Administration of the Avaya G350 Media Gateway - Avaya Support

More documents

Recommendations

Info

Configuring IPSec VPN2. Configure branch office 2 as follows:●●The default gateway is the Internet interface.VPN policy is configured on the Internet interface egress as follows:●●Traffic from the local subnets to the First Spoke subnets -> encrypt, using tunnel modeIPSec, with the remote peer being the First Spoke.Traffic from the local subnets to anyone -> encrypt, using tunnel mode IPSec,with the remote peer being the Main Office (VPN hub)● ACL is configured on the Internet interface to allow only the VPN / ICMP traffic, asfollows:Ingress:1. IKE from Main Office IP to Branch IP -> Permit2. ESP from Main Office IP to Branch IP -> Permit3. IKE from First Branch IP to Branch IP -> Permit4. ESP from First Branch IP to Branch IP -> Permit5. ICMP from anyone to local tunnel endpoint -> PermitNote: This allows PMTUD application to work.6. All allowed services from anyone to any local subnet -> PermitNote: Due to the definition of the VPN Policy, this will be allowed only if traffic comesover ESP.7. Default -> DenyEgress:1. IKE from Branch IP to Main Office IP -> Permit2. ESP from Branch IP to Main Office IP -> Permit3. IKE from Branch IP to First Branch IP -> Permit4. ESP from Branch IP to First Branch IP -> Permit5. ICMP from local tunnel endpoint to anyone -> PermitNote: This allows the PMTUD application to work.6. All allowed services from any local subnet to anyone -> PermitNote: This traffic is tunnelled using VPN.7. Default -> Deny3. Configure the VPN Hub (Main Office) as follows:● Static routing: Branch subnets -> Internet interface.●The VPN policy portion for the branch is configured as a mirror image of the branch, asfollows:Traffic from anyone to branch local subnets -> encrypt, using tunnel mode IPSec, withthe remote peer being the VPN Spoke (Branch Internet address).228 Administration of the Avaya G350 Media Gateway
Typical installationsConfiguration exampleNote:Note: The commands appearing in bold are the CLI commands that add the meshcapabilities to the simple hub-and-spokes configuration.1. Configure Branch Office 1:crypto isakmp policy 1encryption aeshash shagroup 2exitcrypto isakmp peer address pre-shared-key isakmp-policy 1exitcrypto isakmp peer address pre-shared-key isakmp-policy 1exitcrypto ipsec transform-set ts1 esp-3des esp-sha-hmacset pfs 2exitcrypto map 1set peer set transform-set ts1exitcrypto map 2set peer set transform-set ts1exitip crypto-list 901local-address ip-rule 1source-ip destination-ipprotect crypto map 2exitip-rule 2 source-ip destination-ip protect crypto map 2exitip-rule 3source-ip destination-ip protect crypto map 2exitIssue 3 January 2005 229
Page 1 and 2:
Administration of theAvaya G350 Med
Page 3 and 4:
Electromagnetic Compatibility (EMC)
Page 5:
ContentsAbout this Book . . . . . .
Page 8 and 9:
ContentsConfiguring PPP . . . . . .
Page 10 and 11:
ContentsPort classification . . . .
Page 12 and 13:
ContentsConfiguring VRRP . . . . .
Page 14 and 15:
ContentsChapter 19: Configuring pol
Page 16 and 17:
Contents16 Administration of the Av
Page 18 and 19:
About this Book4. Scroll down to fi
Page 20 and 21:
About this BookSending us commentsA
Page 22 and 23:
Introduction●●●●●●●
Page 24 and 25:
Configuration overviewIf you intend
Page 26 and 27:
Configuration overviewSaving config
Page 28 and 29:
Accessing the Avaya G350 Media Gate
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Basic device configurationConfiguri
Page 52 and 53:
Basic device configurationThe Media
Page 54 and 55:
Basic device configurationSetting r
Page 56 and 57:
Basic device configuration●●●
Page 58 and 59:
Basic device configurationEach firm
Page 60 and 61:
Basic device configurationThe follo
Page 62 and 63:
Configuring Ethernet portsConfiguri
Page 64 and 65:
Configuring Ethernet portsWAN Ether
Page 66 and 67:
Configuring loggingSyslog serverA S
Page 68 and 69:
Configuring loggingFilters and seve
Page 70 and 71:
Configuring loggingTable 5: Logging
Page 72 and 73:
Configuring VoIP QoSConfiguring RTP
Page 74 and 75:
Configuring VoIP QoSConfiguring QoS
Page 76 and 77:
Configuring VoIP QoSConfiguring Wei
Page 78 and 79:
Configuring the G350 for modem useN
Page 80 and 81:
Configuring the G350 for modem use8
Page 82 and 83:
Configuring a WAN Interface●●
Page 84 and 85:
Configuring a WAN InterfaceFigure 3
Page 86 and 87:
Configuring a WAN Interface3. Use t
Page 88 and 89:
Configuring a WAN InterfaceE1/T1 de
Page 90 and 91:
Configuring a WAN InterfaceUSP defa
Page 92 and 93:
Page 94 and 95:
Configuring a WAN Interfacetrying t
Page 96 and 97:
Configuring a WAN Interface8. Use t
Page 98 and 99:
Configuring a WAN InterfaceConfigur
Page 100 and 101:
Page 102 and 103:
Configuring a WAN InterfaceNote:Not
Page 104 and 105:
Configuring a WAN InterfaceIf one o
Page 106 and 107:
Configuring a WAN InterfacePPP VoIP
Page 108 and 109:
Configuring a WAN Interface● VLAN
Page 110 and 111:
Configuring a WAN Interface110 Admi
Page 112 and 113:
Configuring PoELoad detectionThe MM
Page 114 and 115:
Configuring PoEPoE configuration CL
Page 116 and 117:
Configuring PoE116 Administration o
Page 118 and 119:
Configuring Emergency Transfer Rela
Page 120 and 121:
Configuring SNMPThere are several w
Page 122 and 123:
Configuring SNMPUsersSNMPv3 uses th
Page 124 and 125:
Configuring SNMPGroup NameSecurityM
Page 126 and 127:
Configuring SNMP- notification type
Page 128 and 129:
Configuring SNMPConfiguring dynamic
Page 130 and 131:
Configuring SNMPThe following examp
Page 132 and 133:
Configuring advanced switchingVLAN
Page 134 and 135:
Configuring advanced switchingMulti
Page 136 and 137:
Configuring advanced switching●
Page 138 and 139:
Configuring advanced switchingRelia
Page 140 and 141:
Configuring advanced switchingSwitc
Page 142 and 143:
Configuring advanced switchingPort
Page 144 and 145:
Configuring advanced switchingThe S
Page 146 and 147:
Configuring advanced switching●Po
Page 148 and 149:
Configuring advanced switchingThe f
Page 150 and 151:
Configuring advanced switchingPort
Page 152 and 153:
Configuring contact closureContact
Page 154 and 155:
Configuring contact closure154 Admi
Page 156 and 157:
Configuring RMON monitoringRMON CLI
Page 158 and 159:
Configuring RMON monitoring158 Admi
Page 160 and 161:
Configuring the routerOverview of t
Page 162 and 163:
Configuring the routerLayer 2 logic
Page 164 and 165:
Configuring the routerStatic routes
Page 166 and 167:
Configuring the routerRouting table
Page 168 and 169:
Configuring the routerRouting packe
Page 170 and 171:
Configuring the routerThe following
Page 172 and 173:
Configuring the routerDynamic MTU d
Page 174 and 175:
Configuring the routerAdditional GR
Page 176 and 177:
Configuring the routerYou can use t
Page 178 and 179: Configuring the routerDHCP/BOOTP re
Page 180 and 181: Configuring the routerApplication
Page 182 and 183: Configuring the routerNote:Note:If
Page 184 and 185: Configuring the routerG350-001(supe
Page 186 and 187: Configuring the routerDirected broa
Page 188 and 189: Configuring the routerDynamic ARP t
Page 190 and 191: Configuring the routerConfiguring I
Page 192 and 193: Configuring the routerPoison-revers
Page 194 and 195: Configuring the router●●●●U
Page 196 and 197: Configuring the routerOSPF commands
Page 198 and 199: Configuring the routerand what metr
Page 200 and 201: Configuring the router●●●●
Page 202 and 203: Configuring the routerReassembly pa
Page 204 and 205: Configuring IPSec VPNConfiguring a
Page 206 and 207: Configuring IPSec VPNConfiguring IP
Page 208 and 209: Configuring IPSec VPNPrerequisite -
Page 210 and 211: Configuring IPSec VPN●hash: the h
Page 212 and 213: Configuring IPSec VPNTo configure p
Page 214 and 215: Configuring IPSec VPN3. Exit crypto
Page 216 and 217: Configuring IPSec VPN9. Exit crypto
Page 218 and 219: Configuring IPSec VPNIPSec VPN main
Page 220 and 221: Configuring IPSec VPN2. Use the set
Page 222 and 223: Configuring IPSec VPNConfiguring th
Page 224 and 225: Configuring IPSec VPNip-rule 30sour
Page 226 and 227: Configuring IPSec VPNFull or partia
Page 230 and 231: Configuring IPSec VPNip-rule 4sourc
Page 234 and 235: Configuring IPSec VPN2. Configure B
Page 238 and 239: Configuring IPSec VPNInterface vlan
Page 240 and 241: Configuring IPSec VPN3. Allowed ICM
Page 242 and 243: Configuring IPSec VPNip access-cont
Page 246 and 247: Configuring IPSec VPNFigure 21: Ful
Page 248 and 249: Configuring IPSec VPNConfiguration
Page 252 and 253: Configuring IPSec VPN252 Administra
Page 254 and 255: Configuring policyAccess control li
Page 256 and 257: Configuring policyDefining policy l
Page 258 and 259: Configuring policyAttaching policy
Page 260 and 261: Configuring policyDevice-wide polic
Page 262 and 263: Configuring policyEditing and creat
Page 264 and 265: Configuring policySource and destin
Page 266 and 267: Configuring policyComposite operati
Page 268 and 269: Configuring policy●●●CoS —
Page 270 and 271: Configuring policyThe following com
Page 272 and 273: Configuring policySimulating packet
Page 274 and 275: Configuring policy-based routingPol
Page 276 and 277: Configuring policy-based routingCon
Page 278 and 279:
Configuring policy-based routing●
Page 280 and 281:
Configuring policy-based routingMod
Page 282 and 283:
Configuring policy-based routingEdi
Page 284 and 285:
Configuring policy-based routingIn
Page 286 and 287:
Configuring policy-based routingThe
Page 288 and 289:
Setting synchronizationIf, for any
Page 290 and 291:
FIPSFigure 26: Image of the cryptog
Page 292 and 293:
FIPSSupported algorithmsThe cryptog
Page 294 and 295:
FIPSSecurity levelThe cryptographic
Page 296 and 297:
FIPSTable 14: Roles and required id
Page 298 and 299:
FIPSTable 15: Critical security par
Page 300 and 301:
FIPSCSP access rights within roles
Page 302 and 303:
FIPSTable 18 shows Role and Service
Page 304 and 305:
FIPSTable 18: Role and service acce
Page 306 and 307:
FIPSPassword guidelinesBelow are ge
Page 308 and 309:
FIPS2. Define the PMI (Primary Mana
Page 310 and 311:
FIPS10. Physically disconnect all n
Page 312 and 313:
FIPS18. To configure all interfaces
Page 314 and 315:
FIPS●Use the snmp-server user use
Page 316 and 317:
FIPS●●TFTPSNMPExample:G350-001(
Page 318 and 319:
FIPSG350-N(super)# ip crypto-list 9
Page 320 and 321:
FIPSError statesTable 19 describes
Page 322 and 323:
FIPSConsiderationsThe following rul
Page 324 and 325:
Traps and MIBsNameParameters(MIB va
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Traps and MIBsMIB FileIP-FORWARD-MI
Page 334 and 335:
Traps and MIBsObjectOIDgenOpResetSu
Page 336 and 337:
Traps and MIBsThe following table p
Page 338 and 339:
Traps and MIBsObject OIDipCidrRoute
Page 340 and 341:
Traps and MIBsObject OIDgenMemUtili
Page 342 and 343:
Traps and MIBsObject OIDdsx1Circuit
Page 344 and 345:
Page 346 and 347:
Traps and MIBsObject OIDipOutDiscar
Page 348 and 349:
Traps and MIBsObject OIDsnmpOutBadV
Page 350 and 351:
Page 352 and 353:
Traps and MIBsObject OIDdistributio
Page 354 and 355:
Traps and MIBsObject OIDrs232SyncPo
Page 356 and 357:
Traps and MIBsObject OIDifInUnknown
Page 358 and 359:
Traps and MIBsObject OIDdsx1Fdl 1.3
Page 360 and 361:
Page 362 and 363:
Traps and MIBsObject OIDipPolicyCon
Page 364 and 365:
Traps and MIBsObject OIDipPolicyCom
Page 366 and 367:
Page 368 and 369:
Traps and MIBsObject OIDchGroupList
Page 370 and 371:
Traps and MIBsObject OIDgenGroupLog
Page 372 and 373:
Traps and MIBsObject OIDcmgModuleSe
Page 374 and 375:
Traps and MIBsObject OIDcmgVoipLoca
Page 376 and 377:
Traps and MIBsObject OIDfrCircuitDl
Page 378 and 379:
Traps and MIBsObject OIDipAdEntIfIn
Page 380 and 381:
Traps and MIBsObject OIDpppLinkStat
Page 382 and 383:
Traps and MIBsObject OIDifTableXtnd
Page 384 and 385:
Page 386 and 387:
Traps and MIBsObject OIDospfIfAuthT
Page 388 and 389:
Traps and MIBs388 Administration of
Page 390 and 391:
Configuring the G350 using the Avay
Page 392 and 393:
Page 394 and 395:
Page 396 and 397:
Page 398 and 399:
Page 400 and 401:
Page 402 and 403:
Page 404 and 405:
Page 406 and 407:
Page 408 and 409:
Page 410 and 411:
Page 412 and 413:
Page 414 and 415:
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Configuring the G350 using the GIW2
Page 430 and 431:
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
IndexCommands, (continued)autoneg .
Page 442 and 443:
IndexCommands, (continued)show-rule
Page 444 and 445:
IndexHHello packets . . . . . . . .
Page 446 and 447:
IndexPolicy-based routingapplicatio
Page 448 and 449:
Indexset vlan . . . . . . . . . . .
Page 450:
Index450 Administration of the Avay
show all

Administration of the Avaya G350 Media Gateway - Avaya Support

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?