Administration of the Avaya G350 Media Gateway - Avaya Support

More documents

Recommendations

Info

Configuring IPSec VPNFigure 21: Full solution: hub-and-spoke with VPN for data and VoIP control backupWAN link (PPP or FR)IPSec VPN linkPSTNVoIP VLAN(s)GatewayWANVoIP bearer +primary controlAvaya GWG350EthernetBranch OfficeData VLAN(s)DSL orCablemodemData + VoIPcontrol backupAccessRouter +VPNterminationCentral OfficeInternetConfiguring hub-and-spoke with VPN for data and VoIP control backupThis section describes how to configure Hub-and-spoke with VPN for data and VoIP controlbackup, followed by a detailed configuration example.To configure Hub-and-spoke with VPN for data and VoIP control backup:1. Configure the Branch Office as follows:●●●The default gateway is the Internet interface.VPN policy is configured on the Internet interface egress as follows:Traffic from the local GRE tunnel endpoint to the remote GRE tunnel endpoint -> encrypt,using IPSec tunnel mode, with the remote peer being the Main Office.ACL is configured on the Internet interface to allow only the VPN tunnel and ICMP traffic,as follows:Ingress:1. IKE (UDP/500) from remote tunnel endpoint to local tunnel endpoint -> Permit2. ESP/AH from remote tunnel endpoint to local tunnel endpoint -> Permit3. Remote GRE tunnel endpoint to local GRE tunnel endpoint -> Permit246 Administration of the Avaya G350 Media Gateway
Typical installations●4. Allowed ICMP from anyone to local tunnel endpoint -> Permit5. Default -> DenyEgress:1. IKE (UDP/500) from local tunnel endpoint to remote tunnel endpoint -> Permit2. Local GRE tunnel endpoint to remote GRE tunnel endpoint -> Permit3. All allowed services from any local subnet to anyone -> Permit4. Allowed ICMP from local tunnel endpoint to anyone -> Permit5. Default -> DenyPolicy Based Routing (PBR) is configured as follows, on VoIP VLAN and loopbackinterfaces:●●Destination IP = local subnets -> Route: DBRDSCP = bearer -> Route: WAN● DSCP = control -> Route: 1. WAN 2. DBR2. Configure the VPN Hub (Main Office) as follows:● The VPN policy portion for the branch is configured as a mirror image of the branch.● The ACL portion for the branch is a mirror image of the branch, with some minormodifications.●●●Static routing is configured as follows:Branch subnets -> Internet interface.Policy Based Routing (PBR) portion for the branch is configured as follows, on mostinterfaces:● Destination IP = branch VoIP subnet(s) or GW address (PMI), DSCP = bearer ->Route: WAN● Destination IP = branch VoIP subnet(s) or GW address (PMI), DSCP = control ->Route: 1. WAN 2. DBRACM is configured to route voice calls through PSTN when the main VoIP trunk is down.Issue 3 January 2005 247
Page 1 and 2:
Administration of theAvaya G350 Med
Page 3 and 4:
Electromagnetic Compatibility (EMC)
Page 5:
ContentsAbout this Book . . . . . .
Page 8 and 9:
ContentsConfiguring PPP . . . . . .
Page 10 and 11:
ContentsPort classification . . . .
Page 12 and 13:
ContentsConfiguring VRRP . . . . .
Page 14 and 15:
ContentsChapter 19: Configuring pol
Page 16 and 17:
Contents16 Administration of the Av
Page 18 and 19:
About this Book4. Scroll down to fi
Page 20 and 21:
About this BookSending us commentsA
Page 22 and 23:
Introduction●●●●●●●
Page 24 and 25:
Configuration overviewIf you intend
Page 26 and 27:
Configuration overviewSaving config
Page 28 and 29:
Accessing the Avaya G350 Media Gate
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Basic device configurationConfiguri
Page 52 and 53:
Basic device configurationThe Media
Page 54 and 55:
Basic device configurationSetting r
Page 56 and 57:
Basic device configuration●●●
Page 58 and 59:
Basic device configurationEach firm
Page 60 and 61:
Basic device configurationThe follo
Page 62 and 63:
Configuring Ethernet portsConfiguri
Page 64 and 65:
Configuring Ethernet portsWAN Ether
Page 66 and 67:
Configuring loggingSyslog serverA S
Page 68 and 69:
Configuring loggingFilters and seve
Page 70 and 71:
Configuring loggingTable 5: Logging
Page 72 and 73:
Configuring VoIP QoSConfiguring RTP
Page 74 and 75:
Configuring VoIP QoSConfiguring QoS
Page 76 and 77:
Configuring VoIP QoSConfiguring Wei
Page 78 and 79:
Configuring the G350 for modem useN
Page 80 and 81:
Configuring the G350 for modem use8
Page 82 and 83:
Configuring a WAN Interface●●
Page 84 and 85:
Configuring a WAN InterfaceFigure 3
Page 86 and 87:
Configuring a WAN Interface3. Use t
Page 88 and 89:
Configuring a WAN InterfaceE1/T1 de
Page 90 and 91:
Configuring a WAN InterfaceUSP defa
Page 92 and 93:
Page 94 and 95:
Configuring a WAN Interfacetrying t
Page 96 and 97:
Configuring a WAN Interface8. Use t
Page 98 and 99:
Configuring a WAN InterfaceConfigur
Page 100 and 101:
Page 102 and 103:
Configuring a WAN InterfaceNote:Not
Page 104 and 105:
Configuring a WAN InterfaceIf one o
Page 106 and 107:
Configuring a WAN InterfacePPP VoIP
Page 108 and 109:
Configuring a WAN Interface● VLAN
Page 110 and 111:
Configuring a WAN Interface110 Admi
Page 112 and 113:
Configuring PoELoad detectionThe MM
Page 114 and 115:
Configuring PoEPoE configuration CL
Page 116 and 117:
Configuring PoE116 Administration o
Page 118 and 119:
Configuring Emergency Transfer Rela
Page 120 and 121:
Configuring SNMPThere are several w
Page 122 and 123:
Configuring SNMPUsersSNMPv3 uses th
Page 124 and 125:
Configuring SNMPGroup NameSecurityM
Page 126 and 127:
Configuring SNMP- notification type
Page 128 and 129:
Configuring SNMPConfiguring dynamic
Page 130 and 131:
Configuring SNMPThe following examp
Page 132 and 133:
Configuring advanced switchingVLAN
Page 134 and 135:
Configuring advanced switchingMulti
Page 136 and 137:
Configuring advanced switching●
Page 138 and 139:
Configuring advanced switchingRelia
Page 140 and 141:
Configuring advanced switchingSwitc
Page 142 and 143:
Configuring advanced switchingPort
Page 144 and 145:
Configuring advanced switchingThe S
Page 146 and 147:
Configuring advanced switching●Po
Page 148 and 149:
Configuring advanced switchingThe f
Page 150 and 151:
Configuring advanced switchingPort
Page 152 and 153:
Configuring contact closureContact
Page 154 and 155:
Configuring contact closure154 Admi
Page 156 and 157:
Configuring RMON monitoringRMON CLI
Page 158 and 159:
Configuring RMON monitoring158 Admi
Page 160 and 161:
Configuring the routerOverview of t
Page 162 and 163:
Configuring the routerLayer 2 logic
Page 164 and 165:
Configuring the routerStatic routes
Page 166 and 167:
Configuring the routerRouting table
Page 168 and 169:
Configuring the routerRouting packe
Page 170 and 171:
Configuring the routerThe following
Page 172 and 173:
Configuring the routerDynamic MTU d
Page 174 and 175:
Configuring the routerAdditional GR
Page 176 and 177:
Configuring the routerYou can use t
Page 178 and 179:
Configuring the routerDHCP/BOOTP re
Page 180 and 181:
Configuring the routerApplication
Page 182 and 183:
Configuring the routerNote:Note:If
Page 184 and 185:
Configuring the routerG350-001(supe
Page 186 and 187:
Configuring the routerDirected broa
Page 188 and 189:
Configuring the routerDynamic ARP t
Page 190 and 191:
Configuring the routerConfiguring I
Page 192 and 193:
Configuring the routerPoison-revers
Page 194 and 195:
Configuring the router●●●●U
Page 196 and 197: Configuring the routerOSPF commands
Page 198 and 199: Configuring the routerand what metr
Page 200 and 201: Configuring the router●●●●
Page 202 and 203: Configuring the routerReassembly pa
Page 204 and 205: Configuring IPSec VPNConfiguring a
Page 206 and 207: Configuring IPSec VPNConfiguring IP
Page 208 and 209: Configuring IPSec VPNPrerequisite -
Page 210 and 211: Configuring IPSec VPN●hash: the h
Page 212 and 213: Configuring IPSec VPNTo configure p
Page 214 and 215: Configuring IPSec VPN3. Exit crypto
Page 216 and 217: Configuring IPSec VPN9. Exit crypto
Page 218 and 219: Configuring IPSec VPNIPSec VPN main
Page 220 and 221: Configuring IPSec VPN2. Use the set
Page 222 and 223: Configuring IPSec VPNConfiguring th
Page 224 and 225: Configuring IPSec VPNip-rule 30sour
Page 226 and 227: Configuring IPSec VPNFull or partia
Page 228 and 229: Configuring IPSec VPN2. Configure b
Page 230 and 231: Configuring IPSec VPNip-rule 4sourc
Page 234 and 235: Configuring IPSec VPN2. Configure B
Page 238 and 239: Configuring IPSec VPNInterface vlan
Page 240 and 241: Configuring IPSec VPN3. Allowed ICM
Page 242 and 243: Configuring IPSec VPNip access-cont
Page 248 and 249: Configuring IPSec VPNConfiguration
Page 252 and 253: Configuring IPSec VPN252 Administra
Page 254 and 255: Configuring policyAccess control li
Page 256 and 257: Configuring policyDefining policy l
Page 258 and 259: Configuring policyAttaching policy
Page 260 and 261: Configuring policyDevice-wide polic
Page 262 and 263: Configuring policyEditing and creat
Page 264 and 265: Configuring policySource and destin
Page 266 and 267: Configuring policyComposite operati
Page 268 and 269: Configuring policy●●●CoS —
Page 270 and 271: Configuring policyThe following com
Page 272 and 273: Configuring policySimulating packet
Page 274 and 275: Configuring policy-based routingPol
Page 276 and 277: Configuring policy-based routingCon
Page 278 and 279: Configuring policy-based routing●
Page 280 and 281: Configuring policy-based routingMod
Page 282 and 283: Configuring policy-based routingEdi
Page 284 and 285: Configuring policy-based routingIn
Page 286 and 287: Configuring policy-based routingThe
Page 288 and 289: Setting synchronizationIf, for any
Page 290 and 291: FIPSFigure 26: Image of the cryptog
Page 292 and 293: FIPSSupported algorithmsThe cryptog
Page 294 and 295: FIPSSecurity levelThe cryptographic
Page 296 and 297:
FIPSTable 14: Roles and required id
Page 298 and 299:
FIPSTable 15: Critical security par
Page 300 and 301:
FIPSCSP access rights within roles
Page 302 and 303:
FIPSTable 18 shows Role and Service
Page 304 and 305:
FIPSTable 18: Role and service acce
Page 306 and 307:
FIPSPassword guidelinesBelow are ge
Page 308 and 309:
FIPS2. Define the PMI (Primary Mana
Page 310 and 311:
FIPS10. Physically disconnect all n
Page 312 and 313:
FIPS18. To configure all interfaces
Page 314 and 315:
FIPS●Use the snmp-server user use
Page 316 and 317:
FIPS●●TFTPSNMPExample:G350-001(
Page 318 and 319:
FIPSG350-N(super)# ip crypto-list 9
Page 320 and 321:
FIPSError statesTable 19 describes
Page 322 and 323:
FIPSConsiderationsThe following rul
Page 324 and 325:
Traps and MIBsNameParameters(MIB va
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Traps and MIBsMIB FileIP-FORWARD-MI
Page 334 and 335:
Traps and MIBsObjectOIDgenOpResetSu
Page 336 and 337:
Traps and MIBsThe following table p
Page 338 and 339:
Traps and MIBsObject OIDipCidrRoute
Page 340 and 341:
Traps and MIBsObject OIDgenMemUtili
Page 342 and 343:
Traps and MIBsObject OIDdsx1Circuit
Page 344 and 345:
Page 346 and 347:
Traps and MIBsObject OIDipOutDiscar
Page 348 and 349:
Traps and MIBsObject OIDsnmpOutBadV
Page 350 and 351:
Page 352 and 353:
Traps and MIBsObject OIDdistributio
Page 354 and 355:
Traps and MIBsObject OIDrs232SyncPo
Page 356 and 357:
Traps and MIBsObject OIDifInUnknown
Page 358 and 359:
Traps and MIBsObject OIDdsx1Fdl 1.3
Page 360 and 361:
Page 362 and 363:
Traps and MIBsObject OIDipPolicyCon
Page 364 and 365:
Traps and MIBsObject OIDipPolicyCom
Page 366 and 367:
Page 368 and 369:
Traps and MIBsObject OIDchGroupList
Page 370 and 371:
Traps and MIBsObject OIDgenGroupLog
Page 372 and 373:
Traps and MIBsObject OIDcmgModuleSe
Page 374 and 375:
Traps and MIBsObject OIDcmgVoipLoca
Page 376 and 377:
Traps and MIBsObject OIDfrCircuitDl
Page 378 and 379:
Traps and MIBsObject OIDipAdEntIfIn
Page 380 and 381:
Traps and MIBsObject OIDpppLinkStat
Page 382 and 383:
Traps and MIBsObject OIDifTableXtnd
Page 384 and 385:
Page 386 and 387:
Traps and MIBsObject OIDospfIfAuthT
Page 388 and 389:
Traps and MIBs388 Administration of
Page 390 and 391:
Configuring the G350 using the Avay
Page 392 and 393:
Page 394 and 395:
Page 396 and 397:
Page 398 and 399:
Page 400 and 401:
Page 402 and 403:
Page 404 and 405:
Page 406 and 407:
Page 408 and 409:
Page 410 and 411:
Page 412 and 413:
Page 414 and 415:
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Configuring the G350 using the GIW2
Page 430 and 431:
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
IndexCommands, (continued)autoneg .
Page 442 and 443:
IndexCommands, (continued)show-rule
Page 444 and 445:
IndexHHello packets . . . . . . . .
Page 446 and 447:
IndexPolicy-based routingapplicatio
Page 448 and 449:
Indexset vlan . . . . . . . . . . .
Page 450:
Index450 Administration of the Avay
show all

Administration of the Avaya G350 Media Gateway - Avaya Support

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?