VMG1312-B10A: AAISP Configuration: Difference between revisions

From AAISP Support Site
mNo edit summary
(clean up)
 
(45 intermediate revisions by 2 users not shown)
Line 3: Line 3:
Customers are free to alter the configuration as supplied, sending a configuration from the Control Pages will overwrite any settings changed though.
Customers are free to alter the configuration as supplied, sending a configuration from the Control Pages will overwrite any settings changed though.


Here is an overview of the settings that are modified from the default:
Here is an overview of the settings that are modified from the default, you can sort the table by the date added column to see any new changes.


{| class="wikitable sortable"
*Configure WAN interface (Further Settings on Control Pages: ADSL/FTTC, Bridge or WAN on port 4 (FTTP))
|-
*Configure PPP settings as per the service
!Area !!Setting !!Note !!Date added
*Configure DHCP (Further Settings on Control Pages, Default=All IPs using AAISP DNS servers or as set on Control Pages)
|-
*Configure LAN subnet if line has a block of public IPs. (else default is 192.168.1.1)
*Configure WiFi (Further Settings on Control Pages: SSID, Password or disable WiFi)
| Broadband || Configure WAN interface || Further Settings on Control Pages: ADSL/FTTC, Bridge or WAN on port 4 (FTTP) || 2015-02-01
|-
*Configure WiFi for 20Mhz instead of the 40Mhz default (see [[VMG1312: WiFi Tips]])
*Configure WiFi for AES only (not legacy TKIP) (added 2015-06-16)
| Broadband || Configure WAN VLAN 802.1q=101 || Only for the VDSL WAN interface. || 2015-02-01
|-
*Configure Firewall on/off (Settings on Control Pages, Default=Enabled)
| Broadband || Configure PPP || Settings as per the service || 2015-02-01
*Configure TR-069 so the router can be managed by AAISP (we give customer the same controls as staff get)
|-
*Configure Local logging (on router) to log: System, PPPoE, XDSL, Internet, Attack, Account. (added 2015-05-29)
| Home Network || Configure DHCP || Further Settings on Control Pages, Default=All IPs using AAISP DNS servers or as set on Control Pages || 2015-02-01
**To view log: WebUI: System Monitor - Log or via telnet/ssh CLI: syslog dump system.
|-
*Add a Firewall rule to allow ICMPv6 (added 2015-06-16)
| Home Network || Configure LAN subnet || If line has a block of public IPs use them, else default is 192.168.1.1 || 2015-02-01
*Disable NAT, if customer has a public IP block
|-
*Disable SNMP
| Home Network || Configure LAN subnet || If router set for bridge mode, leave IP as 192.168.1.1 || 2015-06-19
*Disable 3G backup
|-
*Disable 'DoS Protection Blocking' as it does odd things, like blocking WebUI over WiFi (added 2015-06-16)
| Wireless || Configure WiFi || Further Settings on Control Pages: SSID, Password or disable WiFi || 2015-02-01
*Change NTP servers to be time.aa.net.uk and 0.uk.pool.ntp.org
|-
*Change 'supervisor' password (Setting on Control Pages)
| Wireless || Configure WiFi for 20 MHz || Instead of 40 MHz see [[VMG1312: WiFi Tips]] || 2015-02-01
*Change 'admin' password (Setting on Control Pages)
|-
*Change Remote Management Options (Further Settings on Control Pages)
| Wireless || Configure WiFi for AES only|| This disables legacy/insecure TKIP see [[VMG1312: WiFi Tips]] || 2015-06-16
*Change QoS to give upstream priority based on 'Packet Length' (See: [[VMG1312: QoS]])
|-
*Change 'Deny Ping Response' to Disable, to allow the router to reply to ping.
| Firewall || Configure Firewall on/off || Settings on Control Pages, Default=Enabled || 2015-02-01
*Disable the default QoS Classes (See: [[VMG1312: QoS]])
|-
*Remove the default read-only zyuser user
| TR-069 || Configure TR-069 || Allows the router to be managed by AAISP, we give customer the same controls as staff get || 2015-02-01
|-
| Log || Configure Local logging || Logs: System, PPPoE, XDSL, Internet, Attack, Account. || 2015-05-29
|-
| Firewall || Rule to allow ICMPv6 to LAN || Helps make IPv6 work! ||2015-06-16
|-
| Home Network || Disable NAT || If customer has a public IP block || 2015-02-01
|-
| Maintenance || Disable SNMP || SNMP has a habit of having vulnerabilities, we are not aware of any for the VMG1312 though || 2015-02-01
|-
| Maintenance || Disable 3G backup || Not usually required || 2015-02-01
|-
| Firewall || Disable 'DoS Protection Blocking' || It does odd things, like blocking WebUI over WiFi! || 2015-06-16
|-
| Maintenance || Change NTP servers || time.aa.net.uk and 0.uk.pool.ntp.org || 2015-02-01
|-
| Maintenance || Change 'supervisor' password || Setting on Control Pages (same as admin) || 2015-02-01
|-
| Maintenance || Change 'admin' password || Setting on Control Pages || 2015-02-01
|-
| Firewall || Change Remote Management Options || Further Settings on Control Pages. Default is to only allow the LAN and the AAISP offices access. || 2015-02-01
|-
| QoS || Change QoS || Set to give upstream priority based on 'Packet Length' See: [[VMG1312: QoS]] || 2015-02-01
|-
| Firewall || Change 'Deny Ping Response' to Disable, || Allows the router to reply to pings || 2015-02-01
|-
| QoS || Disable the default QoS Classes || See: [[VMG1312: QoS]] || 2015-02-01
|-
| Maintenance || Remove zyuser user || It is a default read-only user, there is no need for it || 2015-02-01
|}


*[[VMG1312: Static Routes|Static routes]] are currently not configured. (Only applicable if you have multiple public IP blocks and need them routed to a secondary router. These can be configured manually though.

*Static routes are currently not configured. (Only applicable if you have multiple public IP blocks and need them routed to a secondary router. These can be configured manually though.


This list may not be exhaustive, and may change over time.
This list may not be exhaustive, and may change over time.




==Notes==
DOS protection is left enabled - this may give some unexpected results, eg the router will only reply to 20 pings before it stops replying.


==WAN Configuration==
A Security Log can be found on the Web UI:
As mentioned above, the WAN side of the router is configured depending on the Service provided and the settings on the Control Pages.
System Monitor -> Log -> Security Log (tab)


{| class="wikitable"
[[File:Vmg1312-DOS.png|none|frame|DOS protection settings as described in the user manual]]
!Service
!Bridge
!WAN port
!Note: WAN
!Note: LAN
!Note: WiFi
!Other notes
|----
!colspan="7"|Routing Configurations - Connecting to phone line
|----
!ADSL
|No
|DSL
|Plugs in to phone line
|Customer LAN
|Customer LAN
|MTU 1492
|----
!FTTC wires only
|No
|DSL
|Plugs in to phone line
|Customer LAN
|Customer LAN
|MTU 1492, WAN VLAN 802.1q=101
|----
!colspan="7"|Routing Configurations - Connecting to another modem
|----
!FTTC engineer install (not available for new installations)
|No
|Port 4
|plugs in to Openreach modem (no longer supplied)
|Customer LAN
|Customer LAN
|1492 MTU, WAN VLAN 802.1q=101. QoS will not know the uplink speed automatically, The rate can be set under Network Setting - Broadband - #3 edit
|----
!FTTP
|No
|Port 4
|plugs in to Openreach modem
|Customer LAN
|Customer LAN
|1492 MTU. QoS will not know the uplink speed automatically, The rate can be set under Network Setting - Broadband - #3 edit
|----
!colspan="7"|Bridge Configurations
|----
!FTTC wires only with Customer own PPPoE router
|Yes
|DSL
|Plugs in to phone line
|Customer PPPoE router
|Usually Disabled
|ZyXEL becomes a bridging modem. MTU 1492. WAN VLAN 802.1q=101
|----
!ADSL with Customer own PPPoE router
|Yes
|DSL
|Plugs in to phone line
|Customer PPPoE router
|Usually Disabled
|ZyXEL becomes a bridging modem. MTU 1492
|----
|}


=Making Changes=
If you make changes to your configuration then you may want to back it up. See: [[VMG1312: Backup Configuration]]


[[Category:ZyXEL_VMG1312|AAISP Configuration]]
[[Category:ZyXEL VMG1312-B10A|AAISP Configuration]]

Latest revision as of 00:22, 18 August 2018

AAISP configure routers via TR-069 protocol. We generate a config file and this is sent to the router. Firmware updates are also able to be sent to the router.

Customers are free to alter the configuration as supplied, sending a configuration from the Control Pages will overwrite any settings changed though.

Here is an overview of the settings that are modified from the default, you can sort the table by the date added column to see any new changes.

Area Setting Note Date added
Broadband Configure WAN interface Further Settings on Control Pages: ADSL/FTTC, Bridge or WAN on port 4 (FTTP) 2015-02-01
Broadband Configure WAN VLAN 802.1q=101 Only for the VDSL WAN interface. 2015-02-01
Broadband Configure PPP Settings as per the service 2015-02-01
Home Network Configure DHCP Further Settings on Control Pages, Default=All IPs using AAISP DNS servers or as set on Control Pages 2015-02-01
Home Network Configure LAN subnet If line has a block of public IPs use them, else default is 192.168.1.1 2015-02-01
Home Network Configure LAN subnet If router set for bridge mode, leave IP as 192.168.1.1 2015-06-19
Wireless Configure WiFi Further Settings on Control Pages: SSID, Password or disable WiFi 2015-02-01
Wireless Configure WiFi for 20 MHz Instead of 40 MHz see VMG1312: WiFi Tips 2015-02-01
Wireless Configure WiFi for AES only This disables legacy/insecure TKIP see VMG1312: WiFi Tips 2015-06-16
Firewall Configure Firewall on/off Settings on Control Pages, Default=Enabled 2015-02-01
TR-069 Configure TR-069 Allows the router to be managed by AAISP, we give customer the same controls as staff get 2015-02-01
Log Configure Local logging Logs: System, PPPoE, XDSL, Internet, Attack, Account. 2015-05-29
Firewall Rule to allow ICMPv6 to LAN Helps make IPv6 work! 2015-06-16
Home Network Disable NAT If customer has a public IP block 2015-02-01
Maintenance Disable SNMP SNMP has a habit of having vulnerabilities, we are not aware of any for the VMG1312 though 2015-02-01
Maintenance Disable 3G backup Not usually required 2015-02-01
Firewall Disable 'DoS Protection Blocking' It does odd things, like blocking WebUI over WiFi! 2015-06-16
Maintenance Change NTP servers time.aa.net.uk and 0.uk.pool.ntp.org 2015-02-01
Maintenance Change 'supervisor' password Setting on Control Pages (same as admin) 2015-02-01
Maintenance Change 'admin' password Setting on Control Pages 2015-02-01
Firewall Change Remote Management Options Further Settings on Control Pages. Default is to only allow the LAN and the AAISP offices access. 2015-02-01
QoS Change QoS Set to give upstream priority based on 'Packet Length' See: VMG1312: QoS 2015-02-01
Firewall Change 'Deny Ping Response' to Disable, Allows the router to reply to pings 2015-02-01
QoS Disable the default QoS Classes See: VMG1312: QoS 2015-02-01
Maintenance Remove zyuser user It is a default read-only user, there is no need for it 2015-02-01
  • Static routes are currently not configured. (Only applicable if you have multiple public IP blocks and need them routed to a secondary router. These can be configured manually though.

This list may not be exhaustive, and may change over time.


WAN Configuration

As mentioned above, the WAN side of the router is configured depending on the Service provided and the settings on the Control Pages.

Service Bridge WAN port Note: WAN Note: LAN Note: WiFi Other notes
Routing Configurations - Connecting to phone line
ADSL No DSL Plugs in to phone line Customer LAN Customer LAN MTU 1492
FTTC wires only No DSL Plugs in to phone line Customer LAN Customer LAN MTU 1492, WAN VLAN 802.1q=101
Routing Configurations - Connecting to another modem
FTTC engineer install (not available for new installations) No Port 4 plugs in to Openreach modem (no longer supplied) Customer LAN Customer LAN 1492 MTU, WAN VLAN 802.1q=101. QoS will not know the uplink speed automatically, The rate can be set under Network Setting - Broadband - #3 edit
FTTP No Port 4 plugs in to Openreach modem Customer LAN Customer LAN 1492 MTU. QoS will not know the uplink speed automatically, The rate can be set under Network Setting - Broadband - #3 edit
Bridge Configurations
FTTC wires only with Customer own PPPoE router Yes DSL Plugs in to phone line Customer PPPoE router Usually Disabled ZyXEL becomes a bridging modem. MTU 1492. WAN VLAN 802.1q=101
ADSL with Customer own PPPoE router Yes DSL Plugs in to phone line Customer PPPoE router Usually Disabled ZyXEL becomes a bridging modem. MTU 1492

Making Changes

If you make changes to your configuration then you may want to back it up. See: VMG1312: Backup Configuration