Administration of the Avaya G350 Media Gateway - Avaya Support

13.07.2015 Views
ContentsChapter 19: Configuring policy-based routing . . . . . . . . . . . . . . 273Policy-based routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Separate routing of voice and data traffic . . . . . . . . . . . . . . . . . . . . 274Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275Configuring Policy-Based Routing . . . . . . . . . . . . . . . . . . . . . . . . . . 276PBR Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279Overview of rule criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279Modifying rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Rule criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Next Hop Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Next hop list overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Modifying next hop lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Editing and Deleting PBR lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282Displaying PBR lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282Application example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Chapter 20: Setting synchronization . . . . . . . . . . . . . . . . . . . . 287Displaying synchronization status . . . . . . . . . . . . . . . . . . . . . . . . . . 288Chapter 21: FIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289Supported algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292Non-FIPS mode of operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Security level. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294Operational environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294Assumptions of roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294Assumptions concerning user behavior . . . . . . . . . . . . . . . . . . . . . 296Critical security parameters and private keys . . . . . . . . . . . . . . . . . . 297Public keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299CSP access rights within roles and services . . . . . . . . . . . . . . . . . . 300Security rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304Password guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306Managing the module in FIPS-compliant mode . . . . . . . . . . . . . . . . . . . 306Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30714 Administration of the Avaya G350 Media Gateway

ContentsAdministration procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307Entering FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307Failure scenarios and repair actions . . . . . . . . . . . . . . . . . . . . . . . 319Error states. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320Recovering from an error state . . . . . . . . . . . . . . . . . . . . . . . . 320Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322Appendix A: Traps and MIBs . . . . . . . . . . . . . . . . . . . . . . . . 323G350 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323G350 MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331Appendix B: Configuring the G350 using the Avaya IW . . . . . . . . . 389Preliminary screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389MGC configuration and upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . 391Upgrading an existing MGC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395Gateway configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401Firmware configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404Modem configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406Telephony configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408Trunk configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412Adding a trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414Modifying trunk parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 415Modifying IP route configuration . . . . . . . . . . . . . . . . . . . . . . . . . 416Displaying trunk status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417Removing a trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418Configuring a trunk media module . . . . . . . . . . . . . . . . . . . . . . . . 419Endpoint installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420Alarm configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421Password and final screens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423Appendix C: Configuring the G350 using the GIW . . . . . . . . . . . . 427Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439Issue 3 January 2005 15

Page 1 and 2: Administration of theAvaya G350 Med

Page 3 and 4: Electromagnetic Compatibility (EMC)

Page 5: ContentsAbout this Book . . . . . .

Page 8 and 9: ContentsConfiguring PPP . . . . . .

Page 10 and 11: ContentsPort classification . . . .

Page 12 and 13: ContentsConfiguring VRRP . . . . .

Page 16 and 17: Contents16 Administration of the Av

Page 18 and 19: About this Book4. Scroll down to fi

Page 20 and 21: About this BookSending us commentsA

Page 22 and 23: Introduction●●●●●●●

Page 24 and 25: Configuration overviewIf you intend

Page 26 and 27: Configuration overviewSaving config

Page 28 and 29: Accessing the Avaya G350 Media Gate











Page 50 and 51: Basic device configurationConfiguri

Page 52 and 53: Basic device configurationThe Media

Page 54 and 55: Basic device configurationSetting r

Page 56 and 57: Basic device configuration●●●

Page 58 and 59: Basic device configurationEach firm

Page 60 and 61: Basic device configurationThe follo

Page 62 and 63: Configuring Ethernet portsConfiguri

Page 64 and 65: Configuring Ethernet portsWAN Ether

Page 66 and 67: Configuring loggingSyslog serverA S

Page 68 and 69: Configuring loggingFilters and seve

Page 70 and 71: Configuring loggingTable 5: Logging

Page 72 and 73: Configuring VoIP QoSConfiguring RTP

Page 74 and 75: Configuring VoIP QoSConfiguring QoS

Page 76 and 77: Configuring VoIP QoSConfiguring Wei

Page 78 and 79: Configuring the G350 for modem useN

Page 80 and 81: Configuring the G350 for modem use8

Page 82 and 83: Configuring a WAN Interface●●

Page 84 and 85: Configuring a WAN InterfaceFigure 3

Page 86 and 87: Configuring a WAN Interface3. Use t

Page 88 and 89: Configuring a WAN InterfaceE1/T1 de

Page 90 and 91: Configuring a WAN InterfaceUSP defa


Page 94 and 95: Configuring a WAN Interfacetrying t

Page 96 and 97: Configuring a WAN Interface8. Use t

Page 98 and 99: Configuring a WAN InterfaceConfigur


Page 102 and 103: Configuring a WAN InterfaceNote:Not

Page 104 and 105: Configuring a WAN InterfaceIf one o

Page 106 and 107: Configuring a WAN InterfacePPP VoIP

Page 108 and 109: Configuring a WAN Interface● VLAN

Page 110 and 111: Configuring a WAN Interface110 Admi

Page 112 and 113: Configuring PoELoad detectionThe MM

Page 114 and 115: Configuring PoEPoE configuration CL

Page 116 and 117: Configuring PoE116 Administration o

Page 118 and 119: Configuring Emergency Transfer Rela

Page 120 and 121: Configuring SNMPThere are several w

Page 122 and 123: Configuring SNMPUsersSNMPv3 uses th

Page 124 and 125: Configuring SNMPGroup NameSecurityM

Page 126 and 127: Configuring SNMP- notification type

Page 128 and 129: Configuring SNMPConfiguring dynamic

Page 130 and 131: Configuring SNMPThe following examp

Page 132 and 133: Configuring advanced switchingVLAN

Page 134 and 135: Configuring advanced switchingMulti

Page 136 and 137: Configuring advanced switching●

Page 138 and 139: Configuring advanced switchingRelia

Page 140 and 141: Configuring advanced switchingSwitc

Page 142 and 143: Configuring advanced switchingPort

Page 144 and 145: Configuring advanced switchingThe S

Page 146 and 147: Configuring advanced switching●Po

Page 148 and 149: Configuring advanced switchingThe f

Page 150 and 151: Configuring advanced switchingPort

Page 152 and 153: Configuring contact closureContact

Page 154 and 155: Configuring contact closure154 Admi

Page 156 and 157: Configuring RMON monitoringRMON CLI

Page 158 and 159: Configuring RMON monitoring158 Admi

Page 160 and 161: Configuring the routerOverview of t

Page 162 and 163: Configuring the routerLayer 2 logic

Page 164 and 165: Configuring the routerStatic routes

Page 166 and 167: Configuring the routerRouting table

Page 168 and 169: Configuring the routerRouting packe

Page 170 and 171: Configuring the routerThe following

Page 172 and 173: Configuring the routerDynamic MTU d

Page 174 and 175: Configuring the routerAdditional GR

Page 176 and 177: Configuring the routerYou can use t

Page 178 and 179: Configuring the routerDHCP/BOOTP re

Page 180 and 181: Configuring the routerApplication

Page 182 and 183: Configuring the routerNote:Note:If

Page 184 and 185: Configuring the routerG350-001(supe

Page 186 and 187: Configuring the routerDirected broa

Page 188 and 189: Configuring the routerDynamic ARP t

Page 190 and 191: Configuring the routerConfiguring I

Page 192 and 193: Configuring the routerPoison-revers

Page 194 and 195: Configuring the router●●●●U

Page 196 and 197: Configuring the routerOSPF commands

Page 198 and 199: Configuring the routerand what metr

Page 200 and 201: Configuring the router●●●●

Page 202 and 203: Configuring the routerReassembly pa

Page 204 and 205: Configuring IPSec VPNConfiguring a

Page 206 and 207: Configuring IPSec VPNConfiguring IP

Page 208 and 209: Configuring IPSec VPNPrerequisite -

Page 210 and 211: Configuring IPSec VPN●hash: the h

Page 212 and 213: Configuring IPSec VPNTo configure p

Page 214 and 215: Configuring IPSec VPN3. Exit crypto

Page 216 and 217: Configuring IPSec VPN9. Exit crypto

Page 218 and 219: Configuring IPSec VPNIPSec VPN main

Page 220 and 221: Configuring IPSec VPN2. Use the set

Page 222 and 223: Configuring IPSec VPNConfiguring th

Page 224 and 225: Configuring IPSec VPNip-rule 30sour

Page 226 and 227: Configuring IPSec VPNFull or partia

Page 228 and 229: Configuring IPSec VPN2. Configure b

Page 230 and 231: Configuring IPSec VPNip-rule 4sourc


Page 234 and 235: Configuring IPSec VPN2. Configure B


Page 238 and 239: Configuring IPSec VPNInterface vlan

Page 240 and 241: Configuring IPSec VPN3. Allowed ICM

Page 242 and 243: Configuring IPSec VPNip access-cont


Page 246 and 247: Configuring IPSec VPNFigure 21: Ful

Page 248 and 249: Configuring IPSec VPNConfiguration


Page 252 and 253: Configuring IPSec VPN252 Administra

Page 254 and 255: Configuring policyAccess control li

Page 256 and 257: Configuring policyDefining policy l

Page 258 and 259: Configuring policyAttaching policy

Page 260 and 261: Configuring policyDevice-wide polic

Page 262 and 263: Configuring policyEditing and creat

Page 264 and 265: Configuring policySource and destin

Page 266 and 267: Configuring policyComposite operati

Page 268 and 269: Configuring policy●●●CoS —

Page 270 and 271: Configuring policyThe following com

Page 272 and 273: Configuring policySimulating packet

Page 274 and 275: Configuring policy-based routingPol

Page 276 and 277: Configuring policy-based routingCon

Page 278 and 279: Configuring policy-based routing●

Page 280 and 281: Configuring policy-based routingMod

Page 282 and 283: Configuring policy-based routingEdi

Page 284 and 285: Configuring policy-based routingIn

Page 286 and 287: Configuring policy-based routingThe

Page 288 and 289: Setting synchronizationIf, for any

Page 290 and 291: FIPSFigure 26: Image of the cryptog

Page 292 and 293: FIPSSupported algorithmsThe cryptog

Page 294 and 295: FIPSSecurity levelThe cryptographic

Page 296 and 297: FIPSTable 14: Roles and required id

Page 298 and 299: FIPSTable 15: Critical security par

Page 300 and 301: FIPSCSP access rights within roles

Page 302 and 303: FIPSTable 18 shows Role and Service

Page 304 and 305: FIPSTable 18: Role and service acce

Page 306 and 307: FIPSPassword guidelinesBelow are ge

Page 308 and 309: FIPS2. Define the PMI (Primary Mana

Page 310 and 311: FIPS10. Physically disconnect all n

Page 312 and 313: FIPS18. To configure all interfaces

Page 314 and 315: FIPS●Use the snmp-server user use

Page 316 and 317: FIPS●●TFTPSNMPExample:G350-001(

Page 318 and 319: FIPSG350-N(super)# ip crypto-list 9

Page 320 and 321: FIPSError statesTable 19 describes

Page 322 and 323: FIPSConsiderationsThe following rul

Page 324 and 325: Traps and MIBsNameParameters(MIB va




Page 332 and 333: Traps and MIBsMIB FileIP-FORWARD-MI

Page 334 and 335: Traps and MIBsObjectOIDgenOpResetSu

Page 336 and 337: Traps and MIBsThe following table p

Page 338 and 339: Traps and MIBsObject OIDipCidrRoute

Page 340 and 341: Traps and MIBsObject OIDgenMemUtili

Page 342 and 343: Traps and MIBsObject OIDdsx1Circuit


Page 346 and 347: Traps and MIBsObject OIDipOutDiscar

Page 348 and 349: Traps and MIBsObject OIDsnmpOutBadV


Page 352 and 353: Traps and MIBsObject OIDdistributio

Page 354 and 355: Traps and MIBsObject OIDrs232SyncPo

Page 356 and 357: Traps and MIBsObject OIDifInUnknown

Page 358 and 359: Traps and MIBsObject OIDdsx1Fdl 1.3


Page 362 and 363: Traps and MIBsObject OIDipPolicyCon

Page 364 and 365: Traps and MIBsObject OIDipPolicyCom


Page 368 and 369: Traps and MIBsObject OIDchGroupList

Page 370 and 371: Traps and MIBsObject OIDgenGroupLog

Page 372 and 373: Traps and MIBsObject OIDcmgModuleSe

Page 374 and 375: Traps and MIBsObject OIDcmgVoipLoca

Page 376 and 377: Traps and MIBsObject OIDfrCircuitDl

Page 378 and 379: Traps and MIBsObject OIDipAdEntIfIn

Page 380 and 381: Traps and MIBsObject OIDpppLinkStat

Page 382 and 383: Traps and MIBsObject OIDifTableXtnd


Page 386 and 387: Traps and MIBsObject OIDospfIfAuthT

Page 388 and 389: Traps and MIBs388 Administration of

Page 390 and 391: Configuring the G350 using the Avay



















Page 428 and 429: Configuring the G350 using the GIW2






Page 440 and 441: IndexCommands, (continued)autoneg .

Page 442 and 443: IndexCommands, (continued)show-rule

Page 444 and 445: IndexHHello packets . . . . . . . .

Page 446 and 447: IndexPolicy-based routingapplicatio

Page 448 and 449: Indexset vlan . . . . . . . . . . .

Page 450: Index450 Administration of the Avay

avaya

interface

gateway

configure

configuring

configuration

administration

january

vlan

commands

Administration of the Avaya G350 Media Gateway - Avaya Support

Administration of the Avaya G350 Media Gateway - Avaya Support ... View more Administration of the Avaya G350 Media Gateway - Avaya Support

Delete template?

Save as template ?

Administration of the Avaya G350 Media Gateway - Avaya Support Administration of the Avaya G350 Media Gateway - Avaya Support