Administration of the Avaya G350 Media Gateway - Avaya Support

13.07.2015 Views
ContentsConfiguring VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Overview of VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198VRRP configuration example . . . . . . . . . . . . . . . . . . . . . . . . . . . 199VRRP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Configuring fragmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Overview of fragmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Reassembly parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Fragmentation commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Chapter 17: Configuring IPSec VPN . . . . . . . . . . . . . . . . . . . . 203Overview of IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Configuring a site-to-site IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . 204Overview of IPSec VPN configuration . . . . . . . . . . . . . . . . . . . . . . 204Prerequisite – coordinating with the VPN peer . . . . . . . . . . . . . . . . . 208Installing the VPN license file . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Configuring ISAKMP policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Configuring transform-sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210Configuring ISAKMP peer information . . . . . . . . . . . . . . . . . . . . . . 211Configuring crypto maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213Configuring crypto-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Configuring interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216Deactivating crypto lists to modify IPSec VPN parameters. . . . . . . . . 217IPSec VPN maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218Displaying IPSec VPN configuration . . . . . . . . . . . . . . . . . . . . . . . 218Displaying IPSec VPN status . . . . . . . . . . . . . . . . . . . . . . . . . . . 218IPSec VPN intervention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219IPSec VPN logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219Typical installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Simple VPN topology: VPN hub and spokes. . . . . . . . . . . . . . . . . . . 221Configuring the simple VPN topology . . . . . . . . . . . . . . . . . . . . 222Full or partial mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Configuring the mesh VPN topology . . . . . . . . . . . . . . . . . . . . . 227Hub-and-spoke with hub redundancy/load sharing . . . . . . . . . . . . . . . 238Configuring the VPN hub redundancy/load sharing topologies . . . . . . 239Full solution: hub-and-spoke with VPN for data and VoIP control backup . . 245Configuring hub-and-spoke with VPN for data and VoIP control backup . 24612 Administration of the Avaya G350 Media Gateway

ContentsChapter 18: Configuring policy . . . . . . . . . . . . . . . . . . . . . . . 253Policy overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Access control lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254QoS lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254Policy-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Managing policy lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Defining policy lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Creating and editing a policy list . . . . . . . . . . . . . . . . . . . . . . . . . 256Defining list identification attributes . . . . . . . . . . . . . . . . . . . . . . . 257Default actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Deleting a policy list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Attaching policy lists to an interface . . . . . . . . . . . . . . . . . . . . . . . . . 258Device-wide policy lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260Defining global rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260Defining rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261Overview of rule criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261Editing and creating rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Rule criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262IP protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Source and destination IP address . . . . . . . . . . . . . . . . . . . . . . 263Source and destination port range . . . . . . . . . . . . . . . . . . . . . . 264ICMP type and code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265TCP Establish bit (access control lists only) . . . . . . . . . . . . . . . . 265Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Composite operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Overview of composite operations . . . . . . . . . . . . . . . . . . . . . . . . 266Pre-configured composite operations for access control lists. . . . . . . . . 266Pre-configured composite operations for QoS lists. . . . . . . . . . . . . . . 267Configuring composite operations . . . . . . . . . . . . . . . . . . . . . . . . 268Composite operation example . . . . . . . . . . . . . . . . . . . . . . . . . . 269DSCP table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269Displaying and testing policy lists . . . . . . . . . . . . . . . . . . . . . . . . . . 270Displaying policy lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270Simulating packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272Issue 3 January 2005 13

Page 1 and 2: Administration of theAvaya G350 Med

Page 3 and 4: Electromagnetic Compatibility (EMC)

Page 5: ContentsAbout this Book . . . . . .

Page 8 and 9: ContentsConfiguring PPP . . . . . .

Page 10 and 11: ContentsPort classification . . . .

Page 14 and 15: ContentsChapter 19: Configuring pol

Page 16 and 17: Contents16 Administration of the Av

Page 18 and 19: About this Book4. Scroll down to fi

Page 20 and 21: About this BookSending us commentsA

Page 22 and 23: Introduction●●●●●●●

Page 24 and 25: Configuration overviewIf you intend

Page 26 and 27: Configuration overviewSaving config

Page 28 and 29: Accessing the Avaya G350 Media Gate











Page 50 and 51: Basic device configurationConfiguri

Page 52 and 53: Basic device configurationThe Media

Page 54 and 55: Basic device configurationSetting r

Page 56 and 57: Basic device configuration●●●

Page 58 and 59: Basic device configurationEach firm

Page 60 and 61: Basic device configurationThe follo

Page 62 and 63: Configuring Ethernet portsConfiguri

Page 64 and 65: Configuring Ethernet portsWAN Ether

Page 66 and 67: Configuring loggingSyslog serverA S

Page 68 and 69: Configuring loggingFilters and seve

Page 70 and 71: Configuring loggingTable 5: Logging

Page 72 and 73: Configuring VoIP QoSConfiguring RTP

Page 74 and 75: Configuring VoIP QoSConfiguring QoS

Page 76 and 77: Configuring VoIP QoSConfiguring Wei

Page 78 and 79: Configuring the G350 for modem useN

Page 80 and 81: Configuring the G350 for modem use8

Page 82 and 83: Configuring a WAN Interface●●

Page 84 and 85: Configuring a WAN InterfaceFigure 3

Page 86 and 87: Configuring a WAN Interface3. Use t

Page 88 and 89: Configuring a WAN InterfaceE1/T1 de

Page 90 and 91: Configuring a WAN InterfaceUSP defa


Page 94 and 95: Configuring a WAN Interfacetrying t

Page 96 and 97: Configuring a WAN Interface8. Use t

Page 98 and 99: Configuring a WAN InterfaceConfigur


Page 102 and 103: Configuring a WAN InterfaceNote:Not

Page 104 and 105: Configuring a WAN InterfaceIf one o

Page 106 and 107: Configuring a WAN InterfacePPP VoIP

Page 108 and 109: Configuring a WAN Interface● VLAN

Page 110 and 111: Configuring a WAN Interface110 Admi

Page 112 and 113: Configuring PoELoad detectionThe MM

Page 114 and 115: Configuring PoEPoE configuration CL

Page 116 and 117: Configuring PoE116 Administration o

Page 118 and 119: Configuring Emergency Transfer Rela

Page 120 and 121: Configuring SNMPThere are several w

Page 122 and 123: Configuring SNMPUsersSNMPv3 uses th

Page 124 and 125: Configuring SNMPGroup NameSecurityM

Page 126 and 127: Configuring SNMP- notification type

Page 128 and 129: Configuring SNMPConfiguring dynamic

Page 130 and 131: Configuring SNMPThe following examp

Page 132 and 133: Configuring advanced switchingVLAN

Page 134 and 135: Configuring advanced switchingMulti

Page 136 and 137: Configuring advanced switching●

Page 138 and 139: Configuring advanced switchingRelia

Page 140 and 141: Configuring advanced switchingSwitc

Page 142 and 143: Configuring advanced switchingPort

Page 144 and 145: Configuring advanced switchingThe S

Page 146 and 147: Configuring advanced switching●Po

Page 148 and 149: Configuring advanced switchingThe f

Page 150 and 151: Configuring advanced switchingPort

Page 152 and 153: Configuring contact closureContact

Page 154 and 155: Configuring contact closure154 Admi

Page 156 and 157: Configuring RMON monitoringRMON CLI

Page 158 and 159: Configuring RMON monitoring158 Admi

Page 160 and 161: Configuring the routerOverview of t

Page 162 and 163: Configuring the routerLayer 2 logic

Page 164 and 165: Configuring the routerStatic routes

Page 166 and 167: Configuring the routerRouting table

Page 168 and 169: Configuring the routerRouting packe

Page 170 and 171: Configuring the routerThe following

Page 172 and 173: Configuring the routerDynamic MTU d

Page 174 and 175: Configuring the routerAdditional GR

Page 176 and 177: Configuring the routerYou can use t

Page 178 and 179: Configuring the routerDHCP/BOOTP re

Page 180 and 181: Configuring the routerApplication

Page 182 and 183: Configuring the routerNote:Note:If

Page 184 and 185: Configuring the routerG350-001(supe

Page 186 and 187: Configuring the routerDirected broa

Page 188 and 189: Configuring the routerDynamic ARP t

Page 190 and 191: Configuring the routerConfiguring I

Page 192 and 193: Configuring the routerPoison-revers

Page 194 and 195: Configuring the router●●●●U

Page 196 and 197: Configuring the routerOSPF commands

Page 198 and 199: Configuring the routerand what metr

Page 200 and 201: Configuring the router●●●●

Page 202 and 203: Configuring the routerReassembly pa

Page 204 and 205: Configuring IPSec VPNConfiguring a

Page 206 and 207: Configuring IPSec VPNConfiguring IP

Page 208 and 209: Configuring IPSec VPNPrerequisite -

Page 210 and 211: Configuring IPSec VPN●hash: the h

Page 212 and 213: Configuring IPSec VPNTo configure p

Page 214 and 215: Configuring IPSec VPN3. Exit crypto

Page 216 and 217: Configuring IPSec VPN9. Exit crypto

Page 218 and 219: Configuring IPSec VPNIPSec VPN main

Page 220 and 221: Configuring IPSec VPN2. Use the set

Page 222 and 223: Configuring IPSec VPNConfiguring th

Page 224 and 225: Configuring IPSec VPNip-rule 30sour

Page 226 and 227: Configuring IPSec VPNFull or partia

Page 228 and 229: Configuring IPSec VPN2. Configure b

Page 230 and 231: Configuring IPSec VPNip-rule 4sourc


Page 234 and 235: Configuring IPSec VPN2. Configure B


Page 238 and 239: Configuring IPSec VPNInterface vlan

Page 240 and 241: Configuring IPSec VPN3. Allowed ICM

Page 242 and 243: Configuring IPSec VPNip access-cont


Page 246 and 247: Configuring IPSec VPNFigure 21: Ful

Page 248 and 249: Configuring IPSec VPNConfiguration


Page 252 and 253: Configuring IPSec VPN252 Administra

Page 254 and 255: Configuring policyAccess control li

Page 256 and 257: Configuring policyDefining policy l

Page 258 and 259: Configuring policyAttaching policy

Page 260 and 261: Configuring policyDevice-wide polic

Page 262 and 263: Configuring policyEditing and creat

Page 264 and 265: Configuring policySource and destin

Page 266 and 267: Configuring policyComposite operati

Page 268 and 269: Configuring policy●●●CoS —

Page 270 and 271: Configuring policyThe following com

Page 272 and 273: Configuring policySimulating packet

Page 274 and 275: Configuring policy-based routingPol

Page 276 and 277: Configuring policy-based routingCon

Page 278 and 279: Configuring policy-based routing●

Page 280 and 281: Configuring policy-based routingMod

Page 282 and 283: Configuring policy-based routingEdi

Page 284 and 285: Configuring policy-based routingIn

Page 286 and 287: Configuring policy-based routingThe

Page 288 and 289: Setting synchronizationIf, for any

Page 290 and 291: FIPSFigure 26: Image of the cryptog

Page 292 and 293: FIPSSupported algorithmsThe cryptog

Page 294 and 295: FIPSSecurity levelThe cryptographic

Page 296 and 297: FIPSTable 14: Roles and required id

Page 298 and 299: FIPSTable 15: Critical security par

Page 300 and 301: FIPSCSP access rights within roles

Page 302 and 303: FIPSTable 18 shows Role and Service

Page 304 and 305: FIPSTable 18: Role and service acce

Page 306 and 307: FIPSPassword guidelinesBelow are ge

Page 308 and 309: FIPS2. Define the PMI (Primary Mana

Page 310 and 311: FIPS10. Physically disconnect all n

Page 312 and 313: FIPS18. To configure all interfaces

Page 314 and 315: FIPS●Use the snmp-server user use

Page 316 and 317: FIPS●●TFTPSNMPExample:G350-001(

Page 318 and 319: FIPSG350-N(super)# ip crypto-list 9

Page 320 and 321: FIPSError statesTable 19 describes

Page 322 and 323: FIPSConsiderationsThe following rul

Page 324 and 325: Traps and MIBsNameParameters(MIB va




Page 332 and 333: Traps and MIBsMIB FileIP-FORWARD-MI

Page 334 and 335: Traps and MIBsObjectOIDgenOpResetSu

Page 336 and 337: Traps and MIBsThe following table p

Page 338 and 339: Traps and MIBsObject OIDipCidrRoute

Page 340 and 341: Traps and MIBsObject OIDgenMemUtili

Page 342 and 343: Traps and MIBsObject OIDdsx1Circuit


Page 346 and 347: Traps and MIBsObject OIDipOutDiscar

Page 348 and 349: Traps and MIBsObject OIDsnmpOutBadV


Page 352 and 353: Traps and MIBsObject OIDdistributio

Page 354 and 355: Traps and MIBsObject OIDrs232SyncPo

Page 356 and 357: Traps and MIBsObject OIDifInUnknown

Page 358 and 359: Traps and MIBsObject OIDdsx1Fdl 1.3


Page 362 and 363: Traps and MIBsObject OIDipPolicyCon

Page 364 and 365: Traps and MIBsObject OIDipPolicyCom


Page 368 and 369: Traps and MIBsObject OIDchGroupList

Page 370 and 371: Traps and MIBsObject OIDgenGroupLog

Page 372 and 373: Traps and MIBsObject OIDcmgModuleSe

Page 374 and 375: Traps and MIBsObject OIDcmgVoipLoca

Page 376 and 377: Traps and MIBsObject OIDfrCircuitDl

Page 378 and 379: Traps and MIBsObject OIDipAdEntIfIn

Page 380 and 381: Traps and MIBsObject OIDpppLinkStat

Page 382 and 383: Traps and MIBsObject OIDifTableXtnd


Page 386 and 387: Traps and MIBsObject OIDospfIfAuthT

Page 388 and 389: Traps and MIBs388 Administration of

Page 390 and 391: Configuring the G350 using the Avay



















Page 428 and 429: Configuring the G350 using the GIW2






Page 440 and 441: IndexCommands, (continued)autoneg .

Page 442 and 443: IndexCommands, (continued)show-rule

Page 444 and 445: IndexHHello packets . . . . . . . .

Page 446 and 447: IndexPolicy-based routingapplicatio

Page 448 and 449: Indexset vlan . . . . . . . . . . .

Page 450: Index450 Administration of the Avay

avaya

interface

gateway

configure

configuring

configuration

administration

january

vlan

commands

Administration of the Avaya G350 Media Gateway - Avaya Support

Administration of the Avaya G350 Media Gateway - Avaya Support ... View more Administration of the Avaya G350 Media Gateway - Avaya Support

Delete template?

Save as template ?

Administration of the Avaya G350 Media Gateway - Avaya Support Administration of the Avaya G350 Media Gateway - Avaya Support