ZyXEL Router Prestige 334 User Manual

							Prestige 334 User’s Guide
Appendix B PPPoE332
Appendix B
PPPoE
PPPoE in Action
An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from 
your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access 
Concentrator where the PPP session terminates (see the next figure).  One PVC can support 
any number of PPP sessions from your LAN. PPPoE provides access control and billing 
functionality in a manner similar to dial-up services using PPP.
Benefits of PPPoE
PPPoE offers the following benefits:
• It provides you with a familiar dial-up networking (DUN) user interface.
• It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP 
on multiple switches for thousands of users.  For GSTN (PSTN and ISDN), the switching 
fabric is already in place.
• It allows the ISP to use the existing dial-up model to authenticate and (optionally) to 
provide differentiated services.
Traditional Dial-up Scenario
The following diagram depicts a typical hardware configuration where the computers use 
traditional dial-up networking.  
						

							Prestige 334 User’s Guide
333Appendix B PPPoE
Figure 183   Single-Computer per Router Hardware Configuration
How PPPoE Works
The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer 
runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator 
(AC).  Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) 
LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.  The L2TP tunnel is 
capable of carrying multiple PPP sessions.
With PPPoE, the VC (Virtual Circuit) is equivalent to the dial-up connection and is between 
the modem and the AC, as opposed to all the way to the ISP.  However, the PPP negotiation is 
between the computer and the ISP. 
Prestige as a PPPoE Client
When using the Prestige as a PPPoE client, the computers on the LAN see only Ethernet and 
are not aware of PPPoE.  This alleviates the administrator from having to manage the PPPoE 
clients on the individual computers.
Figure 184   Prestige as a PPPoE Client 
						

							Prestige 334 User’s Guide
Appendix C PPTP334
Appendix C
PPTP
What is PPTP?
PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for 
PPTP is informational only) to tunnel PPP frames. 
How can we transport PPP frames from a computer to a broadband 
modem over Ethernet?
A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used 
only over the short haul between the computer and the modem over Ethernet. For the rest of 
the connection, the PPP frames are transported with PPP over AAL5 (RFC 2364) The PPP 
connection, however, is still between the computer and the ISP. The various connections in 
this setup are depicted in the following diagram. The drawback of this solution is that it 
requires one separate ATM VC per destination. 
Figure 185   Transport PPP frames over Ethernet 
PPTP and the Prestige
When the Prestige is deployed in such a setup, it appears as a computer to the ANT.
In Windows VPN or PPTP Pass-Through feature, the PPTP tunneling is created from 
Windows 95, 98 and NT clients to an NT server in a remote location. The pass-through feature 
allows users on the network to access a different remote server using the Prestiges Internet 
connection. In SUA/NAT mode, the Prestige is able to pass the PPTP packets to the internal 
PPTP server (i.e. NT server) behind the NAT. You need to configure port forwarding for port 
1723 to have the Prestige forward PPTP packets to the server. In the case above as the remote 
PPTP Client initializes the PPTP connection, the user must configure the PPTP clients. The 
Prestige initializes the PPTP connection hence; there is no need to configure the remote PPTP 
clients.  
						

							Prestige 334 User’s Guide
335Appendix C PPTP
PPTP Protocol Overview
PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 
Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network 
Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that 
hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel. The PAC is the 
box that dials/answers the phone calls and relays the PPP frames to the PNS. The PPTP user is 
not necessarily a PPP client (can be a PPP server too). Both the PNS and the PAC must have IP 
connectivity; however, the PAC must in addition have dial-up capability. The phone call is 
between the user and the PAC and the PAC tunnels the PPP frames to the PNS. The PPTP user 
is unaware of the tunnel between the PAC and the PNS.
Figure 186   PPTP Protocol Overview
Microsoft includes PPTP as a part of the Windows OS. In Microsoft’s implementation, the 
computer, and hence the Prestige, is the PNS that requests the PAC (the ANT) to place an 
outgoing call over AAL5 to an RFC 2364 server. 
Control & PPP Connections
Each PPTP session has distinct control connection and PPP data connection.
Call Connection
The control connection runs over TCP. Similar to L2TP, a tunnel control connection is first 
established before call control messages can be exchanged. Please note that a tunnel control 
connection supports multiple call sessions.
The following diagram depicts the message exchange of a successful call setup between a 
computer and an ANT. 
						

							Prestige 334 User’s Guide
Appendix C PPTP336
Figure 187   Example Message Exchange between Computer and an ANT
PPP Data Connection
The PPP frames are tunneled between the PNS and PAC over GRE (General Routing 
Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using 
the Call ID field in the GRE header.  
						

							Prestige 334 User’s Guide
337Appendix C PPTP 
						

							Prestige 334 User’s Guide
Appendix D NetBIOS Filter Commands 338
Appendix D
NetBIOS Filter Commands
The following describes the NetBIOS packet filter commands.
Introduction
NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that 
enable a computer to connect to and communicate with a LAN. 
For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
You can configure NetBIOS filters to do the following :
• Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from 
the WAN to the LAN.
• Allow or disallow the sending of NetBIOS packets through VPN connections.
• Allow or disallow NetBIOS packets to initiate calls.
Display NetBIOS Filter Settings
This command gives a read-only list of the current NetBIOS filter modes for The Prestige.
NetBIOS Display Filter Settings Command Example
Syntax:sys filter netbios disp
=========== NetBIOS Filter Status ===========
        Between LAN and WAN: Block
        Between LAN and DMZ: Block
        Between WAN and DMZ: Block
        IPSec Packets: Forward
        Trigger Dial: Disabled 
						

							Prestige 334 User’s Guide
339 Appendix D NetBIOS Filter Commands
The filter types and their default settings are as follows.
NetBIOS Filter Configuration
Syntax:sys filter netbios config  
where
Table 113   NetBIOS Filter Default Settings
NAMEDESCRIPTIONEXAMPLE
Between LAN 
and WANThis field displays whether NetBIOS packets are blocked or forwarded 
between the LAN and the WAN.Block
IPSec 
PacketsThis field displays whether NetBIOS packets sent through a VPN 
connection are blocked or forwarded. Forward
Trigger 
dialThis field displays whether NetBIOS packets are allowed to initiate 
calls. Disabled means that NetBIOS packets are blocked from initiating 
calls.Disabled
  =Identify which NetBIOS filter (numbered 0-3) to configure.
0 = Between LAN and WAN
3 = IPSec packet pass through
4 = Trigger Dial
  =For type 0 and 1, use on to enable the filter and block NetBIOS packets. 
Use off to disable the filter and forward NetBIOS packets.
For type 3, use on to block NetBIOS packets from being sent through a VPN 
connection. Use off to allow NetBIOS packets to be sent through a VPN 
connection.
For type 4, use on to allow NetBIOS packets to initiate dial backup calls. 
Use off to block NetBIOS packets from initiating dial backup calls.
Example commands
sys filter netbios 
config 0 onThis command blocks LAN to WAN and WAN to LAN NetBIOS packets.
sys filter netbios 
config 3 onThis command blocks IPSec NetBIOS packets.
sys filter netbios 
config 4 offThis command stops NetBIOS commands from initiating calls. 
						

							Prestige 334 User’s Guide
Appendix E Log Descriptions340
Appendix E
Log Descriptions
Configure centralized logs using the embedded web configurator; see online help for details. 
This appendix provides descriptions of example log messages.
 
Table 114   System Error logs
LOG MESSAGEDESCRIPTION
%s exceeds the max. number 
of session per host!This attempt to create a NAT session exceeds the maximum 
number of NAT session table entries allowed to be created per 
host.
Table 115   System Maintenance Logs
LOG MESSAGEDESCRIPTION
Time calibration is 
successfulThe router has adjusted its time based on information from the 
time server.
Time calibration failedThe router failed to get information from the time server.
DHCP client gets %sA DHCP client got a new IP address from the DHCP server.
DHCP client IP expiredA DHCP clients IP address has expired.
DHCP server assigns %sThe DHCP server assigned an IP address to a client.
SMT Login SuccessfullySomeone has logged on to the routers SMT interface.
SMT Login FailSomeone has failed to log on to the routers SMT interface.
WEB Login SuccessfullySomeone has logged on to the routers web configurator 
interface.
WEB Login FailSomeone has failed to log on to the routers web configurator 
interface.
TELNET Login SuccessfullySomeone has logged on to the router via telnet.
TELNET Login FailSomeone has failed to log on to the router via telnet.
FTP Login SuccessfullySomeone has logged on to the router via ftp.
FTP Login FailSomeone has failed to log on to the router via ftp.
NAT Session Table is Full!The maximum number of NAT session table entries has been 
exceeded and the table is full.
!! Phase 1 ID type mismatchThe ID type of an incoming packet does not match the locals 
peer ID type.
!! Phase 1 ID content 
mismatchThe ID content of an incoming packet does not match the 
locals peer ID content.
!! No known phase 1 ID type 
foundThe ID type of an incoming packet does not match any known 
ID type. 
						

							Prestige 334 User’s Guide
341Appendix E Log Descriptions
Table 116   UPnP Logs
LOG MESSAGEDESCRIPTION
UPnP pass through FirewallUPnP packets can pass through the firewall.
Table 117   ICMP Type and Code Explanations
TYPECODEDESCRIPTION
0Echo Reply
0Echo reply message
3Destination Unreachable
0Net unreachable
1Host unreachable
2Protocol unreachable
3Port unreachable
4A packet that needed fragmentation was dropped because it was set to Dont 
Fragment (DF)
5Source route failed
4Source Quench
0A gateway may discard internet datagrams if it does not have the buffer space 
needed to queue the datagrams for output to the next network on the route to the 
destination network.
5Redirect
0Redirect datagrams for the Network
1Redirect datagrams for the Host
2Redirect datagrams for the Type of Service and Network
3Redirect datagrams for the Type of Service and Host
8Echo
0Echo message
11Time Exceeded
0Time to live exceeded in transit
1Fragment reassembly time exceeded
12Parameter Problem
0Pointer indicates the error
13Timestamp
0Timestamp request message
14Timestamp Reply
0Timestamp reply message
15Information Request
0Information request message
16Information Reply
0Information reply message