Upload
angela-thomas
View
217
Download
1
Tags:
Embed Size (px)
Citation preview
Prestige router fundamental &case study
Felix Chang / Manfred Recla
Outline - I
• User interface– SMT/PWC/PNC
• System information– ZyXEL Networking Operating System– Debug mode/Command Interpreter mode
• Application case study– Case 1: ISP connection
• Procedure for trouble shooting• ISDN EPA and PPP• Frequently used CI command
Outline - II
– Case 2: LAN-to-LAN• MP (PPP trace)
• Incoming call bumping (EPA trace)
– Case 3: Call back• Caller ID call back
• MS CBCP call back– Prestige to Prestige
– Win9x DUN to Prestige
– Case 4: Filter rule• Packet filter example
• Filter and syslog
Outline - III
– Case 5: LAN-to-LAN with Cisco 2503• P100 to TA + serial port of Cisco 2503
• P153 + TA to Cisco 2503 BRI
• Mutual authentication
• P100 to Cisco BRI for MP
User interface
• PNC demo
System information - ZyNOS
• ZyNOS– Operating System with Network Protocol
support– Remote Access Service code - RAS code– Configuration file - Romfile0– Boot module
ZyNOS architecture
Operating System
System Service NDIS driver Boot Module
Connection Manager Network Protocols
Applications
ZyNOS key data structure
p1 p2 p3
ch1 ch2 ch3
if1 if2
Layer1
Layer2
Layer3
NDIS
Network
H/W
ZyNOS key data structure
board
board
line
line
line
channelchannel
channelchannel
channelchannel
Iface & channel
P100ih> ip route statusDest FF Len Interface Gateway Metric stat Timer Use192.168.30.1 01 32 wanif1 192.168.30.1 1 03a9 0 2192.168.20.1 00 32 wanif0 192.168.20.1 1 03a9 0 2192.168.50.0 02 24 wanIdle 192.168.50.1 2 002b 0 0192.168.30.0 01 24 wanif1 192.168.30.1 2 00ab 0 1192.168.20.0 00 24 wanif0 192.168.20.1 2 00ab 0 1192.168.10.0 00 24 enif0 192.168.10.1 1 041b 0 0
May 15 13:08:01 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C01 Outgoifnordng Call dev=2 ch=0 20000** dev=2 ch=0 : ISDN router either bri0 or bri1
System information
• Debug mode
• Command Interpreter (CI) mode
• System upgrade– Firmware (RAS code)– Configuration file (romfile0)– Boot module
Case 1: ISP connection
InternetW AN(ISDN/PSTN) ISP
SUA/NAT
WS
ISP
Prestige
Source IP=192.168.10.10Source port=1027Destination IP=200.101.1.1Destination port=23
Source IP=163.31.244.20Source port=10002Destination IP=203.89.255.69Destination port=80
LAN IP address WAN IP addressIP = 163.31.244.1
Case 2.1: LAN-to-LAN (MP-PPP trace)
W AN(ISDN/PSTN)
LAN LAN
P128plusIP:192.168.20.1
P100ihIP:192.168.10.1
Case 2.2: LAN-to-LAN(ISDN EPA trace)
W AN(ISDN/PSTN)
LAN LAN
P128plusIP:192.168.20.1
P100ihIP:192.168.10.1
* Incoming call bumping EPA trace
Case 3.1: Caller ID Callback
W AN(ISDN/PSTN)
LAN LAN
P128IP:192.168.20.1
P100IHIP:192.168.10.1
Caller ID Callback
• You can check CLID information from– Prestige system log
• Go to menu 24.8 and enable packet trace on screen– sys event (pre-ZyNOS)
– sys trcl call (ZyNOS)
• Prestige ring buffer – isdn drv ring [1/2] (pre-ZyNOS)
– isdn atring disp [bri0|bri1] (ZyNOS)
• ISDN EPA– isdn ana on, isdn ana disp (pre-ZyNOS)
– isdn fw ana on, isdn fw ana dump (ZyNOS)
Connection Manager
• The function of Call Control– Control the number of outgoing call retry– Control the incoming authentication
• The function of Call Management – Budget control– Timer of date schedule
Case 3.2: MS CBCP Call back
W AN(ISDN/PSTN)
LAN
Prestige call back to Prestige with call back number pre-configured
LAN
P128 P100IH
MS CBCP Callback
P128>sys trcl disp
61 121800 PP09 DIALING dev=2 ch=0.......... 62 121800 PP09 OUTGOING-CALL phone(10000) 63 121827 PP09 CALL CONNECT speed<64000> type<2> chan<0>
67 121830 PP0a ebp=5eb344,seqNum=265 bri0-RECV len:40 call=3 0000: ff 03 c0 21 02 85 00 24 01 04 05 f4 05 06 00 01 0010: db e3 08 02 0d 03 06 11 04 05 f4 13 09 03 00 a0
73 121834 PP0a ebp=5eb414,seqNum=269 bri0-RECV len:11 call=3 0000: c0 29 01 79 00 09 01 02 03 03 00 74 121835 PP0a ebp=5eb448,seqNum=26a bri0-XMIT len:9 call=3 0000: c0 29 02 79 00 07 03 03 00 75 121836 PP0a ebp=5eb47c,seqNum=26b bri0-RECV len:9 call=3 0000: c0 29 03 79 00 07 03 03 00
82 121838 PP0a Recv'd TERM-ACK state 4 83 121838 PP0a LCP stopped 84 122324 PP09 ANSWER CONNECTED ch=573b30 ( callback from P100IH) 89 122328 PP0a LCP opened 90 122328 PP0a ebp=5eac90,seqNum=274 bri0-XMIT len:31 call=4 0000: c2 23 01 0e 00 1d 10 42 4f 70 bf 50 60 9e 37 a6 0010: 48 c9 5e 3a 47 ae 44 50 31 32 38 70 6c 75 73
Case 3.2: MS CBCP Call back
W AN(ISDN/PSTN)
LAN
Win9x dial up to Prestige, then Prestige callback to Win9x.
TAWin9x/NT
Case 4: Input, Output & Call filter
LANWAN
LAN filter sets (Menu 3)WAN filter sets (Menu 11)
WAN input(Input from WNA)
LAN input(Input from LAN)
WAN call/ output(Output to WAN)
LAN output(Output to LAN)
IP packet filter example
Case 1:Only stations with IP address in first 64 address, that is 192.168.10.0 to 63 are allowed to access WAN.
InternetW AN(ISDN/PSTN) ISP
WS1IP:192.168.10.2
WS2IP:192.168.10.65
IP:192.168.10.1
Generic packet filter example
W AN(ISDN/PSTN)
LAN LAN
P128-PIP:192.168.20.1
P100IHIP:192.168.10.1
WS1IP:192.168.20.10MAC:0080C82DF13F
ServerIP:192.168.10.10
Case 3: Filter all traffic with Source Ethernet MAC address = 0080c82DF13F
LAN packet trigger the call (IP)
LAN Packet which Triggered Last Call: (Type:IP)45 00 00 2E CA 0E 40 00 1F 06 D7 09 CC F7 CB B4 CC D9 00 02 041C 0015
Protocol = 06 = TCP (0x01:ICMP; 0x06:TCP; 0x11:UDP)
Source IP : CC F7 CB B4
Destination IP: CC D9 00 02
Source port : 041C
Destination port : 0015
LAN packet trigger the call (IPX)
LAN Packet Which Triggered Last Call: (Type: IPX)(FF FF) (00 24) 0B (00) (01 0A C5 BE) (00 00 00 00 00 01) (04 57)(01 0C AD E2) (00 00 00 00 00 01) (00 00) 00 04 26 65 64 25 DD 4B
FF FF : check sum00 24 : length00 : packet type (00: unknown, 01:RIP, 04:SAP, 05:SPX, 11:NCP)01 0A C5 BE : Dest. Network address00 00 00 00 00 01 : Dest. Node #04 57 : Dest. Socket # (0451:NCP, 0452:SAP, 0453:RIP, 0455:Netbios)01 0C AD E2 : Source Network address00 00 00 00 00 01 : Source Node #00 00: Source socket #
Syslog & call history & filter
W AN(ISDN/PSTN)
LAN LAN
P128-PIP:192.168.20.1
P100IHIP:192.168.10.1
WS1IP:192.168.20.10
IP:192.168.10.10Syslog daemon
Menu 24.3.2 Syslog: Active= Yes Syslog IP Address= 192.168.10.10 Log Facility= Local 3
Menu 24.9.4 - Call History Phone Number Dir Rate #call Max Min Total 1. 200020000 IN 64K 12 0:53:04 0:00:24 1:37:31 2. 300030000 IN 64K 4 0:02:14 0:01:40 0:07:55
Syslog & call history & filter
Example: Feb 14 16:57:17 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C01 Incoming Call 64000K 200020000
*Feb 14 16:58:56 192.168.10.1 ZyXEL Communications Corp.: IP[Src=192.168.20.10 Dst=192.168.10.10 TCP spo=040f dpo=0015] } S04>R01mD Feb 14 17:07:18 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C02 Call Terminated
* where S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).
Case 5.1: P153+TA to Cisco 2503 BRI
W AN(ISDN)
LAN
TAP153Cisco 2503
BRI port
IP:172.168.80.xxx
IP:172.16.64.190IP:172.168.80.170
Case 5.2 :P100 to TA + Cisco 2503 serial port
W AN(ISDN)
LAN
TACisco 2503serial port
192.168.10.1192.168.1.1 192.168.100.X
AT command for TA:AT&FB11&S1&M3*I1&WZ
Case5.3.1:Mutual authentication with PAP
W AN(ISDN)
LAN
P100 Cisco 2503BRI port
172.16.64.190
IP:172.168.80.xxx
IP:172.168.80.170
Case 5.3.1:Mutual Authentication with PAP
• In menu 13– Set Mutual Authen to Yes– Set proper username/password to login to Cisco
(PAP login=test, password=1234, in this case)
• Configure a dial in user for Cisco to login to Prestige
Case5.3.2:Mutual authentication with CHAP
W AN(ISDN)
LAN
P100 Cisco 2503BRI port
172.16.64.190
IP:172.168.80.xxx
IP:172.168.80.170
Case5.3.2:Mutual authentication with CHAP
Menu 11.1 - Remote Node Profile
Rem Node Name= hinet Route= IP Active= Yes Bridge= No
Call Direction= Outgoing Edit PPP Options= No Incoming: Rem IP Addr=172.168.80.170 Rem Login= [cisco_hostname] Edit IP/IPX/Bridge= No
Rem Password= 1234 Telco Option: Rem CLID= N/A Allocated Budget(min)= 0 Call Back= N/A Period(hr)= 0 Outgoing: Transfer Type= 64K My Login=[prestige_systemname] Nailed-Up Connection= No
My Password= 1234 Session Options: Authen= CHAP/PAP Edit Filter Sets= No Pri Phone #= 4125678 Idle Timeout(sec)= 300 Sec Phone #=
Press ENTER to Confirm or ESC to Cancel:
Menu 11.1 - Remote Node Profile
Rem Node Name= hinet Route= IP Active= Yes Bridge= No
Call Direction= Outgoing Edit PPP Options= No Incoming: Rem IP Addr=172.168.80.170 Rem Login= [cisco_hostname] Edit IP/IPX/Bridge= No
Rem Password= 1234 Telco Option: Rem CLID= N/A Allocated Budget(min)= 0 Call Back= N/A Period(hr)= 0 Outgoing: Transfer Type= 64K My Login=[prestige_systemname] Nailed-Up Connection= No
My Password= 1234 Session Options: Authen= CHAP/PAP Edit Filter Sets= No Pri Phone #= 4125678 Idle Timeout(sec)= 300 Sec Phone #=
Press ENTER to Confirm or ESC to Cancel:
Case5.3.2:Mutual authentication with CHAP
Cisco
Case: Cisco initiate call to Prestige
Challenge value Name=Cisco host nameChallenge
Challenge valueName=Outgoing user name(Prestige system name)
Challenge
Hash value Name=Cisco host nameResponse
Hash value Name=Outgoing user name Response
Success/Fail
Success/Fail
Case5.4:P100 to Cisco 2503 BRI (MP)
W AN(ISDN)
LAN
P100 Cisco 2503BRI port
172.16.64.190
IP:172.16.80.xxx
IP:172.16.80.170