Administration of the Avaya G350 Media Gateway - Avaya Support

More documents

Recommendations

Info

Configuring IPSec VPN●hash: the hash (authentication) algorithm for the ISAKMP policy: sha or md5(default: md5)● group: the Diffie-Hellman group for the ISAKMP policy: 1 or 2 (default: 1)●●authentication: the authentication of the ISAKMP policy pre-shared secret:pre-sharelifetime: the lifetime of the ISAKMP SA, in secondsG350-001(config-isakmp:1)# description "lincroft ike"Done!G350-001(config-isakmp:1)# encryption desDone!G350-001(config-isakmp:1)# hash md5Done!G350-001(config-isakmp:1)# group 1Done!G350-001(super-isakmp:1)# authentication pre-shareDone!G350-001(config-isakmp:1)# lifetime 60000Done!3. Exit the ISAKMP policy context using the exit CLI command.G350-001(config-isakmp:1)# exitG350-001#Configuring transform-setsA transform-set defines the IKE phase 2 parameters. It specifies the encryption andauthentication algorithms to be used for, sets a security association lifetime, and specifieswhether PFS is enabled and which DH group it uses.Note:Note: You can define up to 20 transform-sets.To configure a transform-set:1. Enter transform-set context and create a new transform-set by using the crypto ipsectransform-set CLI command. The command variables include:●●●The name of the transform-setThe encryption algorithm used by the transform-set: esp-des, esp-3des, esp-aes oresp-null (no encryption)The authentication algorithm used by the transform-set: esp-md5-hmac oresp-sha-hmac.210 Administration of the Avaya G350 Media Gateway
Configuring a site-to-site IPSec VPNImportant:! Important:You must define at least one transform-set.G350-001# crypto ipsec transform-set ts1 esp-3des esp-md5-hmacG350-001(config-transform:ts1)#2. Configure the following transform-set parameters:●●●set pfs: specifies whether each IKE phase 2 negotiation will employ PFS (PerfectForward Secrecy), and if yes – which Diffie-Hellman group to employ. PFS ensures thateven if someone were to discover the long-term secret(s), the attacker would not be ableto recover the session keys, both past and present. In addition, the discovery of asession key compromises neither the long-term secrets nor the other session keys. Thedefault setting is no set pfs.set security-association lifetime seconds: the security association lifetimein seconds using the CLI commandset security-association lifetime kilobytes: the security associationlifetime in kilobytesG350-001001(config-transform:ts1ts1)# set pfs group2Done!G350-001(config-transform:ts1)# set security-association lifetime seconds7200Done!G350-001(config-transform:ts1)# set security-association lifetimekilobytes 2684354563. Exit the crypto transform-set context using the exit CLI command.G350-001(config-transform:ts1)# exitG350-001#Configuring ISAKMP peer informationISAKMP peer information defines the remote peer identification, the pre-shared key used forpeer authentication, and the ISAKMP policy to be used for IKE phase 1 negotiations betweenthe peers.Important:Note:! Important:It is mandatory to define at least one ISAKMP peer.Note:You can define up to 50 ISAKMP peers.Issue 3 January 2005 211
Page 1 and 2:
Administration of theAvaya G350 Med
Page 3 and 4:
Electromagnetic Compatibility (EMC)
Page 5:
ContentsAbout this Book . . . . . .
Page 8 and 9:
ContentsConfiguring PPP . . . . . .
Page 10 and 11:
ContentsPort classification . . . .
Page 12 and 13:
ContentsConfiguring VRRP . . . . .
Page 14 and 15:
ContentsChapter 19: Configuring pol
Page 16 and 17:
Contents16 Administration of the Av
Page 18 and 19:
About this Book4. Scroll down to fi
Page 20 and 21:
About this BookSending us commentsA
Page 22 and 23:
Introduction●●●●●●●
Page 24 and 25:
Configuration overviewIf you intend
Page 26 and 27:
Configuration overviewSaving config
Page 28 and 29:
Accessing the Avaya G350 Media Gate
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Basic device configurationConfiguri
Page 52 and 53:
Basic device configurationThe Media
Page 54 and 55:
Basic device configurationSetting r
Page 56 and 57:
Basic device configuration●●●
Page 58 and 59:
Basic device configurationEach firm
Page 60 and 61:
Basic device configurationThe follo
Page 62 and 63:
Configuring Ethernet portsConfiguri
Page 64 and 65:
Configuring Ethernet portsWAN Ether
Page 66 and 67:
Configuring loggingSyslog serverA S
Page 68 and 69:
Configuring loggingFilters and seve
Page 70 and 71:
Configuring loggingTable 5: Logging
Page 72 and 73:
Configuring VoIP QoSConfiguring RTP
Page 74 and 75:
Configuring VoIP QoSConfiguring QoS
Page 76 and 77:
Configuring VoIP QoSConfiguring Wei
Page 78 and 79:
Configuring the G350 for modem useN
Page 80 and 81:
Configuring the G350 for modem use8
Page 82 and 83:
Configuring a WAN Interface●●
Page 84 and 85:
Configuring a WAN InterfaceFigure 3
Page 86 and 87:
Configuring a WAN Interface3. Use t
Page 88 and 89:
Configuring a WAN InterfaceE1/T1 de
Page 90 and 91:
Configuring a WAN InterfaceUSP defa
Page 92 and 93:
Page 94 and 95:
Configuring a WAN Interfacetrying t
Page 96 and 97:
Configuring a WAN Interface8. Use t
Page 98 and 99:
Configuring a WAN InterfaceConfigur
Page 100 and 101:
Page 102 and 103:
Configuring a WAN InterfaceNote:Not
Page 104 and 105:
Configuring a WAN InterfaceIf one o
Page 106 and 107:
Configuring a WAN InterfacePPP VoIP
Page 108 and 109:
Configuring a WAN Interface● VLAN
Page 110 and 111:
Configuring a WAN Interface110 Admi
Page 112 and 113:
Configuring PoELoad detectionThe MM
Page 114 and 115:
Configuring PoEPoE configuration CL
Page 116 and 117:
Configuring PoE116 Administration o
Page 118 and 119:
Configuring Emergency Transfer Rela
Page 120 and 121:
Configuring SNMPThere are several w
Page 122 and 123:
Configuring SNMPUsersSNMPv3 uses th
Page 124 and 125:
Configuring SNMPGroup NameSecurityM
Page 126 and 127:
Configuring SNMP- notification type
Page 128 and 129:
Configuring SNMPConfiguring dynamic
Page 130 and 131:
Configuring SNMPThe following examp
Page 132 and 133:
Configuring advanced switchingVLAN
Page 134 and 135:
Configuring advanced switchingMulti
Page 136 and 137:
Configuring advanced switching●
Page 138 and 139:
Configuring advanced switchingRelia
Page 140 and 141:
Configuring advanced switchingSwitc
Page 142 and 143:
Configuring advanced switchingPort
Page 144 and 145:
Configuring advanced switchingThe S
Page 146 and 147:
Configuring advanced switching●Po
Page 148 and 149:
Configuring advanced switchingThe f
Page 150 and 151:
Configuring advanced switchingPort
Page 152 and 153:
Configuring contact closureContact
Page 154 and 155:
Configuring contact closure154 Admi
Page 156 and 157:
Configuring RMON monitoringRMON CLI
Page 158 and 159:
Configuring RMON monitoring158 Admi
Page 160 and 161: Configuring the routerOverview of t
Page 162 and 163: Configuring the routerLayer 2 logic
Page 164 and 165: Configuring the routerStatic routes
Page 166 and 167: Configuring the routerRouting table
Page 168 and 169: Configuring the routerRouting packe
Page 170 and 171: Configuring the routerThe following
Page 172 and 173: Configuring the routerDynamic MTU d
Page 174 and 175: Configuring the routerAdditional GR
Page 176 and 177: Configuring the routerYou can use t
Page 178 and 179: Configuring the routerDHCP/BOOTP re
Page 180 and 181: Configuring the routerApplication
Page 182 and 183: Configuring the routerNote:Note:If
Page 184 and 185: Configuring the routerG350-001(supe
Page 186 and 187: Configuring the routerDirected broa
Page 188 and 189: Configuring the routerDynamic ARP t
Page 190 and 191: Configuring the routerConfiguring I
Page 192 and 193: Configuring the routerPoison-revers
Page 194 and 195: Configuring the router●●●●U
Page 196 and 197: Configuring the routerOSPF commands
Page 198 and 199: Configuring the routerand what metr
Page 200 and 201: Configuring the router●●●●
Page 202 and 203: Configuring the routerReassembly pa
Page 204 and 205: Configuring IPSec VPNConfiguring a
Page 206 and 207: Configuring IPSec VPNConfiguring IP
Page 208 and 209: Configuring IPSec VPNPrerequisite -
Page 212 and 213: Configuring IPSec VPNTo configure p
Page 214 and 215: Configuring IPSec VPN3. Exit crypto
Page 216 and 217: Configuring IPSec VPN9. Exit crypto
Page 218 and 219: Configuring IPSec VPNIPSec VPN main
Page 220 and 221: Configuring IPSec VPN2. Use the set
Page 222 and 223: Configuring IPSec VPNConfiguring th
Page 224 and 225: Configuring IPSec VPNip-rule 30sour
Page 226 and 227: Configuring IPSec VPNFull or partia
Page 228 and 229: Configuring IPSec VPN2. Configure b
Page 230 and 231: Configuring IPSec VPNip-rule 4sourc
Page 234 and 235: Configuring IPSec VPN2. Configure B
Page 238 and 239: Configuring IPSec VPNInterface vlan
Page 240 and 241: Configuring IPSec VPN3. Allowed ICM
Page 242 and 243: Configuring IPSec VPNip access-cont
Page 246 and 247: Configuring IPSec VPNFigure 21: Ful
Page 248 and 249: Configuring IPSec VPNConfiguration
Page 252 and 253: Configuring IPSec VPN252 Administra
Page 254 and 255: Configuring policyAccess control li
Page 256 and 257: Configuring policyDefining policy l
Page 258 and 259: Configuring policyAttaching policy
Page 260 and 261:
Configuring policyDevice-wide polic
Page 262 and 263:
Configuring policyEditing and creat
Page 264 and 265:
Configuring policySource and destin
Page 266 and 267:
Configuring policyComposite operati
Page 268 and 269:
Configuring policy●●●CoS —
Page 270 and 271:
Configuring policyThe following com
Page 272 and 273:
Configuring policySimulating packet
Page 274 and 275:
Configuring policy-based routingPol
Page 276 and 277:
Configuring policy-based routingCon
Page 278 and 279:
Configuring policy-based routing●
Page 280 and 281:
Configuring policy-based routingMod
Page 282 and 283:
Configuring policy-based routingEdi
Page 284 and 285:
Configuring policy-based routingIn
Page 286 and 287:
Configuring policy-based routingThe
Page 288 and 289:
Setting synchronizationIf, for any
Page 290 and 291:
FIPSFigure 26: Image of the cryptog
Page 292 and 293:
FIPSSupported algorithmsThe cryptog
Page 294 and 295:
FIPSSecurity levelThe cryptographic
Page 296 and 297:
FIPSTable 14: Roles and required id
Page 298 and 299:
FIPSTable 15: Critical security par
Page 300 and 301:
FIPSCSP access rights within roles
Page 302 and 303:
FIPSTable 18 shows Role and Service
Page 304 and 305:
FIPSTable 18: Role and service acce
Page 306 and 307:
FIPSPassword guidelinesBelow are ge
Page 308 and 309:
FIPS2. Define the PMI (Primary Mana
Page 310 and 311:
FIPS10. Physically disconnect all n
Page 312 and 313:
FIPS18. To configure all interfaces
Page 314 and 315:
FIPS●Use the snmp-server user use
Page 316 and 317:
FIPS●●TFTPSNMPExample:G350-001(
Page 318 and 319:
FIPSG350-N(super)# ip crypto-list 9
Page 320 and 321:
FIPSError statesTable 19 describes
Page 322 and 323:
FIPSConsiderationsThe following rul
Page 324 and 325:
Traps and MIBsNameParameters(MIB va
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Traps and MIBsMIB FileIP-FORWARD-MI
Page 334 and 335:
Traps and MIBsObjectOIDgenOpResetSu
Page 336 and 337:
Traps and MIBsThe following table p
Page 338 and 339:
Traps and MIBsObject OIDipCidrRoute
Page 340 and 341:
Traps and MIBsObject OIDgenMemUtili
Page 342 and 343:
Traps and MIBsObject OIDdsx1Circuit
Page 344 and 345:
Page 346 and 347:
Traps and MIBsObject OIDipOutDiscar
Page 348 and 349:
Traps and MIBsObject OIDsnmpOutBadV
Page 350 and 351:
Page 352 and 353:
Traps and MIBsObject OIDdistributio
Page 354 and 355:
Traps and MIBsObject OIDrs232SyncPo
Page 356 and 357:
Traps and MIBsObject OIDifInUnknown
Page 358 and 359:
Traps and MIBsObject OIDdsx1Fdl 1.3
Page 360 and 361:
Page 362 and 363:
Traps and MIBsObject OIDipPolicyCon
Page 364 and 365:
Traps and MIBsObject OIDipPolicyCom
Page 366 and 367:
Page 368 and 369:
Traps and MIBsObject OIDchGroupList
Page 370 and 371:
Traps and MIBsObject OIDgenGroupLog
Page 372 and 373:
Traps and MIBsObject OIDcmgModuleSe
Page 374 and 375:
Traps and MIBsObject OIDcmgVoipLoca
Page 376 and 377:
Traps and MIBsObject OIDfrCircuitDl
Page 378 and 379:
Traps and MIBsObject OIDipAdEntIfIn
Page 380 and 381:
Traps and MIBsObject OIDpppLinkStat
Page 382 and 383:
Traps and MIBsObject OIDifTableXtnd
Page 384 and 385:
Page 386 and 387:
Traps and MIBsObject OIDospfIfAuthT
Page 388 and 389:
Traps and MIBs388 Administration of
Page 390 and 391:
Configuring the G350 using the Avay
Page 392 and 393:
Page 394 and 395:
Page 396 and 397:
Page 398 and 399:
Page 400 and 401:
Page 402 and 403:
Page 404 and 405:
Page 406 and 407:
Page 408 and 409:
Page 410 and 411:
Page 412 and 413:
Page 414 and 415:
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Configuring the G350 using the GIW2
Page 430 and 431:
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
IndexCommands, (continued)autoneg .
Page 442 and 443:
IndexCommands, (continued)show-rule
Page 444 and 445:
IndexHHello packets . . . . . . . .
Page 446 and 447:
IndexPolicy-based routingapplicatio
Page 448 and 449:
Indexset vlan . . . . . . . . . . .
Page 450:
Index450 Administration of the Avay
show all

Administration of the Avaya G350 Media Gateway - Avaya Support

Create successful ePaper yourself

Delete template?

Save as template?