How to configure a Zyxel Router in Transparent Mode

Martin Zahn, 27.03.2008

Overview

Usually Zyxel Routers are used in Standard Mode, which means that the Router handles everything for you such as PPPoE, NAT and Routing. But besides this Standard Configuration, many Zyxel Routers can be setup in Bridge Mode and Transparent Mode. In this article, I will explain all three modes, the Transparent Mode is explained in detail, because there is no simple mouse click within the Router Configuration to switch to this very useful mode.

In the example below the following parameters and terms are used:

PPPoE - Point-to-Point Protocol over Ethernet, is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. You have to enter a User/Password, which you receive from the Internet Service Provider.

NAT - network address translation is a technique to receive network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets as they pass through. Checksums (both IP and TCP/UDP) must also be rewritten to take account of the changes. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address.

HSZ - This is the Private Network (LAN), usually in the IP Range 192.168.XXX.XXX
(in the Example 192.168.1.0 / 255.255.255.0 is used).

DMZ - This is the Public Network, which can be seen from the Internet
(in the Example 83.251.44.192 / 255.255.255.240 is used).

Standard Mode

In the Standard Mode, no extra Router / Firewall is used. The HSZ is directly connected the Zyxel Router which gets its Public Address 83.251.44.193 from the Provider. The HSZ IP-Address for the Zyxel Router is 192.168.1.1, all hosts in the HSZ are using this IP-Address as the Default Gateway. The Zyxel Router handles all relevant functions PPPoE, Routing and NAT Translation. The Zyxel configuration is very simple and need no special setup, I do not explain this mode in more detail.

Bridge Mode

In Bridge mode, you must either have another device (a Router/Firewall or your PC) to use that can be configured for PPPoE authentication. The Public IP-Address (93.251.44.193) is forwarded to the Router/Firewall. In Bridge Mode, the Zyxel Router, delegates the main functions PPPoE, Routing and NAT to the connected Router/Firewall. This configuration is useful if you have a DMZ and a Router/Firewall which can handle the PPPoE authentication. The Zyxel configuration is again very simple, just click the Bridge Switch, but now you have to configure the Router/Firewall.

Transparent Mode

In Transparent mode (which usually is NOT documented in the Zyxel doc) you have the same advantages as in the bridge mode, but you do not need a Router/Firewall that is able to do the PPPoE authentication, the Zyxel Router can do it as in the Standard Mode. The Public IP-Address (93.251.44.193) is now on the internal site of the Zyxel Router. We use a Cisco 2600 Router/Firewall, which is very complicated to setup for the PPPoE authentication - with the Zyxel Router in Transparent mode we can further use the Cisco 2600 Router.

Setup the PPPoE authentication (User, Password, IP automatic from ISP)

Menu NAT -> Switch off NAT -> Apply

Menu LAN -> DHCP to «None» -> Apply

Router IP Address to 83.251.44.193 (same IP as received on WAN)
Subnet to 255.255.255.240 -> Apply

Setup IP-Address on Public Interface to 83.251.44.194 / 255.255.255.240

Setup Default Gateway to 83.251.44.193

Conclusion

Standard and Bridge Modes are well documented - in fact often the Bridge Mode is called Transparent Mode. In this example we present the real Transparent Mode which has the same advantages as the Bridge Mode, but with the difference, that nothing must be changed on an existing Router/Firewall.