Administration of the Avaya G350 Media Gateway - Avaya Support
Administration of the Avaya G350 Media Gateway - Avaya Support Administration of the Avaya G350 Media Gateway - Avaya Support
Setting synchronizationIf, for any reason, the primary MM710 media module cannot function as the clocksynchronization source, the system uses the MM710 media module located in slot 3 of theG350 chassis as the clock synchronization source. If neither MM710 media module can functionas the clock synchronization source, the system defaults to the local clock running on the S8300Media Server.The yellow ACT LED on the front of the MM710 media module displays the synchronizationstatus of that module.●●If the yellow ACT LED is solidly on or off, it has not been defined as a synchronizationsource. If it is on, one or more channels is active. If it is an ISDN facility, the D-channelcounts as an active channel and causes the yellow ACT LED to be on.When the MM710 is operating as a clock synchronization source, the yellow ACT LEDindicates that the MM710 is the clock synchronization source by flashing at three secondintervals.- The yellow ACT LED is on for 2.8 seconds and off for 200 milliseconds if the MM710media module has been specified as a clock synchronization source and is receiving asignal that meets the minimum requirements for the interface.- The yellow ACT LED is on for 200 milliseconds and off for 2.8 seconds if the MM710media module has been specified as a synchronization source and is not receiving asignal, or is receiving a signal that does not meet the minimum requirements for theinterface.Displaying synchronization statusUse the show sync timing command to display the status of the primary, secondary, andlocal clock sources. The status can be Active, Standby, or Not Configured. The status is NotConfigured when a source has not been defined, for example, when there are no T1 cardsinstalled.288 Administration of the Avaya G350 Media Gateway
Chapter 21: FIPSThis chapter provides information about (i) the G350 cryptographic module’s compliance withthe Federal Information Processing Standard (FIPS-140-2) for cryptographic modules, and(ii) how to configure the module to work in FIPS mode. This chapter includes the followingsections:●●●●●Overview — an overview of the G350 (relating to FIPS compliance)Security rules — the security rules enforced by the cryptographic module to implement thesecurity requirements of FIPSPassword guidelines — the general guidelines for defining passwordsManaging the module in FIPS-compliant mode — a description of the behavior of themodule working in FIPS-approved mode of operationAdministration procedures — step-by-step instructions on how to enter FIPS mode, failurescenarios, repair actions, and error statesOverviewThe G350 device is a multi-chip stand-alone cryptographic module in a commercial grade metalcase. The module provides:●●●●VPN, Voice over Internet Protocol (VoIP) media-gateway services, Ethernet switching, IProuting, and data security for IP trafficStatus output via LEDs and logs available through the module’s management interfaceNetwork interfaces for data input and outputA console portThe cryptographic boundary includes all of the components within the physical enclosure of theG350 chassis, without any expansion modules. Figure 26 illustrates these interfaces anddefines the cryptographic boundary.Issue 3 January 2005 289
- Page 238 and 239: Configuring IPSec VPNInterface vlan
- Page 240 and 241: Configuring IPSec VPN3. Allowed ICM
- Page 242 and 243: Configuring IPSec VPNip access-cont
- Page 244 and 245: Configuring IPSec VPNip-rule 70sour
- Page 246 and 247: Configuring IPSec VPNFigure 21: Ful
- Page 248 and 249: Configuring IPSec VPNConfiguration
- Page 250 and 251: Configuring IPSec VPNip-rule 30sour
- Page 252 and 253: Configuring IPSec VPN252 Administra
- Page 254 and 255: Configuring policyAccess control li
- Page 256 and 257: Configuring policyDefining policy l
- Page 258 and 259: Configuring policyAttaching policy
- Page 260 and 261: Configuring policyDevice-wide polic
- Page 262 and 263: Configuring policyEditing and creat
- Page 264 and 265: Configuring policySource and destin
- Page 266 and 267: Configuring policyComposite operati
- Page 268 and 269: Configuring policy●●●CoS —
- Page 270 and 271: Configuring policyThe following com
- Page 272 and 273: Configuring policySimulating packet
- Page 274 and 275: Configuring policy-based routingPol
- Page 276 and 277: Configuring policy-based routingCon
- Page 278 and 279: Configuring policy-based routing●
- Page 280 and 281: Configuring policy-based routingMod
- Page 282 and 283: Configuring policy-based routingEdi
- Page 284 and 285: Configuring policy-based routingIn
- Page 286 and 287: Configuring policy-based routingThe
- Page 290 and 291: FIPSFigure 26: Image of the cryptog
- Page 292 and 293: FIPSSupported algorithmsThe cryptog
- Page 294 and 295: FIPSSecurity levelThe cryptographic
- Page 296 and 297: FIPSTable 14: Roles and required id
- Page 298 and 299: FIPSTable 15: Critical security par
- Page 300 and 301: FIPSCSP access rights within roles
- Page 302 and 303: FIPSTable 18 shows Role and Service
- Page 304 and 305: FIPSTable 18: Role and service acce
- Page 306 and 307: FIPSPassword guidelinesBelow are ge
- Page 308 and 309: FIPS2. Define the PMI (Primary Mana
- Page 310 and 311: FIPS10. Physically disconnect all n
- Page 312 and 313: FIPS18. To configure all interfaces
- Page 314 and 315: FIPS●Use the snmp-server user use
- Page 316 and 317: FIPS●●TFTPSNMPExample:G350-001(
- Page 318 and 319: FIPSG350-N(super)# ip crypto-list 9
- Page 320 and 321: FIPSError statesTable 19 describes
- Page 322 and 323: FIPSConsiderationsThe following rul
- Page 324 and 325: Traps and MIBsNameParameters(MIB va
- Page 326 and 327: Traps and MIBsNameParameters(MIB va
- Page 328 and 329: Traps and MIBsNameParameters(MIB va
- Page 330 and 331: Traps and MIBsNameParameters(MIB va
- Page 332 and 333: Traps and MIBsMIB FileIP-FORWARD-MI
- Page 334 and 335: Traps and MIBsObjectOIDgenOpResetSu
- Page 336 and 337: Traps and MIBsThe following table p
Setting synchronizationIf, for any reason, <strong>the</strong> primary MM710 media module cannot function as <strong>the</strong> clocksynchronization source, <strong>the</strong> system uses <strong>the</strong> MM710 media module located in slot 3 <strong>of</strong> <strong>the</strong><strong>G350</strong> chassis as <strong>the</strong> clock synchronization source. If nei<strong>the</strong>r MM710 media module can functionas <strong>the</strong> clock synchronization source, <strong>the</strong> system defaults to <strong>the</strong> local clock running on <strong>the</strong> S8300<strong>Media</strong> Server.The yellow ACT LED on <strong>the</strong> front <strong>of</strong> <strong>the</strong> MM710 media module displays <strong>the</strong> synchronizationstatus <strong>of</strong> that module.●●If <strong>the</strong> yellow ACT LED is solidly on or <strong>of</strong>f, it has not been defined as a synchronizationsource. If it is on, one or more channels is active. If it is an ISDN facility, <strong>the</strong> D-channelcounts as an active channel and causes <strong>the</strong> yellow ACT LED to be on.When <strong>the</strong> MM710 is operating as a clock synchronization source, <strong>the</strong> yellow ACT LEDindicates that <strong>the</strong> MM710 is <strong>the</strong> clock synchronization source by flashing at three secondintervals.- The yellow ACT LED is on for 2.8 seconds and <strong>of</strong>f for 200 milliseconds if <strong>the</strong> MM710media module has been specified as a clock synchronization source and is receiving asignal that meets <strong>the</strong> minimum requirements for <strong>the</strong> interface.- The yellow ACT LED is on for 200 milliseconds and <strong>of</strong>f for 2.8 seconds if <strong>the</strong> MM710media module has been specified as a synchronization source and is not receiving asignal, or is receiving a signal that does not meet <strong>the</strong> minimum requirements for <strong>the</strong>interface.Displaying synchronization statusUse <strong>the</strong> show sync timing command to display <strong>the</strong> status <strong>of</strong> <strong>the</strong> primary, secondary, andlocal clock sources. The status can be Active, Standby, or Not Configured. The status is NotConfigured when a source has not been defined, for example, when <strong>the</strong>re are no T1 cardsinstalled.288 <strong>Administration</strong> <strong>of</strong> <strong>the</strong> <strong>Avaya</strong> <strong>G350</strong> <strong>Media</strong> <strong>Gateway</strong>