316. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
(90) days from the date of receipt, and (b) any Support Services provided by ZyXEL shall be substantially as described in applicable written materials provided to you by ZyXEL, and ZyXEL support engineers will make commercially reasonable efforts to solve any problem issues.
Page 12
Vantage CNM 2.0 User’s Guide Chapter 18 Other System Screens ..................214 18.1 Status ......................214 18.2 Vantage Upgrade ...................215 18.2.1 Upgrade Procedure ................215 18.2.2 Version Format ..................217 18.3 License Management ..................218 18.3.1 License Upgrade ...................218 18.4 System >Preferences ..................219 18.4.1 General Vantage Preferences ..............219 18.4.2 User Access ..................220...
Page 13
Vantage CNM 2.0 User’s Guide Chapter 20 Other Monitor Screens ..................246 20.1 Firmware Upgrade Report ................246 20.2 Status Monitor ....................246 20.3 VPN Editor .....................247 20.3.1 Graphical VPN Tunnel Creation ............247 20.3.2 Graphical Tunnel Depictions ..............249 20.3.3 Map .......................250 Appendix A FTP Server (WFTPD) Setup Example ..............
Page 14
Vantage CNM 2.0 User’s Guide Setting up Your Computer’s IP Address............278 Windows 95/98/Me....................278 Installing Components.................... 279 Configuring......................280 Verifying Settings ....................281 Windows 2000/NT/XP .................... 281 Verifying Settings ....................285 Macintosh OS 8/9....................285 Verifying Settings ....................287 Macintosh OS X .....................
Page 15
Vantage CNM 2.0 User’s Guide Introduction ......................300 Appendix L Open Software Announcements................. 316 Notice ........................316 Copyright (C) 1999-2001 Intalio, Inc. All Rights Reserved........316 Common Public License Version 1.0 ..............317 Cryptix General License ..................321 TECHNOLOGY LICENSE FROM SUN MICROSYSTEMS, INC. TO DOUG LEA. 322 JAVA Software Technologies..................
North American products. About This User's Guide This manual is designed to guide you through the configuration of your Vantage CNM 2.0 for its various applications. Related Documentation • Supporting Disk Refer to the included CD for support documents.
Page 26
Vantage CNM 2.0 User’s Guide Syntax Conventions • This manual may refer to Vantage Centralized Network Management 2.0 simply as Vantage CNM or Vantage. • The version number on the title page is the Vantage version that is documented in this User’s Guide.
This chapter introduces Vantage key features and Vantage requirements. 1.1 Key Features The following are the key features of Vantage CNM 2.0. 1.1.1 Object Tree View The object tree has three defined views letting you view the devices directly as you configure them. The views are Account (arranged by customer name), Type (arranged by device type) and Main View up to seven layers deep.
Vantage CNM 2.0 User’s Guide 1.1.7 Firewall Create consistent device firewall policies by reusing successful configurations in other ZyXEL devices. Ensure consistency and compliance with all security policies as well as constantly monitor all devices and act immediately if things go wrong.
H A P T E R GUI Introduction 2.1 Overview The following figure displays an overiew of the Vantage CNM 2.0 graphical user interface. Figure 1 Main Screen Main Menu Components The main screen consists of two non-resizable panes; the object pane and the content pane.
Vantage CNM 2.0 User’s Guide 2.2 Object Tree View Types The View list box contains three default views called (device) TypeView, AccountView and MainView. You can also create custom views. Figure 2 Object Tree View Types • In the MainView, you may create group folders and account folders up to seven layers deep and add devices to each layer correspondingly.
Vantage CNM 2.0 User’s Guide Folder right-click options are (in MainView only): Figure 4 Folder Right-Click Options 1 Add device. Displays an Add devices screen from which you can select devices not yet mapped to another folder. Figure 5 Add Devices 2 Delete.
Vantage CNM 2.0 User’s Guide Figure 6 Associate Administrators An administrator icon appears on the folder when you associate an administrator with a folder. To disassociate the administrator from this folder, right-click to select the icon and UnAssociate. Figure 7 Associated Administrator Right-Click Options 4 Add folder.
Vantage CNM 2.0 User’s Guide Figure 9 Account Folder Alarm Right-Click Options 2.5 Devices Right-click a device options are: Figure 10 Device Right-Click Options • Unmap. The device disappears from the tree and goes to the available pool screen from which you can map.
Vantage CNM 2.0 User’s Guide • Some menus are not accessible because administrators do not have permission. • Vantage can remember device and configuration menus. If for example, you select device A, then select DMZ in the Configuration File menu and then change to device B. The configuration DMZ will appear for device B.
If you do not want to see Java Applet Window in context-sensitive menus, then do the following: 1 On the Vantage CNM server, go to Vantage CNM 2.0 installation directory\utilities (the default installation path is C:\Program Files\ZyXEL\Vantage CNM 2.0\utilities) and copy the java.policy file.
Vantage CNM 2.0 User’s Guide Table 2 Object Tree Icons (continued) ICON DESCRIPTION This is a ZyWALL device that has firmware uploading. This is a ZyWALL device that has an alarm that is turned on. This is a ZyWALL device turned off with an alarm and will have a firmware upload.
Vantage CNM 2.0 User’s Guide Table 4 Content Pane Icons (continued) ICON DESCRIPTION Click to Cancel the configuration and return to the previous page. Click Retrieve to get the logs from a device. Click this icon to choose from an existing BB.
Vantage CNM 2.0 User’s Guide H A P T E R Device Menus 3.1 Device Menus Overview The Device menus allow you to register your device, synchronize devices, and manage firmware and configuration files. 3.1.1 Device Main Screen Device Status is the default first screen you see; the default folder in the Object pane is “root”.
This field displays the IP address of the ZyXEL device. Status This field displays the operating status of the ZyXEL device. Off indicates the ZyXEL device is not currently connected to the network. On indicates the ZyXEL device is connected to the network.
This field displays the IP address of the ZyXEL device. Status This field displays the operating status of the ZyXEL device. Off indicates the ZyXEL device is not currently connected to the network. On indicates the ZyXEL device is connected to the network.
• Import from an XML batch registration file: choose this option if you want to input a batch of devices in one go. Go to the XML folder within the Vantage CNM Installation directory (C:\Program Files\ZyXEL\Vantage CNM 2.0\xml by default). Choose the 4- devices or 100-ZyWALL10W templates and modify accordingly.
Encryption Mode None 3DES 3 To set the encryption key on the ZyXEL device, type 'CNM encrykey xxxxxxxxx' where ‘xxxxxxxxx’ is the alphanumeric encryption key (“0” to “9”, “a” to “z” or “A” to “Z”) in the Vantage server. 3.3.1.2 Configuring ZyXEL Device using Web Configurator...
Click Finish to go to the Device Registration Finished screen. 3.3.2 Import From an XML Registration File Use this method when you want to register multiple ZyXEL devices at one time. The file should be in XML format containing the fields shown in the manual registration screen for each device.
Vantage CNM 2.0 User’s Guide Make sure the XML syntax is correct, as there are no validation checks in Vantage. Although you may be allowed to import an XML file with incorrect syntax into Vantage, device management via Vantage may be abnormal.
Note: For more detailed information on creating XML files for Vantage, please see the “Import Device Using XML Reference Manual” at the ZyXEL web site download library. After you have completed the XML file, click Browse to locate it in the next screen and then click Next.
Vantage CNM 2.0 User’s Guide Figure 18 Registration Wizard: Configuration File The next screen displays all devices available in the XML file that can be imported.Select the individual devices that you wish to import or select Select All to import all devices that are displayed in this screen.
Management Use the Firmware Management screen to download ZyXEL device firmware from the ZyXEL FTP site to Vantage. After you download it to Vantage, you can then upload it from Vantage to the target devices. All firmware is downloaded to one repository within Vantage. There is no domain-specific repository within Vantage for firmware downloads.
This field displays the administrator who downloaded this firmware file to Vantage. ZyXEL Download Click this hyperlink to go to the ZyXEL Website and download firmware to your Website computer. Firmware is uploaded to your device in the following manner...
Vantage CNM 2.0 User’s Guide Click Add in the screen shown in the previous figure to display the next screen. Type the file name and path or browse to where you saved the file. You may create a firmware alias for the selected zip in this screen.
Vantage CNM 2.0 User’s Guide Figure 26 Firmware Upgrade > Select Product Line and Model 3.5.3 Firmware Upgrade Process 1 Select Firmware by picking a node. 2 Select the candidate devices (of that model type for the node selected). 3 Click Upgrade to begin the device upgrade process Figure 27 Device >...
Vantage CNM 2.0 User’s Guide You can create your own configuration file alias in Vantage. This may make it easier to distinguish multiple configuration files for the same device. 3.5.6 Configuration File Management Use this screen to view and delete configuration files uploaded to Vantage. You can view the configuration file name, a description of it, the date it was backed up and which administrator backed it up.
Vantage CNM 2.0 User’s Guide Figure 29 Device > Configuration File > Back Up The following table describes the fields in this screen Table 11 Device > Configuration File > Back Up TYPE DESCRIPTION Destination Select the radio button to give the download destination to Vantage.
Vantage CNM 2.0 User’s Guide Figure 30 Device > Configuration File > Restore Table 12 Device > Configuration File > Restore TYPE DESCRIPTION Resource From Server Select this radio button to upload a configuration file From Vantage. File Path and Name Select a file from the drop-down list box.
These screens will vary depending on which model you’re configuring. When you click a configuration menu, the screen shows the current device configuration. If you’re unfamiliar with ZyXEL device configurations, please consult your device User’s Guide. Configuration > General can be saved as one Configuration BB.
Vantage CNM 2.0 User’s Guide This Select Device BB screen allows you to select a device’s device BB and apply it to another device of the same type. Note: You can only apply a device BB to another device of the same type.
Enter the password used to access the device. MAC (Hex) This field displays the LAN MAC address of the ZyXEL device. Vantage uses the MAC address to identify the ZyXEL device. This is entered when you manually register the ZyXEL device.
'CNM encrykey xxxxxxxxx' where ‘xxxxxxxxx’ is the hexadecimal secret key number you used in the Vantage server. System Name Enter a unique name here for the ZyXEL device for identification purposes. The device name cannot exceed 31 characters. Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN side of the target device.
Vantage CNM 2.0 User’s Guide Figure 34 Configuration > General > DDNS The following table describes the fields in this screen Table 14 Configuration > General > DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
Vantage CNM 2.0 User’s Guide Table 14 Configuration > General > DDNS (continued) LABEL DESCRIPTION IP Address Enter the IP address if you select the User Specify option. E-Mail (Prestige Only) Type the e-mail address here or select from a previously created e-mail component BB.
Vantage CNM 2.0 User’s Guide Table 15 Configuration > General > Time Setting (continued) LABEL DESCRIPTION Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 65
Vantage CNM 2.0 User’s Guide Table 16 Configuration > General > Owner Info (continued) TYPE DESCRIPTION Contact Address Type the complete customer mailing address here. Address 1, 2 Type the customer’s building number, street and city zone (if applicable) here.
TCP/IP configuration at start-up from a server. You can configure the ZyXEL device as a DHCP server or disable it. When configured as a server, the ZyXEL device provides the IP configuration for the clients. If set to None, DHCP service will be disabled and you must have another DHCP server on your LAN, or else the computer must be manually configured.
RIP Direction controls the sending and receiving of RIP packets. When set to Both or Out Only, the ZyXEL device will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives;...
The ZyXEL device supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP- v2). At start up, the ZyXEL device queries all directly connected networks to gather group membership. After that, the ZyXEL device periodically updates this information. IP multicasting can be enabled/disabled on the ZyXEL device LAN and/or WAN interfaces in the web configurator (LAN;...
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server. When configured as a server, the ZyXEL device provides TCP/IP configuration for the clients. If not, DHCP service is disabled and you must have another DHCP server on your LAN, or else the computer must be manually configured.
Page 71
LAN IP address displays in the field to the right (read-only). The ZyXEL device tells the DHCP clients on the LAN that the ZyXEL device itself is the DNS server. When a computer on the LAN sends a DNS query to the ZyXEL device, the ZyXEL device forwards the query to the ZyXEL device’s system DNS server...
Allow From LAN to Select this option to forward NetBIOS packets from the LAN port to the WAN port. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh.
Select Relay to have the ZyXEL device act as a DNS proxy. The ZyXEL device tells the DHCP clients on the LAN that the ZyXEL device itself is the DNS server. When a computer on the LAN sends a DNS query to the ZyXEL device, the ZyXEL device forwards the query to the ZyXEL device’s system DNS server and...
Table 18 Configuration > LAN > IP – Prestige (continued) LABEL DESCRIPTION IP Address Type the IP address of the ZyXEL device in dotted decimal notation. 192.168.1.1 is the factory default. IP Subnet Mask The subnet mask specifies the network number portion of an IP address. The ZyXEL device automatically calculates the subnet mask based on the IP address that you assign.
IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL device lets you configure logical LAN interfaces via its single physical Ethernet interface with the device itself being the gateway for each LAN network.
Table 20 Configuration > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the ZyXEL device. IP Address Enter the IP address of the ZyXEL device in dotted decimal notation. IP Subnet Mask The ZyXEL device automatically calculates the subnet mask based how many aliases you select.
Page 77
Vantage CNM 2.0 User’s Guide Table 20 Configuration > LAN > IP Alias (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. Chapter 5 Configuration > LAN...
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > WLAN This chapter shows the wireless LAN screens. 6.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 6.1.1 Additional Installation Requirements for using 802.1x •...
Wireless stations (WS) A and B do not hear each other. They can hear the AP. When station A sends data to the ZyXEL device, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
6.2.4 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the ZyXEL device will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Vantage CNM 2.0 User’s Guide 6.3.1 WLAN Wireless Figure 42 Configuration > WLAN > Wireless The following table describes the fields in this screen Table 21 Configuration > WLAN > Wireless LABEL DESCRIPTION Enable The wireless LAN is turned off by default; before you enable the wireless LAN you Wireless LAN should configure some security by setting MAC filters and/or 802.1x security;...
Click Reset to begin configuring this screen afresh. 6.4 Configuring MAC Filter The MAC filter screen allows you to configure the ZyXEL device to give exclusive access to specific devices (Allow Association) or exclude specific devices from accessing the ZyXEL device (Deny Association).
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using the local user database internal to the ZyXEL device or an external RADIUS server for an unlimited number of users.
This field is activated only when you select Authentication Required in the Authentication Type field. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. 6.5.2 Configuring 802.1x – Prestige Select a Prestige device and then click Configuration >...
Click Reset to begin configuring this screen afresh. 6.6 Local User Database By storing user profiles locally on the ZyXEL device, the ZyXEL device is able to authenticate VPN extended authentication clients or wireless clients without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Enter a password up to 31 characters long for this user profile. Next Select Next to view the next page of Local User Database entries. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. 6.6.2 RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server.
Vantage CNM 2.0 User’s Guide Keeps track of the client’s network activity. RADIUS user is a simple package exchange in which the ZyXEL device acts as a message relay between the wireless client and the network RADIUS server. 6.6.2.1 Types of RADIUS Messages...
Appendices. • The wireless station sends a “start” message to the ZyXEL device. • The ZyXEL device sends a “request identity” message to the wireless station for identity information. • The wireless station replies with identity information, including username and password.
Disable this feature if you will not use an external authentication server. If you disable this feature, you can still set the ZyXEL device to perform user authentication using the local user database. Server IP Enter the IP address of the external authentication server in dotted decimal notation.
Page 92
The key is not sent over the network. This key must be the same on the external accounting server and ZyXEL device. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh.
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > DMZ 7.1 DMZ Overview The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death).
Vantage CNM 2.0 User’s Guide Figure 48 Configuration > DMZ The following table describes the labels in this screen. Table 27 Configuration > DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address Type the IP address of your ZyWALL in dotted decimal notation 192.168.1.1 (factory default).
Page 95
Vantage CNM 2.0 User’s Guide Table 27 Configuration > DMZ (continued) LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP) Allow from DMZ to Click this option to forward NetBIOS packets from the DMZ port to the LAN LAN port Allow from DMZ to Click this option to forward NetBIOS packets from the DMZ port to the WAN port.
"1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost". The metric sets the priority for the ZyXEL device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL device uses the following pre-defined priorities: •...
"14" in the Dial Backup Priority (metric) field (and leave the Traffic Redirect Priority (metric) at the default of "15"). Active Select this check box to have the ZyXEL device use traffic redirect if the normal WAN connection goes down. Backup Type the IP address of your backup gateway in dotted decimal notation.
Internet before traffic is forwarded to the backup gateway. Period (sec) Type the number of seconds for the ZyXEL device to wait between checks to see if it can connect to the WAN IP address (Check WAN IP Address field) or default gateway.
By implementing PPPoE directly on the ZyXEL device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
This value specifies the time in seconds that elapses before the router automatically disconnects from the PPPoE server. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. Chapter 8 Configuration > WAN...
Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. The ZyXEL device supports only one PPTP server connection at any given time. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
Page 103
Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time in seconds that elapses before the ZyXEL device automatically disconnects from the PPTP server. My IP Address Type the (static) IP address assigned to you by your ISP.
Vantage CNM 2.0 User’s Guide 8.2 WAN IP – ZyWALL Figure 53 Configuration > WAN > IP – ZyWALL The following table describes the fields in this screen Table 32 Configuration > WAN > IP – ZyWALL LABEL DESCRIPTION WAN IP Address Assignment Get automatically Select this option If your ISP did not assign you a fixed IP address.
RIP packets. Choose Both, None, In Only or Out Only. When set to Both or Out Only, the ZyXEL device will broadcast its routing table periodically. When set to Both or In Only, the ZyXEL device will incorporate RIP information that it receives.
Vantage CNM 2.0 User’s Guide 8.3.1 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the ZyWALL cannot connect to the Internet through its normal gateway. Connect the backup gateway on the WAN so that the ZyWALL still provides firewall protection. This feature is not available on all models.
Vantage CNM 2.0 User’s Guide Figure 56 Configuration > WAN > Dial Backup – ZyWALL The following table describes the labels in this screen. Table 33 Configuration > WAN > Dial Backup – ZyWALL LABEL DESCRIPTION Enable Dial Backup Select this check box to turn on dial backup.
Page 108
Idle Timeout Type the number of seconds of idle time (when there is no traffic from the ZyXEL device to the remote node) for the ZyXEL device to wait before it automatically disconnects the dial backup connection. This option applies only when the ZyXEL device initiates the call.
Terminal Ready) signal is dropped by the DTE. When the Drop DTR When Hang Up check box is selected, the ZyXEL device uses this hardware signal to force the WAN device to hang up, in addition to issuing the drop command ATH.
Speed Type the keyword preceding the connection speed. CONNECT Call Control Dial Timeout (sec) Type a number of seconds for the ZyXEL device to try to set up an outgoing call before timing out (stopping). Chapter 8 Configuration > WAN...
DESCRIPTION EXAMPLE Retry Count Type a number of times for the ZyXEL device to retry a busy or no- answer phone number before blacklisting the number. Retry Interval Type a number of seconds for the ZyXEL device to wait before (sec) trying another call after a call has failed.
(automatically) assign your WAN IP address if you do not know it. Type your WAN IP address here if you know it (static). This is the address assigned to your local ZyXEL device, not the remote router. Remote Node IP Leave this field set to 0.0.0.0 (default) to have the ISP or other remote router...
Address Mapping Set 255 in the SMT (see the section on menu 15.1 for more information). Select the check box to enable SUA. Clear the check box to disable SUA so the ZyXEL device does not perform any NAT mapping for the dial backup connection. Broadcast Dial Backup Select this check box to forward the backup route broadcasts to the WAN.
Vantage CNM 2.0 User’s Guide 8.4.1 Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections.
Vantage CNM 2.0 User’s Guide Figure 60 Configuration > WAN > Setup – Prestige – Bridge Mode The following table describes the fields in this screen Table 36 Configuration > WAN > Setup – Prestige – Bridge Mode LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP.
Page 116
Vantage CNM 2.0 User’s Guide Table 36 Configuration > WAN > Setup – Prestige – Bridge Mode (continued) LABEL DESCRIPTION Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to the appendix for more information.
Vantage CNM 2.0 User’s Guide Figure 61 Configuration > WAN > Setup – Prestige – Routing Mode The following table describes the fields in this screen. Table 37 Configuration > WAN > Setup – Prestige – Routing Mode LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP.
Page 118
Vantage CNM 2.0 User’s Guide Table 37 Configuration > WAN > Setup – Prestige – Routing Mode (continued) LABEL DESCRIPTION The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you.
Vantage CNM 2.0 User’s Guide Table 37 Configuration > WAN > Setup – Prestige – Routing Mode (continued) LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
Vantage CNM 2.0 User’s Guide Figure 62 Configuration > WAN > Backup – Prestige The following table describes the fields in this screen. Table 38 WAN Backup – Prestige LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection.
Vantage CNM 2.0 User’s Guide Table 38 (continued) WAN Backup – Prestige LABEL DESCRIPTION Fail Tolerance Type the number of times (2 recommended) that your Prestige may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
Vantage CNM 2.0 User’s Guide Table 38 (continued) WAN Backup – Prestige LABEL DESCRIPTION Advanced Backup Click this button to display the Advanced Backup screen and edit more details of your WAN backup setup. Apply Click Apply to save the changes.
Vantage CNM 2.0 User’s Guide Figure 63 Advanced WAN Backup – Prestige The following table describes the fields in this screen. Table 39 Advanced WAN Backup – Prestige LABEL DESCRIPTION Basic Authentication Type Use the drop-down list box to select an authentication protocol for outgoing calls.
Page 124
Vantage CNM 2.0 User’s Guide Table 39 Advanced WAN Backup – Prestige (continued) LABEL DESCRIPTION Primary/ Secondary Type the first (primary) phone number from the ISP for this remote node. If the Phone Number primary phone number is busy or does not answer, your Prestige dials the secondary phone number if available.
Vantage CNM 2.0 User’s Guide Table 39 Advanced WAN Backup – Prestige (continued) LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
IP address known within another network. 9.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL device. For example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
9.1.4 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL device maps multiple local IP addresses to one global IP address.
SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The ZyXEL device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world. The ZyXEL device provides the additional safety of a DMZ port for connecting your publicly accessible servers. This makes the LAN more secure by physically separating it from your public servers.
Note: If you do not assign a Default Server IP Address, the ZyXEL device discards all packets received for ports that are not specified here or in the remote management setup.
End Port Server IP Type the IP address of the inside server. Address Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to return to the previous screen. Chapter 9 Configuration > NAT...
End Port Server IP Type the IP address of the inside server. Address Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to return to the previous screen. Chapter 9 Configuration > NAT...
Vantage CNM 2.0 User’s Guide Select a radio button and then click Edit to configure that server set. 9.3.4 Full Feature Address Mapping Select Full Feature in Figure 64 on page 133 and then click Edit to bring up the next screen.
One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Click the link to go to the NAT > SUA Server screen to edit a server set that you have selected in the Server Mapping Set field. Save Click Save to save your changes back to the ZyXEL device. Cancel Click Cancel to return to the previous screen.
Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The ZyXEL device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger"...
This field displays a port number or the ending port number in a range of port numbers. Trigger The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Type a port number or the ending port number in a range of port numbers. Trigger The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
10.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL device has no knowledge of the networks beyond 10.1.1 Static Route Summary Select a device and then click Configuration > Static Route.
ZyXEL device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as the ZyXEL device; over the WAN, the gateway must be the IP address of one of the remote nodes.
ZyXEL device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as the ZyXEL device; over the WAN, the gateway must be the IP address of one of the Remote Nodes.
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > VPN This chapter shows you how to configure VPNs using Vantage. 11.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Vantage CNM 2.0 User’s Guide 11.1.6 Data Origin Authentication The IPSec receiver can verify the source of IPSec packets. This service depends on the data integrity service. 11.1.7 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN.
Vantage CNM 2.0 User’s Guide Table 52 AH and ESP (continued) Advanced Encryption Standard data encryption uses a secret key. This implementation of AES applies a 128-bit key to 128-bit blocks of data. AES is faster than 3DES. Select DES for minimal security and 3DES or AES for Select MD5 for minimal security and SHA- maximum.
IPSec SA lifetime period expires. In effect, the IPSec tunnel becomes an always on connection after you initiate it. Both IPSec routers must have a ZyXEL device-compatible keep alive feature enabled in order for this feature to work.
Vantage CNM 2.0 User’s Guide If the ZyXEL device has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep alive enabled, then no other tunnels can take a turn connecting to the ZyXEL device because the ZyXEL device never drops the tunnels that are already connected.
LOCAL ID TYPE CONTENT Type the IP address of your computer or leave the field blank to have the ZyXEL device automatically use its own IP address. Type a domain name (up to 31 characters) by which to identify this ZyXEL device.
The ZyXEL device automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires. The ZyXEL device also automatically renegotiates the IPSec SA if both IPSec routers have keep alive enabled, even if there is no traffic.
This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the ZyXEL device. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).
You can create a single-ended VPN tunnel using Vantage by selecting N/A from the Remote Device field. This allows you to create a VPN tunnel between a ZyXEL device and another IPSec router. You must make sure the remote IPSec router VPN settings correspond to the ZyXEL device VPN settings.
Vantage CNM 2.0 User’s Guide Figure 74 Configuration > VPN > Tunnel IPSec Detail The following table describes the labels in this screen. Table 57 Configuration > VPN > Tunnel IPSec Detail LABEL DESCRIPTION Name This is a VPN name for identification purposes.
Page 155
Enable Replay Detection Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the ZyXEL device automatically renegotiates the tunnel when the IPSec SA lifetime period expires. In effect, the IPSec tunnel becomes an always on connection after you initiate it.
Page 156
WAN IP addresses. With DNS or E-mail in the Local ID Type field, type a domain name or e-mail address by which to identify this ZyXEL device. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string.
Page 157
It is called pre-shared because you have to share it with another party before you can communicate with them over a secure connection. ZyXEL gateways authenticate an IKE VPN session by matching pre-shared keys. Enter from 8 up to 31 characters. Any character may be used, including spaces, but trailing spaces are truncated.
Vantage CNM 2.0 User’s Guide Table 57 Configuration > VPN > Tunnel IPSec Detail (continued) LABEL DESCRIPTION Encapsulation In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
IP addresses, as long as only one is active at any time. A-End / Z-End Device Select the name of the ZyXEL device from the pull-down list. My IP This is the IP address of the local and remote computer(s) of the VPN tunnel.
Page 160
Address Start When the Address Type field is configured to Single, enter a (static) IP address on the LAN behind the ZyXEL device. When the Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the LAN behind the ZyXEL device.
Table 58 Configuration > VPN >Manual Tunnel IPSec Detail (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to begin configuring this screen afresh. 11.3 VPN and NetBIOS NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to find other computers.
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > Firewall This chapter shows you how to configure firewall for your devices. 12.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
12.3 I ntroduction to ZyXEL’s Firewall The ZyXEL device firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (in SMT menu 21.2 or in the web configurator). The ZyXEL device’s purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet.
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL device is pre-configured to automatically detect and thwart all known DoS attacks.
Vantage CNM 2.0 User’s Guide Weaknesses in the TCP/IP specification leave it open to "SYN Flood" and "LAND" attacks. These attacks are executed during the handshake that initiates a communication session between two applications. Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server.
To engage in IP spoofing, a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through the router or firewall. The ZyXEL device blocks all IP Spoofing attempts. 12.4 Stateful Inspection With stateful inspection, fields of the packets are compared to packets that are already known to be trusted.
Vantage CNM 2.0 User’s Guide are allowed in. The ZyXEL device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the ZyXEL device itself (as with the "virtual connections" created for UDP and ICMP).
IP and UDP information will be allowed back in through the firewall. A similar situation exists for ICMP, except that the ZyXEL device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies.
Page 171
• WAN to LAN • WAN to WAN/ZyWALL This prevents computers on the WAN from using the ZyXEL device as a gateway to communicate with other computers on the WAN and/or managing the ZyXEL device. • DMZ to LAN •...
Vantage CNM 2.0 User’s Guide • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet. • Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN.
Generate alert when attack detected checkbox Configure the Log Settings screen to have the ZyXEL device send an immediate e-mail message to you when an event generates an alert. Refer to the chapter on logs for details.
Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Route Select this check box to have the ZyXEL device firewall ignore the use of triangle route topology on the network. See the Appendices for more on triangle route topology.
The ordering of your rules is important as they are applied in order of their numbering. Apply Click Apply to save your changes back to the ZyXEL device. Click Add to create a new firewall rule. Delete Select a rule index and then click Delete to delete an existing firewall rule.
This is the rate of new half-open sessions that 80 existing half-open causes the firewall to stop deleting half-open sessions. sessions. The ZyXEL device continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number.
Vantage CNM 2.0 User’s Guide Table 65 Configuration > Firewall > DoS Settings (continued) LABEL DESCRIPTION EXAMPLE VALUES TCP Maximum This is the number of existing half-open TCP .10 existing half-open TCP Incomplete sessions with the same destination host IP...
Active Check the Active check box to have the ZyXEL device use this rule. Leave it unchecked if you do not want the ZyXEL device to use the rule after you apply it Packet Direction Use the drop-down list box to select the direction of packet travel to which you want to apply this firewall rule.
Vantage CNM 2.0 User’s Guide Table 66 Configuration >Firewall > Edit (continued) DESCRIPTION LABEL Custom Port Click this button to bring up the screen that you use to configure a new custom service that is not in the predefined list of services.
Vantage CNM 2.0 User’s Guide 12.5.5 Custom Ports Configure customized ports for services not predefined by the ZyXEL device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. Click Add or Edit under Custom Port to add or edit a custom port.
This field lists the destination IP address and the port number of the packet. Time This field displays the time the log was recorded. See the chapter on system maintenance and information to configure the ZyXEL device's time and date. Content This field states the reason for the log.
Vantage CNM 2.0 User’s Guide 13.2 Device Logging Options Use the Logging Options screen to configure to where the ZyXEL device is to send logs; the schedule for when the ZyXEL device is to send the logs and which logs and/or immediate alerts the ZyXEL device is to send.
Vantage CNM 2.0 User’s Guide Figure 83 Configuration > Device Logs > Log Settings The following table describes the labels in this screen. Table 70 Configuration > Device Logs > Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Select the categories of logs that you want to record. Logs include alerts. Send Immediate Alert Select the categories of alerts for which you want the ZyXEL device to instantly e-mail alerts to the e-mail address specified in the Send Alerts To field.
Vantage CNM 2.0 User’s Guide Figure 84 Purge Device Logs The following table describes the labels in this screen. Table 71 Purge Device Logs LABEL DESCRIPTION Send e-mail Select the checkbox and enter valid e-mail address(es) of those who should receive report to a report on logs that have been purged.
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > ADSL Monitor Use this screen to monitor your ADSL link. 14.1 Introduction The Prestige is an ADSL device compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.
Vantage CNM 2.0 User’s Guide Figure 85 Configuration > ADSL Monitor The following table describes the labels in this screen. Table 73 Configuration > ADSL Monitor LABEL DESCRIPTION ADSL Link Status This is the status of your ADSL link. ADSL Standard...
Use these screens to view and manage device alarms. 15.1 Device Alarms Select a domain in the object tree to view alarms for that domain. Alarms are time-critical information that the ZyXEL device automatically sends out at the time of occurrence. 15.1.1 Alarm Classifications There are four alarm severity classifications.
Vantage CNM 2.0 User’s Guide 15.1.3 Current Alarms Screen This screen includes filters for time, alarm type, alarm severity type and the administrator who responded to the alarm. You may also configure to have administrators automatically e-mailed when an alarm occurs in the System >...
Vantage CNM 2.0 User’s Guide Table 76 Configuration > Device Alarms >Current (continued) LABEL DESCRIPTION Retrieve Click Retrieve to renew the logs displayed for the selected device. Respond Click Respond to create a response to an alarm. Clear Click Clear to erase the logs displayed for the selected device. Only the root administrator can clear logs.
Page 194
Vantage CNM 2.0 User’s Guide Table 77 Configuration > Device Alarms > Historical (continued) LABEL DESCRIPTION Response Time This field displays the time of response since an administrator first received the alarm. Description This field displays a brief explanation of the administrator’s response.
Vantage CNM 2.0 User’s Guide H A P T E R Building Blocks (BBs) 16.1 Categories A BB is a building block used to build a device configuration using Vantage CNM. • A device BB is a combination of configuration BBs, which vary by model. A device can have only one Device BB.
Vantage CNM 2.0 User’s Guide Figure 88 Building Block > Device BB The following table describes the fields in this screen Table 78 Building Block > Device BB TYPE DESCRIPTION Index This is the building block list number. Name A building block should have a unique name. Click this hyperlink to go to a BB info screen that allows you to edit the name and add some extra description of the BB.
Vantage CNM 2.0 User’s Guide Table 79 Building Block > Device BB > Edit (continued) TYPE DESCRIPTION Next Click to proceed to the following screen Cancel Click to return to the previous screen. 16.3.2 Device BB Configuration Select Select one of the hyperlink configuration menus to configure your BB Device LAN, WLAN etc.
Vantage CNM 2.0 User’s Guide Figure 91 Building Block > Device BB > Add Table 80 Building Block > Device BB > Add TYPE DESCRIPTION Name Type a unique name for the building block. Device Select the device model. Note...
Vantage CNM 2.0 User’s Guide Table 81 Building Block > Configuration (continued) TYPE DESCRIPTION Click to proceed to the next screen. Delete Click to delete a selected device BB. 16.4.1 Adding a Configuration BB Click Add from Figure 92 on page 201.
Vantage CNM 2.0 User’s Guide Figure 94 Building Block > Configuration BB > Add > Next The completed configuration BB is shown next. You may edit this BB by clicking the Name hyperlink. Figure 95 Building Block > Configuration BB > Added 16.4.2 Editing a Configuration BB...
Vantage CNM 2.0 User’s Guide Figure 96 Building Block > Configuration BB > Edit The following table describes the fields in this screen Table 83 Building Block > Configuration BB > Edit TYPE DESCRIPTION Name You may change the name for this configuration building block.
Vantage CNM 2.0 User’s Guide Table 84 Building Block > Component BB (continued) TYPE DESCRIPTION create new component BBs Click Add to create a new configuration BB. Alternatively, directly from the configuration menus by using the “save as new BB” icon.
Vantage CNM 2.0 User’s Guide Figure 99 Building Block > Component BB > Add > IP Address The following table describes the fields in this screen Table 86 Building Block > Component BB > Add > IP Address TYPE DESCRIPTION IP Type Select from Single, Range or Subnet.
Vantage CNM 2.0 User’s Guide Figure 101 Component BBs Added 16.5.2 Editing a Component BB Click the Name hyperlink in the component BB summary screen as shown in Figure 101 on page 207 to edit a component BB. Figure 102 Building Block > Component BB > Edit The following table describes the fields in this screen Table 88 Building Block >...
Vantage CNM 2.0 User’s Guide H A P T E R System > Administrators Use these screens to manage Vantage administrators. 17.1 I ntroduction to Administrators An Administrator can only be associated to one management domain. To change an Administrator’s management domain, you must first disassociate him or her from an existing domain before associating to the new domain.
Vantage CNM 2.0 User’s Guide 3 Only “root” can see all other Administrators. Other Administrators can only see Administrators within their domain. 17.1.1.2 “Super” Administrators “Super” Administrators are Administrators created using the “Super” User Group. They are the next most powerful type Administrator next to “root”.
Vantage CNM 2.0 User’s Guide Figure 103 System > View Administrator List The following table describes the fields in this screen. Table 89 System > View Administrator List LABEL DESCRIPTION Select the checkbox and enter a valid e-mail address of the person who should receive a report on logs that have been purged.
Vantage CNM 2.0 User’s Guide Figure 104 System > Administrator Details The following table describes the fields in this screen. Table 90 System > Administrator Details LABEL DESCRIPTION Name Type the administrator name used for identification purposes. Login ID Type the administrator login name associated with the password that you log into Vantage with.
Vantage CNM 2.0 User’s Guide 17.3.2 Administrator Permissions You may select which permissions (privileges) an administrator may have from the next screen. Figure 105 System > Administrator Permissions The following table describes the fields in this screen. Table 91 System > Administrator Permissions...
Page 210
Vantage CNM 2.0 User’s Guide Table 91 System > Administrator Permissions (continued) LABEL DESCRIPTION System System Management is defined as follows: Management Vantage Upgrade License Preference Log option and purge log Maintenance Apply Click Apply to save your settings in Vantage.
Vantage CNM 2.0 User’s Guide H A P T E R Other System Screens Only the root administrator can view the System > Upgrade to System > Data Maintenance screens as only the root administrator can perform these duties. 18.1 Status Click System >...
This field displays the number of Administrators currently logged into currently logged in Vantage. 18.2 Vantage Upgrade Upgraded Vantage software may be for bug fixes, increased ZyXEL device support or new Vantage modules. You should perform system maintenance (backup) before upgrading software. 18.2.1 Upgrade Procedure 1 Click System >...
If an administrator has not logged out, Vantage will not let you continue. A warning screen will re-appear reminding you to notify them to log out. You should have already downloaded the upgraded Vantage software from the ZyXEL website. The next screen asks you to Browse to the location on your computer where you have previously downloaded the software upgrade file.
Vantage. This number changes for patch upgrades. The version code of the Vantage CNM 2.0 for Windows XP SP1 without a patch is 2.0.00.61.00. The version code of the Vantage CNM 2.0 for RedHat Linux 9.0 without a patch is 2.0.00.81.00.
You get an initial license key when you first buy Vantage and after that you may buy expansion license keys in order to be able to manage more ZyXEL devices with Vantage. Click Vantage > License to display the next screen.
Vantage CNM 2.0 User’s Guide Figure 112 System > License > License Management > Upgrade The following table describes the fields in this screen. Table 95 System > License > License Management > Upgrade LABEL DESCRIPTION Activation Key Copy and paste or type the Activation Key that is generated in the myZyXEL.com website.
Vantage CNM 2.0 User’s Guide Figure 113 System > Preferences > General System The following table describes the fields in this screen. Table 96 System > Preferences > General System LABEL DESCRIPTION Vantage CNM Root This refers to the root of the object tree.
Vantage CNM 2.0 User’s Guide Figure 114 System > Preferences > User Access The following table describes the fields in this screen. Table 97 System > Preferences > User Access LABEL DESCRIPTION Max Count of Users Online Type the maximum number of administrators allowed to log into Vantage at any one time.
Page 219
Vantage CNM 2.0 User’s Guide The SMTP server is used for e-mail notifications. The syslog server is used to receive logs. The syslog server you configure for a device and the syslog server you configure for Vantage MUST be the same.
Vantage CNM 2.0 User’s Guide Figure 115 System > Preferences > Server The following table describes the fields in this screen. Table 98 System > Preferences > Server LABEL DESCRIPTION Vantage CNM server Select the check box to make the IP address editable.
Vantage CNM 2.0 User’s Guide Table 98 System > Preferences > Server (continued) LABEL DESCRIPTION Mail Server The mail (SMTP) server is used to send Vantage notifications. Select the checkbox to activate the fields below. IP Address Type the IP address of the mail server here.
Vantage CNM 2.0 User’s Guide 18.4.4 Notifications Use this screen to decide who should receive e-mails for events that may warrant immediate attention such as firmware upgrade or device logs and/or alarms. Device Owner is a variable that refers to the e-mail address of the device owner (configured in Configuration > General >...
Vantage CNM 2.0 User’s Guide 18.4.5 Vantage Permissions: User Group A “user group” is a pre-defined set of administrator permissions. Super pre-defined permissions are not editable. Root may choose what default permissions are associated with the Normal permissions template here. Root can also create and delete new permission templates here.
Vantage CNM 2.0 User’s Guide Figure 120 System > Preferences > Permissions > Add The following table describes the fields in this screen. Table 101 System > Preferences > Permissions > Add LABEL DESCRIPTION Add User Group User Group ID Enter the new template name (User Group) in this field.
Vantage CNM 2.0 User’s Guide 18.5 System Maintenance Use the Maintenance screens to manage, back up and restore Vantage system backup files. Data maintenance includes device firmware and configuration files you have uploaded to the Vantage server. You can back up or restore to your computer or Vantage. You can choose what domain to back up by selecting a folder in the object tree.
Vantage CNM 2.0 User’s Guide Figure 122 System > Maintenance > Backup The following table describes the fields in this screen. Table 103 System > Maintenance > Backup LABEL DESCRIPTION Destination Select the radio button to give the download destination to server.
Vantage CNM 2.0 User’s Guide Figure 123 System > Maintenance > Restore The following table describes the fields in this screen. Table 104 System > Maintenance > Restore LABEL DESCRIPTION Destination Select this radio button to upload a configuration file From Server.
Vantage CNM 2.0 User’s Guide Figure 124 System > Address Book The following table describes the labels in this screen. Table 105 System > Address Book LABEL DESCRIPTION This is a number defining an address book entry. Index This field displays the address book entry index number.
Click Cancel to return to the previous screen. 18.7 Certificate Management Overview Some ZyXEL devices can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates provide a way to exchange public keys for use in authentication.
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL device does not trust a certificate if any certificate on its path has expired or been revoked.
Use the My Certificate Import screen to import the certificate and replace the request. SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the ZyXEL device uses to sign imported trusted remote host certificates. CERT represents a certificate issued by a certification authority.
Vantage CNM 2.0 User’s Guide 18.7.3 Create a Certificate You can create certificates by entering the requested information into the fields below. Then click Apply. Figure 127 System > Certificate Management > Create CSR The following table describes the labels in this screen.
Vantage CNM 2.0 User’s Guide Figure 128 System > Certificate Management > Import Certificate The following table describes the labels in this screen. Table 109 System > Certificate Management > Import Certificate LABEL DESCRIPTION Input Certificate Input Your Certificate Path Type in the location of the certificate you want to upload in this field or click Browse ...
Vantage CNM 2.0 User’s Guide Figure 129 System > Logs > CNM Server The following table describes the labels in this screen. Table 110 System > Logs > CNM Server LABEL DESCRIPTION Select Time Period Select the time period for which you wish to view Vantage logs Source This field displays the source of the Vantage log.
Vantage CNM 2.0 User’s Guide Figure 130 System > Logging Options 18.9 A bout Vantage The About screen provides some basic information about Vantage as shown in the following screen. Figure 131 System > About Vantage Chapter 18 Other System Screens...
Page 236
Vantage CNM 2.0 User’s Guide Chapter 18 Other System Screens...
19.1 Alarms Select a domain in the object tree to view alarms for that domain. Alarms are time-critical information that the ZyXEL device automatically sends out at the time of occurrence. 19.1.1 Alarm Types There are three types of alarms.
Vantage CNM 2.0 User’s Guide 19.1.3 Alarm States When an alarm is received by Vantage, it can be in one of three states: Table 113 Alarm States STATE DESCRIPTION Active This is the initial state of an alarm, which means this alarm is new and no one has assumed responsibility for handling it yet.
Vantage CNM 2.0 User’s Guide Table 114 Monitor > Current Alarms STATE DESCRIPTION Select Time Period Select the time period for which you wish to view alarms. Select Type of Select the type of alarm you wish to view. Alarm Select Severity of Select the type of alarm you wish to view.
Vantage CNM 2.0 User’s Guide Figure 133 Monitor > Historical Alarms 4See Table 114 on page 243 for more information on fields in this table. Chapter 19 Monitor > Alarms...
Vantage CNM 2.0 User’s Guide H A P T E R Other Monitor Screens Firmware Upgrade means that Vantage signals the device to request a firmware FTP upload from Vantage. 20.1 Firmware Upgrade Report Details of firmware uploaded to Vantage are shown as in the next screen.
20.3.1 Graphical VPN Tunnel Creation Configure IPSec tunnels graphically as follows 1 Drag the ZyXEL device icons around the screen as you please. Drag them apart to view each device more clearly. Save this view by clicking Save. 2 Right-click a ZyXEL device (A-End) and select VPN in the popup menu. Click the ZyXEL device again and drag (you should see a red line) to another ZyXEL device (Z- End), then release the mouse button.
Vantage CNM 2.0 User’s Guide Figure 136 Monitor > VPN Editor > Tunnel IPSec Detail 4 See Table 57 on page 157 for more information on the fields in this screen. Click Apply to go to a Tunnel Summary screen.
A gray solid line means that the VPN tunnel is set up between the devices but the tunnel is not active yet (no traffic). A green solid line means an active tunnel (with traffic) between the ZyXEL devices. The icons are dragged apart and dashed lines indicating VPN Tunnels are created after configuring the Tunnel IPSec Detail screen.
Vantage CNM 2.0 User’s Guide Figure 138 Monitor > VPN Monitor – Graphical Tunnel 20.3.3 Map Click the Map button to upload a background image such as a map. Click the Map button in the IPSec Summary to upload a background gif (only) image. Type a file and path name or browse for your required file.
Vantage CNM 2.0 User’s Guide Appendix A FTP Server (WFTPD) Setup Example Installing WFTPD 1 Download the WFTPD software from www.wftpd.com to where you want to install it. 2 Double-click setup.exe to begin the wizard. Figure 140 Setup 3 Click Next to begin and then follow the wizard prompts.
Vantage CNM 2.0 User’s Guide Figure 142 Information 5 Select the installation type and click Next. Figure 143 Installation Type 6 Select where to install WFTPD Pro and click Next.
Vantage CNM 2.0 User’s Guide Figure 144 Installation Directory 7 You are prompted to create the directory if it doesn’t already exist. Click Yes to create a new directory. Figure 145 Create Directory 8 Click Next to begin the installation.
Vantage CNM 2.0 User’s Guide Running WFTPD Figure 147 Run WFTPD 10 Click Start Service form the WFTPD main screen. WFTPD main screen. Figure 148 WFTPD Main Screen 11 Open Administrative Tools in the Windows Control Panel and then select Services to...
Vantage CNM 2.0 User’s Guide Figure 149 Windows Services 12 Right-click WFTPD Pro service and then click Properties. Figure 150 WFTPD Properties 13 Click the Log On tab to configure a user name and password for this server. This must...
Vantage CNM 2.0 User’s Guide Appendix B Configuring the Kiwi Syslog Daemon This section shows you how to install and configure the KiWi Syslog Daemon for use with Vantage CNM 2.0. Installing the Kiwi Syslog Daemon Follow the steps below to install the KiWi. Syslog Daemon 1 Download the latest version of the KiWi Syslog Daemon from www.kiwisyslog.com...
4 Click Install to install Kiwi to the default directory. Note: You must install Kiwi in the C:\Program Files\Syslog directory for the Vantage CNM 2.0 syslog function to work. Figure 154 Kiwi Installation: Installation Directory Wait before the installation process completes.
Vantage CNM 2.0 User’s Guide 3 Click Defaults/Import/Export under Inputs. 4 Click Import Settings and Rules from INI file. Figure 155 Kiwi Syslog Daemon Setup 5 Locate the “.ini” syslog configuration file you saved to your computer in step 1 and click Open.
Vantage CNM 2.0 User’s Guide Figure 157 Kiwi Syslog Daemon Setup: Import Configuration File: Confirm 7 In the Kiwi Syslog Daemon Setup screen, click Apply and then OK to close the screen. Note: You must start the Telnet service on the computer you install Kiwi.
After you have installed and configure the Kiwi Syslog Daemon and started the Telnet service on the computer, configure the syslog settings in Vantage CNM 2.0. Set the syslog server username and password to be the same as the Windows username and password in the Vantage system Server screen.
Vantage CNM 2.0 User’s Guide Figure 160 Vantage System Servers 3 Select Syslog Server, then enter the IP address of the computer on which you installed the Syslog server and the user name and password that you configured 4 Click Apply.
Table 116 FTP and syslog Server Overview LABEL DESCRIPTION This is the Vantage CNM 2.0 server. This is any ZyXEL device. This is a syslog server This is an FTP server Vantage sends syslog server and FTP server information to the device when you register the device with Vantage.
Page 262
After a successful communication link has been established between Vantage and the syslog server, Vantage instructs the syslog server to send the vantage.log (ZyXEL devices’ logs) from the syslog server to an FTP server for retrieval. Vantage uses the FTP protocol to retrieve the vantage.log (ZyXEL devices’ logs) from the FTP server.
Vantage CNM 2.0 User’s Guide Appendix D Java Console Debug Messages Introduction If you have problems with Vantage, customer support may ask you to find Java console debug messages. This appendix shows you how to do this. 1 Click Start, Control Panel and double-click on Java Plug-in.
Vantage CNM 2.0 User’s Guide Figure 162 Java Plug-in Control Panel 3 Open Internet Explorer and log into Vantage CNM 2.0. After successful login a Java plug-in icon should appear in your Windows system tray. If there is no icon present, return to step 2.
Vantage CNM 2.0 User’s Guide Appendix E IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Vantage CNM 2.0 User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Vantage CNM 2.0 User’s Guide For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128. The following table shows all possible subnet masks for a class “C” address using both notations. Table 120 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK “1”...
Vantage CNM 2.0 User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow”...
Vantage CNM 2.0 User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Vantage CNM 2.0 User’s Guide Appendix F Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Vantage CNM 2.0 User’s Guide Figure 166 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Vantage CNM 2.0 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring...
Vantage CNM 2.0 User’s Guide Figure 168 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Vantage CNM 2.0 User’s Guide Figure 169 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 170 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Vantage CNM 2.0 User’s Guide Figure 171 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 172 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Vantage CNM 2.0 User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 173 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Vantage CNM 2.0 User’s Guide • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Vantage CNM 2.0 User’s Guide Figure 175 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 176 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
Vantage CNM 2.0 User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
Vantage CNM 2.0 User’s Guide Figure 178 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
Vantage CNM 2.0 User’s Guide Appendix G Virtual Circuit Topology Introduction ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...
Vantage CNM 2.0 User’s Guide Appendix H Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, E-mail, printer services, etc.) without the use of a cabled connection.
Vantage CNM 2.0 User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any...
Vantage CNM 2.0 User’s Guide Appendix I Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC...
Vantage CNM 2.0 User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 182 Sequences for EAP MD5–Challenge Authentication...
Vantage CNM 2.0 User’s Guide Appendix J Types of EAP Authentication Introduction This appendix discusses three popular EAP authentication types: EAP-MD5, EAP-TLS and EAP-TTLS. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
Vantage CNM 2.0 User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Vantage CNM 2.0 User’s Guide Appendix K Log Descriptions Introduction This appendix provides descriptions of example device log messages. Table 132 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server.
Vantage CNM 2.0 User’s Guide Table 132 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION An SMT management session has started. SMT Session Begin An SMT management session has ended. SMT Session End The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server.
Vantage CNM 2.0 User’s Guide Table 137 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was blocked Firewall default policy: ICMP or forwarded according to the user's setting. For type and <Packet Direction>, <type:%d>, code details, see Table 149.
Vantage CNM 2.0 User’s Guide Table 139 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing Table 140 UPnP Logs...
Vantage CNM 2.0 User’s Guide Table 141 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid.
Vantage CNM 2.0 User’s Guide Table 143 IPSec Logs LOG MESSAGE DESCRIPTION The router received and discarded a packet with an incorrect Discard REPLAY packet sequence number. The router received a packet that has been altered. A third party may Inbound packet have altered or tampered with the packet.
Page 304
Vantage CNM 2.0 User’s Guide Table 144 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router couldn’t resolve the IP address from the domain Cannot resolve Secure Gateway name that was used for the secure gateway address. Addr for rule <%d>...
Page 305
Vantage CNM 2.0 User’s Guide Table 144 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer.
Vantage CNM 2.0 User’s Guide Table 144 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 did not match between the router Rule [%d] phase 2 mismatch and the peer. The listed rule’s IKE phase 2 key lengths (with the AES...
Vantage CNM 2.0 User’s Guide Table 145 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received directory data that was too large (the size is listed) Rcvd data <size> too from the LDAP server whose address and port are recorded in the large! Max size Source field.
Vantage CNM 2.0 User’s Guide Table 146 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 147 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database.
Vantage CNM 2.0 User’s Guide Table 148 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN.
Vantage CNM 2.0 User’s Guide Table 149 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message...
No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes Castor Copyright (C) 1999-2001 Intalio, Inc.
Vantage CNM 2.0 User’s Guide IN NO EVENT SHALL INTALIO, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS...
Page 315
Vantage CNM 2.0 User’s Guide a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non- exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
Page 316
Vantage CNM 2.0 User’s Guide Contributors may not remove or alter any copyright notices contained within the Program. Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution.
Page 317
Vantage CNM 2.0 User’s Guide EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT...
Vantage CNM 2.0 User’s Guide This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
Vantage CNM 2.0 User’s Guide This Product includes software of Java Software technologies. TECHNOLOGY LICENSE FROM SUN MICROSYSTEMS, INC. TO DOUG LEA Whereas Doug Lea desires to utlized certain Java Software technologies in the util.concurrent technology; and Whereas Sun Microsystems, Inc. (Sun) desires that Doug Lea utilize certain Java Software technologies in the util.concurrent technology;...
Vantage CNM 2.0 User’s Guide DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN MICROSYSTEMS, INC. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN MICROSYSTEMS, INC.
Page 321
Vantage CNM 2.0 User’s Guide the applicable README file), (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that protects Sun's interests consistent with the terms contained in this Agreement, and (vi) you agree.
Vantage CNM 2.0 User’s Guide 7. Distribution by Publishers. This section pertains to your distribution of the Software with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology ("Publication"). Subject to and conditioned upon your compliance with the...
Page 323
Vantage CNM 2.0 User’s Guide "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
Page 324
Vantage CNM 2.0 User’s Guide 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty- free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
Page 325
Vantage CNM 2.0 User’s Guide 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions.
Page 326
Vantage CNM 2.0 User’s Guide Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Vantage CNM 2.0 User’s Guide Copyright (c) 2002, 2003 Gargoyle Software Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Vantage CNM 2.0 User’s Guide This Product includes J3SSH under LGPL. Copyright (C) 2002 Lee David Painter. All right reserved. GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 329
Vantage CNM 2.0 User’s Guide For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code.
Page 330
Vantage CNM 2.0 User’s Guide Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.
Page 331
Vantage CNM 2.0 User’s Guide notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.
Page 332
Vantage CNM 2.0 User’s Guide However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.
Page 333
Vantage CNM 2.0 User’s Guide needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Page 334
Vantage CNM 2.0 User’s Guide refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims;...
Vantage CNM 2.0 User’s Guide 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,...
Page 336
Vantage CNM 2.0 User’s Guide To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have.
Page 337
Vantage CNM 2.0 User’s Guide a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
Page 338
Vantage CNM 2.0 User’s Guide scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Page 339
Vantage CNM 2.0 User’s Guide 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 341
5.Confidentiality You acknowledge that the Software contains proprietary trade secrets of ZyXEL and you hereby agree to maintain the confidentiality of the Software using at least as great a degree of care as you use to maintain the confidentiality of your own most confidential information.
Page 342
This License Agreement is effective until it is terminated. You may terminate this License Agreement at any time by destroying or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement.
Page 343
Software and Documentation shall not be assigned by you without the prior written consent of ZyXEL. Any waiver or modification of this License Agreement shall only be effective if it is in writing and signed by both parties hereto. If any part of this License...
Page 344
Vantage CNM 2.0 User’s Guide Index Access Point EAP Authentication Aggressive Enable Wireless LAN Alarms Encapsulation Alternative Subnet Mask Notation encrymode Application-level Firewalls Encryption Algorithm 160, 161 Attack Types EnterSee Syntax Conventions Authentication Algorithm 160, 161 ESS ID Extended Service Set...
Vantage CNM 2.0 User’s Guide LAN TCP/IP RADIUS Shared Secret Key LAND RADIUS Message Types Read Me First Related Documentation MAC (Hex RF signals MAC Address Filter Action MAC Address Filtering RTS Threshold MAC service data unit RTS/CTS handshake Main...
Page 346
Vantage CNM 2.0 User’s Guide UDP/ICMP Security Upper Layer Protocols 172, 173 User Name User Profiles WAN Backup Web Configurator 167, 173, 175 WEP Encryption Wireless LAN WLAN ZyXEL’s Firewall Introduction Index...