outgoifnordng Call dev=2 ch=0 20000** dev=2 ch=0 : ISDN router either bri0 or bri1
![Page 11: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/11.jpg)
System information
• Debug mode
• Command Interpreter (CI) mode
• System upgrade– Firmware (RAS code)– Configuration file (romfile0)– Boot module
![Page 12: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/12.jpg)
Case 1: ISP connection
InternetW AN(ISDN/PSTN) ISP
![Page 13: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/13.jpg)
SUA/NAT
WS
ISP
Prestige
Source IP=192.168.10.10Source port=1027Destination IP=200.101.1.1Destination port=23
Source IP=163.31.244.20Source port=10002Destination IP=203.89.255.69Destination port=80
LAN IP address WAN IP addressIP = 163.31.244.1
![Page 14: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/14.jpg)
Case 2.1: LAN-to-LAN (MP-PPP trace)
W AN(ISDN/PSTN)
LAN LAN
P128plusIP:192.168.20.1
P100ihIP:192.168.10.1
![Page 15: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/15.jpg)
Case 2.2: LAN-to-LAN(ISDN EPA trace)
W AN(ISDN/PSTN)
LAN LAN
P128plusIP:192.168.20.1
P100ihIP:192.168.10.1
* Incoming call bumping EPA trace
![Page 16: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/16.jpg)
Case 3.1: Caller ID Callback
W AN(ISDN/PSTN)
LAN LAN
P128IP:192.168.20.1
P100IHIP:192.168.10.1
![Page 17: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/17.jpg)
Caller ID Callback
• You can check CLID information from– Prestige system log
• Go to menu 24.8 and enable packet trace on screen– sys event (pre-ZyNOS)
– sys trcl call (ZyNOS)
• Prestige ring buffer – isdn drv ring [1/2] (pre-ZyNOS)
– isdn atring disp [bri0|bri1] (ZyNOS)
• ISDN EPA– isdn ana on, isdn ana disp (pre-ZyNOS)
– isdn fw ana on, isdn fw ana dump (ZyNOS)
![Page 18: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/18.jpg)
Connection Manager
• The function of Call Control– Control the number of outgoing call retry– Control the incoming authentication
• The function of Call Management – Budget control– Timer of date schedule
![Page 19: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/19.jpg)
Case 3.2: MS CBCP Call back
W AN(ISDN/PSTN)
LAN
Prestige call back to Prestige with call back number pre-configured
LAN
P128 P100IH
![Page 20: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/20.jpg)
MS CBCP Callback
P128>sys trcl disp
61 121800 PP09 DIALING dev=2 ch=0.......... 62 121800 PP09 OUTGOING-CALL phone(10000) 63 121827 PP09 CALL CONNECT speed<64000> type<2> chan<0>
67 121830 PP0a ebp=5eb344,seqNum=265 bri0-RECV len:40 call=3 0000: ff 03 c0 21 02 85 00 24 01 04 05 f4 05 06 00 01 0010: db e3 08 02 0d 03 06 11 04 05 f4 13 09 03 00 a0
73 121834 PP0a ebp=5eb414,seqNum=269 bri0-RECV len:11 call=3 0000: c0 29 01 79 00 09 01 02 03 03 00 74 121835 PP0a ebp=5eb448,seqNum=26a bri0-XMIT len:9 call=3 0000: c0 29 02 79 00 07 03 03 00 75 121836 PP0a ebp=5eb47c,seqNum=26b bri0-RECV len:9 call=3 0000: c0 29 03 79 00 07 03 03 00
82 121838 PP0a Recv'd TERM-ACK state 4 83 121838 PP0a LCP stopped 84 122324 PP09 ANSWER CONNECTED ch=573b30 ( callback from P100IH) 89 122328 PP0a LCP opened 90 122328 PP0a ebp=5eac90,seqNum=274 bri0-XMIT len:31 call=4 0000: c2 23 01 0e 00 1d 10 42 4f 70 bf 50 60 9e 37 a6 0010: 48 c9 5e 3a 47 ae 44 50 31 32 38 70 6c 75 73
![Page 21: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/21.jpg)
Case 3.2: MS CBCP Call back
W AN(ISDN/PSTN)
LAN
Win9x dial up to Prestige, then Prestige callback to Win9x.
TAWin9x/NT
![Page 22: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/22.jpg)
Case 4: Input, Output & Call filter
LANWAN
LAN filter sets (Menu 3)WAN filter sets (Menu 11)
WAN input(Input from WNA)
LAN input(Input from LAN)
WAN call/ output(Output to WAN)
LAN output(Output to LAN)
![Page 23: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/23.jpg)
IP packet filter example
Case 1:Only stations with IP address in first 64 address, that is 192.168.10.0 to 63 are allowed to access WAN.
InternetW AN(ISDN/PSTN) ISP
WS1IP:192.168.10.2
WS2IP:192.168.10.65
IP:192.168.10.1
![Page 24: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/24.jpg)
Generic packet filter example
W AN(ISDN/PSTN)
LAN LAN
P128-PIP:192.168.20.1
P100IHIP:192.168.10.1
WS1IP:192.168.20.10MAC:0080C82DF13F
ServerIP:192.168.10.10
Case 3: Filter all traffic with Source Ethernet MAC address = 0080c82DF13F
![Page 25: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/25.jpg)
LAN packet trigger the call (IP)
LAN Packet which Triggered Last Call: (Type:IP)45 00 00 2E CA 0E 40 00 1F 06 D7 09 CC F7 CB B4 CC D9 00 02 041C 0015
Protocol = 06 = TCP (0x01:ICMP; 0x06:TCP; 0x11:UDP)
Source IP : CC F7 CB B4
Destination IP: CC D9 00 02
Source port : 041C
Destination port : 0015
![Page 26: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/26.jpg)
LAN packet trigger the call (IPX)
LAN Packet Which Triggered Last Call: (Type: IPX)(FF FF) (00 24) 0B (00) (01 0A C5 BE) (00 00 00 00 00 01) (04 57)(01 0C AD E2) (00 00 00 00 00 01) (00 00) 00 04 26 65 64 25 DD 4B
FF FF : check sum00 24 : length00 : packet type (00: unknown, 01:RIP, 04:SAP, 05:SPX, 11:NCP)01 0A C5 BE : Dest. Network address00 00 00 00 00 01 : Dest. Node #04 57 : Dest. Socket # (0451:NCP, 0452:SAP, 0453:RIP, 0455:Netbios)01 0C AD E2 : Source Network address00 00 00 00 00 01 : Source Node #00 00: Source socket #
![Page 27: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/27.jpg)
Syslog & call history & filter
W AN(ISDN/PSTN)
LAN LAN
P128-PIP:192.168.20.1
P100IHIP:192.168.10.1
WS1IP:192.168.20.10
IP:192.168.10.10Syslog daemon
Menu 24.3.2 Syslog: Active= Yes Syslog IP Address= 192.168.10.10 Log Facility= Local 3
Menu 24.9.4 - Call History Phone Number Dir Rate #call Max Min Total 1. 200020000 IN 64K 12 0:53:04 0:00:24 1:37:31 2. 300030000 IN 64K 4 0:02:14 0:01:40 0:07:55
![Page 28: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/28.jpg)
Syslog & call history & filter
Example: Feb 14 16:57:17 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C01 Incoming Call 64000K 200020000
*Feb 14 16:58:56 192.168.10.1 ZyXEL Communications Corp.: IP[Src=192.168.20.10 Dst=192.168.10.10 TCP spo=040f dpo=0015] } S04>R01mD Feb 14 17:07:18 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C02 Call Terminated
* where S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).
![Page 29: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/29.jpg)
Case 5.1: P153+TA to Cisco 2503 BRI
W AN(ISDN)
LAN
TAP153Cisco 2503
BRI port
IP:172.168.80.xxx
IP:172.16.64.190IP:172.168.80.170
![Page 30: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/30.jpg)
Case 5.2 :P100 to TA + Cisco 2503 serial port
W AN(ISDN)
LAN
TACisco 2503serial port
192.168.10.1192.168.1.1 192.168.100.X
AT command for TA:AT&FB11&S1&M3*I1&WZ
![Page 31: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/31.jpg)
Case5.3.1:Mutual authentication with PAP
W AN(ISDN)
LAN
P100 Cisco 2503BRI port
172.16.64.190
IP:172.168.80.xxx
IP:172.168.80.170
![Page 32: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/32.jpg)
Case 5.3.1:Mutual Authentication with PAP
• In menu 13– Set Mutual Authen to Yes– Set proper username/password to login to Cisco
(PAP login=test, password=1234, in this case)
• Configure a dial in user for Cisco to login to Prestige
![Page 33: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/33.jpg)
Case5.3.2:Mutual authentication with CHAP
W AN(ISDN)
LAN
P100 Cisco 2503BRI port
172.16.64.190
IP:172.168.80.xxx
IP:172.168.80.170
![Page 34: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/34.jpg)
Case5.3.2:Mutual authentication with CHAP
Menu 11.1 - Remote Node Profile
Rem Node Name= hinet Route= IP Active= Yes Bridge= No
Call Direction= Outgoing Edit PPP Options= No Incoming: Rem IP Addr=172.168.80.170 Rem Login= [cisco_hostname] Edit IP/IPX/Bridge= No
Rem Password= 1234 Telco Option: Rem CLID= N/A Allocated Budget(min)= 0 Call Back= N/A Period(hr)= 0 Outgoing: Transfer Type= 64K My Login=[prestige_systemname] Nailed-Up Connection= No
My Password= 1234 Session Options: Authen= CHAP/PAP Edit Filter Sets= No Pri Phone #= 4125678 Idle Timeout(sec)= 300 Sec Phone #=
Press ENTER to Confirm or ESC to Cancel:
Menu 11.1 - Remote Node Profile
Rem Node Name= hinet Route= IP Active= Yes Bridge= No
Call Direction= Outgoing Edit PPP Options= No Incoming: Rem IP Addr=172.168.80.170 Rem Login= [cisco_hostname] Edit IP/IPX/Bridge= No
Rem Password= 1234 Telco Option: Rem CLID= N/A Allocated Budget(min)= 0 Call Back= N/A Period(hr)= 0 Outgoing: Transfer Type= 64K My Login=[prestige_systemname] Nailed-Up Connection= No
My Password= 1234 Session Options: Authen= CHAP/PAP Edit Filter Sets= No Pri Phone #= 4125678 Idle Timeout(sec)= 300 Sec Phone #=
Press ENTER to Confirm or ESC to Cancel:
![Page 35: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/35.jpg)
Case5.3.2:Mutual authentication with CHAP
Cisco
Case: Cisco initiate call to Prestige
Challenge value Name=Cisco host nameChallenge
Challenge valueName=Outgoing user name(Prestige system name)
Challenge
Hash value Name=Cisco host nameResponse
Hash value Name=Outgoing user name Response
Success/Fail
Success/Fail
![Page 36: Prestige router fundamental & case study Felix Chang / Manfred Recla](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649e5f5503460f94b59d50/html5/thumbnails/36.jpg)
Case5.4:P100 to Cisco 2503 BRI (MP)
W AN(ISDN)
LAN
P100 Cisco 2503BRI port
172.16.64.190
IP:172.16.80.xxx
IP:172.16.80.170