NETVANTA 2000 SERIES System Manual 61200361L1-1E May 2002 1200362L1 NetVanta 2050 System 1200361L1 NetVanta 2100 System 1200366L1 NetVanta 2300 System 1200367L1 NetVanta 2400 System
Trademarks Any brand names and product names included in this manual are trademarks, registered trademarks, or trade names of their respective holders. To the Holder of the Manual The contents of this manual are current as of the date of publication. ADTRAN reserves the right to change the contents without prior notice.
About this Manual This manual provides a complete description of the NetVanta 2000 series system and system software. The purpose of this manual is to provide the technician, system administrator, and manager with general and specific information related to the planning, installation, operation, and maintenance of the NetVanta 2000 series. This manual is arranged so that needed information can be quickly and easily found. The following is an overview of the contents.
Notes provide additional useful information. Cautions signify information that could prevent service interruption. Warnings provide information that could prevent damage to the equipment or endangerment to human life. Safety Instructions When using your telephone equipment, please follow these basic safety precautions to reduce the risk of fire, electrical shock, or personal injury: 1.
Federal Communications Commission Radio Frequency Interference Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Canadian Equipment Limitations Notice: The Canadian Industry and Science Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operational, and safety requirements. The Department does not guarantee the equipment will operate to the user’s satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company.
Warranty and Customer Service ADTRAN will repair and return this product within five years from the date of shipment if it does not meet its published specifications or fails while in service. For detailed warranty, repair, and return information refer to the ADTRAN Equipment Warranty and Repair and Return Policy Procedure. Return Material Authorization (RMA) is required prior to returning equipment to ADTRAN.
Customer Service, Product Support Information, and Training ADTRAN will repair and return this product if within five years from the date of shipment the product does not meet its published specification or the product fails while in service. A return material authorization (RMA) is required prior to returning equipment to ADTRAN. For service, RMA requests, training, or more information, use the contact information given below.
Post-Sale Support Your reseller should serve as the first point of contact for support. If additional support is needed, the ADTRAN Support web site provides a variety of support services such as a searchable knowledge base, updated firmware releases, latest product documentation, service request ticket generation and trouble-shooting tools. All of this, and more, is available at: http://support.adtran.com When needed, further post-sales assistance is available by calling our Technical Support Center.
NetVanta 2000 Series System Manual © 2001 ADTRAN, Inc.
SYSTEM DESCRIPTION CONTENTS System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Firewall Features. . . . . . . . . . . . . . . . . . .
Section 1, System Description 1. NetVanta 2000 Series System Manual SYSTEM OVERVIEW The NetVanta 2000 series of VPN products include small to mid-range IPSec compliant gateways providing all the necessary components required to secure an integrated VPN solution. Used primarily for remote access and site-to-multisite connectivity, the NetVanta 2050 and NetVanta 2100 targets the corporate branch office, the small office/home office (SOHO), as well as business-to-business applications.
NetVanta 2000 Series System Manual 2. Section 1, System Description FEATURES AND BENEFITS The NetVanta 2000 series provide granular control over network access that includes maximum security, data authenticity and privacy, and significant ease of use. The major features of the NetVanta 2000 series are described below.
Section 1, System Description NetVanta 2000 Series System Manual DHCP • • Server (to manage IP addresses on local network) Client (to acquire the WAN-side IP address from service provider) PPPoE • Client (to acquire the WAN-side IP address from service provider) Routing • • • • 14 TCP/IP Static routes RIP (V1 and V2) RIP with Authentication © 2002 ADTRAN, Inc.
ENGINEERING GUIDELINES CONTENTS Equipment Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Power Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Reviewing the front Panel Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . .
Section 2, Engineering Guidelines 1. NetVanta 2000 Series System Manual EQUIPMENT DIMENSIONS NetVanta 2050 and 2100 The NetVanta 2050 and 2100 units are 9.0” W, 6.375” D, and 1.625” H and come equipped for table top and wallmount use. An optional rackmount shelf is available from ADTRAN. NetVanta 2300 and 2400 The NetVanta 2300 units are17.25" W, 7.75" D, and 1.26" H and come equipped for rackmount use. 2.
NetVanta 2000 Series System Manual Section 2, Engineering Guidelines NetVanta 2100 The NetVanta 2100 front panel monitors operation by providing status LEDs for both the LAN and WAN interfaces, as well as VPN tunnels and traffic. The front panel is shown in Figure 2. NetVanta 2100 VPN PWR STAT TD WAN RD LAN RD TD TD RD Figure 2.
Section 2, Engineering Guidelines NetVanta 2000 Series System Manual Front Panel LEDs With the NetVanta 2000 series powered-up, the front panel LEDs provide visual information about the status of the system. Table 1 provides a brief description of the front panel features, and Table 2 provides detailed information about the LEDs. Table 1. NetVanta 2000 series Front Panel Description Feature Description PWR Indicates whether the unit has power.
NetVanta 2000 Series System Manual Section 2, Engineering Guidelines Table 2. NetVanta 2000 series LEDs (Continued) For these LEDs... This color light... Indicates that... VPN TD Green (blink) Flashes with VPN data transmitted by the NetVanta 2000 series. VPN RD Green (blink) Flashes with VPN data received by the NetVanta 2000 series. LAN TD Green (blink) Flashes with data transmitted on the LAN interface. LAN RD Green (blink) Flashes with data received on the LAN interface.
Section 2, Engineering Guidelines NetVanta 2000 Series System Manual NetVanta 2300 The NetVanta 2300 rear panel contains 3 Ethernet ports, a DB-9 serial connection, and a power connection (see Figure 6). 100-250VAC 50/60Hz 0.2A WAN LAN DMZ Figure 6. NetVanta 2300 Rear Panel Layout NetVanta 2400 The NetVanta 2300 rear panel contains 3 Ethernet ports, a DB-9 serial connection, a power connection and ventilation openings (see Figure 7). WAN LAN DMZ SERIAL Figure 7.
NetVanta 2000 Series System Manual Section 2, Engineering Guidelines WAN Connection The NetVanta 2000 series provides a standard 10/100BaseT Ethernet interface for connection to the wide area network. Connect the WAN interface to a hub connected to the router interfacing with the non-secure Internet or the modem (cable or DSL) used for Internet access. A DHCP Client is enabled on the WAN interface by default. References to the WAN interface include Internet, WAN, and Eth1.
Section 2, Engineering Guidelines NetVanta 2000 Series System Manual COM1 Interface The NetVanta 2000 series provides a DB-9 serial communication port for future command line. Table 6 shows the pinout for the DB-9 connector. Connector Type DB-9 Table 6.
NetVanta 2000 Series System Manual 5. Section 2, Engineering Guidelines AT-A-GLANCE SPECIFICATIONS Table 7 lists the specifications for the NetVanta 2000 series system. Table 7.
Section 2, Engineering Guidelines NetVanta 2000 Series System Manual Table 7.
NetVanta 2000 Series System Manual Section 2, Engineering Guidelines Table 7.
Section 2, Engineering Guidelines 26 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
NETWORK TURNUP PROCEDURE CONTENTS Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Tools Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Unpack and Inspect the SYSTEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Contents of ADTRAN Shipments - NetVanta 2100.
Section 3, Network Turnup Procedure 1. NetVanta 2000 Series System Manual INTRODUCTION This section discusses the installation process of the NetVanta 2000 series systems. 2. TOOLS REQUIRED The tools required for installation of the NetVanta 2000 series systems are: • • CATV-UTP Ethernet cable to connect the unit to the existing network An Internet browser for configuring the unit To prevent electrical shock, do not install equipment in a wet location or during a lightning storm. 3.
NetVanta 2000 Series System Manual 4. Section 3, Network Turnup Procedure SUPPLYING POWER TO THE UNIT NetVanta 2050 and 2100 The AC powered NetVanta 2050 and 2100 come equipped with a detachable 12 VDC at 800 mA wallmount power supply for connecting to a grounded power receptacle. As shipped, the NetVanta 2050 and 2100 are set to factory default conditions. After installing the unit, the NetVanta 2050 and 2100 are ready for power-up. To power-up the unit, connect the unit to an appropriate power source.
Section 3, Network Turnup Procedure NetVanta 2000 Series System Manual If you have a PC with DHCP client capabilities enabled, connect the NetVanta 2000 series unit directly to your computer using the supplied ethernet crossover cable and follow the procedure in DLP-1, Connecting to the Netvanta 2000 Series to connect for the first time. The NetVanta 2000 series products have a DHCP Server capabilities enabled by default.
NetVanta 2000 Series System Manual Section 3, Network Turnup Procedure ether 8:0:20:a8:38:c6 3. Change the IP address of the Ethernet interface to 10.10.10.50 with subnet mask 255.255.255.0 by using the ifconfig command. For example: # ifconfig eth0 10.10.10.50 netmask 255.255.255.0 4. Run the ifconfig command -a option again to make sure the interface address change is effective. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 3, Network Turnup Procedure 32 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
USER INTERFACE GUIDE CONTENTS Navigating the Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Menu Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section 4, User Interface Guide 1. NetVanta 2000 Series System Manual NAVIGATING THE ADMINISTRATION CONSOLE The NetVanta 2000 series uses a web-based Administration Console for displaying both menu options and data fields. All menu options display in the Administration Console Header (see Figure 1), through which you have complete control of the NetVanta 2000 series. Figure 1.
NetVanta 2000 Series System Manual 2. Section 4, User Interface Guide MENU OVERVIEW The NetVanta 2000 series configuration is divided into four main areas: CONFIG, ADMIN, POLICIES, and MONITOR. This section gives a brief discussion of each area and the menu options available. Menu Descriptions on page 39 and following gives a more detailed discussion of these menu options.
Section 4, User Interface Guide NetVanta 2000 Series System Manual ADMIN The ADMIN menu contains the various system administration activities on the NetVanta 2000 series box such as changing the root password, saving the configuration to permanent storage, factory defaults, and rebooting the system. Figure 3 shows the available menu options (displayed in the option list) for the ADMIN menu. Figure 3. ADMIN Menu Information 36 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 4, User Interface Guide POLICIES The POLICIES menu contains the system wide access policies and user-group specific access policies. Through the available menu options you can define the policies and determine how to maintain different policy component tables (see Figure 4). Figure 4. POLICIES Menu Information 61200361L1-1E © 2002 ADTRAN, Inc.
Section 4, User Interface Guide NetVanta 2000 Series System Manual MONITOR The MONITOR menu contains all information pertinent to policy statistics, user accounting, and log usage. Through the available menu options you can view the status of remote user sessions, configure the log message categories, and view the log messages stored in the NetVanta 2000 series event log queue. Figure 5 shows the available menu options (displayed in the option list) for the MONITOR menu. Figure 5.
NetVanta 2000 Series System Manual 3. Section 4, User Interface Guide MENU DESCRIPTIONS The NetVanta 2000 series comes pre-configured with a default IP address of 10.10.10.1 assigned to the corporate interface (LAN). To begin the configuration of the NetVanta 2000 series, point the active browser on your computer to http://10.10.10.1. Once the browser has successfully connected to the unit you will be presented with the login screen.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > CONFIG > NETWORK INTERFACE The Network Interface configuration page is displayed by clicking on NETWORK INTERFACE found in the option list on the left side of the display window. > CONFIG > NETWORK INTERFACE > ETHERNET CONFIG > ETHERNET IP ADDRESS The ETHERNET IP ADDRESS section contains the information for both the Corporate (LAN) and WAN IP addresses, and subnet masks.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > CONFIG > ROUTES > DESTINATION IP The DESTINATION IP address field displays the IP address of the destination network for the route. The NetVanta 2000 series uses this information when making routing decisions. > CONFIG > ROUTES > INTERFACE NAME The INTERFACE NAME field displays the name of the interface that is accessed to send data using the listed route.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > CONFIG > FIREWALL > IP SPOOFING CHECK IP Spoofing is a network intrusion that occurs when an outside user gains access to a computer on the network by pretending to be at a trusted IP address. IP SPOOFING CHECK is always ENABLED, and the NetVanta 2000 series discards any packets received on the WAN interface containing a source IP address on the corporate network.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > CONFIG > FIREWALL > ICMP REDIRECT CHECK ICMP Redirect is a standard ICMP message used to provide hosts with better route information to the source. When this message is received, the recipient updates its routing table with the new routing information provided with no authentication required. An intruder can provide a target with the route information of his or her interest thereby gaining access to the hosts routing table.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > CONFIG > LOGGING > LOG EXPORT SYSTEM The Syslog Configuration page is displayed by clicking on the LOG EXPORT SYSTEM hyperlink listed as a Logging submenu in the menu list. The configuration parameters for exporting event log messages using the syslog service are displayed on this page.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > CONFIG > LOGGING > LOG EXPORT SYSTEM > RETURN MAIL ADDRESS The RETURN MAIL ADDRESS field is an alphanumeric string that appears in the ‘From:’ field in all e-mail containing the NetVanta 2000 series event log messages. > CONFIG > LOGGING > LOG EXPORT SYSTEM > EMAIL GENERAL LOG TO: The EMAIL GENERAL LOG TO: address is used by the NetVanta 2000 series when exporting event log messages via e-mail.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > CONFIG > DHCP SERVER > DHCP CONFIG > LEASE DURATION The LEASE DURATION field defines the amount of time (in seconds) that a DHCP enabled host may lease an assigned IP address. At the end of the lease duration, the host must send the DHCP server a lease renewal request for the assigned IP address. If the request is denied the host must relinquish the address and send a request for a new IP address to be assigned.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > CONFIG > ADVANCED > BOX ACCESS > WAN The ALLOW ADMIN LOGIN check box enables the NetVanta 2000 series HTTP configuration access from the Internet (WAN) interface. By default, HTTP configuration access is disabled on the Internet (WAN) interface. The ALLOW PING check box controls the NetVanta 2000 series's response to ICMP Echo Request messages received on the Internet (WAN) interface.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > ADMIN > REBOOT SYSTEM The Reboot System page allows users to reboot the NetVanta 2000 series system from a remote location. Click on REBOOT SYSTEM found in the option list on the left side of the display window to display the Reboot System page. Rebooting the NetVanta 2000 series system requires confirmation. Click YES to proceed with the reboot sequence or NO to cancel. When you restart the system, the following actions take place: 1.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > ADMIN > UPGRADE FIRMWARE The NetVanta 2000 series firmware may be upgraded using the UPGRADE FIRMWARE page. Refer to DLP-008, Upgrading the Firmware of the NetVanta 2000 series for more details. When displaying the UPGRADE FIRMWARE page, a Windows security warning page will be displayed. Install and run the necessary file to continue the upgrade firmware process. This file is signed with full permissions by ADTRAN, Inc.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES This configuration section describes the various NetVanta 2000 series policies, including user access and VPN policies, and how to create and maintain different policy component tables. To make the policies configuration process easier, the NetVanta 2000 series is equipped with policy component tables that store configuration parameters that are used repetitively during configuration.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > POLICIES > MANAGE LISTS > USER GROUPS The User Groups table allows you to classify your network user community into multiple sets of similar users. Access and VPN policies can be created for a specific user group and members can be added/removed dynamically. For example, a user wants to access the Internet from the corporate network or vice versa and is required to login to the ADVANTA 2100 box first.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > MANAGE LISTS > IP ADDRESS > ADDRESS CATEGORY The ADDRESS CATEGORY field configures the IP address group to be an IP RANGE, an IP SUBNET, a SINGLE IP address, or ANY IP address. An IP RANGE is a set of IP addresses defined by start and end addresses. To add an IP RANGE, enter the start IP Address in the IP ADDRESS 1 field and the end address in the IP ADDRESS 2 field.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > POLICIES > MANAGE LISTS > SCHEDULE > OPTION 1, 2, 3 The OPTION (1-3) field allows you to define up to three distinct time windows in a week. > POLICIES > MANAGE LISTS > SCHEDULE > WORKING DAYS The WORKING DAYS drop down menus define the start and end days of the time interval for the selected option.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > MANAGE LISTS > NAT > ONE TO ONE MAPPING - FROM LAN POLICY One to One Mapping configures the NetVanta 2000 series to perform NAT on traffic (associated with a particular policy) that originates from a specified range of IP addresses. One to One NAT requires a specified range of public IP addresses to use while performing NAT. Enter the range of private IP addresses to NAT in the Source Range fields.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > POLICIES > ACCESS POLICIES: TO LAN > CONFIGURATION > RULE ID The RULE ID number is a system-wide unique policy ID generated by the NetVanta 2000 series when a new access policy is created. > POLICIES > ACCESS POLICIES: TO LAN > CONFIGURATION > POLICY CLASS The POLICY CLASS field is populated automatically by the NetVanta 2000 series using the current policy class (VPN, Corporate Inbound, Corporate Outbound).
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > ACCESS POLICIES: TO LAN > CONFIGURATION > ENABLE NAT The ENABLE NAT radio button provides control to enable or disable NAT for the policy. > POLICIES > ACCESS POLICIES: TO LAN > CONFIGURATION > NAT NAME The NAT NAME drop down menu lists all entries from the NAT table. To manually define the NAT out pool address here, select OTHER and enter the out pool IP address in the text boxes below the drop down menu.
NetVanta 2000 Series System Manual Section 4, User Interface Guide Checking Policy Statistics Select the policy whose statistics you want to check from the access policy table and click the LOG button. This will display the policy statistics page. > POLICIES > ACCESS POLICIES: FROM LAN The From LAN Policy Configuration page is displayed by clicking ACCESS POLICIES: FROM LAN in the menu list on the left side of the display window.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > ACCESS POLICIES: FROM LAN > CONFIGURATION > PROTOCOL TYPE The PROTOCOL TYPE drop down menu selects the transport protocol for this access policy. If the desired transport protocol is not listed in the menu, choose OTHER and enter the desired IP based transport protocol number in the text box below the drop down menu.
NetVanta 2000 Series System Manual Section 4, User Interface Guide Changing the Priority of a Policy You can change the access policy priority by two ways: You can do simple priority corrections by using the up (-) and down (¯) buttons, which are located at the end columns of each policy in the access policy table. Clicking the up or down button increases or decreases the priority of the access policy with respect to its neighboring policies. Alternative way can be used for major priority corrections.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > ACCESS POLICIES: TO DMZ > CONFIGURATION > POLICY CLASS The POLICY CLASS field is populated automatically by the NetVanta 2000 series using the current policy class (VPN, Corporate Inbound, Corporate Outbound). > POLICIES > ACCESS POLICIES: TO DMZ > CONFIGURATION > SOURCE IP The SOURCE IP displays the source addresses of incoming traffic used for the policy.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > POLICIES > ACCESS POLICIES: TO DMZ > CONFIGURATION > NAT NAME The NAT NAME drop down menu lists all entries from the NAT table. To manually define the NAT out pool address here, select OTHER and enter the out pool IP address in the text boxes below the drop down menu. Enabling NAT on a To DMZ inbound policy applies a Reverse NAT filtering scheme to incoming traffic received on this policy by the NetVanta 2000 series.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > ACCESS POLICIES: FROM DMZ The From DMZ Policy Configuration page is displayed by clicking ACCESS POLICIES: FROM DMZ in the menu list on the left side of the display window. From DMZ outbound policies apply to all data received by the NetVanta 2000 series on the DMZ interface. The From LAN Policy Configuration page displays a list of all current policies and provides an easy way to organize them using the RULE ID field.
NetVanta 2000 Series System Manual Section 4, User Interface Guide > POLICIES > ACCESS POLICIES: FROM DMZ > CONFIGURATION > ACTION TYPE The ACTION TYPE menu defines the policy as a Permit or Deny policy. Permit policies allow traffic matched by the policy selectors to pass through and Deny policies blocks that traffic. > POLICIES > ACCESS POLICIES: FROM DMZ > CONFIGURATION > TIME SCHEDULE USED The TIME SCHEDULE USED menu attaches a predefined time schedule to the Permit type access policy.
Section 4, User Interface Guide NetVanta 2000 Series System Manual Changing the Priority of a Policy You can change the access policy priority by two ways: You can do simple priority corrections by using the up (-) and down (¯) buttons, which are located at the end columns of each policy in the access policy table. Clicking the up or down button increases or decreases the priority of the access policy with respect to its neighboring policies. Alternative way can be used for major priority corrections.
NetVanta 2000 Series System Manual Section 4, User Interface Guide If you answer affirmative to this dialog by clicking YES, the VPN policy will be removed. If there are secure communications active using this VPN policy, they may get disrupted. Editing A VPN Policy Select the VPN policy you want to edit from the VPN policy table and click MODIFY button. This brings the selected VPN policy in the edit mode. Here you can make the desired changes to the VPN policy.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > VPN > TUNNELS (IPSEC TUNNELS) > MANUAL KEY MANAGEMENT To use manual key management click MANUAL button. This will bring up the VPN policy configuration screen. POLICY NAME - is a symbolic name of the VPN policy. Each policy should have an unique policy name. SOURCE ADDRESS - Drop down menu allows you to configure the source IP address of the outbound network traffic for which this VPN policy will provide security.
NetVanta 2000 Series System Manual Section 4, User Interface Guide 20 bytes. Enter 16 or 20 characters (depending on authentication algorithm) and the NetVanta 2000 series will use the ASCII of each character to create the hex bytes needed for the algorithm.This key value should match to the corresponding outbound key value on the remote end SG. IN SPI - is SPI value for identifying the inbound SA created by this AH transform.
Section 4, User Interface Guide NetVanta 2000 Series System Manual algorithm) and the NetVanta 2000 series will use the ASCII of each character to create the hex bytes needed for the algorithm. This key value should match to the corresponding inbound key value on the remote end SG. IN ESP KEY - is encryption key used for deciphering the datagrams coming in from the remote end SG. Length of this key for DES must be 8 bytes, and for 3DES must be 24 bytes.
NetVanta 2000 Series System Manual Section 4, User Interface Guide menu indicates the complete port range i.e. 1 to 65535. PROTOCOL - Drop down menu allows you to choose the transport protocol for this VPN policy selector. ALL option in this menu represents all transport protocols riding on IP. PEER SECURITY GATEWAY - is the IP address of the remote end of the VPN tunnel, i.e. WAN IP address of the remote Security Gateway. LOCAL SECURITY GATEWAY - is the IP address of the local end of the VPN tunnel, i.
Section 4, User Interface Guide NetVanta 2000 Series System Manual LOCAL ID TYPE -- Select any one of the options available in the drop down menu. It includes IP ADDRESS (IP v.4 address), FQDN (fully qualified domain name), USER FQDN (fully qualified username string) and DER ANS1 DN (X.500 distinguished name). LOCAL ID DATA -- Based on the LOCAL ID TYPE selected, enter the appropriate Local ID data. If IP ADDRESS is selected, enter an IP v.4 address in the LOCAL ID DATA field.
NetVanta 2000 Series System Manual Section 4, User Interface Guide SOURCE ADDRESS - Drop down menu allows you to configure the source IP address of the outbound network traffic for which this VPN policy will provide security. Mostly, this address will be from your corporate network address space. All entries in the IP Address Table appear in this drop down menu.
Section 4, User Interface Guide NetVanta 2000 Series System Manual > POLICIES > VPN > CERTIFICATES > PRIVATE KEY WITHOUT PUBLIC KEY The NetVanta 2000 series provides the capability to generate self certificate requests in PEM (Privacy Enhanced Mail) format for either RSA or DSS signature algorithms. Refer to DLP-017, Generating a Self-Certificate Request for more details.
NetVanta 2000 Series System Manual Section 4, User Interface Guide The NetVanta 2000 series log queue can be cleared by clicking on the CLEAR LOG button found in the Log Window dialog box. Messages in the log queue when it is cleared are permanently lost. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 4, User Interface Guide 74 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
DETAIL LEVEL PROCEDURES Connecting to the Netvanta 2000 Series .........................................................................................DLP-001 Changing the Admin Password in the NetVanta .............................................................................DLP-002 Saving the Current Settings of the NetVanta ...................................................................................DLP-003 Setting the Time and Date in the NetVANTA ..............................................
Section 5, DLP-5 76 NetVanta 2000 series System Manual © 2002 ADTRAN, Inc.
CONNECTING TO THE NETVANTA 2000 SERIES Introduction The NetVanta 2000 series can be accessed and managed via the LAN interface using an ethernet crossover cable (provided). Alternately, the NetVanta 2000 series may be acceslsed using a hub and two ethernet cables (one for the PC and one for the NetVanta 2000 series). Using a PC with an installed browser (Internet Explorer 5.5 for optimal viewing), the NetVanta 2000 series can be configured using an easy GUI.
Section 5, DLP-001 NetVanta 2000 Series System Manual DLP-001 Perform Steps Below in the Order Listed 1. Connect power to the NetVanta 2000 series using the provided wallmount power supply. 2. Connect the NetVanta 2000 series LAN interface to the PC using the provided ethernet crossover cable. 3. Supply power to the PC and begin the operating system bootup process. During the bootup process, the PC will obtain an IP address from the NetVanta 2000 series DHCP server.
NetVanta 2000 Series System Manual Section 5, DLP-001 6. After logging in to the NetVanta 2000 series, the welcome screen will appear. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-001 80 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
CHANGING THE ADMIN PASSWORD IN THE NETVANTA Introduction This DLP explains how to change the existing admin password in the NetVanta 2000 series access list. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details. Tools and Materials Required • No special tools or materials are required. To prevent electrical shock, do not install equipment in a wet location or during a lightning storm.
Section 5, DLP-002 NetVanta 2000 Series System Manual DLP-002 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select ADMIN. This displays the CHANGE PASSWORD dialog box. 82 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-002 3. Enter the existing password in the OLD PASSWORD data field. If this is the first time changing the password in the NetVanta 2000 series, this field will be blank. 4. Enter the new password in both the NEW PASSWORD data field and CONFIRM NEW PASSWORD data fields. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-002 NetVanta 2000 Series System Manual 5. You may enter a SESSION TIMEOUT (in seconds). Leaving this field blank results in a infinite SESSION TIMEOUT. A Session Timeout less than 120 sec is not recommended. Having a short session timeout will make it difficult to configure the NetVanta 2000 series before timing out. 84 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-002 6. Once all fields are completed, click the SUBMIT button to register the password change. Once the SUBMIT button has been clicked, the OPERATION RESULT screen will appear. 7. Click the LOGIN AGAIN hyperlink and enter admin as the username and the new password in the PASSWORD field. 8. Follow the procedures outlined in DLP-003 to save the settings to nonvolatile memory.
Section 5, DLP-002 86 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
SAVING THE CURRENT SETTINGS OF THE NETVANTA Introduction After making a configuration change in the NetVanta 2000 series, it is necessary to save the new settings to non-volatile memory. If the changes are not saved, a power loss to the NetVanta 2000 series will result in a configuration loss. This DLP details the process for saving settings to NetVanta 2000 series non-volatile memory.
Section 5, DLP-003 NetVanta 2000 Series System Manual DLP-003 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select ADMIN. 88 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-003 3. From the menu list (located on the left side of the screen), select SAVE SETTINGS. The save settings confirmation page will display. 4. Select Yes to save the current NetVanta 2000 series settings to non-volatile memory. A status page will display when the settings have been successfully saved. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-003 NetVanta 2000 Series System Manual Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 90 © 2002 ADTRAN, Inc.
SETTING THE TIME AND DATE IN THE NETVANTA Introduction Many security operations are time and date critical. This DLP provides the procedures for setting the NetVanta 2000 series system time and date to ensure proper operation. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details. Tools and Materials Required • No special tools or materials are required.
Section 5, DLP-004 NetVanta 2000 Series System Manual DLP-004 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select CONFIG. 92 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-004 3. From the menu list (located on the left side of the screen), select GENERAL. The GENERAL CONFIGURATION page will appear. 4. Click the CHANGE DATE AND TIME? checkbox (located in the upper third of the screen). 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-004 NetVanta 2000 Series System Manual 5. Select the appropriate time zone from the TIME ZONE drop-down menu (located in the upper third of the screen). 6. Enter the SYSTEM DATE and SYSTEM TIME in the appropriate fields. 94 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-004 7. Alternately, enter the address of a time server to be used (instead of the local NetVanta 2000 series date and time) in the TIME SERVER ADDRESS field. 8. Scroll to the bottom of the page and click the SUBMIT button. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-004 NetVanta 2000 Series System Manual 9. Follow the procedures outlined in DLP-003 to save the settings to nonvolatile memory. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 96 © 2002 ADTRAN, Inc.
CONFIGURING THE LAN INTERFACE IP ADDRESS Introduction When the NetVanta 2000 series is connected to an IP network, there are several IP parameters that must be set in order for the unit to communicate with the network. These parameters are described in this DLP along with the procedures for setting them. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details.
Section 5, DLP-005 NetVanta 2000 Series System Manual DLP-005 Perform Steps Below in the Order Listed If you are connected to the NetVanta 2000 series through the LAN interface, changing the LAN interface IP address will result in a loss of communication with the unit. Before changing the LAN IP address, follow the steps in DLP-012, Configuring the LAN Interface DHCP Server to assign the DHCP server a range of IP addresses on the same subnet as the new LAN IP address. 1.
NetVanta 2000 Series System Manual Section 5, DLP-005 3. From the menu list (located on the left side of the screen), select NETWORK INTERFACE. This displays the ETHERNET CONFIG page. 4. Enter the IP address for the LAN side of the NetVanta 2000 series in the LAN IP field. Enter the appropriate subnet mask in the field below. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-005 NetVanta 2000 Series System Manual 5. Scroll to the bottom of the screen and click the SUBMIT button. The screen will blink and you will return to the Ethernet Config page. 6. Follow the procedures outlined in DLP-003 to save the settings to nonvolatile memory. 7. If you are connecting to the unit via the LAN interface, it will be necessary for you to log into the unit again once the IP address has been changed (see DLP-001 for details).
CONFIGURING THE WAN INTERFACE USING DYNAMIC OR STATIC IP ADDRESSING Introduction The NetVanta 2000 series supports three IP addressing schemes on the WAN interface -- dynamic, static, and PPP over Ethernet (PPPoE). This DLP discusses the procedure for using either the dynamic IP or static addressing schemes. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details.
Section 5, DLP-006 NetVanta 2000 Series System Manual DLP-006 Perform Steps Below in the Order Listed -- Dynamic Addressing 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select CONFIG. The ETHERNET CONFIG page will appear. 102 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-006 3. Select the DYNAMIC radio button in the WAN IP TYPE CONFIGURATION section. 4. Scroll to the bottom of the screen and click the SUBMIT button. The screen will blink and you will return to the Ethernet Config page. 5. Some Service Providers require the use of a unique DHCP Client Name to acquire an IP address dynamically.
Section 5, DLP-006 NetVanta 2000 Series System Manual 6. Follow the procedures outlined in DLP-003 to save the settings to nonvolatile memory. Perform Steps Below in the Order Listed -- Static Addressing 1. Connect the NetVanta 2000 series to a PC and initiate an active browser session (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select CONFIG. The ETHERNET CONFIG page will appear. 104 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-006 3. Select the STATIC radio button in the WAN IP TYPE CONFIGURATION section. 4. Enter the IP address of the NetVanta 2000 series WAN interface in the WAN IP data field. Enter the appropriate subnet mask in the fields below. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-006 NetVanta 2000 Series System Manual 5. Scroll to the bottom of the screen and click the SUBMIT button. The screen will blink and you will return to the Ethernet Config page. 6. Follow the procedures outlined in DLP-003 to save the settings to nonvolatile memory. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 106 © 2002 ADTRAN, Inc.
CONFIGURING THE WAN INTERFACE FOR PPPOE ADDRESSING Introduction The NetVanta 2000 series supports three IP addressing schemes on the WAN interface -- dynamic, static, and PPP over Ethernet (PPPoE). This DLP discusses the procedure for using the PPPoE addressing scheme. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details. Tools and Materials Required • No special tools or materials are required.
Section 5, DLP-007 NetVanta 2000 Series System Manual DLP-007 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select CONFIG. The GENERAL page will appear. 108 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-007 3. From the menu list (located on the left side of the screen) select NETWORK INTERFACE. The Ethernet Config page will appear. 4. Select the PPP OVER ETHERNET radio button in the WAN IP TYPE CONFIGURATION section. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-007 NetVanta 2000 Series System Manual 5. Enter the username (provided by your service provider) in the USERNAME field in the PPP OVER ETHERNET configuration section. 6. Enter the password for the username entered in Step 4 in both the PASSWORD and PASSWORD CONFIRMATION fields. 110 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-007 For most applications, the SERVICE NAME and AC NAME (Access Concentrator) fields should remain blank. Only populate these fields if specific information has been provided by the service provider. 7. Scroll to the bottom of the screen and click the SUBMIT button. 8. Follow the procedures outlined in DLP-003 to save the settings to nonvolatile memory.
Section 5, DLP-007 112 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
UPGRADING THE FIRMWARE OF THE NETVANTA 2000 SERIES Introduction The NetVanta 2000 series supports firmware updates via the LAN and WAN interfaces and an active ADMIN login session. Using an active browser session and the provided GUI, the NetVanta 2000 series may be upgraded by loading firmware files(.bin) into the unit. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details.
Section 5, DLP-008 NetVanta 2000 Series System Manual DLP-008 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select ADMIN. 114 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-008 3. From the menu list (located down the left side of the screen), select UPGRADE FIRMWARE. While this page is loading, you will be asked to install and run a Java applet distributed by ADTRAN, Inc., and verified by VeriSign Commercial Software Publishers. If security is not enabled on your internet browser, the screen below will not be shown. 4. Click YES to install and run the Java applet.
Section 5, DLP-008 NetVanta 2000 Series System Manual 5. Enter the filename (including path) of the firmware file you wish to load. Firmware files for the NetVanta 2000 series will have a .bin extension. Alternately, click the BROWSE button to navigate to the file using the pop-up explorer window. 116 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-008 6. Click the UPGRADE button to begin the upgrade. All settings not saved into nonvolatile memory (following the procedures in DLP-002) will be lost during the firmware upgrade. During the firmware upgrade, all traffic will be halted through the NetVanta 2000 series. The unit will reboot and you will be asked to log in again. 7. Log in to the NetVanta 2000 series using the admin username and appropriate password to continue configuration.
Section 5, DLP-008 118 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
SAVING THE CURRENT CONFIGURATION OF THE NETVANTA Introduction The NetVanta 2000 series supports configuration transfers from the unit (via either the LAN or WAN interface) using an active browser session. This DLP provides the steps to follow for a successful configuration transfer using a PC and an active browser session. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details.
Section 5, DLP-009 NetVanta 2000 Series System Manual DLP-009 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select ADMIN. 120 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-009 3. From the menu list (located on the left side of the screen) select Configuration Transfer. 4. In the Configuration Download dialog box, click the Download button. A Windows file download dialog box will appear. Click the Save file to disk radio button and click OK. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-009 NetVanta 2000 Series System Manual 5. In the Save As dialog box enter the name for the NetVanta configuration file (all filenames must have a .bin extension). Browse to the location where you would like to save the file and click the Save button. 6. A Windows File Download status dialog will briefly display showing the current status of the download. 122 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-009 7. Using your file manager, check to make sure your configuration file was saved in your desired location. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-009 124 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
LOADING A SAVED CONFIGURATION INTO THE NETVANTA Introduction The NetVanta 2000 series supports configuration transfers from the unit (via the LAN interface) using an active browser session. This DLP provides the steps to follow for a successful configuration transfer using a PC and an active browser session. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details.
Section 5, DLP-010 NetVanta 2000 Series System Manual DLP-010 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select ADMIN. 126 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-010 3. From the menu list (located on the left side of the screen) select Configuration Transfer. 4. In the Configuration Upload dialog box either enter the filename of the configuration file you want to load into the unit (including path), or click the Browse button to open a Windows Choose file dialog box and select the desired file. All configuration files for the NetVanta 2000 series must have a .bin extension. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-010 NetVanta 2000 Series System Manual 5. In the Configuration Upload dialog box click the Upload button. If a successful upload is completed, the unit will display the status message in the Configuration Upload dialog box. 6. Once the upload is complete the NetVanta 2000 series unit will reboot to install the new configuration. You will need to log in to the unit after the reboot is complete (see DLP-001 for details).
ADDING A DEFAULT ROUTE TO THE NETVANTA ROUTE TABLE Introduction The NetVanta 2000 series contains an internal router which allows multiple users to share a VPN connection while the unit is still directing incoming IP traffic. The NetVanta 2000 series router supports standard TCP/IP operation, static routes, and the use of RIP V1 and V2. This DLP discusses the procedure for adding a default route to the NetVanta 2000 series route table.
Section 5, DLP-011 NetVanta 2000 Series System Manual DLP-011 176.124.37.80 (WAN Address) NetVanta 2100 Broadband MODEM Network 10.10.10.1 (LAN Address) 10.70.240.1 10.72.280.1 VPN GW ROUTER 192.22.76.40 (WAN Address) 10.70.240.1 Corporate Network Perform Steps Below in the Order Listed - Default Route 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select CONFIG. 130 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-011 3. From the menu list (located on the left side of the screen) select ROUTES. 4. Click the Add Route button found in the Route Table dialog box. The Routing Information page will appear. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-011 NetVanta 2000 Series System Manual 5. Select the interface associated with the new route from the Interface Name drop down menu. The options are CORP (the LAN interface) and WAN. Select WAN to add a default route. 6. Specify whether this route is the default route by selecting the appropriate radio button next to Default Route. For this example we will be entering the default route so YES will be selected. 132 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-011 7. Enter the IP address of the far-end network in the Destination IP Address field. For this example we are entering a default route so the Destination IP Address will be 0.0.0.0. 8. Enter the subnet mask for the far-end network in the Net Mask field. For this example we are entering a default route so the Net Mask will be 0.0.0.0. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-011 NetVanta 2000 Series System Manual 9. If you are using Static IP Addressing on the WAN interface, enter the IP address of the next hop router (provided by your ISP). Alternately, if you are using DHCP (Dynamic) or PPPoE addressing, enter the IP address found in the DHCP Info window (see DLP-022 for details). 10. Enter the number of routers a packet would travel through to reach its destination in the Hop Count field. This field is optional and will be left blank for this example. 11.
CONFIGURING THE LAN INTERFACE DHCP SERVER Introduction The NetVanta 2000 series contains an internal DHCP server to manage IP addresses on the local network. The DHCP server functions on the LAN interface only. This DLP discusses the procedure for configuring the DHCP server for standard operation. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details.
Section 5, DLP-012 NetVanta 2000 Series System Manual DLP-012 10.10.10.2 to 10.10.10.20 10.10.10.70 to 10.10.10.9 10.10.10.1 (LAN Address) 10.10.10.150 to 10.10.10.170 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select CONFIG. 136 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-012 3. From the menu list (located on the left side of the screen) select DHCP Server. The DHCP Server Configuration page will appear. 4. Click the DHCP Enable Yes radio button to enable the DHCP server. The DHCP server is enabled by default. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-012 NetVanta 2000 Series System Manual 5. Enter the selected range of IP addresses to be assigned by the NetVanta 2000 series DHCP server in the IP Address Range 1-3 fields. If only one range of IP addresses are desired, enter them in the IP Address Range 1 field. For our example we will enter three separate ranges. 6. Enter the LAN IP address of the NetVanta 2000 series unit in the Gateway IP Address field. For our example we will enter 10.10.10.1. 138 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-012 7. Enter the IP address for the primary DNS server you wish the NetVanta 2000 series to use in the DNS 1 field. For our example we will use the DNS capability of the NetVanta 2000 series so we will enter the LAN IP address (10.10.10.1) in the DNS 1 field. You may enter a secondary DNS server in the DNS 2 field. 8. Enter the number of seconds you want the NetVanta 2000 series to use for the active lease timer in the Lease Duration field.
Section 5, DLP-012 140 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-012 9. Click the submit button to make the changes take effect. The page will blink and return you to the DHCP Server Configuration page. 10. Follow the procedures in DLP-003 to save the settings to non-volatile memory. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-012 142 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
DEFINING A USER GROUP IN THE NETVANTA Introduction The NetVanta 2000 series has the flexibility to allow policies to be implemented on a per-user basis. With the User Group component tables you are able to create groups and assign users that share the same access policies. The User Group feature allows each policy to be implemented dynamically as the user logs on and off the system. This DLP discusses the procedure for creating a user group in the NetVanta 2000 series.
Section 5, DLP-013 NetVanta 2000 Series System Manual DLP-013 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select POLICIES. The MANAGE LISTS menu and USER GROUP submenu are automatically displayed. 144 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-013 3. Click the Add button in the User Group dialog box. The GROUP CONFIGURATION page will appear. 4. Enter a descriptive name for the group in the Group Name field. This is a character field for up to 16 characters, and spaces are not allowed. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-013 NetVanta 2000 Series System Manual 5. Select the appropriate authentication type (HTTP or IKE) checkbox. This field may be left blank if no authentication is necessary. 6. If IKE was selected as the authentication method in Step 5, select the appropriate IKE policy from the IKE Policy Name drop down menu. U 146 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-013 7. Click the Submit button to add the configured group to the User Group component table. If the group is successfully added the User Group page will appear and the added group will be listed. 8. Follow the procedures in DLP-003 to save the settings to non-volatile memory. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there.
Section 5, DLP-013 148 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
ADDING A USER TO THE USERS COMPONENT TABLE Introduction The NetVanta 2000 series has the flexibility to allow policies to be implemented on a per-user basis. With the User Group component tables you are able to create groups and assign users that share the same access policies. The User Group feature allows each policy to be implemented dynamically as the user logs on and off the system. This DLP discusses the procedure for adding a user to a user group in the NetVanta 2000 series.
Section 5, DLP-014 NetVanta 2000 Series System Manual DLP-014 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select POLICIES. The MANAGE LISTS menu and USER GROUP submenu are automatically displayed. 150 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-014 3. From the menu list (located on the left side of the screen) select USERS (listed as a MANAGE LISTS submenu). 4. Click the Add button in the Users dialog box. The User Configuration page will appear. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-014 NetVanta 2000 Series System Manual 5. Enter a descriptive name for the User in the User Name field. This is a character field and spaces are not allowed. 6. Enter the assigned password in both the Password and Confirm Password fields. This will be the user’s log on password to activate the associated policies. 152 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-014 7. Select the group you want to assign this user to in the Group Name drop down menu. 8. Enter the login timeout you want to assign to this user in the Login Timeout field. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-014 NetVanta 2000 Series System Manual 9. Click the Submit button to add the configured user to the Users component table. If the user is successfully added the Users page will appear and the added user will be listed. 10. Follow the procedures in DLP-003 to save the settings to non-volatile memory. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 154 © 2002 ADTRAN, Inc.
USING THE IP ADDRESS COMPONENT TABLE Introduction When configuring the NetVanta 2000 series, IP addresses are used repeatedly in many different components of the setup. To make the configuration process easier, the NetVanta 2000 series is equipped with an IP Address Component Table. The IP Address Component Table stores entered IP addresses for use throughout the configuration. This DLP discusses adding an IP address to this table.
Section 5, DLP-015 NetVanta 2000 Series System Manual DLP-015 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select POLICIES. The MANAGE LISTS menu and USER GROUP submenu are automatically displayed. 156 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-015 3. From the menu list (located on the left side of the screen) select IP ADDRESS (listed as a MANAGE LISTS submenu). 4. Click the Add button in the IP Address dialog box. The IP Address Configuration page will appear. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-015 NetVanta 2000 Series System Manual 5. Enter a descriptive name for the IP address in the IP Name field. This is a character field and spaces are not allowed. 6. Specify what type of IP address this record will hold. The IP Address Component Table can hold single IP addresses, a range of IP addresses, an entire subnet of addresses, or any address. Click the appropriate radio button. 158 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-015 7. Enter the IP address for this record in the IP ADDRESS 1 and 2 fields located at the bottom of the IP Address Configuration dialog box. Enter a single IP address in the IP ADDRESS 1 field. Enter a range using both fields. Enter a subnet of IP addresses by putting the network IP address in the IP ADDRESS 1 field and the subnet mask for that network in the IP ADDRESS 2 field. 8.
Section 5, DLP-015 NetVanta 2000 Series System Manual 9. Follow the procedures in DLP-003 to save the settings to non-volatile memory. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 160 © 2002 ADTRAN, Inc.
ADDING A SERVICE TO THE SERVICES COMPONENT TABLE Introduction When configuring the NetVanta 2000 series, references to specific services (using port numbers) can be used over and over again in many different components of the setup. To make the configuration process easier, the NetVanta 2000 series is equipped with a Services Component Table. The Services Component Table stores entered services (using port numbers) for use throughout the configuration. This DLP discusses adding a service to this table.
Section 5, DLP-016 NetVanta 2000 Series System Manual DLP-016 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select POLICIES. The MANAGE LISTS menu and USER GROUP submenu are automatically displayed. 162 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-016 3. From the menu list (located on the left side of the screen) select SERVICES (listed as a MANAGE LISTS submenu). 4. Click the Add button in the Services dialog box. The Service Configuration page will appear. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-016 NetVanta 2000 Series System Manual 5. Enter a descriptive name for the IP address in the IP Name field. This is a character field and spaces are not allowed. 6. Specify whether this uses TCP or UDP protocol by selecting the appropriate radio button next to the protocol. 164 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-016 7. Enter the port number associated with the service for this record in the Port Number field. 8. Click the Submit button to add the configured service to the Services component table. If the service is successfully added the Services page will appear and the added service will be listed. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-016 NetVanta 2000 Series System Manual 9. Follow the procedures in DLP-003 to save the settings to non-volatile memory. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 166 © 2002 ADTRAN, Inc.
GENERATING A SELF-CERTIFICATE REQUEST Introduction The NetVanta 2000 series supports the use of both RSA and DSS Signature Algorithm Certificates. The NetVanta 2000 series provides the capability to generate self-certificate requests, and maintains a listing of private keys (certificate requests) that currently have no public key (self-certificate assigned by the Certificate Authority). Always contact your Certificate Authority (VeriSign, Entrust, etc.) before generating your self-certificate request.
Section 5, DLP-017 NetVanta 2000 Series System Manual DLP-017 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select POLICIES. The MANAGE LISTS menu and USER GROUP submenu are automatically displayed. 168 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-017 3. From the menu list (located on the left side of the screen) select VPN. The IPSec Policies page will appear. 4. From the menu list (located on the left side of the screen) select CERTIFICATES (listed as a VPN submenu). 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-017 NetVanta 2000 Series System Manual 5. In the Self-Certificate section of the page click the Generate Request button. The Request parameters box appears. 6. Enter a text string (up to 7 characters with no spaces) in the Name field. This name is locally significant and should be used to identify different certificate requests generated in the same NetVanta 2000 series unit. 170 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-017 7. Enter a subject name to be used when generating the certificate request. For our example we will use the fully qualified domain name (FQDN) of the test NetVanta 2000 series unit. 8. Select the desired algorithm for generating the certificate request from the Signature Algorithm drop down menu. The NetVanta 2000 series supports both DSS and RSA algorithms. When determining the algorithm to use, remember that RSA is more secure than DSS.
Section 5, DLP-017 NetVanta 2000 Series System Manual 9. Select the key length used for the request from the drop down menu. The NetVanta 2000 series supports both 512 and 1024 key lengths. When determining the key length to use, remember that the bigger the key length the more security you have. 10. Select the hash algorithm used for the request from the drop down menu. The NetVanta 2000 series supports both MD5 and SHA1 hash algorithms.
NetVanta 2000 Series System Manual Section 5, DLP-017 11. Click the Ok button to submit your certificate request. The Certificate Request dialog box appears. The name entered in Step 6 is displayed in the Name field. The actual self-certificate request (in X.509 PEM (Privacy Enhanced Mail) format) is displayed in the text box beneath the Name. Submit all of this text to your Certificate Authority to receive your Self-Certificate. 12.
Section 5, DLP-017 NetVanta 2000 Series System Manual 13. Open a second browser session and enter isakmp-test.ssh.fi in the URL Address field. This will display the SSH Communications Security test certificate site. 14. Click on the X.509 Certificate Enrollment test page link to display the certificate request processing screen. 174 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-017 15. Place your cursor in the text box on the screen and hit to paste the copied certificate request into the text box. 16. Click on the Next Page button to display the PKCS#10 Data Verification page. On this page you will need to verify the information used to generate your request. If you were working with a Certificate Authority, you would have already agreed on this data and submitted it to them before generating the request.
Section 5, DLP-017 NetVanta 2000 Series System Manual 17. Enter the alternate subject data you wish the Certificate Authority to use when generating your certificate in the appropriate Subject Alt Name field. This information will be used again when configuring your IKE tunnel, so a review of these fields is appropriate.
NetVanta 2000 Series System Manual Section 5, DLP-017 18. Scroll to the bottom of the page and click the Next Page button. The Final Certificate Parameters page will appear. 19. Select the radio button next to the appropriate CA chain you want the CA to use when generating your certificate. This should match the key length you selected when generating the request. For our example we used 1024, so we will select the first CA chain. Click the Next Page button. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-017 NetVanta 2000 Series System Manual 20. Highlight all the text in the box and hit to copy the text. Paste this text to a notepad file to be used later. 21. The Certificate Authority’s certificate must be uploaded to the NetVanta 2000 series before loading the self-certificate. Follow the instructions in DLP-019 to upload the Certificate Authority’s certificate to the NetVanta 2000 series.
UPLOADING A CA CERTIFICATE TO THE NETVANTA Introduction The NetVanta 2000 series supports the use of both RSA and DSS Signature Algorithm Certificates. The NetVanta 2000 series provides the capability to generate self-certificate requests, and maintains a listing of private keys (certificate requests) that currently have no public key (self-certificate assigned by the Certificate Authority).
Section 5, DLP-018 NetVanta 2000 Series System Manual DLP-018 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select POLICIES. The MANAGE LISTS menu and USER GROUP submenu are automatically displayed. 180 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-018 3. From the menu list (located on the left side of the screen) select VPN. The IPSec Policies page will appear. 4. From the menu list (located on the left side of the screen) select CERTIFICATES (listed as a VPN submenu). 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-018 NetVanta 2000 Series System Manual 5. In the CA Certificate section of the page click the Upload Certificate button. The CA Certificate Uploading parameters box appears. 6. Open a second browser session and enter isakmp-test.ssh.fi in the URL Address field. This will display the SSH Communications Security test certificate site. 182 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-018 7. Click on the appropriate Our CA Test CA link. Choose the link that matches the key length you used to generate the self-certificate request. In DLP-017 we applied a 1024 bit key to generate our request, so we will choose the Our CA Test CA 1 Files (1024 bit RSA) hyperlink. 8. The NetVanta 2000 series supports uploading certificates in PEM (Privacy Enhanced Mail) format. Select the CA 1 Root Certificate in PEM format.
Section 5, DLP-018 NetVanta 2000 Series System Manual 9. Highlight all the text in the box and hit to copy the text. Return to the NetVanta 2000 series CA Certificate Uploading screen and paste the CA Certificate in the text box. 10. Click the OK button to submit the certificate. When the certificate is successfully loaded the Certificates page will appear and the certificate will be listed in the CA Certificate section. 184 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-018 11. The Certificate Authority’s certificate must be uploaded to the NetVanta 2000 series before loading a self-certificate. After loading the CA certificate you may proceed to DLP-019 for instructions on loading the self-certificate. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-018 186 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.
UPLOADING A SELF-CERTIFICATE TO THE NETVANTA Introduction The NetVanta 2000 series supports the use of both RSA and DSS Signature Algorithm Certificates. The NetVanta 2000 series provides the capability to generate self-certificate requests, and maintains a listing of private keys (certificate requests) that currently have no public key (self-certificate assigned by the Certificate Authority).
Section 5, DLP-019 NetVanta 2000 Series System Manual DLP-019 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select POLICIES. The MANAGE LISTS menu and USER GROUP submenu are automatically displayed. 188 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-019 3. From the menu list (located on the left side of the screen) select VPN. The IPSec Policies page will appear. 4. From the menu list (located on the left side of the screen) select CERTIFICATES (listed as a VPN submenu). 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-019 NetVanta 2000 Series System Manual 5. In the Self-Certificate section of the page click the Upload Certificate button. The Self-Certificate Uploading box appears. 6. Select the name of the request this self-certificate corresponds to from the Name drop down menu. This is the locally significant name that was entered during the self-certificate request process (see DLP-017). 190 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-019 7. Place your cursor in the text box portion of the Self-Certificate Uploading dialog and paste in the self-certificate text. If you followed the steps in DLP-017, this certificate text will be in a notepad file. 8. Click the OK button to submit the self-certificate. When the certificate is successfully loaded the Certificates page will display and the self-certificate will be listed.
Section 5, DLP-019 NetVanta 2000 Series System Manual Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there. 192 © 2002 ADTRAN, Inc.
REVIEWING THE VARIOUS KEYS OF THE NETVANTA Introduction Implementing a secure network requires the use of encryption, authentication, and the exchange of keys. The NetVanta 2000 series provides Encapsulating Security Payload (ESP) with support for both DES and 3DES encryption methods. The NetVanta 2000 series also provides Authentication Header (AH) with support for MD5-HMAC 128-bit and SHA1-HMAC 160-bit authentication algorithms.
Section 5, DLP-020 NetVanta 2000 Series System Manual DLP-020 Please Refer to the Table Below When Defining Keys in the NetVanta 2000 series Key Name Key Length Use this key..... MD5 AUTH KEY 16 digits when using MD5 authentication for RIP updates on the LAN and/or WAN interface. MD5 IN and OUT 16 digits when configuring MD5 authentication for Manual VPN tunnels. MD5 IN SPI and OUT SPI numerical >255 when configuring MD5 authentication for Manual VPN tunnels.
RESTORING THE NETVANTA TO FACTORY DEFAULTS Introduction The NetVanta 2000 series provides two methods of restoring the unit to factory defaults - software and hardware. This DLP discusses each method and the necessary steps. Prerequisite Procedures This DLP assumes the NetVanta 2000 series is connected to a PC and a browser session is active. Refer to DLP-001 for more details. Tools and Materials Required • No special tools or materials required.
Section 5, DLP-021 NetVanta 2000 Series System Manual DLP-021 Perform Steps Below in the Order Listed - Software Default Performing a factory default using software will restore ALL configurable parameters of the NetVanta 2000 series to factory conditions. All modified interface address will be lost and may disrupt communications with the unit. 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen), select ADMIN.
NetVanta 2000 Series System Manual Section 5, DLP-021 3. From the menu list (located on the left side of the screen) select FACTORY DEFAULT. 4. Click the Yes button to submit the operation. This will display the Reboot Confirmation screen. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-021 NetVanta 2000 Series System Manual 5. Click Yes to reboot the NetVanta 2000 series and restore all parameters to factory default settings. 6. Complete the steps in DLP-001 to access the NetVanta 2000 series unit. Perform Steps Below in the Order Listed - Hardware Default Performing a factory default using hardware only restores the LAN interface parameters to default state. The DHCP server will be enabled and the LAN interface will be given an IP address of 10.10.10.1. 1.
VIEWING THE DHCP INFO TABLE Introduction The NetVanta 2000 series supports three IP addressing schemes on the WAN interface -- dynamic, static, and PPP over Ethernet (PPPoE). When the WAN interface is configured for dynamic (DHCP) or PPPoE addressing, important information can be obtained by viewing the DHCP information the NetVanta 2000 series receives from your provider’s DHCP server. The NetVanta 2000 series contains a table listing all DHCP information for both the LAN and WAN interfaces.
Section 5, DLP-022 NetVanta 2000 Series System Manual DLP-022 Perform Steps Below in the Order Listed 1. Log in to the NetVanta 2000 series as admin (see DLP-001 for details). 2. From the main menu (located across the top of the screen) select CONFIG. 200 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual Section 5, DLP-022 3. From the menu list (located on the left side of the screen) select NETWORK INTERFACE. The ETHERNET CONFIG page will appear. 4. From the menu list (located on the left side of the screen) select DHCP INFO. 61200361L1-1E © 2002 ADTRAN, Inc.
Section 5, DLP-022 NetVanta 2000 Series System Manual 5. Record any information needed from this table for future use. The IP address listed next to Gateways in the WAN column (172.124.37.252 for this example) will be used when adding the default route to the NetVanta 2000 series route table (see DLP-011). Record this address for future reference. Follow-up Procedures Once this procedure is complete, return to the procedure which referred you to this DLP and continue with the tasks indicated there.
GLOSSARY Authentication Identifying and validating a given user. Data integrity Traditionally, data integrity checking has involved attaching a checksum to a string of data to check against accidental data corruption. More sophisticated security algorithms add other validators such as time and date stamps to make sure data is not intercepted or altered. Data Encryption Standard (DES) Is a symmetric block cipher algorithm used as a confidentiality mechanism for the encapsulating security payload (ESP).
Glossary NetVanta 2000 Series System Manual HTTP HyperText Transfer Protocol is the protocol that carries requests from a browser to a Web server and also transports Web pages from a Web server back to the requesting browser. HTTP is the most universally used Web transfer protocol, but it is not inherently a secure protocol. ICMP Redirect Not necessarily a malicious condition, some routers generate a redirection message whenever a packet is rerouted.
NetVanta 2000 Series System Manual Glossary caching frequently requested web pages and can filter unauthorized user requests for access to files or designated web sites. Replay attack Capturing and storing a password-included packet and then reissuing that packet in an attempt to gain unauthorized access. Routing Information Protocol A protocol for exchanging routing information among gateways and other hosts. Security Associations Agreements or negotiations between two or more communicating parties.
Glossary NetVanta 2000 Series System Manual ACRONYMS AH Authentication Header ALG Application Level Gateway ASP Active Server Protocol ATM Asynchronous Transfer Mode CERT Computer Emergency Response Team DDOS Distributed Denial of Service DES Data Encryption Standard DH Diffie Helman shared secret algorithm DHCP Dynamic Host Configuration Protocol DNS Domain Name Server DSA Digital Signature Algorithm DSL Digital Subscriber Loop DSU/CSU Data Service Unit/Channel Service Unit ECN Explicit Congestion Notifi
NetVanta 2000 Series System Manual Glossary Hyper Text Transfer Protocol ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IEEE-SA IEEE Standards Association IKE Internet Key Exchange IPSec Internet Protocol Security MPOA Multiprotocol Over ATM NAT Network Address Translation NIST National Institute of Standards and Technology NNTP Network News Transfer Protocol NSA National Security Agency RIP Routing Information Protocol RSA A public key encryption algorithm RSVP Resource Reser
Glossary NetVanta 2000 Series System Manual SHA Secure Hash Algorithm SPD Security Policy Database SPI Security Parameter Index VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol WAN Wide area network WELF Webtrend Extended Log Format WFQ Weighted fair queuing 208 © 2002 ADTRAN, Inc.
NetVanta 2000 Series System Manual 61200361L1-1E Glossary © 2002 ADTRAN, Inc.
Glossary 210 NetVanta 2000 Series System Manual © 2002 ADTRAN, Inc.