Vantage CNM 2.0
Centralized Network Management
User’s Guid e
Version 2.0.00.81.10
2.0.00.61.10
July 2004
Vantage CNM 2.0 User’s Guide
Copyright
Copyright © 2004 by ZyXEL Communications Corporation.
The contents of this publica tion may not be reproduced in any part or as a whole, transcribed,
stored in a retri eval system, translate d into any language, or transmitted in any form or by any
means, electronic, mec ha nical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communicati ons Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Note: Refer also to the “Open Software Announcements” on
page 316.
Disclaimer
ZyXEL does not assume any liability ari sing out of the application or use of any products, or
software describe d herein. Neither does it convey any license under its pa tent rights nor the
patent rights of other s. ZyXEL further reserves the right to make changes in any produc ts
described herein without notice. This publication is subje ct to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identificat ion purposes only and may be properties of their respec tive owners.
Copyright 2
Vantage CNM 2.0 User’s Guide
ZyXEL Limited Warranty
ZyXEL warrants that (a) the Vantage CNM 2.0 software (henceforth called the SOFTWARE)
will perform substantially in accordance with the ac co mpanying written materia ls for a period
of ninety (90) days from the date of receipt, and (b) any Support Ser vices provided by ZyXEL
shall be substantia lly as described in applicable writte n materials provided to you by ZyXEL,
and ZyXEL support engineers will make commercially reasonable efforts to solve any
problem issues. To the extent allowed by applicable law, implied warranties on the
SOFTWARE, if any, are limited to ninety (90) days.
CUSTOMER REMEDIES.
ZyXEL's and its suppliers' entire liability and your exclusive remedy shall be, at ZyXEL's
option, either (a) return of the price paid, if any, or (b) repair or replacement of the
SOFTWARE that does not meet ZyXEL's Limited W arranty and which is returned to ZyXEL
with a copy of your receipt. This Limited Warranty is void if failure of the SOFTWARE has
resulted from acciden t, abuse, or misapplication. Any replac ement SOFTWARE will be
warranted for the remaind er of the ori ginal warranty period or thirty (30) days, whichever is
longer. Outside Taiwan, neither these remedies nor any product support services offered by
ZyXEL are available without pro of of purcha se from an authorized internationa l source.
NO OTHER WARRANTIES.
T o the maximum extent permitted by applicable la w, ZyXEL and its suppliers disclaim all
other warranties and conditions, either express or implied, including, but not limited to,
implied warranties of merchan tability, fitness for a particular purpose, title, and noninfringement, with regard to the SOFTWARE, and the provision of or failure to provide
Support Services. This limited warranty gives you specific legal rights. You may have others,
which vary from state/jurisdiction to state/jurisdiction.
Please read the license screen in the installation wizard. You must accept the terms of the
license in order to install Vantage CNM.
3 ZyXEL Limited Warranty
Vantage CNM 2.0 User’s Guide
Customer Support
Please have the following information ready when you contact customer support.
• Product model and serial number.
• W arranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
METHOD
LOCATION
WORLDWIDE
NORTH
AMERICA
GERMANY
FRANCE
SPAIN
DENMARK
NORWAY
SWEDEN
FINLAND
SUPPORT
E-MAIL
support@zyxel.com.tw +886-3-578-3942 www.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com
support@zyxel.com +1-800-255-4101
sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com
support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.
sales@zyxel.de +49-2405-6909-99
info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr ZyXEL France
support@zyxel.es +34 902 195 420 www.zyxel.es ZyXEL Communications
sales@zyxel.es +34 913 00 5 345
support @zyxel. dk +45 39 55 07 00 www.zyxe l.dk ZyXEL Comm unicat ions A/S
sales@zyxel.dk +45 39 55 0 7 07
support @zyxe l.n o +47 22 80 61 80 www.zyxel. no ZyXEL Co mmuni catio ns A/ S
sales@zyxel.n o +4 7 22 80 61 81
support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Com munications A/S
sales@zyxel.se +46 31 744 7701
support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy
sales @z y xe l. fi +358- 9- 4 78 0 8448
TELEPHONE
+1-714-632-0882
+33 (0)4 72 52 19 20
A
WEB SITE REGULAR MAIL
ZyXEL C ommunic ations Corp.
www.europe.zyxel.com
ftp.europe.zyxel.com
www.us.zyxel.com ZyXEL Communicat ions Inc.
6 Innovation Road II
Science Park
Hsinchu 300
Taiwan
1130 N. Miller St.
Anaheim
CA 92806-2001
U.S.A.
Adenauerstr. 20/A2 D-52146
Wuerselen
Germany
1 rue des Vergers
Bat. 1 / C
69760 Limonest
France
Alejandro Villegas 33
1º , 2 804 3 M adrid
Spain
Columbusvej 5
2860 Soeborg
Denmark
N i l s Ha n s e n s v e i 1 3 0 66 7 O s l o
Norway
Sjöport e n 4, 4176 4 G öteborg
Sweden
Malminkaari 10
00700 Helsinki
Finland
a. “+” is the (prefix) number you enter to make an international telephone call.
Customer Support 4
Vantage CNM 2.0 User’s Guide
Table of Contents
Copyright ..................................................................................................................2
ZyXEL Limited Warranty ..........................................................................................3
Customer Support....................................................................................................4
List of Tables ..........................................................................................................24
Preface ....................................................................................................................28
Introducing Vantage Centralized Network Management (CNM) 2.0 .......................28
Chapter 1
Introducing Vantage................. .................................... ..................................... .....30
1.1 Key Features ......................... ........................ ............................... ......................30
1.1.1 Object Tree View ......................................................................................30
1.1.2 Flexible Friendly Device Registration .......................................................30
1.1.3 Building Blocks .........................................................................................30
1.1.4 Multiple Domain Administration ................................................................30
1.1.5 Complete Device Configuration ................................................................30
1.1.6 Configuration Synchronization ..................................................................30
1.1.7 Firewall .....................................................................................................31
1.1.8 One-Click VPN ..........................................................................................31
1.1.9 Configuration File Management ................................................................31
1.1.10 Firm war e Upgr ade ............................. ............................... ......................31
1.1.11 Monitoring and Notifications ....................................................................31
1.1.12 Logs ..................................... ............................... ....................... .............31
1.1.13 Data Maintenance ............................................................................. ......31
1.1.14 Vantage System Management ................................................................31
1.1.15 License Management .............................................................................31
1.2 Vantage Requirements and In stallation .............. ....................... ........................ .32
Chapter 2
GUI Introduction .....................................................................................................34
2.1 Overview ..... ........................ ............................... .............................. ..................34
2.1.1 Object Pane ..............................................................................................34
2.2 Object Tree View Types ...... ........................ .............................. .........................35
2.3 Searches ........ ....................... ............................... ........................ ......................35
Table of Contents 6
Vantage CNM 2.0 User’s Guide
2.4 Folders ............. ............................... ............................... ....................... .............35
2.5 Devices ..... ................ ........................ ............................... ........................ ..........38
2.6 Content Pane ..... ............................... ........................ ....................... ..................38
2.6.1 Object Path ...............................................................................................38
2.6.2 Menu Path ................................................................................................38
2.7 Menu Overview ..................................................................................................38
2.8 Procedure For Configuring A Device .................................................................39
2.9 Context-Sensitive Menus ...................................................................................40
2.10 Icon Key ...........................................................................................................40
Chapter 3
Device Menus .........................................................................................................44
3.1 Device Menus Overview ................................. ............ ....... ....... ............ ....... ......44
3.1.1 Device Main Screen ..................................................................................44
3.2 Device Status ............................. ........................ ....................... ........................ .46
3.3 Device Registr a tion .................... ........................ ....................... ........................ .46
3.3.1 Manual Option ..........................................................................................48
3.3.1.1 Configuring ZyXEL Device using Commands .................................48
3.3.1.2 Configuring ZyXEL Device using Web Configurator .......................48
3.3.2 Impor t Fro m an XML Registration File ......................... ....................... ......49
3.3.2.1 Bas ic XML Syn tax ...................... ........................ .............................50
3.3.2.2 Minimum Mandatory Device Settings ..............................................51
3.4 Device – Vantage Data Inconsistency: Synchronize ..........................................52
3.4.1 Vantage – Device Override Criteria ..........................................................53
3.4.1.1 Vantage CNM Override Device .......................................................53
3.4.1.2 Device Override Vantage CNM .......................................................53
3.4.1.3 Synchronizing Device with Vantage ................................................53
3.5 Firmware Management ................................................................................ ......53
3.5.1 Add Firmware Screen ...............................................................................54
3.5.2 Firmware Upgrade Select Product Line and Mode ...................................55
3.5.3 Firmware Upgrade Process ......................................................................56
3.5.4 Advisory Notes on Firmware Upgrade ......................................................56
3.5.5 Configuration File ......................................................................................56
3.5.6 Configuration File Management ................................................................57
3.5.7 Configuration File Backup .........................................................................57
3.5.8 Configuration File Restore ........................................................................58
Chapter 4
Configuration > Select Device BB & General......................................................60
4.1 Select Device BB ........... ............................... ........................ ....................... ......60
4.1.1 Procedure to Select and Apply a Device BB ............................................62
4.2 Configuration General Screens ..........................................................................62
4.2.1 System ......................................................................................................63
7 Table of Contents
Vantage CNM 2.0 User’s Guide
4.2.2 DDNS ........................................................................................................64
4.2.3 Time Setting ..............................................................................................66
4.2.4 Owner Info ................................................................................................67
Chapter 5
Configuration > LAN..............................................................................................70
5.1 LAN Overview ..................... ........................ ....................... ............................... .70
5.2 DHCP Setup ............ ................. ................ ........................ ................ ..................70
5.2.1 IP Pool Setup ............................................................................................70
5.2.2 DNS Servers .............................................................................................70
5.2.3 LAN TCP/IP ..............................................................................................70
5.2.4 Factory LAN Defaults ................................................................................70
5.2.5 IP Address and Subnet Mask ...................................................................71
5.2.6 RIP Setup .................................................................................................71
5.2.7 Multicast ....................................................................................................71
5.3 Configuri n g LAN IP – ZyWALL ..... ................. ........................ ....................... ......72
5.4 Configuri n g LAN IP - Pres ti g e ......... ................ ........................ ...........................75
5.5 Configuri n g LAN Static DHCP – ZyW AL L .............. ................. ........................ ...77
5.6 Configuri n g LAN IP Alias – ZyWALL .................. ....................... ........................ .78
Chapter 6
Configuration > WLAN...........................................................................................82
6.1 Wireless LA N Overview ........ ........................ ........................ ....................... ......82
6.1.1 Additional Installation Requirements for using 802.1x ..............................82
6.2 Wireless LAN Basi cs ......................... ................. ....................... ........................ .82
6.2.1 Channel ....................................................................................................82
6.2.2 ESS ID ......................................................................................................82
6.2.3 RTS/CTS .................................................................................................83
6.2.4 Fragmentation Threshold ..........................................................................84
6.2.5 WEP ..........................................................................................................84
6.3 Configuring Wireless LAN ..................................................................................84
6.3.1 WLAN Wireless .........................................................................................85
6.4 Configuring MAC Filter .......................................................................................86
6.5 802.1x Overview ................. ........................ .............................. .........................87
6.5.1 Config u r ing 802.1 x – ZyWALL ............... ............................... ....................88
6.5.2 Config u r ing 802 .1 x – Pr es tige ............. ........................ .............................88
6.6 Local User Data b ase ............................ ....................... ........................ ...............90
6.6.1 Configuring Local User Database .............................................................90
6.6.2 RADIUS ....................................................................................................91
6.6.2.1 Types of RADIUS Messages ...........................................................92
6.6.3 EAP Authentication Overview ...................................................................92
6.7 Configuri n g RADIUS ...... ........................ ........................ ....................... .............93
Table of Contents 8
Vantage CNM 2.0 User’s Guide
Chapter 7
Configuration > DMZ..............................................................................................96
7.1 DMZ Overview .................... ........................ ....................... ............................... .96
7.2 DMZ Addresses ................................... ....................... ........................ ...............96
7.3 Configuri n g DMZ ................... ........................ ........................ ....................... ......96
Chapter 8
Configuration > WAN ...........................................................................................100
8.1 General WAN – ZyWALL ............................................ ....... ....... ....... .......... ......100
8.1.1 TCP/IP Priority (Metric) ...........................................................................100
8.1.2 WAN ISP – ZyWALL ...............................................................................102
8.1.2.1 Ethernet Encapsulation .................................................................102
8.1.2.2 PPPoE Encapsulation ...................................................................103
8.1.2.3 PPTP Encapsulation .....................................................................105
8.2 WAN IP – ZyWALL ................ ............................... ........................ ....................107
8.3 Dial Backup – ZyWALL ....................................................................................108
8.3.1 Traffic Redirect ........................................................................................109
8.3.2 Configuring Dial Backup - ZyWALL ........................................................109
8.3.3 Advanced Modem Setup – ZyWALL .......................................................112
8.3.3.1 AT Command Strings .......... ............................... ....................... ....112
8.3.4 Edit Dial Backup – ZyWALL ....................................................................114
8.4 General WAN – Prestige ............................................. ....... ....... ....... ............ ....116
8.4.1 Traffic Shaping ........................................................................................117
8.4.2 Configuring Prestige WAN Setup ...........................................................117
8.4.3 WAN Backup - Prestige ..........................................................................122
8.4.3.1 Traffic Redirect .............................................................................122
8.4.4 Configuring WAN Backup - Prestige .......................................................122
8.4.5 Config u rin g Ad vanced WAN Backup – Presti g e ............................... ......125
8.4.6 Advanced Modem Setup – Prestige .......................................................128
Chapter 9
Configuration > NAT ............................................................................................130
9.1 NAT Overview ....................... ........................ ............................... ....................130
9.1.1 NAT Definitions .......................................................................................130
9.1.2 What NAT Does ......................................................................................131
9.1.3 How NAT Works .....................................................................................131
9.1.4 NAT Mapping Types ...............................................................................131
9.1.5 SUA (Single User Account) Versus NAT ................................................132
9.2 Configuri n g NAT ............. ........................ ........................ ....................... ...........132
9.2.1 Disable NAT ............................................................................................133
9.3 SUA Servers ........... ........................ ....................... ............................... ...........133
9.3.1 Port Forwarding: Services and Port Numbers ........................................134
9.3.2 Configuring SUA Servers – ZyWALL ......................................................134
9 Table of Contents
Vantage CNM 2.0 User’s Guide
9.3.3 Configuring SUA Servers – Prestige ......................................................136
9.3.4 Full Feature Address Mapping ................................................................137
9.3.5 Edit Full Feature Address Mapping ........................................................138
9.4 Trigger Port Forward ing – ZyWALL ........ ........................ .............................. ....139
9.4.1 Configuring Trigger Port ............................... ..... ....... ....... ....... .......... .. ....140
9.4.2 Edit Trigger Port ................................... ............................... ....................142
Chapter 10
Configuration > Static Route...............................................................................144
10.1 Static Route Overview ....................................................................................144
10.1.1 Static Route Summary .................. ........................ ........................ ........144
10.1.2 Edit Static Route ............... ........................ ............................... .............145
Chapter 11
Configuration > VPN............................................................................................148
11.1 VPN Overview ................................................................................................148
11.1.1 IPSec ....................................................................................................148
11.1.2 Security Association ..............................................................................148
11.1.3 Encryption .............................................................................................148
11.1.4 Data Confidentiality ...............................................................................148
11.1.5 Data Integrity .........................................................................................148
11.1.6 Data Origin Authentication ....................................................................149
11.1.7 IPSec Algorithms ..................................................................................149
11.1.7.1 AH (Authentication Header) Protocol ..........................................149
11.1.7.2 ESP (Encapsulating Security Payload) Protocol .........................149
11.1.8 Key Management ..................................................................................150
11.1.9 Encapsulation .......................................................................................150
11.1.9.1 Transport Mode ...........................................................................150
11.1.9.2 Tunnel Mode ................................................................................150
11.1.10 IPSec and NAT ...................................................................................151
1 1.1. 11 Keep Alive ...........................................................................................151
11.1.12 NAT Traversal ............................. ........................ ........................ ........152
11.1.12.1 NAT Traversal Configuration .....................................................152
11.1.13 ID Type and Content ................................. ........................ ..................152
11.1.14 IKE Phase s ..................... ............................... ............................... ......153
11.1.15 Negot iation Mode ............ ........................ ........................ ....................154
11.1.16 Diffie-Hellman (DH) Key Groups ........... ................ ................. .............154
11.1.17 Perfect Forward Secrecy (PFS) ..........................................................155
11.1.18 Pre-Sh a r e d Key ............................. ....................... ..............................155
11.2 VPN Tunnel Summary .... ................................................................................155
11.2.1 Add a VPN Tunnel ................................................................................156
1 1.2. 2 Manual VPN Tunnel .......................................................................... ....161
11.3 VPN and NetBIOS ..........................................................................................164
Table of Contents 10
Vantage CNM 2.0 User’s Guide
Chapter 12
Configuration > Firewall......................................................................................1 66
12.1 Firewall Overview ...........................................................................................166
12.2 Ty pes of Fi r e wa ll s ........ ........................ ........................ ....................... ...........166
12.2.1 Packet Filtering Firewalls ......................................................................166
12.2.2 Appl ica tion-level Firewalls ............................. ............................... ........166
12.2.3 Statef ul In sp e ction Firewall s ............ ....................... ........................ ......167
12.3 Introduction to ZyXEL’s Firewall .....................................................................167
12.3.1 Denial of Service ...................................................................................168
12.3.2 Basics .......... ................. .............................. ........................ ..................168
12.3.3 Types of DoS Attacks .......... ....................... ........................ ..................168
12.4 Stateful Inspection ..........................................................................................170
12.4.1 Statef ul In sp e ction Process ......................................... ........................ .171
12.4.2 Stateful Inspection and the ZyXEL device ............................................172
12.4.3 TCP Securi ty ................................. ............................... ........................ .172
12.4.4 UDP/ICMP Secu r ity ................................ ....................... .......................173
12.4.5 Upper La ye r Pr ot o co ls ................................... ....................... ................173
12.4.6 Firewa ll Policies Over view ...................... ....................... .......................173
12.4.7 Rule Check li st ...................................... ........................ ........................ .175
12.4.8 Security Ramificatio n s ................................... ....................... ................175
12.4.9 Key Fields For Co nf iguring Rules ............... ................. ........................ .176
12.4.9.1 Action ..........................................................................................176
12.4.9.2 Service ........................................................................................176
12.4.9.3 Source Address ...........................................................................176
12.4.9.4 Destination Address ....................................................................176
12.4.10 Ale r ts ........................ ............................... ............................... .............176
12.4.11 Services and Port Numbers ........ ................. ............................... ........176
12.5 Firewall Configuration Screens ......................................................................177
12.5.1 Firewa ll Summary Screen .... ................ ........................ .........................177
12.5.1.1 Ordering Rules ............................................................................177
12.5.2 DoS Setti n g s ................................. ............................... ........................ .179
12.5.3 Add/Edit a Firewall Rule ........... ....................... ........................ .............181
12.5.4 Add/Edit Source/Dest in a tion IP Addresses ................... .......................183
12.5.5 Custom Ports .......................................... ....................... .......................184
Chapter 13
Configuration > Device Log ................................................................................186
13.1 Device Logs ...................................................................................................186
13.2 Device Logging Options .................................................................................187
13.3 Purge Logs .....................................................................................................189
11 Table of Contents
Vantage CNM 2.0 User’s Guide
Chapter 14
Configuration > ADSL Monitor............................................................................192
14.1 Introduction ....................................................................................................192
14.2 Configuring ADSL Monitor .............................................................................192
Chapter 15
Configuration > Device Alarms...........................................................................194
15.1 Device Alarms ................................................................................................194
15.1.1 Alar m Classificati ons ........ ........................ ............................... .............194
15.1.2 Alar m States .......... ....................... ........................ ............................... .194
15.1.3 Current Alarms Screen .........................................................................195
15.1.4 Historical Alarms Screen ......................................................................196
Chapter 16
Building Blocks (BBs) .........................................................................................1 98
16.1 Categories ......................................................................................................198
16.2 BB Properties .................................................................................................198
16.3 Configuring Device BB Menus .......................................................................198
16.3.1 Editing an Existing BB ..........................................................................199
16.3.2 Device BB Confi g uration Select ........... ........................ ........................ .200
16.3.3 Addi ng a New BB ....... ........................ ............................... ....................200
16.4 Configuration BBs ..........................................................................................201
16.4.1 Addi ng a Configuration BB ......... ................ ............................... ...........202
16.4.2 Editing a Configuration BB ....................................................................203
16.5 Component BBs .............................................................................................204
16.5.1 Adding a Component BB ......................................................................205
16.5.1.1 Adding a Component BB: IP Type . .............................................2 05
16.5.1.2 Adding a Component BB: E-mail Type ........................................206
16.5.2 Editing a Component BB ......................................................................207
Chapter 17
System > Administrators......... ......................... ..................................... ..............208
17.1 Introduction to Administrators ........................................................................208
17.1.1 Admin i str a tor Ty p e s ...... ................ ............................... ........................ .208
17.1.1.1 “Root” Administrator ....................................................................208
17.1.1.2 “Super” Administrators ................................................................209
17.1.1.3 “Normal” Administrators ..............................................................209
17.1.1.4 “Custom” Administrators .............................................................209
17.2 Configuring Administrators .............................................................................209
17.3 Creating an Administrator Account ................................................................210
17.3.1 Administrator Details .............................................................................210
17.3.2 Admin i str a tor Permission s ........ ................ ............................... .............212
Table of Contents 12
Vantage CNM 2.0 User’s Guide
Chapter 18
Other System Screens .........................................................................................214
18.1 Status .............................................................................................................214
18.2 Vantage Upgrade ...........................................................................................215
18.2.1 Upgrade Pro ce d ure ...... ................ ............................... ........................ .215
18.2.2 Version For mat ...... ................ ............................... ............................... .217
18.3 License Management .....................................................................................218
18.3.1 License Upgrade ...... ........................ .............................. .......................218
18.4 System >Preferences .....................................................................................219
18.4.1 General Vantage Preferences ..............................................................219
18.4.2 User Access ..........................................................................................220
18.4.3 Server s ............... ............................... ............................... ....................221
18.4.3.1 Vantage Server Public IP Address ..............................................224
18.4.4 Notifications .................... ........................ .............................. ................225
18.4.5 Vantage Permissions: User Group ................................ ....... .......... ......226
18.4.5.1 Add User Group ..........................................................................226
18.5 System Maintenance . .....................................................................................228
18.5.1 System Maintenance Managem ent ......................................................2 28
18.5.2 Back Up System Maintenance .................... ........................ ................. .228
18.5.3 Restore System Maintenance .. .............................................................229
18.6 Address Book .................................................................................................230
18.6.1 Addre ss Bo ok Add/Edit ........................... .............................. ................231
18.7 Certificate Management Overview .................................................................232
18.7.1 Advantages of Certificates ...................... ....................... .......................233
18.7.2 Current Certification Information ...........................................................233
18.7.3 Create a Certificate ................................. ....................... .......................235
18.7.4 Importing Certific a te s ....................... .............................. .......................235
18.8 Vantage Logs .................................................................................................236
18.8.1 CNM Server ...... ................ ........................ ........................ ....................236
18.8.2 Vantage Logging Optio ns ........................... ............................... ...........237
18.9 About Vantage .... ............................................................................................238
Chapter 19
Monitor > Alarms.............. .......................... ..................................... .....................240
19.1 Alarms ............................................................................................................240
19.1.1 Alar m Types ................................ ............................... ....................... ....240
19.1.2 Alar m Classificati ons ........ ........................ ............................... .............240
19.1.3 Alar m States .......... ....................... ........................ ............................... .241
19.1.4 Current Alarms Screen .........................................................................241
19.1.5 Histor ical Alarms ......................... ........................ .............................. ....243
13 Table of Contents
Vantage CNM 2.0 User’s Guide
Chapter 20
Other Monitor Screens ........................................................................................246
20.1 Firmware Upgrade Report ..............................................................................246
20.2 Status Monitor ................................................................................................246
20.3 VPN Editor .....................................................................................................247
20.3.1 Graphical VPN Tunnel Creation ....................................................... ....247
20.3.2 Graphical Tunnel Depictions .................................................................249
20.3.3 Map ......... ............................... ............................... ........................ ........250
Appendix A
FTP Server (WFTPD) Setup Example.................................................................252
Insta ll ing WFTPD.................. ............................... ............................... ................... 252
Running WFTPD ................................. .......... ....... ....... ............ ....... ....... ....... ....... ... 255
WFTPD main screen................................ ..... .. ..... ....... .. ..... ..... .. ..... .. ..... ....... ..... .. ... 255
Appendix B
Configuring the Kiwi Syslog Daemon................................................................258
Insta ll i n g the Kiwi Sysl o g Daemon................ ................ ........................ ................. 258
Importin g the Sysl o g Confi g u r a ti o n Fil e.................... ....................... ...................... 259
St a r ti n g the Telnet Servi ce........ ................. ....................... ............................... ..... 261
Setting Up the Syslog Server in Vantage............................................................... 262
Appendix C
FTP and syslog Server Overview .......................................................................264
Introduction .................... ........................ ............................... .............................. ... 264
Appendix D
Java Console Debug Messages..........................................................................266
Introduction .................... ........................ ............................... .............................. ... 266
Appendix E
IP Subnetting........................................................................................................270
IP Addressing ......................................................................................................... 270
IP Classes.............................................................................................................. 270
Subnet Masks ..................................... ............................... ........................ ............ 271
Subnetting.................................... ........................ ............................... ................... 271
Example: Two Subnets ............................ ........................ ............................... ....... 272
Example: Four Subnets................ ........................ ............................... ................... 274
Example Eight Subnets....................... ............................... ........................ ............ 275
Subnetting With Class A and Class B Networks....................... ............................. 276
Appendix F
Table of Contents 14
Vantage CNM 2.0 User’s Guide
Setting up Your Computer’s IP Address......... ............... ....................................278
Windows 95/98 /Me................................. ............................... ....................... .......... 278
Installing Components.......................................... ............................... ................... 279
Configuring....... ............................... .............................. ........................ ................. 280
Verifying Settings................................................................................................... 281
Windows 2000/ NT/XP............................ ....................... ........................ ................. 281
Verifying Settings................................................................................................... 285
Macintos h OS 8/9.... ............................... ....................... ............................... .......... 285
Verifying Settings................................................................................................... 287
Macintos h OS X...... ........................ .............................. ........................ ................. 287
Verifying Settings................................................................................................... 288
Appendix G
Virtual Circuit Topology ......................................................................................2 90
Introduction .................... ........................ ............................... .............................. ... 290
Appendix H
Wireless LAN and IEEE 802.11 ...........................................................................292
Benefits of a Wireless LAN ................................ ....................... ............................. 292
IEEE 802.11 ....... ................. ........................ .............................. ............................. 292
Ad-hoc Wirel e ss LAN Confi g uration....... ................ ........................ ........................ 293
Infrastructure Wireless LAN Configuration............................................................. 293
Appendix I
Wireless LAN With IEEE 802.1x..........................................................................296
Security Fl aws wi th IEEE 8 02.11 ........ ............................... ............................... ..... 296
Deployment Issues with IEEE 802.11....................... .............................. ............... 296
IEEE 802.1x..................... ............................... ........................ ............................... 296
Advantages of the IEEE 802.1x.................................... ........................ ................. 296
RADIUS Server Authentication Sequence....................................................... 297
Appendix J
Types of EAP Authentication..............................................................................298
Introduction .................... ........................ ............................... .............................. ... 298
EAP-MD5 (Message-Digest Algorithm 5).............................. ....................... .......... 298
EAP-TLS (Transport Layer Security)...................................................................... 298
EAP-TTLS (Tunneled Transport La ye r Service) ....... .............................. ............... 298
PEAP (Protected EAP)........ ........................ .............................. ........................ ..... 299
LEAP................................ ........................ ............................... ........................ ....... 299
Appendix K
Log Descriptions.............. .... ..................................... .................................... .......300
15 Table of Contents
Vantage CNM 2.0 User’s Guide
Introduction .................... ........................ ............................... .............................. ... 300
Appendix L
Open Software Announcements.........................................................................316
Notice....................................... ....................... ........................ ............................... 316
Copyright (C) 1999-2001 Intalio, Inc. All Rights Reserved............................. ....... 316
Common Public Lic ense Version 1.0 ........................ ....................... ...................... 317
Cryptix General License......................................................................................... 321
TECHNOLOGY LICENSE FROM SUN MICROSYSTEMS, INC. TO DOUG LEA. 322
JAVA Software Technologie s. ................. ....................... ............................... .......... 323
Apache License...................................................................................................... 325
Copyright (c) 2002, 2003 Gargoyle Software Inc. All rights reserved................. ... 330
GNU LESSER GENERAL PUBLIC LICENSE ...................... ....................... .......... 331
GNU GENERAL PUBLIC LICENSE....... ................ ........................ ................. ....... 338
End-User License Agreement for Vantage CNM............................ ........................ 343
Index......................................................................................................................348
Table of Contents 16
Vantage CNM 2.0 User’s Guide
List of Figures
Figure 1 Main Screen .....................................................................................................34
Figure 2 Object Tree V iew Types ........ ........................ ........................ ........................... 35
Figure 3 Details Screen ................................................................................. .......... ......35
Figure 4 Folder Right-Click Opt ion s ....................... ........................ ........................ ........36
Figure 5 Add Devices ................................. ............................... ........................ .............36
Figure 6 Associate Administrators ............. ............................... ........................ .............37
Figure 7 Associated Administrator Right-Click Options .................................................37
Figure 8 Add New Folder Group Name ..... ................. ................. ....................... ........... 37
Figure 9 Account Folder Alarm Right-Click Options .....................................................38
Figure 10 Device Right-Cl ick Options ................................ ....................... ................. ......38
Figure 11 Java Applet Window .............................. ....... .. ....... .......... .. ....... ....... ..... ....... ....40
Figure 12 Device > Status > Main Screen .......................................................................45
Figure 13 Device > Status > Single Device ......................................................................46
Figure 14 Device > Registration Wizard > Account Association ...................................... 47
Figure 15 Device > Registrat ion > Owner Selection ................. ................ .......................47
Figure 16 Device > Registrat i on > Wizard Choi ce s ........................... ................. ............. 48
Figure 17 Device > Registration > Manual Registration .................................................. 49
Figure 18 Registrat ion Wiza r d : Co nf i gura tion File ...... ....................... ................. ............. 52
Figure 19 .Registration: XML File Devices .......................................................................52
Figure 20 Registrat io n Wiza rd : Fi n ish ...... ................ ........................ ........................ ........52
Figure 21 Device > Synchronize ...................................................................................... 53
Figure 22 Device > Firmware Managem ent ..................................................................... 54
Figure 23 Device > Firmware Managem ent > Add Firmware .......................................... 55
Figure 24 Device Firmware Upgrade ...............................................................................55
Figure 25 T yp e View ................ ............................... ........................ .............................. .... 55
Figure 26 Firmware Upgrade > Select Product Line and Model ...................................... 56
Figure 27 Device > Firmware Upgrade .. ......................................................................... 56
Figure 28 Device > Configuration File > Manageme nt .................................................... 57
Figure 29 Device > Configura ti o n Fi le > Back Up ......... ........................ ................ ........... 58
Figure 30 Device > Configuration File > Restore .............................................................59
Figure 31 ZyWALL 10W Device BB ............................ ....................... ........................ ......61
Figure 32 ZyWALL 70/35/5 Device BB .................. ........................ ....................... ........... 61
Figure 33 Configuration > General > System – ZyWALL ................................................. 63
Figure 34 Configuration > General > DDNS .................................................................... 65
Figure 35 Configuration > General > Time Setting ..........................................................66
Figure 36 Configuration > General > Owner Info ............................................................. 67
List of Figures 18
Vantage CNM 2.0 User’s Guide
Figure 37 Configura tion > LAN > IP – ZyWALL ....... ........................ ........................ ........73
Figure 38 Configura tion > LAN > IP – Prestige ...... ................ ........................ .................. 76
Figure 39 Configuration > LAN > Static DHCP – ZyWALL ...............................................78
Figure 40 Configura tion > LAN > IP Alias ................... ....................... ........................ ......79
Figure 41 RTS Threshold ......................... .............................. ............................... ........... 83
Figure 42 Configuration > WLAN > Wireless ................................................................... 85
Figure 43 Configuration > WLAN > MAC Filter ................................................................87
Figure 44 Configuration > WLAN > 802. 1x – ZyWALL ....................................................88
Figure 45 Configuration > WLAN > 802. 1x – Prestige ..................................................... 89
Figure 46 Configuration > WLAN > Local User ................................................................91
Figure 47 Configuration > WLAN > RADIUS ................................................................... 94
Figure 48 Configuration > DMZ ....................................................................................... 97
Figure 49 Configuration > WAN > General – ZyWALL .................................................... 101
Figure 50 Configuration > WAN > ISP (Ethernet) – ZyWALL ..........................................102
Figure 51 Configuration > WAN > ISP (PPPoE) – ZyWALL ............................................104
Figure 52 Configuration > WAN > ISP (PPTP) – ZyWALL ...............................................105
Figure 53 Configuration > WAN > IP – ZyWALL .............................................................. 107
Figure 54 Traffic Redire ct WAN Setup ....... .......... ....................... ........................ .............109
Figure 55 Traffic Redire ct LA N Set up ........................... ........................ ....................... .... 109
Figure 56 Configuration > WAN > Dial Backup – ZyWALL .............................................. 110
Figure 57 Configuration > WAN > Dial Backup > Advanced – ZyWALL .......................... 113
Figure 58 Configuration > WAN > Dial Backup > Edit – ZyWALL .................................... 115
Figure 59 Example of T raffic Shaping .................... ........................ .............................. .... 117
Figure 60 Configuration > WAN > Setup – Prestige – Bridge Mode ................................ 1 18
Figure 61 Configuration > WAN > Setup – Prestige – Routing Mode .............................. 120
Figure 62 Configura tion > WAN > Backup – Prestig e ...................... ........................ ........123
Figure 63 Advanced WAN Backup – Prestige ................................................................. 126
Figure 64 Configuration > NAT .......................................................................................133
Figure 65 Configuration > NAT > SUA Server – ZyWALL ................................................135
Figure 66 Configuration > NAT > SUA Server – Prestige ................................................ 136
Figure 67 Configuration > NAT > Full Feature > Address Mapping .................................137
Figure 68 Configuration > NAT > Full Feature > Edit Address Mapping ......................... 139
Figure 69 Configura ti o n > NAT > Full Feature > Trigger Port .................................. ........141
Figure 70 Configura ti o n > NAT > Full Feature > Trigger Port > Edit ............................... .142
Figure 71 Configuration > Static Route ............................................................................145
Figure 72 Configuration > Static Route > Edit .................................................................. 146
Figure 73 Configuration > VPN ........................................................................................ 155
Figure 74 Configuration > VPN > Tunnel IPSec Detail ...................................................157
Figure 75 Configuration > VPN > Manual Tunnel IPSec Detail .... ................................... 162
Figure 76 Configuration > VPN > NetBIOS ......................................................................164
Figure 77 Configura tion >Firewall .......................... ........................ .............................. .... 178
Figure 78 Configurat ion > Fire wa ll > DoS Settings ............. ........................ ................ .... 180
Figure 79 Configura tion >Firewall > Edit ......... ....................... ............................... ........... 182
19 List of Figures
Vantage CNM 2.0 User’s Guide
Figure 80 Configura tion >Firewall > IP Add re ss ........... ................. .............................. .... 183
Figure 81 Firewall Custom Port .......................................................................................184
Figure 82 Configuration > Device Log > Device .............................................................. 186
Figure 83 Configuration > Device Logs > Log Se ttings ................................................... 188
Figure 84 Purge Device Logs ............... ........................ ........................ ........................... 190
Figure 85 Configuration > ADSL Monitor .........................................................................193
Figure 86 Configuration > Device Alarms >Current .........................................................195
Figure 87 Configuration > Device Alarms > Historical .....................................................196
Figure 88 Building Block > Device BB ............................................................................. 199
Figure 89 Building Block > Device BB > Edit ................................................................... 199
Figure 90 Building Block > Device BB > Edit > Configuration ......................................... 200
Figure 91 Building Block > Device BB > Add ................................................................... 201
Figure 92 Building Blo ck > Configuratio n ...................... ............................... .................... 201
Figure 93 Building Block > Configuration BB > Add ........................................................202
Figure 94 Building Block > Configuration BB > Add > Next ............................................ 203
Figure 95 Building Block > Configuration B B > Added .................................................... 203
Figure 96 Building Block > Configuration BB > Edit ......................................................... 204
Figure 97 Building Block > Component BB ......................................................................204
Figure 98 Building Block > Com ponent BB > Add ...........................................................205
Figure 99 Building Block > Com ponent BB > Ad d > IP Address .....................................206
Figure 100 Building Block > Component BB > Add > E-Mail Address ............................... 206
Figure 101 Component BBs Added ................................................................................... 207
Figure 102 Building Block > Component BB > Edit ........................................................... 207
Figure 103 System > View Admi n istrator List ............ ................. ....................... ................210
Figure 104 System > Administr a tor Details .................... ........................ ....................... .... 211
Figure 105 System > Admini stra tor Permission s ........................................... ....................212
Figure 106 System > Vantage Statu s ................................ ........................ ......................... 214
Figure 107 System > Upgrade > Onli n e Admin istrators .................. ....................... ........... 216
Figure 108 System > Upgrade > Vantage Upgrade ...........................................................216
Figure 109 System > Upgrade > Vantage Upgrade > Next ............................... ............ ....217
Figure 110 System > Upgrading ................................... ....................... ........................ ......217
Figure 111 System > License > License Management ......................................................218
Figure 112 System > License > License Management > Upgrade ....................................219
Figure 113 System > Preferences > General System .... ................. ....................... ........... 220
Figure 114 System > Preferences > User Access ........ ....................... ........................ ......221
Figure 115 System > Preferences > Server .................. .............................. .......................223
Figure 116 Vantage Icon - Stop ................................................................ ....... ....... ....... ....224
Figure 117 Figure 2-5 V a n tage Icon - Start ..................... ........................ ........................... 224
Figure 118 System > Preferences > Notifi ca ti o n s .................. ........................ .................... 225
Figure 119 System > Preferences > User Group ................................. ....... ....... .......... ......226
Figure 120 System > Preferen ce s > Permi s sions > Add ........................................... ........227
Figure 121 System > Maintenance > Management ........................................................... 228
Figure 122 System > Maintenance > Backup .................................................................... 229
List of Figures 20
Vantage CNM 2.0 User’s Guide
Figure 123 System > Maintenance > Restore ...................................................................230
Figure 124 System > Address Book ...................... ....................... ............................... ......231
Figure 125 System > Address Book Add/Edit .......... ................ ............................... ...........232
Figure 126 System > Certificate Management > Information ............................................ 234
Figure 127 System > Certificate Management > Create CSR ..................................... ......235
Figure 128 System > Certificate Management > Import Certificate ................................... 236
Figure 129 System > Logs > CNM Server ........ ................ ........................ ........................ .237
Figure 130 System > Logging Opti o ns ......................... .............................. .......................238
Figure 131 System > About Vantage ............................................................................. ....238
Figure 132 Monitor > Curren t Alar ms ............................... ........................ ........................ .242
Figure 133 Monitor > Historical Alarms ............................. ........................ ......................... 244
Figure 134 Monitor > Firmware Upgrade Report .......................... ..... .. ..... .. ..... ....... ..... .. ....246
Figure 135 Monitor > Monito r Status ....... ............................... ........................ ....................247
Figure 136 Monitor > VPN Editor > Tunnel IPSec Detail ................................................... 248
Figure 137 Configur a ti o n > VPN - Exampl e Tunnel Summary ................... .......................249
Figure 138 Monitor > VPN Monitor – Graphical Tunnel ....................................................250
Figure 139 Monitor > VPN > Add MAP ........ ................. ....................... ..............................250
Figure 140 Setup .......... ................. ............................... ....................... ..............................252
Figure 141 Wizard 1 ........................................................................................................... 252
Figure 142 Informati o n ............................... ....................... ............................... .................. 253
Figure 143 Insta ll a tion Typ e ................................ ............................... ........................ ........253
Figure 144 Insta ll a ti o n Dire cto r y ........... ............................... ....................... .......................254
Figure 145 Create Direc to r y .................. ........................ ....................... ........................ ......254
Figure 146 Begin Installation .................. ........................ ............................... .................... 254
Figure 147 Run WFTPD .... ................. ....................... ............................... ........................ .255
Figure 148 WFTPD Main Screen .................................... ....... ....... ....... ....... ....... .......... ......255
Figure 149 Windows Service s ......... ........................ ............................... ....................... .... 256
Figure 150 WFTPD Properti e s .......................... ....................... ........................ .................. 256
Figure 151 WFTPD Pro Log On .........................................................................................257
Figure 152 Kiwi Syslog Daemon Installati on: License Agreement ....... ........................ ......258
Figure 153 Kiwi Inst a ll a tion: Installation Option s .................................... ....................... ....259
Figure 154 Kiwi Insta ll a tion: Installation Direct o r y ........................... ....................... ........... 259
Figure 155 Kiwi Syslog Daemo n Setup ................. ....................... ........................ ............. 260
Figure 156 Kiwi Syslog Daemon Setup : Import Configura tion File ......................... ........... 260
Figure 157 Kiwi Syslog Daemon Setup: Import Configurati o n File : Co nf i r m ..................... 261
Figure 158 Windows XP: My Computer ........................ ....................... ........................ ......261
Figure 159 Windows XP: Computer Man age men t ........................ ........................ ............. 262
Figure 160 Vantage System Servers ..................................... ....... ....... ..... ....... ....... ....... ....263
Figure 161 Control Panel Java Plug-in Icon .......................... ........................ ....................266
Figure 162 Java Plug-in Control Panel ............. ............................... ....................... ........... 267
Figure 163 Java Plug-in Ico n .......................................... ............................... .................... 267
Figure 164 Open Control Panel ........................................ ....... ............ ..... ....... ....... ....... ....267
Figure 165 Java Console ............................. ........................ ....................... .......................268
21 List of Figures
Vantage CNM 2.0 User’s Guide
Figure 166 WIndows 95/98/Me: Network: Configuration ................................................... 279
Figure 167 Windows 95/98/Me: TCP/IP Properties: IP Address ........................................280
Figure 168 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ...........................281
Figure 169 Windows XP: Start Menu ................................................... ....... ..... .. .......... .. ....282
Figure 170 Windows XP: Control Panel ............................................................................. 282
Figure 171 Windows XP: Control Panel: Network Connections: Properties ...................... 283
Figure 172 Wind ows XP: Local Area Connect ion Properties ............................................. 283
Figure 173 Windows XP: Advanced TCP/IP Settings ........................................................284
Figure 174 Windows XP: Inte r n et Prot o co l (TCP/IP) Propert ies ................................ ........285
Figure 175 Ma cintosh OS 8/9: Apple Menu .......................................................................286
Figure 176 Macintosh OS 8/9: TCP/IP ............................................................................... 286
Figure 177 Ma cintosh OS X: Apple Menu .......................................................................... 287
Figure 178 Macintosh OS X: Network ................................................................................288
Figure 179 Virt ual Circuit Topology ............................................................. ..... ....... ....... ....290
Figure 180 Peer-to-Peer Communication in an Ad-hoc Network ....................................... 293
Figure 181 ESS Provides Campus-Wide Coverage ..........................................................294
Figure 182 Sequenc es for EAP MD 5–Chall enge Auth entic ation ....................................... 297
List of Figures 22
Vantage CNM 2.0 User’s Guide
List of Tables
Table 1 Menus Overview .............................................................................................. 39
Table 2 Object Tree Icons ............................................................................................ 40
Table 3 Pop-up Menus Icons ........................................................................................41
Table 4 Cont ent Pane Icons . ........................................................................................ 41
Table 5 VPN Editor Icons ............................................................................................. 42
Table 6 Dev ice > Status > Main Screen ....................................................................... 45
Table 7 Device > Status > Single Device ......................................................................46
Table 8 Device > Regist ration > Manual Registration .................................................. 49
Table 9 Device > Firmware Man agem ent .....................................................................54
Table 10 Device > Configuration File > Management .................................................... 57
Table 11 Device > Configuration File > Back Up ............................................................58
Table 12 Device > Configuration File > Restore ............................................................. 59
Table 13 Configuration > General > System – ZyWALL .................................................63
Table 14 Configuration > General > DDNS .................................................................... 65
Table 15 Configuration > General > Time Setting ..........................................................66
Table 16 Configuration > General > Owner Info .............................................................67
Table 17 Configuration > LAN > IP – ZyWALL ............................................................... 73
Table 18 Configuration > LAN > IP – Prestige ................................................................ 76
Table 19 Configuration > LAN > Static DHCP – ZyWALL ...............................................78
Table 20 Configuration > LAN > IP Alias ........................................................................79
Table 21 Configuration > WLAN > Wireless ...................................................................85
Table 22 Configuration > WLAN > MAC Filter ................................................................ 87
Table 23 Configuration > WLAN > 802.1x – ZyWALL .................................................... 88
Table 24 Configuration > WLAN > 802.1x – Prestige ..................................................... 89
Table 25 Configuration > WLAN > Local User ................................................................91
Table 26 Configuration > WLAN > RADIUS ................................................................... 94
Table 27 Configuration > DMZ .......................................................................................97
Table 28 Configuration > WAN > General – ZyWALL ....................................................101
Table 29 Configuration > WAN > ISP (Ethernet) – ZyWALL ..........................................102
Table 30 Configuration > WAN > ISP (PPPoE) – ZyWALL ............................................104
Table 31 Configuration > WAN > ISP (PPTP) – ZyWALL ............................................... 105
Table 32 Configuration > WAN > IP – ZyWALL ..............................................................107
Table 33 Configuration > WAN > Dial Backup – ZyWALL .............................................. 110
Table 34 Configuration > WAN > Dial Backup > Advanced – ZyWALL .......................... 113
Table 35 Configuration > WAN > Dial Backup > Edit – ZyWALL ....................................115
Table 36 Configuration > WAN > Setup – Prestige – Bridge Mode ................................ 118
Table 37 Configuration > WAN > Setup – Prestige – Routing Mode .............................. 120
Table 38 WAN Backup – Prestige ..................................................................................123
List of Tables 24
Vantage CNM 2.0 User’s Guide
Table 39 Advanced WAN Backup – Prestige .................................................................126
Table 40 NAT Definitions ................................................................................................130
Table 41 NAT Mapping Types ........................................................................................ 132
Table 42 Configuration > NAT ........................................................................................ 133
Table 43 Services and Port Numbers . ............................................................................ 134
Table 44 Configuration > NAT > SUA Server .................................................................135
Table 45 Configuration > NAT > SUA Server – Prestige ................................................ 136
Table 46 Configuration > NAT > Full Feature > Address Mapping ................................. 137
Table 47 Configuration > NAT > Full Feature > Edit Address Mapping .......................... 139
Table 48 Configuration > NAT > Full Feature > Trigger Port .......................................... 141
Table 49 Configuration > NAT > Full Feature > Trigger Port > Edit ................................142
Table 50 Configuration > Static Route ............................................................................ 145
Table 51 Configuration > Static Route > Edit .................................................................. 146
Table 52 AH and ESP .............. ............................... ............................... ......................... 149
Table 53 VPN and NAT ..................................................................................................151
Table 54 Local ID Type and Content Fields ....................................................................153
Table 55 Peer ID Type and Content Fields ..................................................................... 153
Table 56 Configuration > VPN ........................................................................................ 155
Table 57 Configuration > VPN > Tunnel IPSec Detail .................................................... 157
Table 58 Configuration > VPN >Manu al Tunnel IPSec Detail ........................................162
Table 59 Configuration > VPN > NetBIOS ...................................................................... 164
Table 60 ICMP Command s That Trigger Alerts .............................................................. 169
Table 61 Legal NetBIOS Commands ............................................................................. 170
Table 62 Legal SMTP Commands .................................................................................. 170
Table 63 Services and Port Numbers . ............................................................................ 176
Table 64 Configuration >Firewall ....................................................................................178
Table 65 Configuration > Firewall > DoS Settings .......................................................... 180
Table 66 Configuration >Firewall > Edit .......................................................................... 182
Table 67 Configu r a tion >Firewall > IP Addr e ss ........... ................. ....................... ........... 183
Table 68 Firewall Cus to m Por t ................ ........................ ....................... .......................184
Table 69 Device Log > Device ........................................................................................ 186
Table 70 Configuration > Device Logs > Log Settings ................................................... 188
Table 71 Purge Device L ogs ........ ........................ ........................ .............................. .... 190
Table 72 ADSL Standards ..............................................................................................192
Table 73 Configuration > ADSL Monitor .........................................................................193
Table 74 Alarm Severity ................................................................................................. 194
Table 75 Alarm States .................................................................................................... 194
Table 76 Configuration > Device Alarms >Current ......................................................... 195
Table 77 Configuration > Device Alarms > Historical ..................................................... 196
Table 78 Building Block > Device BB .............................................................................199
Table 79 Building Block > Device BB > Edit ................................................................... 199
Table 80 Building Block > Device BB > Add ...................................................................201
Table 81 Building Block > Configuration .........................................................................201
25 List of Tables
Vantage CNM 2.0 User’s Guide
Table 82 Building Block > Configuration BB > Add ........................................................202
Table 83 Building Block > Configuration BB > Edit ......................................................... 204
Table 84 Building Block > Component BB ...................................................................... 204
Table 85 Building Block > Component > Add ................................................................. 205
Table 86 Building Block > Component BB > Ad d > IP Address . . ................................... 206
Table 87 Building Block > Component BB > Ad d > E-Mail Address ... ............................ 206
Table 88 Building Block > Component BB > Ed it ........................................................... 207
Table 89 System > View Administrator List ............................... ............................... ......210
Table 90 System > Administrator Det a il s ... ................. ........................ ....................... .... 211
Table 91 System > Admin i str a tor Permission s .................................... ...........................212
Table 92 System > Vantage St a tu s ......................... ............................... ........................ .214
Table 93 Vantage Version Numbe r .................................................................................217
Table 94 System > License > License Management ......................................................218
Table 95 System > License > License Management > Upgrade .................................... 219
Table 96 System > Preferences > General Sy ste m ......... ................ ..............................220
Table 97 System > Pref eren ce s > User Acce ss ............................. ........................ ........221
Table 98 System > Preferences > Server ........... ....................... ............................... ......223
Table 99 System > Pref eren c e s > Noti fications ........... ........................ ....................... .... 225
Table 100 System > Preference s > Per mi ssions ............. ............................... .................. 226
Table 101 System > Preference s > Per mi ssions > Add ............ ................ .......................227
Table 102 System > Maintenance > Management ........................................................... 228
Table 103 System > Maintenance > Backup ....................................................................229
Table 104 System > Maintenance > Restore ................................................................... 230
Table 105 System > Address Book ........................ ........................ .............................. ....231
Table 106 System > Address Book Add/Edit .......................... ........................ .................. 232
Table 107 System > Certificate Management > Information ............................................234
Table 108 System > Certificate Management > Create CSR ........................................... 235
Table 109 System > Certificate Management > Import Certificate ...................................236
Table 110 System > Logs > CNM Server .........................................................................237
Table 111 Types of Alarms ...............................................................................................240
Table 112 Alarm Severity .................................................................................................240
Table 113 Alarm States ...................................................................................................241
Table 114 Monitor > Curren t Alar ms ........................ ............................... ........................ .243
Table 115 Monitor > Firmware Upgrade Report ...............................................................246
Table 116 FTP and syslog Server Overview ....................................................................264
Table 117 Classes of IP Addresses .................................................................................. 270
Table 118 Allowed IP Address Range By Class ............................... .. ....... ..... .. .......... .. ....271
Table 119 “Natural” Masks ..............................................................................................271
Table 120 Altern ative Subnet Mask Notation ................................................................... 272
Table 121 Two Subnets Example ..................................................................................... 272
Table 122 Subnet 1 ..........................................................................................................273
Table 123 Subnet 2 ..........................................................................................................273
Table 124 Subnet 1 ..........................................................................................................274
List of Tables 26
Vantage CNM 2.0 User’s Guide
Table 125 Subnet 2 ..........................................................................................................274
Table 126 Subnet 3 ..........................................................................................................274
Table 127 Subnet 4 ..........................................................................................................275
Table 128 Eight Subnets .................................................................................................. 275
Table 129 Class C Subnet Planning ................................................................. ............ ....275
Table 130 Class B Subnet Planning ................................................................................. 276
Table 131 Com parison of EAP Authentication Types . ...................................................... 299
Table 132 System Maintenance Logs .............................................................................. 300
Table 133 System Error Logs ................................... ............................... ......................... 301
Table 134 Access Control Logs ........................................................................................301
Table 135 TCP Res et Logs ..............................................................................................302
Table 136 Pac ket Filter Logs ............................................................................................ 302
Table 137 ICMP Logs ....................................................................................................... 303
Table 138 CDR Logs ........................................................................................................ 303
Table 139 PPP Logs ......................................................................................................... 303
Table 140 UPnP Logs .......................................................................................................304
Table 141 Content Filtering Logs ...................................................................................... 304
Table 142 Attack Logs ......................................................................................................305
Table 143 IPSec Logs ...................................................................................................... 306
Table 144 IKE Logs .......................................................................................................... 306
Table 145 PKI Logs .......................................................................................................... 309
Table 146 Certificate Path Verification Failure Reason Codes ......................................... 310
Table 147 802.1X Logs .. ................................................................................................... 311
Table 148 ACL Setting Notes ...........................................................................................312
Table 149 ICMP Notes .....................................................................................................312
Table 150 Syslog Logs .....................................................................................................313
Table 151 RFC-2408 ISAKMP Payl oad Types .............. ........................ ....................... .... 313
27 List of Tables
Vantage CNM 2.0 User’s Guide
Preface
Introduc ing Vantage Centra lized Netwo r k Management (CNM )
2.0
Vantage Centralized Network Management 2.0 is a cost-effective, browser-based global
management solution that al lows an administrator from any location to easily configure,
manage, monitor and troubleshoot ZyXEL devices located worldwide.
Vantage CNM allows you to effectively separate usage and management of ZyXEL's
comprehensive range of broa dband security devices.
Note: Registe r yo ur product on line to receiv e e-mail notices of f irm w are
upgr ades and in f o rmation at www.zyxel.com
www.us.zyxel.com for North Amer ic an products.
for global products, or at
About This User's Guide
This manual is designed to guide you through the configuration of your Vantage CNM 2.0 for
its various applications.
Related Documentation
• Supporting Disk
Refer to the included CD for support documents.
• Compact Guid e
The Compact Guide is designe d to help you get up and running right away. They contain
connection information and instructions on getting started.
• Web Configurator Online Help
Embedded web help for descripti ons of individual screens and supplementary
information.
• ZyXEL Glossary and Web Site
Please refer to www.zyxel .c om f or an online glossa ry of networking terms and additi onal
support documentation.
User Guide Feedback
Help us help you! E-mail all User Guide-related comments, questions or suggestions for
improvement to techwrit ers@zyxel.com.tw or send regular mail to The Technical Writing
T eam, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,
Hsinchu, 300, Taiwan. Thank you!
Preface 28
Vantage CNM 2.0 User’s Guide
Syntax Conventions
• This manual may refer to Vantage Centralized Network Management 2.0 sim ply as
Vantage CNM or Vantage.
• The version number on the title page is the Vantage version that is documented in this
User’s Guide.
• Enter means for you to type one or more characters and press the carriage return. Select
or Choose means for you to use one of the predefined choices.
• The choices of a menu item are in Bold Arial font.
• Mouse action seque nces a re denot ed using a >. For e xample, click Conf iguratio n > LAN
> IP Alias means first click Configuration, then click LAN and finally click IP Alias.
29 Preface
This chapter introduces Vantage key features and Vantage requirements.
1.1 Key Features
The following are the key feature s of Vantage CNM 2.0.
1.1.1 Object Tree View
The object tree has three defined views letting you view the devices dire ctly as you configure them . The
views are Account (arranged by customer name), Type (arranged by device type) and Main V iew up to
seven layers deep. The object tree also al lows you to create your own logical views (orga n izing them by
geographic re gion etc . for exampl e). Status icons in the tree let you know i mmedia tely i f a devi ce that has
gone down, is curren tl y being configured or there is a fatal alarm associated with the device.
Vantage CNM 2.0 User’s Guide
CHAPTER 1.
Introducing Vantage
1.1.2 Flexible Friendly Device Registration
Use the registration wizard to registe r a sin gle device or multiple devi ces by importing an XML
registration file. This means that any customer’s network can be brought under Vantage control in the
time it takes to run a wizard.
1.1.3 Building Blocks
Use BBs (building block) to rapidly configure both existing and new devices by reusing multiple
configurat ions, a device’s single configuration or a configuration com ponent, ensuring absolute
consistency across devices. As you use Vantage longer, it will become even easier to use as you build
up valuable BB repositories.
1.1.4 Multiple Domain Administration
Associate administrators to domains that you specify in the object tree allowing efficient division of labor
with maximum independence. Furthermore, multiple administrators m ay m anage one domain, eac h wit h
differ ent privileges allowing autonomy while cooperat ively managing the same networ k(s).
1.1.5 Comple te Dev ice Co nf igu rat ion
Use the Vantage configuration menus to configure its features including LAN, WAN, NAT, firewall, VPN,
static routes, wireless etc. You may also directly access any device’s web confi gurator from the object
tree by simply right -clicking on it, gi ving you total contr ol over any device within Vantage.
1.1.6 Configuration Synchronization
Make sure a device configuration within Vantage is absolutely consistent with its actual configuration at
any time by using th e Vantage synchronization screen. This mean s that local configuration changes can
be detected by selec ti ng the Vantage Synchroniz e men u, t herefore allowing flex ibility with control .
Chapter 1 Introducing Vantage 30
Vantage CNM 2.0 User’s Guide
1.1.7 Firewall
Create consistent device firewall policies by reusing successful configurations in other ZyXEL devices.
Ensure consistency and compliance with all security policies as well as constantly monitor all devices
and act immediately if things go wrong.
1.1.8 One-Click VPN
Graphicall y create VPN (V irtual Private Networking) tunnels between devices by sim ply clicking a device
and dragging a "tunnel" to another device. Pre -configured tunnel settings mean that even non- technical
administra tors can set up and manage tunnels with m ini m um effort.
1.1.9 Configuration File Management
Back up, restore and reset to factory default any device’s configuration file from one location.
1.1.10 Firmware Upgrade
Batch download devi ce fi rmware from V antage (after down loading the firmware from a websi te) to
multiple devices located anywhere, minimizing time, effort and room for error as well as ensuring
firmware consistency across devices. Device owners can be notifi ed automatically and reports can be
generated detailing any device’s firmware uploa d hist ory.
1.1.11 Monitoring and Notifications
Use the Status Monitor to give real time messages (of who has logged in for example) and the alarm
screens to know what is going on in your managem ent domain. Alarms are warnin gs of hardware failure,
security br eaches, attacks or illegal V antage login attempts. You can configure Vantage to notif y you by
e-mail in the event a device goes down or has triggered an alarm. You can also configure Vantage to
automatical ly notify device owners and other administrators when a configuration (suc h as firmware
upgrade) is going to take place.
1.1.12 Logs
Logs detail information pert aining to customer accounts, devices and Vantage that is essential for
troubleshooting or historica l anal ysis. Logs and alarms fac il itate the secure , smooth operation of all
Vantage-regi stered ZyXEL devices across the globe.
1.1.13 Data Maintenance
Back up all Vantage con fi gurations including firmware uploaded to the Vantage server , creating various
Vantage "snap shot s" that may be restored at a lat er dat e.
1.1.14 Vantage System Management
Configure Vantage server public IP address, FTP, syslog, mail servers, set a management idle time-out
and protect Vantage from brute-force p assword dictionary attacks in the Vantage system menus.
Furthermore, you ma y pre-configure notification recipients and alter Administrator privileges from here,
making Vantage a truly global tool.
1.1.15 License Management
Simply login into www.myZyXEL.com to acquire a new activation key when you purchase an expansion
license letting you manage yet even more devices with Vantage CNM 2.0.
31 Chapter 1 Introduc ing Vantage
1.2 Vantage Requirements and Installation
For Vantage setup requirements, access and installation, see the Quick Start Guide.
Vantage CNM 2.0 User’s Guide
Chapter 1 Introducing Vantage 32
Vantage CNM 2.0 User’s Guide
33 Chapter 1 Introduc ing Vantage
2.1 Overview
The following figure displays an overiew of the Vantage CNM 2.0 graphical user interface.
Figure 1 Main Screen
Vantage CNM 2.0 User’s Guide
CHAPTER 2
GUI Introduction
Main Menu Co mp one nts
The main screen consists of two non-res izable panes; the obj ect pane and the content pane.
2.1.1 Object Pane
The bottom of th e object pa ne consi sts of an ob ject tre e view ty pes list box wher e you can se lec t a logica l
view of th e devices. The top of the object pane has a Search function where you can sear ch for devi ces.
Chapter 2 GUI Introduction 34
Vantage CNM 2.0 User’s Guide
2.2 Object Tree View Types
The View list box contains three default views called (device) T ypeView, AccountView and MainView.
You can also create custom views.
Figure 2 Object Tree View Types
•In the MainView, you may create group folders and account folders up to seven layers
deep and add devices to each layer correspondingly. You can only configure devices in
the main view.
•The TypeView view lists devices by model type.
•The AccountView allows for a one-layer automated view of each customer’s account and
the device(s) that the y own.
• You can also create custom views by clicking the detail icon to display the next screen.
The custom view name then appears in this list box. In custom views, you may create
group folders and account folders up to seven layers deep.
Figure 3 Details S cre en
Click Add in this screen to creat e a new custom view, such as by geographic area. Give t he view a
unique name and write a not e to fu rther describe it. To edit or delete an existing view, select the target
view in Figure B-3 and then click Edit or Delete. Click Close to close the screen.
2.3 Searches
Select a folder fi rst to define the scope of the search. Search for folders by fol der name or devices by
device name or MAC address within the selected fol der in the Object tree. Result s are displayed in the
same split window.
2.4 Folders
A folder is a logic al grouping of devices. There are two types of fol ders, Account and Group. All devices
in an Account folder bel ong to t hat acco unt . When y ou creat e a fold er you ar e req uested t o give a na me.
A device can only be owned by one cust om er and a customer can own many devices. A Group folder
may contain devices belonging to different accounts.
35 Chapter 2 GUI Introduction
Vantage CNM 2.0 User’s Guide
Folder right-click options are (i n MainView only):
Figure 4 Folder Right-Click Options
1 Add dev ice. Displays an Add devices screen from which you can select devices not yet
mapped to another folder.
Figure 5 Add Devices
2 Delete.
• This option dis plays a screen asking y ou if you want to delete the root folder and un- map
the devices within the fold er to the Add devic es screen or
• Delete the folder and un-map the devices within the folder. The device is still registered
with Vantage but no longer associated with the folder. The latter action also disables
Vantage within the device.
3 Associate. Links an administrator to this folder. This folder and all sub-folders are in this
administrator’s domain. The administ rator cannot manage nor see folders or BBs outside
this domain.
Chapter 2 GUI Introduction 36
Vantage CNM 2.0 User’s Guide
Figure 6 Associate Administrators
An administrator icon appears on the folder when you associate an administrator with a folder. To
disassociate the administrator from this folder, right-click to select the icon and UnAssociate.
Figure 7 Associated Administrator Right-Click Options
4 Add folder . Add a new generic folder (Group) or customer fol der (Account) where all
devices within the folde r belong to one customer . You can configure the Account folder
to display the name of th e customer on the folder in the object tree (see Configuration >
General > Customer Information).
When you add a folder, you must enter a new folder group name.
Figure 8 Add New Folder Group Name
5 Alarm.
Alarms are real-ti m e warnings of hardware failu re, security breaches, attacks or illegal V antage login
attempts. Click a folder; select Alarm and Locate to find al arms associated with devices within this
folder.
37 Chapter 2 GUI Introduction
Figure 9 Account Folder Alarm Right-Click Options
2.5 Devices
Right-click a device options are:
Figure 10 Device Right-Click Options
Vantage CNM 2.0 User’s Guide
• Unmap. The device disappears from the tree and goes to the available pool screen from
which you can map. Devices display Device name. MAC address and device type.
• Remove. Delete the device registration from Vantage. Vantage disables CNM in the
device.
• EWC. Click this to open the device’s embedded web configurator. If you know the
password you can log in directly and conf igure any item. You should synchronize with
Vant age aft er w ard s.
2.6 Content Pane
The content pane contains the configuration screen whic h also displays the object path (the folder or
device you selected in the object tree) and the menu path (the screen you have open).
2.6.1 Object Path
The Object Path shows the folder or parent folder of the device you have clicked in the Object tree, for
example \root\zywall2.
2.6.2 Menu Path
The Menu Path shows what menu you have clicked from the drop-down menu, for example
Configuration > WAN.
2.7 Menu Overview
The following is an over view of the Vantage menus:
• All monitor menus are pop-up menus.
• You can only configure a single device at any one time.
Chapter 2 GUI Introduction 38
Vantage CNM 2.0 User’s Guide
• Some menus are not accessible because administrators do not have permission.
• Vantage can remember device and configura tion menus. I f for example , you selec t device
A, then select DMZ in the Configuration File me nu and then chan ge to device B. The
configuration DMZ will appear for device B. If device B does not have a DMZ, then the
Device > Status screen will appear.
• If the selected device does not have a cert ain configuration, DMZ or wireless for
example, then DMZ or WLAN will appear grayed out in the Configuration menu list. If
this happens and you cannot access the last click menu, then you will be redirected to
Device > Status page by default.
• If you click an administrator icon in the object tree, the System > Administrators menus
will appear.
Table 1 Menus Overview
Note: You can only configure a single device at one time.
DEVICE CONFIGURATION
Status
Registration
Synchronize
Firmware Mg mt
Firmware Upgrade
Configuration Fi le
Sele c t Device BB
General
LAN
WLAN
DMZ
WAN
NAT
St ati c route
VPN
Firewall
Device Log
ADSL Monitor
Device Alarm
BUILDING
BLOCK
Device BB
Configuration BB
Component BB
SYSTEM MONITOR LOGOUT
Administrators
Status
Upgrade
License
Preferences
Maintenance
Address Book
Certificate Mgmt
Logs
About
2.8 Procedure For Configuring A Device
The default when you first enter Vantage is the root node in the ob ject t ree and Device >Status
menu.
Alarm
Firmware Report
St atus Monitor
VPN Editor
Logout
1 Select a device i n the obj ect pa n e.
2 Select an item from a drop-down menu (Device, Configuration, Building Block, System
or Monitor). I f the selec ted de vice doe s not ha ve a certain co nfigurat ion, DMZ or wir eless
for example, then DMZ or WLAN will appear grayed out in the Configura tion menu list.
3 That menu for the selected device then appears in the Content pane.
39 Chapter 2 GUI Introduction
2.9 Context-Sensitive Menus
Some context-sensitive menus appear with t he words Java Applet Window as follows:
Figure 11 Java Applet Window
If you do not want to see Java Applet Wi ndow in context-sensitive menus, then do the
following:
1 On the Vantage CNM server, go to Vantage CNM 2.0 installation directory\utilities (the
default installation path is C:\Program Files\ZyXEL\Vantage CNM 2.0\utilities) and
copy the java.policy file.
2 On the Vantage CNM client computer, go to the Java plug- in installation
directory\j2re1.4.1\lib\security\ (the default installation path is C:\Program
Files\Java\j 2re1.4.1\lib\secu rity). You should see a (different) java.policy fi le there.
Vantage CNM 2.0 User’s Guide
3 Replace the java.policy file found in step 2 with the one copied in step 1.
2.10 Icon Key
Table 2 Object Tree Icons
ICON DESCRIPTION
This is an account folde r where you can see the devi ces and fol de rs inside an d whi ch cont ai n some
devices with an alarm.
This is an account folder where you can see the devices and fold ers inside.
This is an account folder where you cannot see th e device in side and whic h contai ns some devices
with an alarm.
This is an account folder where you cannot see the devices i nside.
This is an open group folder, which contains some devices and folders with an alarm.
This is an open group folder.
This is a closed group fol der, which contains some devices wit h an alarm.
This is an administrator currently logged in.
This is an administrat or that has logged out.
This is a ZyWALL device turned off.
Note: It is not advisable to replac e t his f ile if other applications
use the Java plug-in. Vantage CNM 2.0 functions normally
whethe r t he replacement is made or not.
Chapter 2 GUI Introduction 40
Vantage CNM 2.0 User’s Guide
Table 2 Object Tree Icons (continued)
ICON DESCRIPTION
This is a ZyWALL device that has firmware uploading.
This is a ZyWALL device that has an alarm that is tur ned on.
This is a ZyWALL device turned off with an al arm and will have a firmware upload.
This is a ZyWALL device turned on.
This is a ZyWALL device with an alarm.
This is a ZyWALL device turned on with an alarm and has firmware uploading.
This is a ZyWALL device and has firmware upload ing.
This is a Prestige device turned off.
This is a Prestige device tur ned off with an alarm.
This is a Prestige device turned off with an alarm and will have a firmware upload.
This is a Prestige device tur ned off and will have a firmware upload.
This is a Prestige device that has an alarm that is turned on.
This is a Prestige device with an alarm.
This is a Prestige device with an alarm and has firmware uploading.
This is a Prestige device with firmware uploading.
Click this icon to refresh the current topology tree.
Click this icon to view the topology detail information for the current user.
Table 3 Pop-up Menus Icons
ICON DESCRIPTION
Click this icon to Add a new topology view.
Click this icon to Edit the selected topology view.
Click this icon to Delete the selected topology view.
Click this icon to Close the popup dialog.
Table 4 Content Pane Icons
ICON DESCRIPTION
Click Apply the current configuration settings and apply to the ser ver.
Click Save the current configuration settings but not apply to the server. The configuration can be
cancelled.
Click Back to go to the previous page.
Click Next to navigate to the next page.
Click to Reset the current page.s
Click OK to apply the configuration.
Click Yes to confirm your configuration edit.
Click No to canc el the configuration edit.
Click Finish to complete the whole conf iguration.
41 Chapter 2 GUI Introduction
Table 4 Content Pane Icons (continued)
ICON DESCRIPTION
Click to Cancel th e configuration and retur n to the previous page.
Click Retrieve to get the logs from a device.
Click this icon t o choose from an existing BB.
Click this icon to save a new BB.
Click this icon t o choose from an existing pers onal profile.
Click this icon t o save as a new personal profile.
Click Advanced to show more details and configure.
Click Check to view the status.
This icon represents a Fatal error.
This icon represents a Major error.
This icon represents a Minor error.
This icon represents a Warning error .
This icon represents a Web Help link.
This is a checkbox th at al lows you to make multiple selections from a group.
This is a radio button all ows you to make one selection fro m a group.
Ty pe text in a text box.
Choose fr om a li st of pre-defined choices from a list box.
This is a Browse icon allowing you to select a file external to Vantage.
Vantage CNM 2.0 User’s Guide
Table 5 VPN Editor Icons
ICON DESCRIPTION
ICON
Description
Add a new tunnel.
Edit the selected t unnel.
Delete the selected tunnel .
Upload a map file to the VPN editor.
Save the graphical tunnel depiction.
Force deletes the selected tunnel even if the selected tunnel is active.
Refresh the VPN monitor.
Delete erases the selected tunnel if it is not acti ve.
The ZyXEL device is turned on.
The ZyXEL device is turned off.
Chapter 2 GUI Introduction 42
Vantage CNM 2.0 User’s Guide
43 Chapter 2 GUI Introduction
3.1 Device Menus Overview
The Device menus allow you to register your device, synchronize devices, and manage
firmware and configuration files.
3.1.1 Device Main Screen
Device Status is the default first screen you see; the de fault folder i n the Object pane i s “root”.
Vantage CNM 2.0 User’s Guide
CHAPTER 3
Device Menus
Chapter 3 Device Menus 44
Vantage CNM 2.0 User’s Guide
Figure 12 Device > Status > Main Screen
The following table describes the fields in this screen.
Table 6 Device > Status > Main Screen
LABEL DESCRIPTION
By St atus Select a filt er status from the drop-down list box to choose which devices to view
Device Name This field displays the user-defined name, for example, “Dev1”.
Type This field displa ys the ZyXEL device model.
MAC This field displays the LAN MAC address of the ZyXEL device.
IP This field displa ys the IP address of the ZyXEL device.
Status This field displa ys the operating status of the ZyXEL device. Off indicates t h e
Firmware Version This field displa ys the device firmware net work operating system (NOS) version
Last Edit This shows the date the screen was last edited.
within the folder. You can view devic es by:
All: You can view all devices.
On: You can view all devices that are online and Vantage is successfully
communicating with.
Off: You can view all devices that are offline.
On_Alarm: You can view all devices that have an alarm that i s tur ned on.
Off_Alarm: You can view all devices that have an alarm that is turned off .
On_Firmware: You can view all devices that have fir mware uploading.
Off_Firmware : You can view all devices that will have a firmware upload. After
they are turned on Vantage will wait up to twenty minutes to upload the firmware.
On_Alarm_Firmware: Y ou can view all devices that have an alarm that is turned
on and have firmware uploading.
Off_Alarm_Fi rmware: You can view all devices that have an alarm that is turned
off and will have a firmware upload.
ZyXEL device is not currently connect ed to the network. On indicates the ZyXEL
device is connecte d to the network.
number and date.
45 Chapter 3 Device M enus
3.2 Device Status
In the Device menus, select single devices only in the Object pane when you select the
Synchronize and Configuration File menu options. You may select both folders and devices
for all other Device menu options.
Click a device , for ex am ple “tes t 1” in the fo ll owi ng sc reen an d then se lect the D evi ce dro p
down menus and click Status. This is a read-only screen showing device summary
information.
Figure 13 Device > Status > Singl e Device
The following table describes the fields in this screen
Vantage CNM 2.0 User’s Guide
Table 7 Device > Status > Single Device
LABEL DESCRIPTION
Device Name This field displays the user-defined name, for example, “test1”.
Type This field displa ys the ZyXEL device model.
MAC This field displays the LAN MAC address of the ZyXEL device.
IP This field displa ys the IP address of the ZyXEL device.
Status This field displa ys the operating status of the ZyXEL device. Off indicates t h e
ZyXEL device is not currently connect ed to the network. On indicates the ZyXEL
device is connecte d to the network.
Firmware Version This field displa ys the device firmware net work operating system (NOS) version
number and date.
Last Edit This shows the date the screen was last edited.
3.3 Device Registration
Register devices with Vantage using the device registration wizard. Select a folder (not a
device) in the object tree to have the new devices automatically mapped to that folder.
Chapter 3 Device Menus 46
Vantage CNM 2.0 User’s Guide
Figure 14 Device > Registration Wizard > Account Association
• Click Yes to display the next wizard screen (in the Content pane). Choose the device
owner for this new device(s). This device should then appear under the correct customer
in the AccountView.
• Click No to jump to Figure 1-5. If you already selected an Account folder in the object
tree, then the owner name is pre-sele cted here.
Figure 15 Device > Registration > Owner Selection
In the following screen sel ect a rad io button to either:
• Manually add: When you choose this option, you must enter the information shown in
Figur e 1-6 for a single device at a time.
• Import from an XML batch registrati on file: choose this option if you want to input a
batch of devices in one go. Go to the XML folder within the Vantage CNM Installation
directory (C:\Program Files\ZyXEL\Vantage CNM 2.0\xml by default). Choose the 4devices or 100-ZyWALL10W templates and modify accordingly.
Click Next to proceed to the next registration screen.
47 Chapter 3 Device M enus
Figure 16 Device > Registration > Wizard Choices
3.3.1 Manual Option
Use the following screen to enter device information, get device configurations and set
encryption options.
You do not need to add NA T or firewall rules when you encrypt this traffic.
Vantage CNM 2.0 User’s Guide
3.3.1.1 Configuring ZyXEL Device using Commands
To set the encryption mode on the ZyXEL device, do the following:
1 Go to CI (Command Interface) mode (SMT 24.8 for devices with SMT menus).
2 T ype 'CNM encrymode X' where:
Value of X Encryption Mode
0 None
1 DES
2 3DES
3 To set the encryption key on the ZyXEL device, type 'CNM encrykey xxxxxxxxx' where
‘xxxxxxxxx’ is th e alphanumeric encryption ke y (“0” to “9”, “a” to “z” or “A” to “Z”) in
the Vantage se rver.
3.3.1.2 Configuring ZyXEL Device using Web Configurator
To set the encryption mode on the ZyXEL device, do the following:
Log into the device web configurator, click Remote Management from the navigation panel
and then click the CNM tab. Selec t Enable, (enter the Vantage CN M Ser v er (IP) Address)
and enter an Encryption Algorithm and Encryption Key.
Chapter 3 Device Menus 48
Vantage CNM 2.0 User’s Guide
Figure 17 Device > Registration > Manual Registration
The following table describes the fields in this screen
Table 8 Device > Registration > Manual Registration
LABEL DESCRIPTION
MAC (He x ) Enter the LAN MAC address of the ZyXEL dev ice (without colons) in thi s fi eld.
Name Enter a unique name here for the ZyXEL device for identificat ion purposes. The
Device T ype Select the ZyXEL device type from the pull-down menu.
Set Vantage CNM
configuration to
device
Get configurat ion
from the device
Encryption Methods The encryption options at the time of writing are DES and 3DES. Choose from
Encryption Key Type an eight -character alphanu me ric (“0” to “9”, “a” to “z” or "A" to "Z") for DES
Back Click Back to return to the previous screen.
Finish Click Finish to go to the Device Registration Finished screen.
Vantage uses the MAC address to identify the ZyXEL devic e, so make sure it is
entered correctly.
device name cannot exceed ten characters.
Select this radio but ton to have V antage push all current configurations from
Vantage to the device. The current device configuration is then reset to the
configuration settings that Vantage contains.
Select this radi o button to have Vantage pull all curr ent devi ce conf igurat ions i nto
Vantage. The curren t devi ce configuration "overwrites" Vantage configurations .
None (no encryption), DES or 3DES. The ZyXEL devic e must be set to the sam e
encryption mode (and have the same encryption key ) as th e Vantage server.
encryption a nd a 24-character alphanumeric (“0” to “9”, “a” to “z” or "A" to "Z") for
3DES encryption.
3.3.2 Import From an XML Registration File
Use this method when you want to register multi ple ZyXEL devices at one time. The file
should be in XML format containing the fields shown in the manual registration screen for
each device.
First create a n XML file . Some XML te mplates for each de vice type su pported at the ti me may
be found at “vantage installed path\xml\”. You may combine different templates into one
XML file so as to import multiple devices (and of different types) in one go.
49 Chapter 3 Device M enus
Make sure the XML syntax is correct, as there are no validation checks in Vantage. Although
you may be allowed to import an XML file with incorrect syntax into Vantage, device
management via Vantage may be abnormal.
When you import a device to a folder, make sure the device’s name is different from existing
devices’ in tha t fold er.
Import the XML file using Vantage device registration wizard. This may take several minutes
depending on how many devices you have in your XML file. Vantage then lists all devices ( if
your XML file contains multiple devices), and allows you to choose which devices you want
to import.
3.3.2.1 Basic XML Syntax
1 You don’t need to fill in a (blank) configuration if a device doesn’t contain that
configuration.
2 Mandatory fields must be filled in or Vantage will not list that device as a de vice that can
be imported.
3 XML fields must not con ta in a “retu rn ” character. For example, the format below is
forbidden:
Vantage CNM 2.0 User’s Guide
<mac>00a0c544e2fc
</mac>
You must writ e th e field in one li ne , like this:
<mac>00a0c544e2fc</mac>
4 A field must contain the correct va lue type. You can’t writ e a string in a field that should
contain an integer value . For exam ple, the following is wrong, as <encryptMode > must
contain integers only.
<encryptMode>abc</encryptMode>
5 In fields of type str ing, if the string length is 0, you also need to write zero le ngth field to
make import work correctly. For example, both the following zero length string fields are
acceptable.
<domai nN ame > </domain Na me>
or
<domainName/>
6 If your XML Field contain a special chara cter such as &,’, >, <,”, you must embrace the
character with <![CDATA[and]]>, as shown next:
<initString><![CDATA[at&fs0=0]]></initString>
7 Device configuration fields needn’t be in order. For example, you can write a device’s
LAN configuration fiel ds first and then write the General configuration fields.
Chapter 3 Device Menus 50
Vantage CNM 2.0 User’s Guide
3.3.2.2 Minimum Mandatory Device Settings
You must at least fill in the MAC address, name, type, encryption mode and key fields for a
device to be successfull y imported into Vantage suing an XML file. Below is an example for
the ZyWALL 10W .
Note: We recommend you either fill in these settings only (for each
device) or fill in all configuration settings in the XML template.
<?xml ve rsi on ="1.0" enc od ing="UTF- 8"?>
<ZyXEL xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ZyXELDevice>
<mac>00a0c544e2fc</mac>
<name>zywall10WTest</name>
<type>ZyWALL10W</type>
<needReset>true</needReset>
<encryptMode>1</encryptMode>
<encryptKey>abcdefgh</encryptKey>
<General/>
<LAN/>
<ZWWAN/>
…
</ZyXELDevice>
</ZyXEL>
These are the equivalent settings by using the manual device registra tion wizard screen.
Note: For more deta iled information on crea tin g XML files for
Vantage, please see the “Import Device Using XML Reference
Manual” at the Zy XEL web sit e downlo ad librar y.
After you have completed the XML file, click Browse to locate it in the next screen and then
click Next.
51 Chapter 3 Device M enus
Vantage CNM 2.0 User’s Guide
Figure 18 Registration Wizard: Configuration File
The next screen displays all device s available in the XML file that can be imported.Select the
individual devices that you wish to import or select Select All to import all devices that are
displayed in th is screen. Click Finish t o go to a Devic e Regist ration Fin ished scr een showing
what files you have successfully registered.
Figure 19 .Registration: XML File Devices
Figure 20 Registration Wizard: Finish
3.4 Device – Vantage Data Inconsistency: Synchronize
Click Device > Synchronize to have Vantage check for data inconsistenc ies in the selected
object. Data inconsistencies may occur if device configurations are made directly to the
device instead of in Vantage.
Chapter 3 Device Menus 52
Vantage CNM 2.0 User’s Guide
3.4.1 Vantage – Device Override Criteria
3.4.1.1 Vantage CNM Override Device
Vantage pushes all current configura tions from Vantage to the device. The current device configuration
will then be reset to the configuration settings that Vantage con tains.
3.4.1.2 Device Override Vantage CNM
Vantage pulls all current device configurations into Vantage. The current device configuration
"overwrites" Vantage configurations.
3.4.1.3 Synchronizing Device with Vantage
Select a device an d then cl ick Devi ce > Sync hro nize Settings. A screen displays showing
which configuration menus a re out-of-synch. Access the device web config urator to view
discrepancy details between corresponding configurations. When you understand the
discrepancy, you can then decide to allow Vantage to override the device configuration or
vice-versa.
Figure 21 Device > Synchronize
3.5 Firmware Management
Use the Firm ware M anagement screen to download ZyXEL device firmware from the
ZyXEL FTP site to Vantage. After you download it to Vantage, you can then upload it from
Vant age to the target devices.
All firmware is downloaded to one repository within Vantage. There is no domain-specific
repository within Vantage for firmware downloads.
You cannot edit an existing firmware in Vantage; you can only delete it.
Administrators should subscribe to the ZyXEL mailing lists to be regularly informed of new
firmware versions.
Click Device > Firmware Management to display the next screen.
53 Chapter 3 Device M enus
Vantage CNM 2.0 User’s Guide
Figure 22 Device > Firmware Management
The following table describes the fields in this screen
Table 9 Device > Firmware Management
TYPE DESCRIPTION
Index This is th e file lis t n um be r.
FW Alias This is the firmware file name.
Device T ype This field displays the model. Y ou m ust upload firmware to the corr ect model.
For example firmware for P650R-11 is not compatible with the P650R-13 model.
V antage shoul d automati cally det ect fi rmwa re for the dev ice sel ected. Uploadi ng
incorrect fir mwar e ma y damage the device.
FW Version This field displays ZyNOS (ZyXEL network operat ing System) firmware versi on.
FW Release Date This field displa ys the date the firmware was created.
Administrator This field displays the administrator who downloaded this firmware file to
Vantage.
ZyXEL Download
Website
Add Click Add to proceed to the next screen.
Delete Click to delete a selected firmware from your Vantage firmware management.
Click this hyperlink to go to the ZyXEL Website and download f ir m ware to your
computer.
Firmware is uploaded to your device in the following manner
• download from the website to your computer
• uploa d from your computer to the Vantage
• upload from Vantage to your selected device.
3.5.1 Add Firmware Screen
Click Add in Firmware Management to view the next screen that allows you to select a
firmware zip file. Upload the firmware zip file to Vantage. This firmware zip file contains
more than the firmware. It contains:
• The device firmware (bin fil e exte nsion). Only this firmware file is actually downloaded
to the device.
• The device default configuration file (config file extension).
• Device firmware release notes (doc file extension) highlighting
• Boot module with bm file extension
• A file with XML file extension. Vantage uses the XML file to gather the device type,
firmware version and release date information.
Chapter 3 Device Menus 54
Vantage CNM 2.0 User’s Guide
Click Add in the screen shown in the previous figure to displa y the next screen. Type the file
name and path or browse to where you saved the file. You may create a firmware alias for the
selected zip in this screen.
Figure 23 Device > Firmware Management > Add Firmware
Figure 24 Device Firmware Upgrade
Use the Device Firmware Upgrade screen to download fi rmware to devices from Vantage.
You may upgrade firmware to several homogeneous devices at the same time. Vantage can
upload firmware from 20 to 50 devices at a time depending on your network bandwidth. You
can upload firmware in the Main View or in Type View.
Figure 25 TypeView
3.5.2 Firmwar e Upgrade Select Produ ct Line and Mode
If you select a device in the object tree, F igure 27 on page 56 will be shown; select a folder in
the object tree and the following screen will be displayed. Use this screen to select the product
line and model name of devices that you want to download fir mwar e to from Vantage.
• Pick a product line.
• Pick a model name.
Click Next to proceed to the Firmware U pgr ad e screen.
55 Chapter 3 Device M enus
Figure 26 Firmware Upgrade > Select Product Line and Model
3.5.3 Firmware Upgrade Process
1 Select Firmware by picking a node.
2 Select the candidate dev ices ( of that model type for the node selected).
3 Click Upgrade to begin the device upgrade process
Figure 27 Device > Firmware Upgrade
Vantage CNM 2.0 User’s Guide
See Figure 9 on page 54 for field descriptions. Click Upgrade t o begin the device upgrade
process.
3.5.4 Advisory Notes on Firmware Upgrade
• It is advisable to upgrade firmware during periods of low network activity, since each
device must restart after firmware upload.
• You should also notify device owners before you begin the upload. See the System >
Preferences > Notifications screen.
3.5.5 Configuration File
Use these screens to manage, back up and restor e configuration files (Configuration files).
Select the device and then click Device > Configuration File.
Chapter 3 Device Menus 56
Vantage CNM 2.0 User’s Guide
You can create your own configuration file alias in Vantage. This may make it easier to
distinguish multiple configuration files for the same device.
3.5.6 Configuration File Management
Use this screen to view and delete configuration files uploaded to Vantage. You can view the
configuration file name, a description of it, the date it was backed up and which administrator
backed it up.
Figure 28 Device > Configuration File > Management
The following table describes the fields in this screen
Table 10 Device > Configuration File > Management
TYPE DESCRIPTION
Index This displays a number assi gned to the file
File Name This displays the name given to the configuration file.
Description This displays a description that was entered at the time of file backup or file
restoration.
Backed Up Date This field displays the date of back up of a configuration fil e.
Administrator This field displays the ad minist rator who pe rformed the back up or restor atio n of
the configuration file.
Delete Select the checkbox and click Delete to remove a selected fir m ware from your
Vantage firmware management.
3.5.7 Configuration File Backup
Select a device an d then u se the Backup screen to save that device’s configuration file to
either Vantage or your computer (from which you’re accessing Vantage).
Once your device is configure d and funct ioning properly, it is highly recommended that you
back up your configuration fi le before making configuration changes. The backup
configuration file will be useful in case you need to return to your previous settings.
57 Chapter 3 Device M enus
Vantage CNM 2.0 User’s Guide
Figure 29 Device > Configuration File > Back Up
The following table describes the fields in this screen
Table 11 Device > Configuration File > Back Up
TYPE DESCRIPTION
Destination Select the radio butt on to gi ve the download destinat ion to Va ntage.
File Path and Name Type in the location of the file you want t o upload in this field.
Description Type a description of the file backup.
To Computer Select the radio button to give the download destination to your computer.
Back Up Click the Backup button to proceed to a dialog box where your con fi guration is
saved to your computer.
3.5.8 Configuration File Restore
Use the Restore screen to overwrite a devices current configuration with a previously saved
backup file or the default conf igurati on fi le from eit her Vantage or your compute r (from which
you’re accessing Vantage). Be sure to upload the correct Configuration file for the devic e.
Note: Make sure you restore a configuration file to the correct
model or you may damage the device.
If you restore a configuration file to a device other than the one
intended, you may lo c k o ut th e device. The configura tio n f ile
contains t he WAN c onfiguration.
Chapter 3 Device Menus 58
Vantage CNM 2.0 User’s Guide
Figure 30 Device > Configuration File > Restore
Table 12 Device > Configuration File > Restore
TYPE DESCRIPTION
Resource
From Server Select this radio but ton to upload a configuration file From Vantage.
File Path and Name Select a file from the drop-down list box.
From Computer Select this radio button to upload a confi guration file from your computer.
File Path and Name Type in the location of the file you want to upload in th is field or click Browse...
Upload Click Upload to begin the upload process.
to find it.
59 Chapter 3 Device M enus
Vantage CNM 2.0 User’s Guide
CHAPTER 4
Configuration > Select Device
BB & Gen era l
This section shows you how to use the select device building block screen and how to
configure the General menus.
These screens will vary depending on which model you’re configuring.
When you click a configuration menu, the screen shows the current device configuration.
If you’re unfamiliar with ZyXEL device configurations, please consult your device User’s
Guide.
Configuration > General can be saved as one Configuration BB.
4.1 Select Device BB
A device BB (Building Block) is a combinatio n of configuration BBs. A device’s device BB
varies by model type. The following figures show device BBs for the ZyWALL 10W and
ZyWALL 70/35/5 (these three models ha ve the same device BB). A chec k mark indicates that
the device BB includes this confi guration and an “X” denotes that it doesn’t.
Chapter 4 C on figurati on > Select Device BB & General 60
Vantage CNM 2.0 User’s Guide
Figure 31 ZyWALL 10W Device BB
Figure 32 ZyWALL 70/35/5 Device BB
61 Chapter 4 Configuration > Select Device BB & General
This Se lect Dev ice BB screen allows you to select a device’s device BB and apply it to
another device of the same type.
Note: You can only apply a device BB to another device of the
same type.
4.1.1 Procedur e to S ele ct an d App ly a Devic e B B
1 Select the device from which you want to copy its configur ation.
2 Click Configuration > Select Device BB to display the next screen.
3 Click the “Sav e as a BB” ic on ( ) and save it as a new BB with a unique device BB
name.
4 Select the device to which you want to paste this configuration.
5 Click Configuration > Select Device BB to display the next screen.
6 Click the “Load a BB” icon ( ) and select the BB you just saved.
7 Click the Apply button to save that configurat ion to the device.
Vantage CNM 2.0 User’s Guide
8 This device configuration can then be further fine-tuned using the regular configuration
menus and saved as another new device BB.
4.2 Configuration G eneral Screens
Click Configurat ion > General to co n fi g ur e System, DDNS, Time Setting and Owner Info.
The System tab is shown next.
Chapter 4 C on figurati on > Select Device BB & General 62
Vantage CNM 2.0 User’s Guide
4.2.1 System
Figure 33 Configuration > General > System – ZyWALL
The following table describes the fields in this screen
Table 13 Configuration > General > System – ZyWALL
FIELD DESCRIPTION
Password Enter the passwor d used to access the device.
MAC (Hex) This field displays the LAN MAC address of the ZyXEL device. Vantage uses
the MAC address to identify the ZyXEL device. This is entered when you
manually regis ter the ZyXEL device.
Device Type This field displ ays the ZyXEL device type selec ted in the object tree.
Encryption Mode You may choo se to encry pt tra ffi c between the Zy XEL device and the Vantage
server here. Choos e fr om None (no encryption), DES or 3DES. The ZyXEL
device must be set to the same encryption mode (and have the same
encryption key ) as the Vantage server.
You do not need to add NAT or firewall rules when you encrypt this traffic.
To set the encryption mode on the ZyXEL device, do the fol lowi ng:
Go to CI mode (SMT 24.8 for devices with SMT menus)
Type 'CNM encrymode X' where:
Value of X Encryption Mode
0 None
1 DES
2 3DES
63 Chapter 4 Configuration > Select Device BB & General
Vantage CNM 2.0 User’s Guide
Table 13 Configuration > General > System – ZyWALL (continued)
FIELD DESCRIPTION
Encryption Key Type an eight-character alphanumer i c (“0” t o “9 ”, “a ” to “ z”) for DES enc rypti on
System Name Enter a unique name here for the ZyXEL device for identificati on purposes.
Domain Name The Domai n Name entry is what is propagated to the DHCP cli ents on the
Adminis trato r Ina ctiv ity
Timer
First DNS Server
Second DNS Server
Third DNS Server
Reset to Factory
Default
Reset Click Reset to begin configuring the screen afresh.
and a 24-character alphanumeric (“0” to “9”, “a ” to “z”) for 3DES encryption.
To set the encryp ti on key on the ZyXEL device, type
'CNM encryk ey xx xxxxxxx' wh ere ‘xxxxxxxxx’ is the hexadecimal
secret key number you used i n the Vantage server .
The device name cannot exceed 31 characters.
LAN side of the target device. If you leave this blank, the domain name
obtained by the device via DHCP from the ISP is used.
Set how long a management sessi on can remain idle before it expires. Aft er it
expires, you have to (default five minutes) log back into the device.
DNS (Domain Name System) is for mapping a domain name to its
corresponding I P address and vice versa. These DNS serv ers refer to the
device system DNS server. The device uses a system DNS server (in the
order you specify here) to resolve domain names for VPN, DDNS and the
timeserver.
Select From ISP if the ISP dynamically assigns the device DNS se rver
information. The tex t box to the right then display s the (read- only) DNS server
IP address that the ISP assigns.
Select User-Defined if you want to assign the DNS server IP address
yourself. Enter th e DNS server's IP address in the field to the right or select
from an IP address component BB.
Select None if you do not want to conf igure device system DNS se rvers. If
you do not configure a system DNS server, you must use IP addresses when
configuring VPN and DDNS.
Click this button to upload the factory-defaul t configuration fi le of the device.
4.2.2 DDNS
Use this screen to configure your DNS paramete rs
Chapter 4 C on figurati on > Select Device BB & General 64
Vantage CNM 2.0 User’s Guide
Figure 34 Configuration > General > DDNS
The following table describes the fields in this screen
Table 14 Configuration > General > DDNS
LABEL DESCRIPTION
Active Select this check box to use dynamic DNS.
Service Provider Select the name of your Dynamic DNS service provider.
DDNS Type Select the ty pe of service that you are regis ter ed for from your Dynamic DNS
User Enter your user name.
Password Enter the password assigned to you.
Enable Wildcard Select the check box to enable DYNDNS Wildcar d.
Host Names 1~3 Enter the host names in the three fields provided. You can specify up to two
Off Line This option is availabl e when CustomDNS is selected in the DDNS Type
Edit Update IP
Address:
Server Auto Detect Select this option to update the IP address of the host name(s ) automatically
User Specify Select this option to update the IP address of the host nam e(s) to the IP
service provider.
host names in each field separated by a comma (",") .
field. Check with your Dynamic DNS service provider to have traffic
redirected to a URL (that you can specify) while you are off line.
by the DDNS server. It is recommended that you select this option.
address specified below. Use this option if you have a static IP address.
65 Chapter 4 Configuration > Select Device BB & General
Table 14 Configuration > General > DDNS (continued)
LABEL DESCRIPTION
IP Address Enter the IP address if you select the User Speci fy option.
E-Mail (P r e st ig e Only ) Type the e-mai l address here or select from a previously created e-ma il
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
4.2.3 Time Setting
Use this screen to configure your ti me set tings.
Figure 35 Configuration > General > Time Setting
Vantage CNM 2.0 User’s Guide
component BB. You may also save a newly entered e-mail address as a new
e-mail component BB.
The following table describes the fields in this screen
Table 15 Configuration > General > Time Setting
LABEL DESCRIPTION
Time Protocol
(or Use Time Server
when Bootup)
Time Se rver
Address.
Time Zo ne Choose the Ti me Zone of you r location . This will set the time dif fere nce between
Select the time serv ice prot ocol t hat your timeser ver sends when you turn on th e
device. Not a ll time server s support all protocols, so you may ha ve to check with
your ISP/net work administrat or or use trial and error to find a protocol that works.
The main difference between them is the format.
Daytime (RFC 867) format is day/month/year/time zone of the server.
Time (RFC 868) format displays a 4-byte integer giving the total number of
seconds since 1970/1/1 at 0:0:0.
The default, NTP (RFC 1305), is s imilar to Time (R FC 868).
Select None to enter the time and date manually.
Enter the IP address of your timeserver. Check with your ISP/networ k
administrator if you are unsure of this information (the default i s
tick.stdtime.gov.tw)
your time zone and Greenwich Mean Time (GMT).
Chapter 4 C on figurati on > Select Device BB & General 66
Vantage CNM 2.0 User’s Guide
Table 15 Configuration > General > Time Setting (continued)
LABEL DESCRIPTION
Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period
Start Date Enter the month and day t hat your da ylight-saving s time starts on if you selected
End Date Ent e r t he m onth and day that your daylight-sa vings time ends on if you selected
Calibrate (Prestige
only)
Apply Click Apply to save your changes back to the device.
Reset Click Reset to begin configuring this screen afresh.
4.2.4 Owner Info
The address book is th e equivalent of a device owne r BB. You can select from previous e ntries
or save as new entries.
from late spring to earl y fall when many countrie s set their clocks ahead of
normal local time by one hour to give more daytime light in the evening.
Daylight Savings.
Daylight Savings.
Select the check box to have your Prestige use the timeserver (that you
configured above) to set its internal system clock.
Figure 36 Configuration > General > Owner Info
The following table describes the fields in this screen.
Table 16 Configuration > General > Owner Info
TYPE DESCRIPTION
Name Type the ful l name of the owner of this device.
Description Type some extra information about this customer.
67 Chapter 4 Configuration > Select Device BB & General
Vantage CNM 2.0 User’s Guide
Table 16 Configuration > General > Owner Info (continued)
TYPE DESCRIPTION
Contact Address Type the complete customer mailing address here.
Address 1, 2 Type the customer’s building number, street and city zone (if applicable)
here.
City Type the full city or town name.
StateProvince Type the state or province.
ZIP/Postal Code Type the zip or postal code here.
Region Select the country or region from the list.
Telephone Number Type the customer’s telephone number including country code and area
code here.
E-mail Type the customer’s e-mail address here or select from a previously
Apply Click Apply to create the BB. This BB is then available in the BB pool for
Reset Click Reset to begin configuring the screen afresh.
created e-mail co mpo nent BB. Y ou m ay also save a newly entered e-mail
address as a new e-mail component BB.
this domain.
Chapter 4 C on figurati on > Select Device BB & General 68
Vantage CNM 2.0 User’s Guide
69 Chapter 4 Configuration > Select Device BB & General
5.1 LAN Overview
The Configuration: LAN screen varies depending on the device type shown.
Local Area Network (LAN) is a shared communication system to which many computers are
attached. Use t he LAN s cree n s to confi g ure a L A N DHCP server, manage IP add ress es , and
partition a physical ne twork into logical networks.
5.2 DHCP Setup
Vantage CNM 2.0 User’s Guide
CHAPTER 5
Configuration > LAN
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at sta rt-up from a se rver. You can configure the ZyXEL
device as a DHC P serv er o r disab le it. W hen co nfi g ured as a server, the ZyXEL de vic e
provides the I P configura tion for the cli ents. I f set t o None, DHCP servi ce will be disable d and
you must have another DHCP server on your LAN, or else the computer must be manually
configured.
5.2.1 IP Pool Setup
The ZyXEL device is pre-configur ed with a pool of 32 IP addresses starting from
192.168.1.33 to 192.168.1.64. This configuration leaves 31 IP addresses (excluding the
ZyXEL device itself) in the lower range for other server computers, for instance, servers for
mail, FTP, TFTP, web, etc., that you may have.
5.2.2 DNS Servers
Use the LAN IP scree n to configure the DNS se rver information th at the ZyXEL device sends
to the DHCP client devices on the LAN.
5.2.3 LAN TCP/IP
The ZyXEL device has built-in DHCP server capability that assigns IP addresses and DNS
servers to systems that support DHCP client capability.
5.2.4 Factor y LAN Def au l ts
The LAN parameters of the ZyXEL device are preset in the factory with the following values:
Chapter 5 Configuration > LAN 70
Vantage CNM 2.0 User’s Guide
• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)
• DHCP server enabled with 32 client IP addre sses starting from 192.168.1.33.
These parameters should work for the majority of installations. If your ISP gives you explicit
DNS server address(es), read the embedded web configurator help regarding what fields need
to be configured.
5.2.5 IP Address an d Su b net Mas k
Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this
information.
5.2.6 RIP Setup
RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange
routing information with other routers. RIP Direction controls the sending and receiving of
RIP packets. When set to Both or Out O nl y, the ZyXEL device will broadcast its r outing ta ble
periodically. When set to Both or In Only, it will incorporate the RIP information that it
receives; wh en se t to None, it will not send any RIP packets and will ignore any RIP packets
received.
RIP Version controls the format and the broadc asting method of the RIP packets that the
ZyXEL device sends (it recognize s both formats when receiving). RIP-1 is universa lly
supported; bu t RIP-2 carri es more information. RIP-1 is probably adequa te for most networks,
unless you have an unusual network topology.
Both RIP-2B and RIP-2M send routing data in RIP-2 format; the dif ference being that RIP-
2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the
load on non-router machines sinc e they generally do not listen to the RIP multicast addr ess
and so will not receive the RIP packets. However, if one router uses multicasting, then all
routers on your network must use multicasting, also.
By default, RIP Direction is se t t o Both and RIP Version to RIP-1.
5.2.7 Multicast
Tradi tionally, IP packets are transmit te d in one of either two ways - Unicast (1 sender - 1
recipient) or Broadcast (1 se nder - everybody on the network) . Multi cast delivers IP packets to
a group of hosts on the network - not everybody and not just 1.
IGMP (Internet Group Multicas t Protoc ol) is a network-layer protocol use d to establish
membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC
2236) is a n improvement over version 1 (RFC 1112) but IGMP ver sion 1 is still in wide use. If
you would like to read more detailed information about inter-operability between IGMP
version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is
used to identify ho st groups a nd ca n be in the r ange 224.0. 0.0 to 239. 255. 255.255. The addre ss
71 Chapter 5 Configuration > LAN
224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address
224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts
(including gateways) . All hosts must join the 224.0.0.1 group in order to participate in IGMP.
The address 224.0.0.2 is assigned to the multicast routers group.
The ZyXEL device supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-
v2). At start up, the ZyXEL device queries all directly connected networks to gather group
membership. After that, the ZyXEL device periodically updates this inf ormation. IP
multicasting can be enabl ed/disabled on the ZyXEL device LAN and/or WAN interfaces in
the web configurator (LAN; WAN). Select None to disable IP multicasting on these
interfaces.
5.3 Configuring LAN IP – ZyWALL
Select a device an d then cl ick Conf iguration > LA N. IP is the first tab.
Vantage CNM 2.0 User’s Guide
Chapter 5 Configuration > LAN 72
Vantage CNM 2.0 User’s Guide
Figure 37 Configuration > LAN > IP – ZyWALL
The following table describes the fields in this screen
Table 17 Configuration > LAN > IP – ZyWALL
LABEL DESCRIPTION
DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows
IP Pool Starting
Address
Pool Size This field spe cifies the size, or count of the IP address pool.
73 Chapter 5 Configuration > LAN
individual clients (computers) to obtain TCP/IP con figuration at startup from a
server. When configured as a server, the ZyXEL device provides TCP/IP
configuration for the clients. If not, DHCP service is disabled and you must have
another DHCP server on your LAN, or else the computer must be manually
configured. Whe n set as a server, fill in the rest of the DHCP setup fields.
This field specifies the first of the contiguous addresses i n the IP address pool.
Table 17 Configuration > LAN > IP – ZyWALL (continued)
LABEL DESCRIPTION
Vantage CNM 2.0 User’s Guide
First DNS Server
Second DNS
Server
Third DNS Server
TCP/IP
IP Address Type the IP add ress of the ZyXEL device in dotted decimal notation. 192.168.1.1
IP Subnet Mask The subnet mask sp ecifies the network numbe r portion of an IP address. The
RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a route r to
RIP Version The RIP Version field controls the format and the broadcasting method of the
Domain Name System is for mapping a domain name to its corresponding IP
address and vice versa. The ZyXEL device passes a DNS (Domain Name
System) server IP address (in the order you specify her e) to the DHCP clients.
The ZyXEL device only passes this information to the LAN DHCP clients when
you select DHCP Server. If you don’t sele ct DHCP Server, DHCP service is
disabled and you must have another DHCP sever on your LAN, or else the
computers must have thei r DNS server addresses manuall y configured.
Select From ISP if an ISP dynamically assigns DNS server information (and the
ZyXEL device’s WAN IP address). The field to the right displays the (r ead-only)
DNS server IP address that the ISP assi gns.
Select User-Defined if you have the IP address of a DNS server. Enter the DNS
server's IP address in the field to the right. If you chose User-Defined, but leave
the IP address set to 0.0.0.0, User-Defined changes to None after you click
Apply. If you set a second choice to User-Defined, and enter the same IP
address, the second User-Defined changes to None after you click Apply.
Select DNS Relay to have the ZyXEL dev ice act as a DNS proxy. The ZyXEL
device’s LAN IP address displays in the field to the right (read-only) . The ZyXEL
device tells the DHCP clients on the LAN that the ZyXEL device itself is the DNS
server. When a computer on the LAN sends a DNS query to the ZyXEL device,
the ZyXEL device forwards the query to the ZyXEL device’s system DNS server
(configured in the SYSTEM General screen) and rel ays the respo nse back to th e
computer. You can only select DNS Relay for one of the three servers; if you
select DNS Rel ay for a second or third DNS serv er, that choice changes to None
after you click Apply.
Select None if you do not want to configure DNS servers. If you do not configure
a DNS server, you must know the IP address of a machin e in or der to access it.
is the factory defaul t.
ZyXEL device automatically cal culates the subnet mask based on the IP address
that you assign. Unless you are implementing subnetting, use the subnet ma sk
computed by the ZyXEL device, which is 255.255.255.0.
exchange routing information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets. Select the RIP direction from Both/In
Only/Out Only/None. When set to Both or Out Only , the ZyXEL device
broadcasts its routing table periodically. When set to Both or In Only, it
incorporates the RIP information that it receives; when set to None, it does not
send any RIP packets and ignores any RIP packets received. Both is the defaul t.
RIP packets that the ZyXEL device sends (it recognizes both formats when
receiving). RIP-1 is universally supported but RIP-2 carries more information.
RIP-1 is probably adequate for most networks, unless you have an unusual
network topology. Both RIP-2B and RIP-2M send s the routing data in RIP-2
format; the difference being that RIP-2B uses subnet bro adcasting while RIP-2M
uses multicast ing. Multic astin g can redu ce t he load on non- router machines si nce
they generally do not listen to the RIP multicast address and so will not receive
the RIP packet s. However, if one router uses mul ticasti ng, th en all r outer s on yo ur
network must use multicasting, also. By defaul t, RIP direction is set to Both and
the Version set to RIP-1.
Chapter 5 Configuration > LAN 74
Vantage CNM 2.0 User’s Guide
Table 17 Configuration > LAN > IP – ZyWALL (continued)
LABEL DESCRIPTION
Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multi cast Protocol)
Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP
or UDP broadcast packets that enable a comput er to connect to and communicate with a LAN. For
some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it
may sometimes be neces sary to allow NetBIOS packe ts to pass through to th e W AN in order to find a
computer on the WAN.
Allow From LAN to
WAN
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afresh .
is a network-layer protocol used to establish membership in a Mult icast group - it
is not used to carry user data. IGMP version 2 (RFC 2236) is an i m provement
over version 1 (R FC 1 112) but IGMP version 1 is still in wide use . If you would l ike
to read more detailed information about int er operability between IGMP version 2
and version 1, please see sections 4 and 5 of RFC 2236.
Select this opt ion to forward Net BIOS packets fr om the LAN port to the WAN port.
5.4 Configur ing LAN IP - Prestige
Select a device, and then click Configuration > LAN. IP is the only tab used for an ADSL
device.
75 Chapter 5 Configuration > LAN
Figure 38 Configuration > LAN > IP – Prestige
Vantage CNM 2.0 User’s Guide
Table 18 Configuration > LAN > IP – Prestige
LABEL DESCRIPTION
DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows
individual clients (computers) to obtain TCP/IP configuration at startup from a
server.
Select None if you do not want to configure DNS servers. If you do not configure
a DNS server, you must know the IP address of a machin e in or der to access it.
When configured as a Server, the ZyXEL device provides TCP/IP configuration
for the clients. When set as a Server, fill in the rest of the DHCP setup fields.
Select Relay to have th e Z yX EL dev i c e act as a D N S proxy. The Z yX E L devi c e
tells the DHCP clients on the LAN that the ZyXEL device itself is the DNS server.
When a computer on the LAN sends a DNS query to the ZyXEL device, the
ZyXEL device forwards the query to the ZyXEL device’s system DNS server and
relays the respons e back to the computer. You can select Relay and enter an IP
Pool Star ting Address. The First DNS Server IP and Sec ond DNS Server IP will
appear as read only fields.
IP Pool Starting
Address
Pool Size This fiel d specifies the size, or count of the IP address pool.
First DNS Server IP
Second DNS
Server IP
Remote DHCP
Server
TCP/IP
This field specif ies the first of the contiguous addresses in th e IP address pool.
The ZyWALL passes a DNS (Domain Name System) server IP addr ess (in the
order you specify here) to the DHCP clients. Type your First DNS Server IP and
Second DNS Server IP addresses in these fields.
If Relay is selected in the DHCP field above, then type the IP address of the
actual, remote DHCP server here.
Chapter 5 Configuration > LAN 76
Vantage CNM 2.0 User’s Guide
Table 18 Configuration > LAN > IP – Prestige (continued)
LABEL DESCRIPTION
IP Addres s Type the IP address of the ZyXEL device in dotted decimal notation. 192.168.1.1
IP Subnet Mask The subnet mask specifies the network number portion of an IP address. The
RIP Direction RIP (Routing Infor mati on Protocol, RFC1058 and RFC 1389) allows a rou ter to
RIP Version The RIP Version field controls the format and the broadcasting met hod of t he
Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multi cast Protocol)
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afresh .
is the factory default.
ZyXEL device automatically ca lculates the subne t mask based on the I P address
that you assign. Unless you are implementing subnetting, use the subnet mask
computed by the ZyXEL device, which is 255.255.255.0.
exchange routi ng information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets . Sel ect the RIP direction from Both/In
Only/Out Only /None. When set to Both or Out Only, the ZyXEL device
broadcasts its routing table periodically. When set to Both or In Only, it
incorporat es the RIP information that it re ceives; when set to None, it does not
send any RIP packets and ignores any RIP packets received. Both is the defa ult.
RIP packets t hat the ZyXEL device sends (it recognizes both format s when
receiving). RIP-1 is universally supported but RIP- 2 carries more information.
RIP-1 is probably adequate for most networks , unless you have an unusual
network topol ogy. Both RIP-2B and RIP-2M sends the routing data in RIP-2
format; the difference being tha t RIP-2B uses subnet broadcasting while RIP-2M
uses multica sting. Multi casti ng can r educe the load on non -rout er machin es since
they generally do not listen to the RIP multicast address and so will not receive
the RIP packet s. Howev er , if on e router uses mu lticast ing, t hen a ll route rs on your
network must use multicasting, also. By default, RIP direction is set to Both and
the Version set to RIP-1.
is a network-layer protocol used to establish membership in a Mult icast group - it
is not used to carry user data. IGMP version 2 (RFC 2236) is an i m provement
over version 1 (R FC 1 112) but IGMP version 1 is still in wide use . If you would l ike
to read more detai led information about in terpretability between IGMP version 2
and version 1, please see sections 4 and 5 of RFC 2236.
5.5 Configuring LAN Static DHCP – ZyWALL
This table allows you to assign IP addresse s on the LAN to specific individual computers
based on their MAC Addresses.
Every Ethernet de vice has a unique MAC (Media Access Control) addre ss. The MAC address
is assigned at the factor y and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.
Select a device, and then click Configuration > LAN > Static DHCP.
77 Chapter 5 Configuration > LAN
Figure 39 Configuration > LAN > Static DHCP – ZyWALL
Vantage CNM 2.0 User’s Guide
The following table describes the fields in this screen
Table 19 Configuration > LAN > Static DHCP – ZyWALL
LABEL DESCRIPTION
Index This is the index number of the Static IP t able entry (row).
MAC Address This is the MAC address of a computer on the devi ce’s LAN.
IP Address This is the IP address to be assigned to the device wi th t he M AC address above.
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin confi guring this screen afresh.
5.6 Configuring LAN IP Alias – ZyWALL
IP Alias allows you to partitio n a physical network into different logical networks over the
same Ethernet interface. The ZyXEL device lets you configure logical LAN interfaces via its
single physical Ethernet interface with the device itself being the gateway for each LAN
network.
When you use IP alias, you can also configure firewall rules to control access between the
LAN's logical networks (sub nets).
Select a device, and then click Configuration > LAN > IP Alias.
Chapter 5 Configuration > LAN 78
Vantage CNM 2.0 User’s Guide
Figure 40 Configuration > LAN > IP Alias
The following table describes the fields in this screen
Table 20 Configuration > LAN > IP Alias
LABEL DESCRIPTION
IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL device.
IP Addre ss Enter the IP address of the ZyXEL device in dotted decimal notation.
IP Subnet Mask The ZyXEL device automatically calculates the subnet mask based how many
aliases you sele ct. See also the appendices for m ore information on IP
subnetting.
RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to
exchange routi ng information with other routers. The RIP Direction field controls
the sending and receiving of RIP packets. Select the RIP direction from Both/In
Only/Out Only/None. When set to Both or Out Only, the ZyXEL device
broadcasts i ts routing tabl e peri odically. When set to Both or In Only, it
incorporates the RI P inf ormation that it receives; when set to None, it does not
send any RIP packets and ignores any RIP packets received.
RIP Version The RIP Version fi eld controls the format and t he broadcasting method of th e
RIP packets tha t the ZyXEL device sends (it recognizes both formats when
receiving). RIP-1 is universally supported but RIP-2 carries more information.
RIP-1 is probably adequate for most networks, unless you have an unusual
network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2
format; the d if ference being that RIP-2B uses subnet broadcasti ng while RIP-2M
uses multicast ing. Multicasting can reduce the load on non-router machines
since they generally do not listen to the RIP multic ast address and so will not
receive the RIP packets. However, if one router uses mult icasting, then all
routers on your network must use multicasting, also. By default, RIP direction is
set to Both and the Version set to RIP-1.
79 Chapter 5 Configuration > LAN
Vantage CNM 2.0 User’s Guide
Table 20 Configuration > LAN > IP Alias (continued)
LABEL DESCRIPTION
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin confi guring this screen afresh.
Chapter 5 Configuration > LAN 80
Vantage CNM 2.0 User’s Guide
81 Chapter 5 Configuration > LAN
Vantage CNM 2.0 User’s Guide
CHAPTER 6
Configuration > WLAN
This chapter shows the wireless LAN screens.
6.1 Wireless LAN Overview
This section introduc es the wireless LAN (WLAN) and some basic scenarios.
6.1.1 Additional Installation Requirements for using 802.1x
• A computer with an IEEE 802.11b wireless LAN card.
• A computer equipped with a web browser (with JavaScript enabled) and/or Telnet.
• A wireless client computer must be running IEEE 802.1x-compliant software. Currently,
this is offer ed in Windows XP.
• An optional network RADIUS server for remote user aut hentication and accounting.
6.2 Wireless LAN Basics
This section provides background information on WLAN.
6.2.1 Channe l
IEEE 802.11b wireless devices use radio frequencies called channels. Choose the radio
channel depending on your geographical area. Adjacent Access Points (APs) should use
different c hannels to reduce crosstalk. Crosstalk occurs when radio signals from access points
overlap and cause interference that degrades performance.
6.2.2 ESS ID
Extended Service Set ( ESS) is defined as one or more APs acting as a bridge between a wired
LAN and the as sociated wireles s clients. The ESS ID is a unique ID given to the APs and the
wireless clients tha t participate in the same wireless network. You can think of the ESS ID as
being similar to a workgroup name in a Microsoft ne twork.
Chapter 6 Configuration > WLAN 82
Vantage CNM 2.0 User’s Guide
6.2.3 RTS/CTS
A hidden node o ccurs when two stati ons are within rang e of the same access point, but are not
within range of each other. The following figur e illust rates a hidden node. Bot h stations (STA)
are within range of the access poin t (AP) or wirele ss gateway , but out-of-range of each other,
so they cannot “hear” each other, that is they do not know if the channel is currently being
used. Therefore, they are considered hidden from each other.
Figure 41 RTS T h resh old
Wire less stations (WS) A and B do not hear each othe r. They can hear the AP. When station A
sends data to the ZyXEL device, it might not know that the station B is already using the
channel. If thes e two stati on s sen d da ta at the sam e time , col lis io ns ma y occu r when both se ts
of data arrive at the AP at the same time, result ing in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the
biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send)
handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station
that wants to tra nsmit this frame must fir st send an RTS (Request To Send) message to the AP
for permission to send it. The AP then responds with a CTS (Clear to Send) message to all
other stations within its range to notify them to defer their transmission. It also reserves and
confirms with the request ing station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the
RTS (Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibili ty of hidden nodes exists on your network
and the “cost” of resending large frames is more than the extra network overhead involved in
the R TS (Request To Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentat ion Thr eshold value (see next) , then t he
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will
be fragmented before they reach RTS/CTS size.
Note: Enabling t he RTS Thresho ld c auses redundant network
overhead that could negatively affec t t he t hroughput
performance instead of providing a remedy.
83 Chapter 6 Configuration > WLAN
6.2.4 Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432
bytes) that can be sent in the wireless ne twor k before the ZyXEL device will fragment the
packet into sm all er dat a fram es .
A large Fragmentation Thresh old is recommended for networks not prone to interference
while you should set a smaller threshold for busy networks or networks that are prone to
interference.
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously)
you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as
data frames will be fragmented before they reach RTS Thresho ld size.
6.2.5 WEP
WEP provides a mechanism for encryptin g data using e ncryption keys. Both the AP and the
wireless stat ions must use the same WEP key to encrypt and decrypt data. The ZyXEL device
allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be
enabled at any one time.
Vantage CNM 2.0 User’s Guide
6.3 Configuring Wireless LAN
If you are c onfiguring the ZyXEL d evice from a computer connected to the wireless LAN and
you change the ZyXEL device’s ESSID or WEP settings, you will lose your wireless
connection when you press Apply to confirm. You must then change the wireless settings of
your computer to match the ZyXEL device’s new settings.
Select a device, and then click Configuration > WLAN. Wireless is th e firs t sc reen.
Chapter 6 Configuration > WLAN 84
Vantage CNM 2.0 User’s Guide
6.3.1 WLAN Wireless
Figure 42 Configuration > WLAN > Wireless
The following table describes the fields in this screen
Table 21 Configuration > WLAN > Wireless
LABEL DESCRIPTION
Enable
Wireless LAN
ESSID (Extended Servi ce Set I Dentif ication ) The ESSID i dentif ies t he Servi ce Set the stat ion
Hide ESSID Select to hide the ESSID in the out going beacon frame so a station cannot obtain the
Choose
Channel ID
The wireless LAN is turned off by default; before you enable the wireless LAN you
should configur e some security by setting M AC fil ters and/or 802.1x security;
otherwise your wireless LAN will be vulnerabl e upon enab ling it. Select the che ck box
to enable the wireless LAN.
is to connect to. Wirel ess clients associating to the Access Point must have the same
ESSID. Enter a descriptive name (up to 32 characters) for the wireless LAN.
ESSID through passive scanning.
This allows you to set the operating frequency/ channel depending on your particular
region. Select a channel from the drop-down list box.
CH01 2412 MHz / CH02 2417 MHz ~ CH11 2462 MHz (North America/FCC)
CH01 2412 MHz / CH02 2417 MHz ~ CH13 2472 MHz (Europe CE/ ETSI)
CH01 2412 MHz / CH02 2417 MHz ~ Ch14 2484 MHz (Japan)
CH10 2457 MHz / CH1 1 2462 M H z (Spain)
85 Chapter 6 Configuration > WLAN
Table 21 Configuration > WLAN > Wireless (continued)
LABEL DESCRIPTION
Vantage CNM 2.0 User’s Guide
RTS/CTS
Threshold
Fragmentation
Threshold
WEP
Encryption
Key 1 to Key 4 If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 characters
Apply Click Apply to save your change s back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afresh.
(Request To Send) The threshold (number of bytes) for enabling RTS/CTS
handshake. Data with its frame size larger than this value will perform the RTS/CTS
handshake. Sett ing this att ri bute to be larger than the maximum MSDU (MAC service
data unit) size tur ns off the RTS/CTS handshake. Setting this attribute to zero turns
on the RTS/CTS handshake. Enter a value between 0 and 2432.
The threshold (number of byt e s) for the fragment ati on boundary for direct ed
messages. It is the maximum data fragment size that can be sent. Enter a value
between 256 and 2432.
WEP (Wired Equivalent Priv acy) provides data encr yption to prevent unauthorized
wireless sta ti ons from accessing data transmitted over the wir eless network.
Select Disable to al low wireless cl ients to communicate with the access points
without any data encryption.
Select 64-bit WEP or 128-bit WEP to enable data encryption.
Although WEP is functional at 5. 5 and 11 Mbps, there is significant performance
degradation when usi ng WEP at these rates.
(ASCII string) or 10 hexa decimal characters ( "0- 9", "A-F") preceded by 0x fo r each
key.
If you chose 128-bit WEP in the WEP Encryption field, then enter 13 characters
(ASCII string) or 26 hexa decimal characters ( "0- 9", "A-F") preceded by 0x fo r each
key.
There are four data encryption keys to secure your data from eavesdropping by
unauthorized wire les s users. The valu es f or the k eys must be s et u p exac tly the sam e
on the access points as they are on the wireless client computers.
6.4 Configurin g MAC Filte r
The MAC filter screen allows you to configure the ZyXEL device to give exclusive access to
specific devices (Allow Association) or exclude specific devices from accessing the ZyXEL
device (Deny Associat ion). The Prestige can be configured to give exclusive access to up to
32 devices or exclude up to 32 devices from accessing the Prestige. The ZyWALL can be
configured to give exclusive access to up to 12 devices or exclude up to 12 devices from
accessing the ZyWALL. Every Ethernet device has a unique MAC (Media Access Control)
address. The MAC address is assigned at the factor y and consists of six pairs of hexadecimal
characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the
devices to con fig ure thi s screen .
Select a device and then click Configuration > WLAN > MAC Filter. The screen appears as
shown next.
Chapter 6 Configuration > WLAN 86
Vantage CNM 2.0 User’s Guide
Figure 43 Configuration > WLAN > MAC Filter
Table 22 Configuration > WLAN > MAC Filter
LABEL DESCRIPTION
Activate
MAC Filter
Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
MAC
Address
Apply Click Appl y to save your changes back to the ZyXEL device.
Reset Click Reset to begin configuring this scre en afresh.
Enable MAC address filtering to have the router allow or deny access to wireless
stations based on MAC addr esses. Disable MAC addr ess f ilter ing to have the rout er not
perform MAC filtering on the wireless stations.
Select Deny Association to block access to the router, MA C addresses not listed will
be allowed to access the router. Select Allow Association to permit access to the
router, MAC addresses not li sted will be denied access to the rout er.
Enter the MAC addresses (in XXXXXXXXXXXX format) of the cli ent computer s that are
allowed or denied access to the ZyXEL device in these address fields.
6.5 802.1x Overview
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of
wireless statio ns and encryption key management. Authenticat ion can be done using the local
user database internal to the ZyXEL device or an external RADIUS server for an unlimited
number of users.
87 Chapter 6 Configuration > WLAN
6.5.1 Configuring 802.1x – ZyWALL
Select a ZyWALL device and then click Confi guration > WLAN > 802.1x. The screen
appears as shown next.
Figure 44 Configuration > WLAN > 802.1x – ZyWALL
The following table describes the fields in this screen
Vantage CNM 2.0 User’s Guide
Table 23 Configuration > WLAN > 802.1x – ZyWALL
LABEL DESCRIPTION
Authentication
Control.
Reauthentication
Timer
Apply Click Apply to save your changes back to th e ZyXEL device.
Reset Click Reset to begin configuring this screen afresh .
Select Authentication Required to authenticate all wirel ess clients befor e they
can access the wire d network.
Select No Authentication Required to allow all wireless clients to acce ss your
wired network without authenticatio n.
Select No Access to deny all wireless clients access to your wired network
Specify the time interval between the RADIUS server’s authentication checks of
wireless user s connected to the network.
This field is activa ted only when yo u sele c t Authentication Required in the
Authentication Type field.
6.5.2 Configuring 802.1x – Prestige
Select a Prestige device and then click Configur ation > WLAN > 802.1x. The screen appears
as shown next.
Chapter 6 Configuration > WLAN 88
Vantage CNM 2.0 User’s Guide
Figure 45 Configuration > WLAN > 802.1x – Prestige
The following table describes the fields in this screen
Table 24 Configuration > WLAN > 802.1x – Prestige
LABEL DESCRIPTION
Authentication
Control.
Reauthentication
Timer
Idle Ti m eout The Prestige automatically disconnects a wireless station from the wired network
Select Authentication Required to authenticate all wirel ess clients befor e they
can access the wired network.
Select No Authentication Required to allow all wireless clients to acce ss your
wired network without authenticatio n.
Select No Access to deny all wireless clients access to your wired network
Specify the time int erval between the RADIUS serve r’s authentication checks of
wireless user s connected to the network.
This field is activa ted only when yo u sele c t Authentication Required in the
Authentication Type field.
after a period of ina ctivity. The wireless st ation needs to enter the username and
password again before access to the wired net work is allowed.
This field is activa ted only when yo u sele c t Authentication Required in the
Wireless Port Control field. The default time interval is 3600 seconds (o r 1 hour) .
89 Chapter 6 Configuration > WLAN
Vantage CNM 2.0 User’s Guide
Table 24 Configuration > WLAN > 802.1x – Prestige (continued)
LABEL DESCRI PTION
Authentication
Databases
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afresh.
The authentication database contains wireless stati on login information. The local
user database i s the built-in database on the Prestige. The RADI US is an external
server. Use this drop-down lis t box to select which database the Prestige should
use (first) to authenticate a wireless st ation.
Before you specify the priority, make sure you have set up the corresponding
database correctly first.
Select Loca l User Data base Only to have the Prestige just check the buil t-in user
database on the Prestige for a wireless station's username and password.
Select RADIUS Only to hav e the Pre stige just check the user database on the
specified RADIUS server for a wireless station's username and password.
Select Local fir st, then RADIUS to have the Prestige first check the user
database on the Prestige for a wireless station's username and password. If the
user name is not found, the Prestige then checks the use r database on the
specified RADIUS server.
Select RADIUS first, then Local to have the Prestige fi rst check the user
database on the speci fi ed RADIUS server for a wireless st ation's username and
password. If the Prestige cannot reach the RADIUS server, the Prestige then
checks the local use r database on the Prestig e. When the user name is not found
or password does not match in the RADIUS server, the Prestige wil l not check the
local user database and the authentication fails.
6.6 Local User Datab ase
By storing user profiles loc ally on the ZyXEL device, the ZyXEL device is able to
authenticate VPN exte nded authent ication cl ients or wireless client s without inte ractin g with a
network RADIUS server. However, there is a limit on the number of users you may
authenticate in this wa y.
6.6.1 Configuring Local User Database
Select a device an d then cl ick Configuration > WLAN > Local User Database. T he screen
appears as shown next.
Chapter 6 Configuration > WLAN 90
Vantage CNM 2.0 User’s Guide
Figure 46 Configuration > WLAN > Local User
The following table describe s the labels in this screen.
Table 25 Configuration > WLAN > Local User
LABEL DESCRIPTION
Active Select thi s check box to enable the user profile.
Index This is the local user index number.
User ID Enter the user name of the user pr ofi le.
Password Enter a password up to 31 cha racters long for this user profile.
Next Select Next to view the next page of Local User Database entries.
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afresh.
6.6.2 RADIUS
RADIUS is based on a client-sever model that suppor ts authentication and accounting, where
access point is the client and the server is the RADIUS server. The RADIUS server handles
the following tasks among others:
• Authentication
Determines the identity of the user s.
• Accounting
91 Chapter 6 Configuration > WLAN
Keeps track of the clie nt’s network acti v ity.
RADIUS user i s a simple package ex change in which the ZyXEL device act s as a mes sage
relay between the wireless client and the network RADIUS server.
6.6.2.1 Typ es of RADIUS Messages
The following types of RADIUS messages are exch anged be tween the access point and the
RADIUS server for user authentication:
• Access-Request
Sent by the ZyXEL device requesting authentication.
• Access-Reject
Sent by a RADIU S se rv er rejecting access.
• Access-Accept
Sent by a RADIU S se rv er all owi ng acce s s.
• Access-Challenge
Vantage CNM 2.0 User’s Guide
Sent by a RADIUS server requesting more infor mation in or der to allow
access. The access point sends a prope r response from the user and then
sends another Access-Request message.
The following types of RADIUS messages are exch anged be tween the access point and the
RADIUS server for user accounting:
• Accounting-Request
Sent by the ZyXEL device requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped
accounting.
In order to ensure network secur ity, the ZyXEL device and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
network from unauthoriz ed access.
6.6.3 EAP Authentication Overview
EAP (Extensible Authentication Protocol) is an authentication pro tocol that runs on top of the
IEEE802.1x transport mechanis m in order to support mult iple type s of user authent icati on. By
using EAP to interact with an EAP-compatible RADIUS server, the acc ess point helps a
wireless statio n and a RADIUS server perfor m authentication.
The type of authentication you use depends on the RADIUS server or the AP. The ZyXEL
device supports EAP-TLS and EAP-TTLS with RADIUS.
Chapter 6 Configuration > WLAN 92
Vantage CNM 2.0 User’s Guide
The ZyXEL device supports EAP-MD5 (Message-Di gest Algorithm 5) with the local user
database.
The details below provide a general description of how IEEE 802.1x EAP authentication
works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x chapter in
the Appendices.
• The wireless station sen ds a “start” message to the ZyXEL device.
• The ZyXEL device sends a “reques t identity” message to the wireless station for identity
information.
• The wireless station replies with identity information, including username and passwor d.
• The RADIUS server checks the user informat ion ag ainst its user profile database and
determines whether or not to authenticate the wireless station.
6.7 Configurin g RADI US
Use the RADIUS screen if you want to use an external server to perf orm authentication.
Select a device, then click Configuration > WLAN > RADIUS. The screen appears as shown
next.
93 Chapter 6 Configuration > WLAN
Figure 47 Configuration > WLAN > RADIUS
Vantage CNM 2.0 User’s Guide
The following table describes the fields in this screen
Table 26 Configuration > WLAN > RADIUS
LABEL DESCRIPTION
Activate Authentication Enable this feature to have the ZyXEL device use an external authent ication
Server IP Enter the IP address of the external authen tication server in dotted decimal
Port The default port of the RADIUS server for authentication is 1812.
Key
Activate Accounting Enable this feature to do user accounting through an external authentication
Server IP Enter the IP address of the external account ing server in dotted decimal
Port The default port of the RADIUS server for accounting is 1813.
server in performing user authentication.
Disable this feat ure i f you will not use an ext ernal a uthenti cati on serve r . If you
disable this feat ure, you can still set the ZyXEL device to perform user
authentication using the local user database.
notation.
You need not change this value unless your network administrator instructs
you to do so with additional information.
Enter a passwor d (up to 31 alpha numeri c char act ers) as the key to be sha red
between the external authentication server and the access point s.
The key is not sent over the network. This key must be the same on the
external authentication server and ZyXEL device.
server.
notation.
You need not change this value unless your network administrator instructs
you to do so with additional information.
Chapter 6 Configuration > WLAN 94
Vantage CNM 2.0 User’s Guide
Table 26 Configuration > WLAN > RADIUS (continued)
LABEL DESCRIPTION
Key Enter a passwor d (up t o 31 al phanumer ic charact ers) a s the key to be shared
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afresh.
between the externa l accounting server and the access points.
The key is not sent over the network. This key must be the same on the
external accounting server and ZyXEL device.
95 Chapter 6 Configuration > WLAN
7.1 DMZ Overview
The DeMilitarized Zone (DMZ) auto-ne gotiating 10/100 Mbps Ethernet port pro vide s a way
for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being
protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death).
These public servers can also still be accessed from the secu re LAN .
By default the firewall allows tr af fic betwee n the WAN and the DMZ, traffic from th e DMZ to
the LAN is denie d, and traffic fro m the LAN to the DMZ is al lowe d. Inte rn et users can hav e
access to host servers on the DMZ but no access to the LAN, unless specia l f ilter rules
allowing access we re configured by the administrator or the user is an authorized remote us er.
Vantage CNM 2.0 User’s Guide
CHAPTER 7
Configuration > DMZ
It is highly recommended that you connect all of your public servers to the DMZ port. If you
have more than one public server, connect a hub to the DMZ port.
It is also highly recom mended that you keep all sensitive inf ormation off of the publi c servers
connected to the DMZ port. Store sensitive information on LAN computers.
7.2 DMZ Addresses
You can assign public or private IP addresses to computers connected to the DMZ port.
With public IP addresses, the WAN and DMZ ports must use public IP addresses that are on
separate subnets. See the appendices for information on IP subnett ing.
If the DMZ computers use private IP addr esses, go to the NAT screen and select SUA Only or
Full Feature in the Network Addr ess Translation field. Configure NAT mapping rules for
the private IP add re sses of the co m put er s on the DMZ .
7.3 Configur ing DMZ
Select a ZyWALL device and from the Configuration Screen, cl ic k DMZ. Th e screen
appears as shown next.
Chapter 7 Configuration > DMZ 96
Vantage CNM 2.0 User’s Guide
Figure 48 Configuration > DMZ
The following table describe s the labels in this screen.
Table 27 Configuration > DMZ
LABEL DESCRIPTION
DMZ TCP/IP
IP Address Type the IP address of your ZyWALL in dotted decimal notation 192.168.1.1
(factory default).
Subnet Mask The subnet mask s pecifies the networ k num ber portion of an IP ad dress. Your
ZyWALL will automaticall y calculate the subnet mask based on the IP address
that you assign. Unless you are implementi ng subne tting, use the subnet mask
computed by the ZyWALL 255.255.255.0.
RIP Direction RIP (Rout ing Information Prot ocol, RFC1058 and RFC 1389) allows a rout er to
exchange routing information with other routers. The RIP Direction field
controls the sending and receiving of RIP packets. Select the RIP di rection
from Both/In Only/Out Only/None. When set to Both or Out Only, th e
ZyWALL will broadcast its routing table periodically. When set to Both or In
Only, it will incorporate the RIP information that it receives; when set to None,
it will not send any RIP packets and will ignore any RIP packets received. Both
is the default.
RIP Vers io n The RIP Version field controls the format and the broadcasting method of the
RIP packets that the ZyWALL sends (it recognizes both formats when
receiving). RIP-1 is universally supported but RIP-2 carries more information.
RIP-1 is probably adequate for most networks, unl ess you have an unusual
network topol ogy. Both RIP-2B and RIP-2M sends the routing data in RIP-2
format; the difference being th at RIP-2B uses subnet broadcasting while RIP-
2M uses multicasti ng. Mult icast ing ca n re duce the loa d on non-r outer machi nes
since they gener ally do not listen to the RIP multicast address and so will not
receive the RIP packets. However, if one router uses multicasting, then all
routers on yo ur networ k must use m ultica sting, also. By def ault, RI P direct ion is
set to Both and the Version set to RIP-1.
Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast
Protocol) is a netwo rk- layer protocol used to establish membershi p in a
Multicast group - it i s not use d to carry u ser dat a. IGM P versi on 2 (RFC 2236) is
an improvement over version 1 (RFC 1112) but IGMP version 1 is sti ll in wide
use. If you would lik e to read more detailed infor m ati on about inter operability
between IGMP version 2 and version 1, please see secti ons 4 and 5 of RFC
2236.
97 Chapter 7 Configuration > DMZ
Vantage CNM 2.0 User’s Guide
Table 27 Configuration > DMZ (continued)
LABEL DESCRIPTION
Windows Networking (NetBIOS over TCP/IP)
Allow from DMZ to
LAN port
Allow from DMZ to
WAN
Apply Click Apply to save your changes back to the ZyWALL.
Reset Click Reset to refresh the current screen.
Click th is option to forwa rd NetBIO S packets from the DMZ p or t to th e LA N
Click th is option to forwa rd NetBIO S packets from the DMZ p or t to th e WAN
port.
Chapter 7 Configuration > DMZ 98
Vantage CNM 2.0 User’s Guide
99 Chapter 7 Configuration > DMZ
Configuration > WAN
You will see different WAN screens depending on whether you’re configuring a ZyWALL or
Prestige device.
Note: Be careful when configuring a device’s WAN as an
incorrec t co nf iguration co uld result in th e device being
inacce ssible from Vantage (or by the w eb configurator from th e
WAN) and may necessitate a site visit to correct.
8.1 General WAN – ZyWALL
Vantage CNM 2.0 User’s Guide
CHAPTER 8
This section gives background and configuration information on the fields displayed in this
screen.
8.1.1 TCP/IP Priority (Metric)
The metric represents the "cost of transmission". A router determines the best route for
transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the
measurement of cost, with a minimum of "1" for direc tly connected networks. The number
must be between "1" and "15"; a number greate r than "15" means the link is down. The
smaller the number, the lower the "cost".
The metric sets the priority f or the ZyXEL device’s routes to the Internet. If any two of the
default routes have the same metric, the ZyXEL device uses the following pre-defined
priorities:
• Normal route: designate d by the ISP.
• Traffic-redirect route. Traffic redirect forwards WAN traffic to a backup gateway when
the ZyXEL device cannot connect to the Internet through its normal gateway. Connect
the backup gateway on the WAN so that the ZyXEL device still provides firewall
protection.
• Dial-backup route.
For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric
of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary
default route. If the nor ma l rou t e fails to co nn ect to the Int ernet, the ZyXEL dev ice tr ie s the
traffi c-redir ect route next. In the same manner, the ZyXEL device uses the dial-backup rout e if
the traffic-redirect route also fails.
Chapter 8 Configuration > WAN 100
Vantage CNM 2.0 User’s Guide
If you want the di al-backup r oute to t ake fir st pri ority ove r the tr af fic- redire ct route or even the
normal route, all you need to do is set the dial-backup route’s metric to "1" and the others to
"2" (or greater).
Figure 49 Configuration > WAN > General – ZyWALL
The following table describes the fields in this screen
Table 28 Configuration > WAN > General – ZyWALL
LABEL DESCRIPTION
WAN
Traffic Redi re ct
Dial Backup
Active Select this check box to have the ZyXEL device use traffic redirect if the normal
Backup
Gateway IP
Address
Check WAN IP
Address
The default WAN connection is "1' as your broadband connection via the WAN port
should always be your pre fer red method of accessing the WAN. The default priority
of the routes is WAN, Traffic Redi rect and then Di al Backup (dial backup does not
apply to all ZyXEL device models):
You have two cho ices for an auxil iary connection in the event that your regular WAN
connection goes down. If Dial Backup is preferred to Traffic Redirect, then type
"14" in the Dial Backup Priority (metric) field (and leave the Traffic Redirect
Priority (met ric) at the default of "15") .
WAN connecti on goes down.
Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL
device automati cally forwards t raffic to this IP address if t he ZyXEL device's Int ernet
connection termi nates.
Configuration of this field is optional. If you do not enter an IP address here, the
ZyXEL device wil l use the default gateway I P address. Configure this field to test the
ZyXEL device's WAN accessibility. Type the IP addres s of a reliable nearby
computer (for example, your ISP's DNS server address) . If you are using PPTP or
PPPoE Encapsulatio n, t ype "0.0.0.0" to configure the ZyXEL device to check the
PVC (Permanent Virtual Circuit) or PPTP tunnel.
101 Chapter 8 Configuration > WAN
Vantage CNM 2.0 User’s Guide
Table 28 Configuration > WAN > General – ZyWALL (continued)
LABEL DESCRIPTION
Fail Tolerance Type the number of times the ZyXEL device may attem pt and fail to connect to the
Period (sec) Type the number of seconds for the ZyXEL device to wait between checks to see if it
Timeout (sec) Type the number of seconds fo r the ZyXEL device to wait for a ping response from
Apply Click Apply to save your changes back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afre sh.
Internet before tr affic is forwarded to the backup gateway.
can connect to the WAN IP address (Check WAN IP Address field) or default
gateway. Allow more time if your destination IP address handles lots of traffic.
the IP Address in the Check WAN IP Address field before it times out. The WAN
connection is cons idered "down" after the ZyXEL device times out the number of
times specified in the Fail Toler ance field. Use a higher value i n thi s fi eld if your
network is busy or congested.
8.1.2 WAN ISP – ZyWALL
The screen differs by the encapsulation type chosen.
Figure 50 Configuration > WAN > ISP (Ethernet) – ZyWALL
8.1.2.1 Ethernet Encapsulation
The following table describe s the labels in the Ethernet en cap su l ation screen.
Table 29 Configuration > WAN > ISP (Ethernet) – ZyWALL
LABEL DESCRIPTION
Encapsulation You must choose the Ethernet option when the W AN port is used as a regular
Service Type Choose from Standard, Telstra (RoadRunner Telstra authenticat ion method),
Apply Click Apply to save your change s back to the ZyXEL device.
Reset Click Reset to begin configuring this screen afresh.
Chapter 8 Configuration > WAN 102
Ethernet.
RR-Manager (Roadrunner Manag er aut hentication method), RR-Toshiba
(Roadrunner Toshiba authenticati on m ethod) or Telia Login.
The following fields do not appear with the Standard service type.
Vantage CNM 2.0 User’s Guide
8.1.2.2 PPPoE Encapsulation
The ZyXEL device supports PPPoE (Point-to- Point Protocol over Ethernet). PPPoE is an
IETF Draft standard (RFC 2516) specif ying how a personal computer (PC) interacts with a
broadband modem (DSL, cable, wirele ss, etc.) c onnection. The PPPoE option is for a dial-up
connection using PPPoE.
For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for example Radius). PPPoE provides a login and
authentication method that the existing Microsoft Dial-Up Networking software can activate,
and therefore requir es no new learning or procedures for Windows users.
One of the benefits of PPPoE is the ability to let you acces s one of multiple network services,
a function known as dynamic service selection. This enables the service provider to easily
create and offer new IP servi ces for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires
no specific configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the ZyXEL device (rather than individual computers), the
computers on the LAN do not need PPPoE software installe d, since the ZyXEL device does
that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
103 Chapter 8 Configuration > WAN
Loading...