VMG1312-B10A: AAISP Configuration: Difference between revisions

← Older edit

VMG1312-B10A: AAISP Configuration (view source)

Revision as of 00:22, 18 August 2018

2,681 bytes added , 18 August 2018

clean up

Reedy

editor

699

edits

Revision as of 18:03, 16 June 2015 (view source) AA-Andrew (talk \| contribs) mNo edit summary ← Older edit		Latest revision as of 00:22, 18 August 2018 (view source) Reedy (talk \| contribs) (clean up)
(46 intermediate revisions by 2 users not shown)
Customers are free to alter the configuration as supplied, sending a configuration from the Control Pages will overwrite any settings changed though. Here is an overview of the settings that are modified from the default:, you can sort the table by the date added column to see any new changes. {\| class="wikitable sortable" Configure WAN interface (Further Settings on Control Pages: ADSL/FTTC, Bridge or WAN on port 4 (FTTP)) \|- Configure PPP settings as per the service !Area !!Setting !!Note !!Date added Configure DHCP (Further Settings on Control Pages, Default=All IPs using AAISP DNS servers or as set on Control Pages) \|- Configure LAN subnet if line has a block of public IPs. (else default is 192.168.1.1) \| Broadband \|\| Configure ~~WiFi~~WAN interface \|\| (Further Settings on Control Pages: ~~SSID~~ADSL/FTTC, ~~Password~~Bridge or ~~disable~~WAN ~~WiFi~~on port 4 (FTTP) \|\| 2015-02-01 \|- Configure WiFi for 20Mhz instead of the 40Mhz default (see [[VMG1312: WiFi Tips]]) \| Broadband \|\| Configure ~~WiFi~~WAN ~~for~~VLAN ~~AES~~802.1q=101 \|\| Only for ~~only~~the ~~(not~~VDSL ~~legacy~~WAN ~~TKIP)~~interface. ~~(added~~\|\| 2015-0602-~~16)~~01 \|- Configure Firewall on/off (Settings on Control Pages, Default=Enabled) \| Broadband \|\| Configure PPP \|\| Settings as per the service \|\| 2015-02-01 Configure TR-069 so the router can be managed by AAISP (we give customer the same controls as staff get) \|- Configure Local logging (on router) to log: System, PPPoE, XDSL, Internet, Attack, Account. (added 2015-05-29) \| Home Network \|\| Configure DHCP \|\| Further Settings on Control Pages, Default=All IPs using AAISP DNS servers or as set on Control Pages \|\| 2015-02-01 *To view log: WebUI: System Monitor - Log or via telnet/ssh CLI: syslog dump system. \|- Add a Firewall rule to allow ICMPv6 (added 2015-06-16) \| Home Network \|\| Configure LAN subnet \|\| If line has a block of public IPs use them, else default is 192.168.1.1 \|\| 2015-02-01 Disable NAT, if customer has a public IP block \|- Disable SNMP \| Home Network \|\| Configure LAN subnet \|\| If router set for bridge mode, leave IP as 192.168.1.1 \|\| 2015-06-19 Disable 3G backup \|- Change NTP servers to be time.aa.net.uk and 0.uk.pool.ntp.org \| Wireless \|\| Configure WiFi \|\| Further Settings on Control Pages: SSID, Password or disable WiFi \|\| 2015-02-01 Change 'supervisor' password (Setting on Control Pages) \|- Change 'admin' password (Setting on Control Pages) \| Wireless \|\| Configure WiFi for 20 MHz \|\| Instead of 40 MHz see [[VMG1312: WiFi Tips]] \|\| 2015-02-01 Change Remote Management Options (Further Settings on Control Pages) \|- Change QoS to give upstream priority based on 'Packet Length' (See: [[VMG1312: QoS]]) \| Wireless \|\| Configure WiFi for AES only\|\| This disables legacy/insecure TKIP see [[VMG1312: WiFi Tips]] \|\| 2015-06-16 Change 'Deny Ping Response' to Disable, to allow the router to reply to ping. \|- Disable the default QoS Classes (See: [[VMG1312: QoS]]) \| Firewall \|\| Configure Firewall on/off \|\| Settings on Control Pages, Default=Enabled \|\| 2015-02-01 Remove the default read-only zyuser user \|- \| TR-069 \|\| Configure TR-069 \|\| Allows the router to be managed by AAISP, we give customer the same controls as staff get \|\| 2015-02-01 \|- \| Log \|\| Configure Local logging \|\| Logs: System, PPPoE, XDSL, Internet, Attack, Account. \|\| 2015-05-29 \|- \| Firewall \|\| Rule to allow ICMPv6 to LAN \|\| Helps make IPv6 work! \|\|2015-06-16 \|- \| Home Network \|\| Disable NAT \|\| If customer has a public IP block \|\| 2015-02-01 \|- \| Maintenance \|\| Disable SNMP \|\| SNMP has a habit of having vulnerabilities, we are not aware of any for the VMG1312 though \|\| 2015-02-01 \|- \| Maintenance \|\| Disable 3G backup \|\| Not usually required \|\| 2015-02-01 \|- \| Firewall \|\| Disable 'DoS Protection Blocking' \|\| It does odd things, like blocking WebUI over WiFi! \|\| 2015-06-16 \|- \| Maintenance \|\| Change NTP servers \|\| time.aa.net.uk and 0.uk.pool.ntp.org \|\| 2015-02-01 \|- \| Maintenance \|\| Change 'supervisor' password \|\| Setting on Control Pages (same as admin) \|\| 2015-02-01 \|- \| Maintenance \|\| Change 'admin' password \|\| Setting on Control Pages \|\| 2015-02-01 \|- \| Firewall \|\| Change Remote Management Options \|\| Further Settings on Control Pages. Default is to only allow the LAN and the AAISP offices access. \|\| 2015-02-01 \|- \| QoS \|\| Change QoS \|\| Set to give upstream priority based on 'Packet Length' See: [[VMG1312: QoS]] \|\| 2015-02-01 \|- \| Firewall \|\| Change 'Deny Ping Response' to Disable, \|\| Allows the router to reply to pings \|\| 2015-02-01 \|- \| QoS \|\| Disable the default QoS Classes \|\| See: [[VMG1312: QoS]] \|\| 2015-02-01 \|- \| Maintenance \|\| Remove zyuser user \|\| It is a default read-only user, there is no need for it \|\| 2015-02-01 \|} [[VMG1312: Static Routes\|Static routes]] are currently not configured. (Only applicable if you have multiple public IP blocks and need them routed to a secondary router. These can be configured manually though. *Static routes are currently not configured. (Only applicable if you have multiple public IP blocks and need them routed to a secondary router. These can be configured manually though. This list may not be exhaustive, and may change over time. ~~==Notes==~~ ~~DOS protection is left enabled - this may give some unexpected results, eg the router will only reply to 20 pings before it stops replying.~~ ==WAN Configuration== ~~A Security Log can be found on the Web UI:~~ As mentioned above, the WAN side of the router is configured depending on the Service provided and the settings on the Control Pages. ~~System Monitor -> Log -> Security Log (tab)~~ {\| class="wikitable" ~~[[File:Vmg1312-DOS.png\|none\|frame\|DOS protection settings as described in the user manual]]~~ !Service !Bridge !WAN port !Note: WAN !Note: LAN !Note: WiFi !Other notes \|---- !colspan="7"\|Routing Configurations - Connecting to phone line \|---- !ADSL \|No \|DSL \|Plugs in to phone line \|Customer LAN \|Customer LAN \|MTU 1492 \|---- !FTTC wires only \|No \|DSL \|Plugs in to phone line \|Customer LAN \|Customer LAN \|MTU 1492, WAN VLAN 802.1q=101 \|---- !colspan="7"\|Routing Configurations - Connecting to another modem \|---- !FTTC engineer install (not available for new installations) \|No \|Port 4 \|plugs in to Openreach modem (no longer supplied) \|Customer LAN \|Customer LAN \|1492 MTU, WAN VLAN 802.1q=101. QoS will not know the uplink speed automatically, The rate can be set under Network Setting - Broadband - #3 edit \|---- !FTTP \|No \|Port 4 \|plugs in to Openreach modem \|Customer LAN \|Customer LAN \|1492 MTU. QoS will not know the uplink speed automatically, The rate can be set under Network Setting - Broadband - #3 edit \|---- !colspan="7"\|Bridge Configurations \|---- !FTTC wires only with Customer own PPPoE router \|Yes \|DSL \|Plugs in to phone line \|Customer PPPoE router \|Usually Disabled \|ZyXEL becomes a bridging modem. MTU 1492. WAN VLAN 802.1q=101 \|---- !ADSL with Customer own PPPoE router \|Yes \|DSL \|Plugs in to phone line \|Customer PPPoE router \|Usually Disabled \|ZyXEL becomes a bridging modem. MTU 1492 \|---- \|} =Making Changes= If you make changes to your configuration then you may want to back it up. See: [[VMG1312: Backup Configuration]] [[Category:~~ZyXEL_VMG1312~~ZyXEL VMG1312-B10A\|AAISP Configuration]]