VMG1312-B10A: Static Routes

From AAISP Support Site

Important

IMPORTANT NOTE! Some customers have reported static routes not working. This issue is being looked in to (July 2015). It has been suggested that disabling QoS helped, but this has yet to be verified with other setups. At the moment, we can't really suggest using static routes. Instead, we'd suggest using the ZyXEL as a bridge and perform PPPoE on your internal router/firewall. This issue is on our Bugs Page as of July 2015 and has been escalated to ZyXEL. In these cases rather than using the Web interface to add the static route you can use the telnet/ssh CLI to add it. An example is below.

The notes below are the steps to set up a static route, but you may find it does not work.

Static routes can be applied manually. This allows a second block of IP addresses allocated by AAISP to be routed to a router on your LAN on the inside of the ZyXEL router, eg

INTERNET <--> ZyXEL <--> ROUTER <--> LAN

(Note, some people may prefer to set the ZyxEL to Bridge mode, and then have your own Router use PPP to log in. This has the advantage of keeping the ZyXEL config simpler and giving your own router more control over the Internet access.)

The static route can be added via the web interface:

Network Setting -> Routing -> Add new static route

The settings would typically be:

Enabled Ticked for this to be on
Name LAN, or whatever you want
IP Type IP4 for IP4 blocks, IP6 for IP6 blocks!
Destination IP Address: The Network address of your routed block
Subnet The subnet mask of your routed block
Gateway Address: The IP of the router on the LAN side of the ZyXEL
Use Interface Default/br0 for the LAN side

Here is an example:

Creating a Static Route
The new Static route, as shown on the routes page

Firewall Needs to be Disabled

It seems that the firewall will be unaware of the static route, and adding firewall entries to allow the traffic will be ignored. Disabling the firewall will allow the traffic through the ZyXEL to your router. This is normally required anyway, as customers would typically use the firewall features on the internal router. The setting for this is found under:

Security --> Firewall

CLI

From the CLI (telnet/SSH) you can view the route table with:

route show

The list should display immediately, if there are pauses between showing the default routes and the new static then this could be an indication of a problem with DNS look-ups and should not affect the actual routing.