Centro Business FW 7.10.10 and Passthrough function

DocG · Nov 9, 2015

Centro Business FW 7.10.10 and Passthrough function

Good morning,

One of my clients has a Zyxel firewall that worked perfectly with a Zyxel P870 bridge, until it was replaced by a Centro Business modem.

I would therefore like to find this “bridge” function on the modem. I call the SME hotline where they explain to me that you must first have a fixed IP address then activate the “passthrough” function on the modem, which I hasten to test once fixed ip ordered and activated. The only problem is that a small padlock appears in front of this function and prevents me from activating it. The technician therefore updates the firmware to version 7.10.10, which unlocks this function.

However, after several attempts, it was impossible to get the firewall and the modem to communicate. There followed several calls to the SME hotline for more than 2 hours with different technicians, who contradicted each other. By the way, this method of having to start again with a new technician on each call is more than annoying…

In the meantime, I found technical documentation on the Swisscom website explaining the method to apply: [Centro Business Passthrough](http://documents.swisscom.com/product/1000260-Connectivity_Geraete_/Documents/Spezifikationen/Centro_Business_PPPoE_Passthrough-fr. pdf “Centro Busines Passthrough”)

However, the documentation is not up to date, because in the new firmware 7.10.10 there are 2 options:

- local security gateway on LAN1 PPoE passthrough

- local security gateway on LAN1 IP passthrough

The first option is blocked (padlock), the second can be activated. However, when I enable it, unable to initiate a PPoE session from the Zyxel firewall. I should point out that I know how to do this operation very well, I have done it several times with other clients, but not with a Centro Business…

I would say that you need to activate the “PPoE” option, but it is blocked…

So it would be nice if I could get updated documentation or if a competent 2nd level technician could look into my problem and give me some more lame answers than:

- the function is not available on Centro Business

- you have to activate passthrough (thank you, I understood, but which option between the 2 to choose?)

- we don’t provide support on Zyxel (I’m asking you a question about your modem…)

- use the modem redirection functions instead (no, thank you we lose the configuration each time we reboot…)

- etc. etc.

In addition, each time the passthrough function is activated, you must wait 5 minutes for the modem to reboot and you must reset it if you want to return to the original configuration…

Thank you in advance and cordial greetings,

Nicholas

MarkusP · Nov 10, 2015

Good morning

Please send us your contact details by private message.

We will examine the case.

Greetings
Swisscom

DocG · Nov 10, 2015

Good morning,

I called the SME hotline again this afternoon and I was finally able to speak with a technician who took the time to listen to me and find a solution to the customer’s problem!

As noted above, in Centro Business firmware version 7.10.10 there are 2 passthrough options. To be able to initiate a PPoE session from a third-party firewall, you must activate the “local security gateway on LAN1 PPoE passthrough” option and not the “local security gateway on LAN1 IP” option like the support me l initially suggested…

There is, however, a trick: this option cannot be modified if a 3G “Internet Backup” USB key is connected to one of the modem’s USB ports. It is therefore necessary to disconnect it. Naturally, in this case, the client does not benefit from the backup in the event of loss of VDSL connection, but in this case, this is not important.

Once the adhoc option is activated, you can use the Zyxel firewall again as before!

I therefore suggest that you share this information with your support, because apparently the first people I spoke with yesterday were not aware of this!

Thank you and cordial greetings.

Nicholas

Xtreme66 · Nov 15, 2015

@DocG

Very interesting your information!

However, despite your instructions, I do not see where this famous option mentioned is hidden: local security gateway on LAN1 PPoE passthrough.

I only access the local security gateway on LAN1 IP: enable/disable option

And in the Centro Business help (FW 7.10.10) it says this:

IP passthrough

When IP passthrough is enabled all incoming connections are forwarded to the local security gateway, which must be configured with a static IP address of 172.31.255.6, and with 172.31.255.5 as the default gateway.

Have a nice day everyone

@+

DocG · Nov 15, 2015

Good morning,

Below is proof in images of the presence of these 2 separate options in firmware 7.10.10, an option which did not exist in the previous firmware (except error 7.8.4). So I assume in your example you are not on the latest firmware version?

Here, the PPoE option is blocked, because the “Internet Backup” 3G USB key was still connected to one of the modem’s USB ports.

Cordialement,

Nicholas

Xtreme66 · Nov 15, 2015

Good evening Nicolas,

I rebooted my Centro Business, reset the factory configuration, re-uploaded FW 7.10.10 (PSB4212N_71010.sig) and this famous line is never present! Something crazy…

We haven’t stopped laughing…. 😉

Selenos · Nov 16, 2015

This option is only available for MyPME Office (all IP) customers with a minimum of 1 fixed IP.

Good day

Xtreme66 · Nov 16, 2015

Hello @Selenos

Thank you for your clarification!

Currently, I have an PME-Office ★★★★ subscription with Business Internet light + fixed IP.

So I don’t have access to this option. 😞

Good day

DocG · Nov 16, 2015

Indeed, I forgot to specify that the customer had a myPME Office subscription with fixed IP! Sorry!

gfaessler · Nov 17, 2015

Good morning,

Have you tested IP Passtrough mode rather than PPOE Passtrough? If it allows you to benefit from 3G backup while forwarding all traffic to the public IP, it seems to me to be an interesting solution.

We are hesitant to upgrade to the MyPME Office (all IP) offer. Our current configuration is an PME-Office with a Zyxel 870 in bridge (PPOE) on a USG 50.

Cordialement

Gilles

Selenos · Nov 17, 2015

The IPoE option redirects traffic to a private__ IP. This is useful in case you want to have a second network not connected to the first. For example a guest network and a professional network.

Once IP passthrough is activated, port 1 of the centro business changes to 172.31.255.4/30. It is a local transport network which allows you to connect a router to port 1 which will then manage the internal network. Since centro ports 2-3-4 remain in the 192.168.1.0/24 network, there is no link between the two networks (except via the internet)

Good day

DocG · Nov 17, 2015

Hello Gilles,

My client had the same configuration: Zyxel 870 + Zywall 5 in PPoE.

I have not tested the IP Passthrough option, because it is not very well documented and the explanations provided by Selenos are much more complete than what the hotline was able to explain to me!

Cordialement,

Nicholas

StefanieK · Nov 17, 2015

Dear Customer,

Following the various questions and comments, we suggest you send us a private message with all your subscription details as well as a contact number where you can be reached.

This is to identify your needs and have a discussion with one of our colleagues to better advise you on the product and its use. It is also important for us to have information about your network to better advise you.

We thank you and send you our best regards.

gfaessler · Nov 17, 2015

Hello Selenos,

Thank you for your response. Ok with passtrough IP the traffic is redirected to a private IP via a network 172.31.255.4/30. In this case, couldn’t I use my USG 50 as a router on port 1 of the centro configured in Passtrough IP to manage our internal network and possibly use another port of the centro for example to manage the guest network?

How do you access the Centro from the internal network once it is configured in passtrough IP? Should we use the fixed WAN address?

Thank you for your help

Gilles

Selenos · Nov 17, 2015

Good morning,

You can plug your USG into port 1 with IP 172.31.255.6 and gateway 172.31.255.5. (unless there is an error, the attribution is dynamic, this needs to be verified). Behind your firewall, you can install your “private” network.

On another free port (2 to 4) you can manage your guest network. The default network will be 192.168.1.0/24

Access to the centro business is not possible from 172.31.255.4/30 via port 1. In this configuration, the only way to access it is remotely via the public IP or locally via interfaces 2 ,3 and 4 (192.168.1.1)

Greetings

gfaessler · Nov 17, 2015

Ok thank you for the answer, I will contact Swisscom to plan the change to MyPME Office (all IP) in December and I will try the Passtrough IP configuration on the USG. I will let you know here if anyone is interested.

Xtreme66 · Nov 17, 2015

gfaessler wrote: I will inform you here if anyone is interested

Yes, gladly!

The migration to MyPME Office is also planned for early 2016.

Suisso · Nov 25, 2015

Hello, if it helps the subject of this topic, here is the solution concerning the configuration of the “IP Passthrough” function with the Centro Business + ZyWALL USG 300:

[https://community.swisscom.ch/t5/Discussions-sur-les-routeurs/Centro-Business-PSB4212N-IP-passthrough-ZyWALL-USG-300/td-p/409417] (https://community.swisscom.ch/t5/Discussions-sur-les-routeurs/Centro-Business-PSB4212N-IP-passthrough-ZyWALL-USG-300/td-p/409417)

Best Regards:smileyhappy: