Avaya G430 Manual Download | Manualshive

Page: 479 / 696

background image

Chapter 19: IPSec VPN

IPSec VPN

VPN (Virtual Private Network) defines a private secure connection between two nodes on a
public network such as the Internet. VPN at the IP level is deployed using IP Security (IPSec).
IPSec is a standards-based set of protocols defined by the IETF that provide privacy, integrity,
and authenticity to information transferred across IP networks.

The standard key exchange method employed by IPSec uses the Internet Key Exchange (IKE)
protocol to exchange key information between the two nodes (referred to as peers). Each peer
maintains Security Associations (SAs) to maintain the private secure connection. IKE operates
in two phases:

• The Phase-1 exchange negotiates an IKE SA

• The IKE SA created in Phase-1 secures the subsequent Phase-2 exchanges, which in

turn generate IPSec SAs

IPSec SAs secure the actual traffic between the protected networks behind the peers, while
the IKE SA only secures the key exchanges that generate the IPSec SAs between the
peers.

The Branch Gateway IPSec VPN feature is designed to support site-to-site topologies, in which
the two peers are gateways.

Note:

To configure IPSec VPN, you need at least a basic knowledge of IPSec. Refer to the
following guide for a suitable introduction:

http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols.htm

Administering Avaya G430 Branch Gateway

October 2013 479

«
...
477
478
479
480
481
...
»

Summary of Contents for G430

Page 1: ...Administering Avaya G430 Branch Gateway Release 6 3 03 603228 Issue 5 October 2013 ...

Page 2: ...nt made by End User Link disclaimer Avaya is not responsible for the contents or reliability of any linked websites referenced within this site or documentation provided by Avaya Avaya is not responsible for the accuracy of any information statement or content provided on these sites and does not necessarily endorse the products services or information described or offered within them Avaya does n...

Page 3: ...wo of the same type of virtual appliances then two virtual appliances of that type must be ordered How to Get Help For additional support telephone numbers go to the Avaya support Website http www avaya com support If you are Within the United States click the Escalation Contacts link that is located under the Support Tools heading Then click the appropriate link for the type of support that you n...

Page 4: ...ision reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer...

Page 5: ...e equipment until the problem is resolved A plug and jack used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA A compliant telephone cord and modular plug is provided with this product It is designed to be connected to a compatible modular jack that is also compliant Connection to party li...

Page 6: ...ment according to the instruction manual Trademarks The trademarks logos and service marks Marks displayed in this site the Documentation and Product s provided by Avaya are the registered or unregistered Marks of Avaya its affiliates or other third parties Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark Nothing containe...

Page 7: ...1 Defining the USB modem interface 22 Other interfaces 22 Configuration using CLI 23 Configuration using GUI applications 23 Configuration changes and backups 24 Firmware version control 25 Chapter 4 Accessing the Branch Gateway 27 Accessing the Gateway 27 CLI access 27 PIM access 32 Avaya Aura Communication Manager access 33 Security overview 33 Login permissions 34 User account management 34 Ser...

Page 8: ...tion 118 Chapter 7 Ethernet ports 199 Switch Ethernet port configuration 199 Ethernet ports on the Branch Gateway switch 199 Ethernet ports on the Branch Gateway router 199 Cables used for connecting devices to the fixed router 199 Roadmap for configuring switch Ethernet ports 200 Summary of switch Ethernet port configuration CLI commands 200 Configuring the WAN Ethernet port 202 DHCP client confi...

Page 9: ...on examples 315 Chapter 14 Contact closure 317 Contact closure 317 Configuring contact closure hardware 318 Software contact closure 318 Chapter 15 Announcement files 321 Announcement files 321 Announcement file operations 321 Chapter 16 Advanced switching 327 Advanced switching 327 VLAN configuration 327 Port redundancy 333 Port mirroring 337 Spanning tree 338 Port classification 343 Chapter 17 M...

Page 10: ...61 Policy list attachments 564 Device wide policy lists 567 Defining global rules 567 Policy rule configuration 568 Composite operations 574 DSCP table 577 Policy list displays and tests 579 Summary of access control list commands 581 Summary of QoS list commands 583 Chapter 21 Policy based routing 587 Policy based routing 587 Applications for policy based routing 588 Setting up policy based routi...

Page 11: ...ource 607 Enabling and disabling automatic failover and failback 607 Synchronization status 607 Appendix A Traps and MIBs 611 Traps and MIBs 611 Branch Gateway traps 611 Branch Gateway MIB files 620 Index 669 Administering Avaya G430 Branch Gateway October 2013 11 ...

Page 12: ...12 Administering Avaya G430 Branch Gateway October 2013 ...

Page 13: ...nicians provisioning specialists business partners and customers Document changes since last issue The following changes have been made to this document since the last issue Added H 248 Registration Source Port section Added Accessing diagnostic logs section Related resources Documentation Title Description Number Installation Administering Avaya G430 Branch Gateway October 2013 13 ...

Page 14: ...tion about all the features of the G450 and how to implement them 03 603228 Avaya Branch Gateway G430 CLI Reference Describes the commands in the G430 CLI 03 603234 Maintenance Maintenance Alarms for Avaya Aura Communication Manager Branch Gateways and Servers Describes MOs and how to resolve alarms 03 300430 Maintenance Commands for Avaya Aura Communication Manager Branch Gateways and Servers Des...

Page 15: ...see a list of available videos Note Videos are not available for all products To find the Avaya Mentor videos on YouTube go to http www youtube com AvayaMentor and perform one of the following actions Enter a key word or key words in the Search Channel to search for a specific product or topic Scroll down Playlists and click the name of a topic to see the available list of videos posted on the sit...

Page 16: ... the standard warranty of Avaya and the details regarding support for Branch Gateway in the warranty period is available on the Avaya Support website at https support avaya com under Help Policies Policies Legal Warranty Product Lifecycle See also Help Policies Policies Legal License Terms Introduction 16 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 17: ...g one of the two Ethernet LAN ports located on the gateway s front panel Figure 1 Basic LAN deployment Port redundancy configuration Branch Gateway can be deployed in the LAN using port redundancy to provide redundancy Branch Gateway is connected to an external LAN switch using both the Ethernet LAN ports located on the Gateway s front panel One of the Ethernet LAN ports is configured to be the ac...

Page 18: ...N port is configured to be on standby disabled For information about configuring the Ethernet LAN ports in a port redundancy pair seePort redundancy on page 333 When Branch Gateway senses that the link is out of service on the primary port or failure of the switch to which the primary link is attached it automatically enables the secondary link to the backup switch Both the ports must be administr...

Page 19: ...ndancy to provide redundancy The Branch Gateway is connected to two external LAN switches Each of the Ethernet LAN ports located on the Branch Gateway s front panel is connected to one of the switches Spanning tree protocol blocks one of the links from the Gateway to the external LAN switch Spanning tree protocol must be configured on both the external LAN switch and the Ethernet LAN ports on the ...

Page 20: ...Figure 5 RSTP and switch redundancy LAN deployment Supported LAN deployments 20 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 21: ...formation on accessing the Branch Gateway see Accessing the Branch Gateway on page 27 Related topics About defining the Services interface on page 21 Defining the USB modem interface on page 22 Other interfaces on page 22 Configuration using CLI on page 23 Configuration using GUI applications on page 23 Configuration changes and backups on page 24 Firmware version control on page 25 About defining...

Page 22: ...255 252 Other interfaces Your system specifications might require that you define other interfaces The Primary Management IP address PMI is the IP address that the Branch Gateway uses to identify itself when communicating with other devices particularly the Media Gateway Controller MGC Management data intended for the Branch Gateway is routed to the interface defined as the PMI You can use any int...

Page 23: ...ler configuration on page 67 Configuration using CLI You can use the Branch Gateway CLI to manage the Branch Gateway The CLI is a command prompt interface that enables you to type commands and view responses For instructions on how to access the Branch Gateway CLI see Methods to access the CLI on page 28 This guide contains information and examples about how to use CLI commands to configure the Br...

Page 24: ...nds that are available through the Branch Gateway CLI are also available through the Avaya Gxxx Manager Note The Avaya Gxxx Manager supports SNMP over IPv4 only and only presents IPv4 information For more information about the Avaya G430 Manager see Avaya Integrated Management G430 Device Manager User Guide Configuration changes and backups When you make changes to the configuration of the Branch ...

Page 25: ...startup configuration to an FTP TFTP or SCP server on your network or to a USB flash drive For more information see Configuration file backup and restore on page 98 Firmware version control Firmware is the software that runs the Branch Gateway The Branch Gateway has two firmware banks Bank A Bank B Each firmware bank contains a version of the Branch Gateway firmware These may be different versions...

Page 26: ...ocedure if it becomes necessary to use an older firmware version Procedure 1 Enter set boot bank bank x 2 Reset the Branch Gateway to use the older version Configuration overview 26 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 27: ...d configure SYN cookies for preventing SYN attacks Related topics CLI access on page 27 CLI access The CLI is a textual command prompt interface that you can use to configure the Branch Gateway and media modules Related topics Methods to access the CLI on page 28 Logging into the CLI on page 28 Disconnecting a Telnet session on page 28 CLI contexts on page 28 Using CLI help on page 29 CLI access u...

Page 28: ...ASG authentication instead of password authentication Logging into the CLI Procedure 1 Log in to the CLI with a username and password that your system administrator provides 2 Use RADIUS authentication if your network has a RADIUS server For more information see Login permissions on page 34 Disconnecting a Telnet session About this task If the normal Telnet logout does not work disconnect a Telnet...

Page 29: ...each command Procedure To display a list of commands for the context you are in type help or Specifically To display a list of all commands in the current context that begin with this word or words type help or before or after the first word or words of a command For example to display a list of IP commands available in general context enter help ip ip help ip or ip To display the command s syntax...

Page 30: ...rt Procedure 1 Use a PC device with SSH client software 2 Use an Ethernet cable to connect the PC device to the Services port on the front panel of the Branch Gateway 3 Set the TCP IP properties of the PC device as follows a IP address 192 11 13 5 b Subnet mask 255 255 255 252 c Disable DNS service d Disable WINS Resolution Note Make a record of any IP addresses DNS servers or WINS entries that yo...

Page 31: ... USRobotics USB modem model 5637 2 Make sure the USB port is properly configured for modem use For details see USB modem interface configuration on page 247 3 From the remote computer create a dialup network connection to the Branch Gateway Use the TCP IP and PPP protocols to create the connection Configure the connection according to the configuration of the COM port of the remote computer By def...

Page 32: ...ed configuration tasks especially provisioning and installing large numbers of gateways simultaneously One of PIM s primary functions is to provision and configure Standard Local Survivability SLS on the Branch Gateway See Standard Local Survivability SLS on page 101 PIM is launched from the Avaya Network Management Console The Avaya Network Management Console is the central infrastructure applica...

Page 33: ...on Manager Gateway CLI See Accessing the registered MGC on page 72 Security overview The Gateway includes a security mechanism through which the system administrator defines users and assigns each user a username password and a privilege level The user s privilege level determines which commands the user can perform In addition to its basic security mechanism the Gateway supports secure data trans...

Page 34: ...t and some control lockout and expiry policies When you use Avaya Gxxx Manager or the CLI your username determines your privilege level The commands that are available to you during the session depend on your privilege level If your network has a RADIUS server you can use RADIUS authentication instead of a username and password A RADIUS server provides centralized authentication service for many d...

Page 35: ...rs related to security Use Admin privilege level only when you need to change configuration that is related to security such as adding new user accounts and setting the device policy manager source The default username has the Admin privilege level For security reasons the network administrator usually changes the password of the default username For more information about privilege levels see Ava...

Page 36: ...lower chars login authentication min password upper chars login authentication min password special chars For more information about these commands see User accounts CLI commands on page 38 or Avaya CLI Reference Commands used to manage password lockout and disabling When you lockout a user account it remains locked out only for a specific time period Disabling an account is a strong measure since...

Page 37: ...commended to change your password before it expires When a password expiration policy is in effect then starting from 10 days before password expiration a warning appears every time you log on informing you that your password will expire in n days Procedure 1 Use the password command to change your password Enter and confirm the new password 2 Enter copy running config startup config so that the n...

Page 38: ...he minimum password length The minimum password length must be at least as great as the sum of the minimum number of lowercase characters uppercase characters digit characters and special characters login authentication min password lower chars Set the minimum number of lowercase characters that a password must contain login authentication min password special chars Set the minimum number of speci...

Page 39: ...gateway and returns an ASG authenticated response that the gateway verifies before permitting access A new challenge is used for each access attempt ASG authentication is supported for remote services connecting to the gateway using Telnet or SSH protocols via any of the following Dial up modem connected to the USB or Services port Frame relay or leased line Secure gateway VPN Direct connection to...

Page 40: ...e for Services to connect Note By default Avaya Services login access is enabled If Avaya Services login access was blocked using no login authentication services logins you can reactivate it using login authentication services logins Replacing the ASG authentication file Before you begin If there is a need to install an authentication file with a different ID first delete the current authenticati...

Page 41: ...s storage device to the Branch Gateway The filename is the name of the authentication file including the full path and ip is the IP address of the host The source usb device is the source USB mass storage device and source filename is the full name and path of the authentication file The gateway prompts you for a username and password after you enter the command To install the authentication file ...

Page 42: ...onnections to the Services port use login authentication local craft password default Set a policy for locking out access to the gateway after successive failed login attempts To do this use login authentication lockout time attempt count where time is the interval of time for which lockout is enforced and count is a number of failed attempts after which lockout is enforced Use no login authentica...

Page 43: ... accounts including services accounts and account type information such as authentication method using show username For example Gxxx 001 super show username User account Access level Account type Active Authent method sroot dev Services yes challenge init dev Services yes challenge inads tech Services yes challenge craft admin Services yes challenge dadmin admin local yes challenge rasaccess read...

Page 44: ...password authentication When password authentication is disabled ASG authentication is activated login authentication response time Set the time the gateway waits for user response to authentication requests before timing out a connection login authentication lockout Set a policy for locking out access to the gateway after successive failed login attempts login authentication services logins Activ...

Page 45: ...our Branch Gateway enter show ip ssh Note SSH supports IPv4 and IPv6 Related topics RSA authentication process on page 45 Password authentication process on page 46 Enabling SSH on the Gateway on page 46 Disabling SSH on the Gateway on page 46 Summary of SSH configuration commands on page 47 RSA authentication process 1 The Branch Gateway generates a key of variable length 512 2048 bits using the ...

Page 46: ...ed Password authentication process Before any data is transferred the Branch Gateway requires the client to supply a username and password This authenticates the user on the client side to the Branch Gateway Enabling SSH on the Gateway About this task To execute the SSH protocol first assign the hostname identification Procedure 1 Use the hostname command to assign hostname identification 2 To ena...

Page 47: ...e file transfer When using SCP the Branch Gateway is the client and an SCP server must be installed on the management station After users are defined on the SCP server the Branch Gateway acts as an SCP client The process of establishing an SCP session is the same process as described in SSH protocol support on page 45 except that the roles of the Branch Gateway and the client computer are reversed...

Page 48: ...IUS server provides centralized authentication service for many devices on a network When you use RADIUS authentication you do not need to configure usernames and passwords on the Branch Gateway When you try to access the Branch Gateway the Branch Gateway searches for your user name and password in its own database first If it does not find them it activates RADIUS authentication For additional in...

Page 49: ...e number of times to resend an access request when there is no response set radius authentication retry time Set the time to wait before resending an access request set radius authentication secret Set the shared secret for RADIUS authentication set radius authentication server Set the IP address of the primary or secondary RADIUS authentication server set radius authentication udp port Set the RF...

Page 50: ...Gateway via a direct connection to the Services port The username and password for the recovery password are username root password ggdaseuaimhrke Note After accessing the Branch Gateway using the recovery password remember to define an Admin level user before exiting the Branch Gateway See Creating a username password and privledge level on page 35 You can use the set terminal recovery password c...

Page 51: ...outgoing Telnet connection You can use this command only when accessing the Branch Gateway using a direct connection to the Services port no ip telnet client Disable the Branch Gateway s ability to establish an outgoing Telnet connection ip telnet services Enable the Telnet server on the Services interface You can use this command only when accessing the Branch Gateway using a direct connection to...

Page 52: ...ing the Master Configuration Key Procedure 1 Enter key config key password encryption followed by a phrase of 13 to 64 printable ASCII characters 2 Copy the running configuration to the start up configuration using the copy running config startup config command Result The new MCK is now in effect DoS attacks The Branch Gateway provides various TCP IP services and is therefore exposed to a myriad o...

Page 53: ...an attacker uses this technique repeatedly the target machine eventually runs out of memory resources since it holds numerous half open connections It is unable to handle any more connections thereby denying service to legitimate users Moreover flooding the victim with TCP SYN at a high rate can cause the internal queues to fill up also causing a denial of service SYN cookies SYN cookies refers to...

Page 54: ...ncluding that all TCP ports are open Configuring SYN cookies Procedure 1 Enter tcp syn cookies 2 Copy the running configuration to the start up configuration using the copy running config startup config command 3 Reset the device using the reset command Result SYN cookies are now enabled on the device Related topics SYN attack notification on page 54 SYN attack notification When the SYN cookies fe...

Page 55: ... and VPN devices can be at risk for DoS attacks The Branch Gateway identifies predefined or custom defined traffic patterns as suspected attacks and generates SNMP notifications referred to as Managed Security Services MSS notifications Related topics MSS reporting mechanism on page 55 Configuring MSS on page 56 DoS attack classifications on page 57 Custom DoS classifications on page 58 Example of...

Page 56: ...including WAN data interfaces IPSEC tunnels Ethernet LAN and WAN ports VoIP engine interfaces and Dialer PPP interfaces Procedure 1 Verify that the dynamic trap manager that automatically sets the IP address of the active MGC SNMP trap manager is configured so that security notifications are sent to the active MGC By default all types of notifications are enabled You can enter show snmp to check w...

Page 57: ...events surpasses a defined threshold the Branch Gateway generates an MSS notification reporting on the event type event parameters and the number of occurrences To display the current MSS reporting rate use the show mss notification rate command 4 Ensure that INADS reporting is configured on the active MGC For information about configuring INADS reporting in Avaya Aura Communication Manager see Av...

Page 58: ...ateway report reception of IP spoofed packets UNKNOW_L4_IP_PROTOCOL Packets with unknown unsupported or administratively closed protocol in IP packet with TO ME interface as a destination UNATHENTICATED_ACCESS Failure to authenticate services Custom DoS classifications You can define custom DoS attack classifications using access control list ACL rules ACL rules control which packets are authorize...

Page 59: ...ss and you can use ip protocol to specify that the rule applies to packets with a specific protocol Gxxx 001 super ACL 301 ip rule 1 destination ip 255 255 255 255 0 0 0 0 Done Gxxx 001 super ACL 301 ip rule 1 ip protocol icmp Done Use the composite operation command to associate the ACL rule with the predefined operation deny notify that tells the Branch Gateway to drop any packet received that m...

Page 60: ...ecify that the ip rule applies to packets with this destination ip address Gxxx 001 super ACL 301 ip rule 1 destination ip 255 255 255 255 0 0 0 0 Done Specify that the ip rule applies to ICMP packets Gxxx 001 super ACL 301 ip rule 1 ip protocol icmp Done Gxxx 001 super ACL 301 ip rule 1 exit Gxxx 001 super ACL 301 show ip rule Index Protocol IP Wildcard Port Operation DSCP Fragment rule 1 icmp Sr...

Page 61: ...le applies to packets having the specified IP protocol set mss notification rate Set the rate at which the Branch Gateway sends Managed Security Services MSS notifications show mss notification rate Show the interval time in seconds between MSS notifications show snmp Display SNMP configuration information snmp server dynamic trap manager Modify the SNMP settings of the dynamic trap manager snmp s...

Page 62: ...Accessing the Branch Gateway 62 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 63: ... configuration and other files on the Branch Gateway Backup and restore the Branch Gateway Related topics Defining an interface on page 63 Primary Management Interface PMI configuration on page 64 Example of defining a default gateway on page 67 Branch Gateway Controller configuration on page 67 DNS resolver on page 74 Device status viewing on page 81 Software and firmware management on page 83 De...

Page 64: ...of an interface that you can specify on the Branch Gateway The first IP address you configure on the Branch Gateway automatically becomes the PMI You can subsequently assign any IP interface to be the PMI The PMI is used as the IP address of the Branch Gateway for the following management functions Registration of the Branch Gateway to an MGC Sending SNMP traps Opening telnet sessions from the Bra...

Page 65: ...t command Note Most configuration changes take effect as soon as you make the change but must be saved to the startup configuration file in order to remain in effect after you reset the Branch Gateway The PMI address is an exception A change to the PMI does not take effect at all until you reset the Branch Gateway 6 To verify the new PMI enter show pmi in general context If you use this command be...

Page 66: ...tion about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command Command Description interface fastetherne t tunnel vlan loopback dialer Enter configuration mode for the FastEthernet Tunnel VLAN Loopback or Dialer interface pmi pmi6 pmi6 link local Set the current interface as the Primary Management Interface for the system Note You can define pmi6 or pmi6 link local on...

Page 67: ...h IPv6 address 2001 db8 2179 2 Gxxx 001 super ipv6 default gateway 2001 db8 2179 2 Branch Gateway Controller configuration The Branch Gateway Controller MGC controls telephone services on the Branch Gateway You can use a server with Avaya Aura Communication Manager software as an MGC The Branch Gateway supports both External Call Controllers ECC and Internal Call Controllers ICC An ICC is an Avaya...

Page 68: ...ocedure 1 Use the show system command 2 Look for a 12 character string located on a label on the back panel of the Branch Gateway Supported S8XXX servers The MGCs supported by the Branch Gateway include both ECCs and ICCs The Branch Gateway supports the following MGCs Table 1 MGCs supported by the Branch Gateways MGCs Type Usage Avaya S8300D Server Media module ICC ECC or LSP Avaya S8800 Server Ex...

Page 69: ... the SLS module as a fifth entry on the MGC list For details about SLS see Standard Local Survivability SLS on page 101 Note If the MGC is an S87XX server the first server on the list will normally be the primary C LAN board connected to the server If the MGC is an S8400 or S85XX the first server on the list will be either the primary C LAN board connected to the server or an Ethernet port on the ...

Page 70: ...tween the Branch Gateway and the MGC this field displays the error code PRIMARY MGC HOST IPv4 and IPv6 addresses of the primary MGC host SECONDARY MGC HOST IPv4 and IPv6 addresses of the seconday MGC hosts Showing the current MGC list About this task This command shows the IP addresses of the MGCs on the MGC list It also shows whether or not SLS is enabled Procedure To show the current MGC list us...

Page 71: ...addresses Result Note If you use the set mgc list command without first clearing the MGC list the Branch Gateway adds the new MGCs to the end of the MGC list About setting reset times If the connection between the Branch Gateway and its registered MGC is lost the Branch Gateway attempts to recover the connection Use the set reset times primary search command and the set reset times total search co...

Page 72: ...Access the MGC according to the following a If the MGC is an S8300 Server enter session mgc The session mgc does not work on an IPv6 only Branch Gateway b If the MGC is an S88xx Dell or HP use the set mediaserver command to manually define the MGC s IP address and then enter session mgc to access the MGC c If the Branch Gateway includes a local S8300 enter session icc to access the S8300 You can u...

Page 73: ...nection with the MGC is lost the Branch Gateway starts a recovery process Use the set icc monitoring command to control heartbeat monitoring of an ICC or Survivable Remote Server The enable parameter enables heartbeat monitoring The disable parameter disables heartbeat monitoring Use the show icc monitoring command to display the status of the ICC or Survivable Remote Server monitoring process Sum...

Page 74: ...ses by querying DNS servers according to an ordered list The list of DNS servers is compiled using either DNS servers entered manually by the user or DNS servers gathered automatically by means of DHCP or PPP protocols or both The user can also optionally aid the DNS resolver by specifying a list of domain names that the DNS resolver adds as a suffix to non Fully Qualified Domain Name FQDN names t...

Page 75: ...figured to automatically learn the DNS servers in the system are usually the FastEthernet with PPPoE interface and the Dialer interface Typical DNS resolver application VPN failover In this typical application the DNS resolver feature is used to provide a VPN failover mechanism between two main offices The failover mechanism is implemented as follows The VPN branch office s connect to two main off...

Page 76: ... to the DNS servers list using the name server command Assign an index number that ranks the DNS server by priority Specify the IP address of the DNS server 4 Repeat Step 3 to configure additional DNS servers in the list You can configure up to six DNS servers Gxxx 001 config name server list 1 name server 1 1 1 1 1 Done Gxxx 001 config name server list 1 name server 2 2001 DB8 21F 3CFF FE14 6E25 ...

Page 77: ... configure the timeout for a DNS query using the ip domain timeout command The default value is 3 seconds Gxxx 001 config ip domain timeout 4 Done 9 The DNS resolver is enabled by default Gxxx 001 config ip domain lookup Done 10 If either DHCP Client or PPP are configured in the Branch Gateway you do not need to configure DNS resolver because the DNS resolver is enabled by default In addition the ...

Page 78: ...p domain name server list 1 Gxxx 001 config name server list 1 description All DNS servers Done Gxxx 001 config name server list 1 name server 1 1 1 1 1 Done Gxxx 001 config name server list 1 name server 2 2 2 2 2 Done Gxxx 001 config name server list 1 name server 3 2001 DB8 21F 3CFF FE14 6E25 Done Gxxx 001 config name server list 1 exit Gxxx 001 config ip domain list 1 support avaya com Done Gx...

Page 79: ...sion logging to the terminal Gxxx 001 set logging session enable Done CLI Notification write set logging session enable 2 Enter set logging session condition DNSC to view all DNS resolver messages of level Info and above Gxxx 001 set logging session condition DNSC Info Done CLI Notification write set logging session condition DNSC Info Note You can also enable logging messages to a log file or a S...

Page 80: ... name server Add a DNS server to the list of up DNS servers ip domain retry Set the number of retries for a DNS query ip domain timeout Set the timeout for a DNS query nslookup Resolve a hostname to an IP address show ip domain Display the DNS resolver s configuration the output shows the DNS servers that were statically configured and those which were gathered using DHCP or PPP protocols as well ...

Page 81: ... module in slot 2 enter show mm v2 The output of the command shows the following information Slot number Uptime Type of media module Description Serial number and other hardware identification numbers Firmware version Number of ports Fault messages The show mm and show mg list config commands Use the show module command or enter show mg list_config to view brief information about media modules tha...

Page 82: ...gc Display information about the Media Gateway Controller with which the Branch Gateway is registered show module Display brief information about the media modules installed in the Branch Gateway show restart log Display information about the last time the Branch Gateway was reset show system Display information about the Branch Gateway show temp Display the device temperature show timeout Display...

Page 83: ... You can use file transfer to Install software and firmware upgrades on the Branch Gateway Install firmware upgrades on media modules Back up and restore configuration settings To use FTP TFTP file transfer you need to have an FTP server or TFTP server on your network Note If you use an FTP server the Branch Gateway prompts you for a username and password when you enter a command to transfer a fil...

Page 84: ...ware These may be different versions The purpose of this feature is to provide software redundancy If one of the versions becomes corrupted you can reset the Branch Gateway using the other version This is particularly important when downloading new versions Displaying firmware versions in the banks Procedure Use the show image version command to display the firmware version of the image on both me...

Page 85: ... upgrade file from Avaya Place the file on your FTP or TFTP server Then use one of the following commands to upload the file to the Branch Gateway For each of these commands include the full path of the file and the IP address of the FTP or TFTP host as parameters When you enter the command the CLI prompts you for a username and password When using FTP or TFTP commands you must use the specific pa...

Page 86: ... mass storage device About this task You can upgrade software and firmware using a USB mass storage device Procedure 1 Obtain an upgrade file from Avaya and place it on your PC 2 Insert the USB mass storage device into the PC s USB port and copy the software or firmware file s to the USB mass storage device 3 Remove the USB storage device from the PC and insert it in the Branch Gateway USB port 4 ...

Page 87: ...from Avaya and place them on your PC 3 Insert the USB mass storage device into the PC s USB port and copy the firmware file s to the USB mass storage device as follows a Copy Branch Gateway firmware files to the root directory b Copy the Device Manager firmware file to the root directory c Copy media modules firmware files to the MM subdirectory d Copy IP phone firmware files to the IPPHONE subdir...

Page 88: ...ollowing types announcement file Announcements files auth file Authentication file capture file The packet sniffing buffer cdr file A Call Detail Recording CDR file dhcp binding The DHCP binding file When you use the copy file scp command to upload a specific file from the Branch Gateway to an SCP server where file can be any of the following announcement file Announcements files auth file Authent...

Page 89: ...nd followed by the module number of the module you want to upgrade copy ftp SW_imageA Upgrade the Branch Gateway firmware into Bank A from an FTP server copy ftp SW_imageB Upgrade the Branch Gateway firmware into Bank B from an FTP server copy tftp EW_archive Upgrade the Java applet for Avaya Gxxx Manager software from a TFTP server copy tftp module Upgrade the firmware on a media module from a TF...

Page 90: ... Gateway also supports USB 2 0 high speed 480 Mbits sec for faster file transfer between the Branch Gateway and USB mass storage devices Note An external USB hub is supported on Branch Gateways with hardware suffix vintage C 1 or above To check the hardware suffix and vintage enter show system and check the HW suffix and HW vintage values CLI commands for backing up and restoring files to or from ...

Page 91: ...ge device on page 93 Sample backup directory after replication on page 96 Replacing adding upgrading media modules using a USB mass storage device on page 97 USB backup restore and replication commands on page 97 Backing up administration and configuration files using a USB mass storage device About this task The following procedure backs up all the Branch Gateway configuration and administration ...

Page 92: ...up directory after backup After the backup a backup directory is created on the USB mass storage device with the following sample structure and file types Root directory Sub directory Files Comments backup 25 Nov 2005 Backup directory name readme txt File with backup information startup_config cfg Configuration file audio bin Customer specific VoIP parameters auth file cfg Authentication file IPPH...

Page 93: ...mmand backs up all the gateway configuration files but does not back up any firmware files the main task is to add the various firmware files before running restore Important When adding files to a backup directory on a USB mass storage device follow the file and directory naming convention detailed in Sample backup directory after backup on page 92 to enable a successful restore Procedure 1 Make ...

Page 94: ...ackup directory in the USB mass storage device 7 Add the firmware files of the media modules to the USB mass storage device as follows a From the Avaya support Website download to your PC the firmware files of the media modules installed in the gateway For each media module download all firmware corresponding to the various hardware vintage suffix versions available for that module If you are not ...

Page 95: ...y which enables the restore operation to decrypt the secrets in the configuration file The restored configuration file will include all the configuration of the gateway including user s names and passwords IKE pre shared keys etc 12 Insert the USB mass storage device in the new Branch Gateway USB port 13 Enter restore usb usbdevice0 backup name where backup name is the backup directory path and fi...

Page 96: ...uration file audio bin Customer specific VoIP parameters auth file cfg Authentication file gxxx_sw_24_21_1 bin Branch Gateway image gxxx_emweb_3_0_5 bin Embedded web image IPPHONE IP phone scripts and images directory 46xxupgrade scr 46xxsettings txt 4601dape1_82 bin 4601dbte1_82 bin MM Media modules file directory mm722v2 fdl mm714v67 fdl mm711h20v67 fdl mmanalogv67 fdl GWANNC Branch Gateway anno...

Page 97: ...s storage device into the PC s USB port and copy the media modules firmware files to the MM subdirectory under the root backup directory Important When adding files to a backup directory on a USB mass storage device it is important to follow the file and directory naming convention in order to enable a successful restore 4 Insert the USB mass storage device into an Branch Gateway USB port 5 Enter ...

Page 98: ...image on both memory banks of the device show system Display information about the device show usb Display the USB devices connected to the Branch Gateway Configuration file backup and restore A configuration file is a data file that contains a complete set of configuration settings for the Branch Gateway You can use configuration files to back up and restore the configuration of the Branch Gatewa...

Page 99: ...artup Configuration NVRAM copy tftp startup config Download a Branch Gateway configuration file from a TFTP server to the Startup Configuration NVRAM copy usb startup config Download a Branch Gateway configuration file from a USB mass storage device to the Startup Configuration NVRAM copy running config ftp Upload the current Branch Gateway running configuration to a file on an FTP server copy run...

Page 100: ...ir command to list all Branch Gateway files When you list the files you can see the version numbers of the software components The dir command also shows the booter file that cannot be changed You can also use the dir command to list all files in the USB mass storage device connected to the Branch Gateway Basic device configuration 100 Administering Avaya G430 Branch Gateway October 2013 Comments ...

Page 101: ...e Branch Gateway and requires a data set comprised of Avaya Aura Communication Manager translations survivable ARS analysis and configuration data This data set is compiled and distributed to a group of devices using the Provisioning and Installation Manager PIM In the absence of the PIM the data set can be configured manually from individual Branch Gateways using CLI commands For instructions on ...

Page 102: ...0 Vintage 7 MM721 Vintage 1 MM722 Vintage 7 SLS features Call capability for analog DCP and IP phones ISDN BRI PRI trunk interfaces Non ISDN digital DS1 trunk interfaces Outbound dialing through the local PSTN local trunk gateway from analog DCP and IP phones Inbound calls from each trunk to pre configured local analog or IP phones that have registered Direct inward dialing Multiple call appearanc...

Page 103: ... 4612 6408 4620 6408 4620sw default 6408D default 4621 6408D 4622 6416D 4624 6424D 4625 8403B 8405B 8405B 8405D 8405D 8410B 8410D 8411B 8411D 8434D The 96xx family and 16xx family of IP phones are not directly referenced in the Branch Gateway CLI When you administer these phones using the CLI use the following mapping Standard Local Survivability SLS Administering Avaya G430 Branch Gateway October...

Page 104: ...rvivable Trunk Dest field is y on the Station screen The search algorithm is circular so that the incoming calls are fairly distributed Important SLS permits 911 calls but the specific location information is not transmitted to the Public Service Answering Point PSAP Only the general trunk identifying information is transmitted Emergency personnel will have a general location associated with the t...

Page 105: ...rted by SLS Many small business customers employ custom calling features such as call waiting from the BOC LEC attempting a more PBX like capability These features are not supported by SLS Non ISDN signaling DMI BOS signaling for T1 and E1 R2 MFC signaling for E1 Calling party name number information to digital station displays Caller ID on outgoing analog station calls Caller ID on incoming analo...

Page 106: ...er PIM queries Avaya Aura Communication Manager for station trunk configuration and dial plan routing administration data through SNMP Alternatively the provisioning may be entered manually via an SNMP MIB browser or via the local Branch Gateway s CLI interface Related topics Standard Local Survivability data sources and communication paths on page 106 Standard Local Survivability data sources and...

Page 107: ...teway This set is compared with subsequent data sets to determine if anything has changed If the data set changes the newer data set is pushed down to the Branch Gateway If the data set does not change the data set in NVRAM remains unchanged Users can schedule when to collect and push data perform scheduled and manual backups and enable and disable SLS as well as display but not change the data to...

Page 108: ...le IP endpoint s E 164 addresses and passwords dial plan and ARS routing 3 Registers with the Branch Gateway 4 Creates the H 323 Gatekeeper socket after successful registration When Setup is complete SLS transitions to the Registered state Registered state process SLS can only process calls while it is in the Registered state in which it performs the following 1 Constructs endpoint objects based o...

Page 109: ...IP endpoints lose registration with SLS and display the discovered IP address during re registration with an MGC 3 Closes the H 323 Gatekeeper socket After Teardown is complete SLS transitions to the Unregistered state and starts searching at the top of the MGC list for a controller SLS interaction with specific Branch Gateway features SLS interacts differently with the various Branch Gateway feat...

Page 110: ... utilizing DID trunk lines for inbound routing may utilize loop start lines for outbound transmission Wink The DID signaling starts after the Branch Gateway s analog trunk interface reverses the battery polarity and sends a wink to the central office Warning An analog two wire DID trunk line is different from a standard analog loop start line With analog DID trunk lines the battery power feed to t...

Page 111: ... time if only one call is held The Hold feature also works differently in DCP and IP phones on page 111 and Analog phones on page 111 in the survivable mode The Hold feature in SLS does not support Music on Hold Local mute on analog phones Specialized treatment of E 911 calls Call Hold indicator tones DCP and IP phones When a Branch Gateway is in the survivable mode you can release calls on Hold o...

Page 112: ...l on Hold or transfer the call Press the Flash button twice to return to the call 2 Dial the Feature Access Code FAC for Hold At this point you can leave the call on Hold or transfer the call 3 To return to the call press the Flash button again The call is re established Note Either party can put the call on Hold or return to the call Using the switchhook button Procedure 1 Press the switchhook on...

Page 113: ...f the Call Transfer feature are The established call must be initiated from a local station administered on this Branch Gateway or from an incoming trunk You can make only point to point call transfers to a phone that is local to the same Branch Gateway Does not support E 911 calls Does not support the Conference button on any phone Does not support trunk to trunk transfer for example for voice me...

Page 114: ...ceiver on off hook sends a disconnect signal to the server and the Transfer Flash button sends a transfer message to the server Procedure 1 While on a call press the switchhook once or press the Transfer Flash button You hear a dial tone the other party hears nothing 2 Dial the third party s number on your phone 3 You can either Wait for the third party to answer and announce the call then hang up...

Page 115: ...ch Gateway number then SLS plays a standard dial tone and you can proceed to Step 4 on page 0 If the Branch Gateway number does not match the local Branch Gateway number SLS plays an intercept tone and terminates the session 4 Dial the contact closure code for example 1 for contact pair 1 and 2 for contact pair 2 You hear stutter tone and then silence confirming these valid codes If you dial an in...

Page 116: ...p You cannot use the contact closure feature from outside trunk lines Note For more information on contact closure refer to Contact closure on page 317 Administering IP Softphone in SLS mode About this task The SLS mode supports shared administrative identity with the Avaya Softphone application but requires specific station administration Procedure 1 Access the Communication Manager administrativ...

Page 117: ...re Related topics Example of CDR log entries and format on page 117 Example of CDR log with contact closure on page 118 Example of CDR log entries and format Gxxx SLS super show logging cdr file content 02 18 2005 10 46 35 CDR Informational 10 46 00 00 A 700 50029555 52001 v301 02 18 2005 10 45 46 CDR Informational 10 45 00 00 A 700 50029 52001 v301 02 18 2005 10 45 14 CDR Informational 10 45 00 0...

Page 118: ...ime 03 59 24 record when the feature was activated B is the condition code Possible values are 7 Outgoing call A Outgoing TAC call or emergency call B Used for contact closure 15840 is the extension that activated the feature PULSE indicates the contact closure operation could also be OPEN or CLOSE 003 is the Branch Gateway number 2 is the contact closure number SLS configuration Related topics SL...

Page 119: ... on page 155 Collecting Feature Access Codes data on page 156 Feature Access Code field descriptions on page 157 Collecting system parameters data on page 159 Codecs supported in SLS on page 159 General system parameters field descriptions on page 159 Collecting ARS dial patterns data on page 160 ARS Dial Patterns field descriptions on page 161 Collecting Incoming Call Handling data on page 161 In...

Page 120: ...ered from Avaya Aura Communication Manager and delivered to the Branch Gateway using PIM For instructions on gathering and delivering the provisioning data see Using PIM to manage SLS administration on the gateway on page 133 If PIM is not available the Branch Gateway can be manually configured for SLS and Auto Fallback using the CLI See Using the CLI to manually configure SLS administration on th...

Page 121: ...used in the set system name command gateway CLI 4 Type the IP address of the Branch Gateway in the IP Address field 5 Submit the screen 6 At the SAT enter change system parameters mg recovery rule 1 to display the System Parameters Media Gateway Automatic Recovery Rule screen 7 Type a description of the rule in the Rule Name field 8 Set the Migrate H 248 MG to primary field to immediately Note The...

Page 122: ... Survivable IP Ext field should not exceed these values 12 At the SAT enter change station extension to display the Station screen 13 Verify that the following fields are correct Survivable GK Node Name Survivable COR Inherited Class of Restriction COR permissions on page 123 shows the hierarchical relationship among the calling restriction categories Survivable Trunk Dest 14 Submit the screen Sta...

Page 123: ...y ETR functionality and calls through the CO are permitted in this class 2 Local Users can only dial these call types locl public network local number call op operator svc service hnpa 7 digit NANP call 3 Toll Users can only dial these call types fnpa 10 digit NANP call natl non NANP call Standard Local Survivability SLS Administering Avaya G430 Branch Gateway October 2013 123 ...

Page 124: ...ge 132 Name on page 133 Security Code The security code required by users for specific system features and functions are as follows Extended User Administration of Redirected Calls Personal Station Access Redirection of Calls Coverage Off Net Leave Word Calling Extended Call Forwarding Station Lock Voice Message Retrieval Terminal Self Administration Enterprise Mobility User Extension to Cellular ...

Page 125: ...ation about current documentation product notices knowledge articles go to the Avaya Support website at http support avaya com Telephone type Model Administer as Single line analog 500 500 2500 2500 with Message Waiting Adjunct 2500 6210 6210 6211 6210 6218 6218 6219 6218 6220 6220 6221 6220 CallerID Analog telephone w Caller ID CallrID 7101A 7102A 7101A 7103A Programmable and Original 7103A 7104A...

Page 126: ...05S 7316H 7317H 7309H 7309H 7313H 7313H 7313H 7314H 7314H 7315H 7315H 7316H 7316H 7317H 7317H Multi appearance digital 2402 2402 2410 2410 2420 2420 6402 6402 6402D 6402D 6408 6408 6408 6408 6408D 6408D 6408D 6408D 6416D 6416D 6424D 6424D 7401D 7401D 7401 7401 7403D 7403D Multi appearance digital 7404D 7404D 7405D 7405D 7406D 7406D Standard Local Survivability SLS 126 Administering Avaya G430 Bran...

Page 127: ...B 8411D 8411D 8434D 8434D 9404 9404 9408 9408 CALLMASTER I 602A1 CALLMASTER II III IV 603A1 603D1 603E1 603F1 CALLMASTER VI 606A1 IDT1 7403D IDT2 7406D IP Telephone 4601 Note When you add a new 4601 IP telephone you must use the 4601 station type This station type enables the Automatic Callback feature 4601 4602 4602 Standard Local Survivability SLS Administering Avaya G430 Branch Gateway October ...

Page 128: ...25 4625 4690 4690 9608 9608 9610 9610 9611 9611 9620 9620 9621 9621 9630 9630 9640 9640 9641 9641 9650 9650 SIP IP Telephone 4602SIP with SIP firmware 4610SIP with SIP firmware 4620SIP with SIP firmware 4620SIP CC Call Center SIP Softphone Avaya one X Desktop Toshiba SP 1020A Note You must administer any telephone that has SIP firmware 4620SIP Standard Local Survivability SLS 128 Administering Ava...

Page 129: ...11SIP 9621 with SIP firmware 9621SIP 9641 with SIP firmware 9641SIP 9608 with SIP firmware for call center 9608SIPCC 9611 with SIP firmware for call center 9611SIPCC 9621 with SIP firmware for call center 9621SIPCC 9641 with SIP firmware for call center 9641SIPCC H 323 SoftPhone Road warrior application H 323 or DCP type Native H 323 H 323 Single connect H 323 or DCP type ISDN BRI station asai Any...

Page 130: ... XMOBILE EC500 DECT PHS XMOBILE ISDN BRI data module 7500 7500 SBS Extension SBS test extension no hardware sbs Port The Auxiliary and Analog ports assigned to the station are as follows Valid Entry Usage 01 to 64 The first and second numbers are the cabinet numbers A to E The third character is the carrier 01 to 20 The fourth and fifth characters are the slot numbers G650 has 14 slots 01 to 32 Th...

Page 131: ... a valid IP node name is entered into this field Communication Manager adds the IP address of this gateway to the bottom of the Alternate Gatekeeper List for this IP network region As H 323 IP stations register with Communication Manager this list is sent down in the registration confirm message With this the IP station can use the IP address of this Survivable Gatekeeper as the call controller of...

Page 132: ... interrogate the Communication Manager administration tables and obtain the class of service information PIM module builds a managed database to send for SLS on the Branch Gateways Available for all analog and IP station types Valid Entry Usage y Allows this station to be an incoming trunk destination while the Branch Gateway is running in survivability mode This is the default n Prevents this sta...

Page 133: ...ENCY Characters 18 through 24 of the Name field are not displayed at all Using PIM to manage SLS administration on the Branch Gateway Before you begin Before enabling SLS you must gather provisioning data from PIM and deliver it to the Branch Gateway Run PIM s Device Profile Wizard to perform this task The Device Profile Wizard gathers a subset of the Communication Manager translations dial plan a...

Page 134: ...profile from the left panel or from the Device Profile list page 6 Proceed through the Device Profile Wizard to the Details page Set the CM version field to 4 0 7 Proceed through the Device Profile Wizard to the SLS ARS page and perform the following a Select the Enable the SLS feature on this device checkbox to enable SLS on the Branch Gateway A cleared checkbox means that SLS is disabled b Selec...

Page 135: ... Use the following fields on the SLS ARS Entry page to administer an Automatic Route Selection in SLS Related topics Dialed String on page 135 Min on page 135 Max on page 136 Del on page 136 Replacement String on page 136 Call Type ARS only on page 136 Trunk Group on page 137 Permit Deny on page 137 Dialed String Communication Manager matches the dialed numbers with the entry in the Dialed String ...

Page 136: ...entry Usage China Number 1 Call Type intl Use this option for public network international calls toll auto alrt Use this option to alert attendant consoles or other digital telephones when a user places an emergency call normal emer Use this option for emergency calls normal fnpa Use this option for ten digit North American Numbering Plan NANP calls attendant hpna Use this option for seven digit N...

Page 137: ...server Permit Deny Indicates whether the call should be permitted or denied PIM Device Profile Wizard buttons Button Description View Extract Displays the current SLS administration data set for this Branch Gateway Perform Extract Extracts the SLS information from the controlling Communication Manager server for this Branch Gateway Actions Enables you to edit or delete a previously administered en...

Page 138: ...k Procedure To disable SLS on the Branch Gateway enter set sls disable The Branch Gateway responds with the message Survivable Call Engine is disabled Activating changes in SLS About this task To activate changes you make in SLS use the disable and enable SLS commands together To activate changes in SLS perform the following steps Procedure 1 Make any changes to SLS administration desired 2 While ...

Page 139: ... server PIM or configuration of the Branch Gateway through its CLI The Branch Gateway is registered with Avaya Aura Communication Manager The SLS is enabled on the Branch Gateway through its CLI S8300 is not serving as an Survivable Remote Server Branch Gateway is not subtending to another external server including Survivable Core Server or another Survivable Remote Server in another gateway SLS d...

Page 140: ...ctions on accessing the Avaya Aura Communication Manager through the Branch Gateway see Accessing the registered MGC on page 72 Collecting analog stations data Procedure 1 At the SAT enter list media gateway to display a list of administered gateways 2 Look for supported gateways in the Type field 3 Once you know the Branch Gateway of interest match the Branch Gateway model with the analog station...

Page 141: ...rest match the gateway model with the digital station ports MM712 MM717 4 At the SAT enter display port port number where port number is the DCP station port on the gateway The system displays the extension number assigned to the port 5 Once you know the extension enter display station extension to display the Station screen for this extension 6 Gather the necessary information for the following f...

Page 142: ...411B 8411D 8434D Survivable COR Survivable Trunk Dest Expansion Module Name For more information about these fields see Station screen field descriptions for Media Gateway on page 124 Standard Local Survivability SLS 142 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 143: ...IP Station screen in Step 6 on page 0 6 Enter list station type type where type is one of the supported IP stations The report lists all IP phones that could have the Survivable GK Node Name administered to the target media gateway The Survivable GK Node Name uniquely associates an IP phone with a particular Branch Gateway 7 Once a match is made between the station screen s Survivable GK Node Name...

Page 144: ...en use the various list commands on Communication Manager to look for physical port matches in the various trunk SAT forms in order to discover what translation information is needed 4 Identify the analog trunk ports Refer to Module port values in SLS trunk group context for analog trunks on page 183 5 Identify the BRI trunk ports Refer to Trunk port values in SLS trunk group context for digital t...

Page 145: ... Outgoing Channel ID Encoding Digit Handling in out Network Japan Needs Connect Before Disconnect Send Name Send Calling Number Incoming Calling Number Format Incoming Destination Trunk Hunt Sig Grp Trunk Group screen field descriptions Name Description Group Type This field specifies the type of trunks associated with this trunk group Outgoing Dial Type The only acceptable values are tone and rot...

Page 146: ... trunks Digits This field contains a value only when the Digit Treatment field is set to insert1 insert2 insert3 or insert4 Trunk Type Depends on trunk signaling type Analog trunks Loop start Ground start DID In Band DS1 trunks with CO Group Type Loop start Ground start In Band DS1 trunks with Tie Group Type Wink wink Wink immediate Wink auto Immediate Immediate Auto auto Auto wink Group Name Cust...

Page 147: ...t Specifies how to fill the Calling Party Number and Called Party Number IEs Incoming Destination Sets a destination station for routing incoming trunk group calls Trunk Hunt Determines the method in which the survivable call engine selects an available trunk from the trunk group pool Sig Grp Specifies the Signaling Group Number that is the manager of this ISDN trunk member Collecting DS1 trunks d...

Page 148: ... page 151 Protocol Version on page 151 DCP ANALOG Bearer Capability on page 152 ITN C7 Long Timers on page 152 Name Assigns a significant descriptive name to the DS1 link Use the vendor s circuit ID for the link in this field because that information helps troubleshoot problems with the link This field can also be used to indicate the function or the destination of this DS1 facility Accepts up to ...

Page 149: ...e This setting supports both Facility Associated Signaling and Non Facility Associated Signaling isdn ext Either T1 or E1 ISDN service This setting supports only Non Facility Associated Signaling Note NFAS is primarily a feature for ISDN T1 connections offered by service providers in North America and Hong Kong However it can also be used on private network connections and in that context it is po...

Page 150: ...otiates glare with the far end switch The servers at either end of the DS1 link must have complementary settings in this field Otherwise the D channel cannot function For example if the Avaya S8XXX server at one end of the link is administered as network the other end must be administered as user Available only when this DS1 link is providing an ISDN PRI connection in a private network Private net...

Page 151: ...er For connections to a public network your network service provider can tell you which country protocol they are using Available only with ISDN PRI and CAS signaling Valid Entry Usage 1 to 25 The country protocol used by the local telephone company central office at which this link terminates etsi The network service provider uses the European Telecommunications Standards Institute ETSI protocol ...

Page 152: ...erwise the D channel cannot function For example if the Avaya S8XXX server at one end of the link is administered as network the other end must be administered as user Available only when this DS1 link is providing an ISDN PRI connection in a private network Private network applications in the U S Valid Entry Usage network The server overrides the other end when glare occurs and when connecting th...

Page 153: ...ated topics Trunk Group for Channel Selection on page 153 Associated Signaling on page 153 Primary D channel on page 154 Trunk Board on page 154 Interface Id on page 154 Trunk Group for Channel Selection Available only if Group Type is atm h 323 or isdn pri Valid Entry Usage 1 to 2000 Trunk group number used for channel selection Associated Signaling Available only if Group Type field is isdn pri ...

Page 154: ... Id Needed only if the Associated Signaling is set to no Specifies the channel of the DS1 circuit that carries the D channel for ISDN signaling This is an integer from 0 through 31 Collecting administered ISDN BRI trunks data Procedure 1 At the SAT enter display bri trunk board location to display the DS1 administration for a particular circuit pack location 2 Gather the following ISDN BRI adminis...

Page 155: ... only ASCII characters Non ASCII characters such as Eurofont or Kanafont are displayed incorrectly on a BRI station ISDN BRI Trunk Interface Determines glare handling ISDN BRI Trunk Side QSIG glare handling when Interface is peerSlave ISDN BRI Trunk Country Protocol Specifies the Layer 3 signaling protocol used by the country specific service provider ISDN BRI Trunk DCP Analog Bearer Capability Se...

Page 156: ...field unless the port is busied out or unadministered Valid Entry Usage y Requires that an SPID be administered n Requires that an SPID and Endpt ID not be administered Layer 1 Stable The system displays the field only if you set the Termination Type field to TE Valid Entry Usage y The far end network is stable at Layer 1 n The far end network can drop Layer 1 after a call is completed and near en...

Page 157: ...administered location number If there is an ARS entry for the given location you must use this value exclusively in the SLS data set If there is no administered location at the SAT enter display feature access codes and gather the FAC information listed in Step 2 on page 0 Feature Access Code field descriptions Related topics Contact Closure Open Code on page 157 Contact Closure Close Code on page...

Page 158: ...and route accordingly This value must conform to the FACs or dial access codes defined by the dial plan Auto Route Selection ARS Access Code 2 Additional FAC used to access ARS This value must conform to the FACs or dial access codes defined by the dial plan ARS FAC This is used instead of the Features screen ARS FAC entry if the Loc No that correlates to the gateway has an entry in this screen th...

Page 159: ...tem parameters features to display the Feature Related System Parameters screen 7 Scroll to page 10 and read the value of the Date Format on Terminals field 8 At the SAT enter display media gateway n where n is the administered number of the Media Gateway of interest to display the Media Gateway screen 9 Read the Max Survivable IP Ext field value Codecs supported in SLS There can be up to seven di...

Page 160: ...enter list route pattern trunk group n where n is an administered trunk group to display the administered route patterns 2 For the first preference for this route pattern entry read the values of the following fields No Deleted Digits Inserted Digits 3 At the SAT enter list ars analysis to search the ARS Analysis table for row entries whose Route Pattern field matches the route pattern values that...

Page 161: ... Max Use this field to enter the maximum number of user dialed digits that the system collects to match to the dialed string Dialed String Communication Manager matches the dialed numbers with the entry in the Dialed String field that most closely matches the dialed number You can enter up to 18 digits that the call processing server analyzes You can also enter the wildcard characters x and X Coll...

Page 162: ...all blank Used as a wildcard so that any number associated with the specified service or feature can match in this field Called Len Valid Entry Usage 0 to 21 The number of digits received for an incoming call Zero is used when the Public Switched Telephone Network PSTN provider does not provide any Number Digits within the received Called Party IE such as in Japan blank When Called Number has also...

Page 163: ...tion extension class to enter a second level sub context for administering stations trunk group context that is invoked by entering trunk group tgnum group type to enter the second level sub context for administering trunk groups ds1 context that is invoked by entering ds1 port address to enter the second level sub context for administering DS1 trunks sig group context that is invoked by entering ...

Page 164: ...mand line prompt returns to its original state 4 Enter set pim lockout yes to prevent Provisioning and Installation Manager PIM updates while you are working on SLS administration of the Branch Gateway 5 If you want to change the maximum allowable IP registrations from the default enter set max ip registrations n where n is from 1 to 150 6 Use the set date format command to set a date format for t...

Page 165: ...e extension where access code specifies the dial access code for the attendant feature and extension specifies the station which serves as the branch office attendant position Incoming trunk calls that have dialed strings that cannot be completely routed will now be routed by SLS to this attendant position In addition stations in the branch office may directly dial the attendant using the access c...

Page 166: ...istering station parameters Procedure 1 At the Branch Gateway command prompt enter station extension class to enter a second level sub context to administer each phone that you want covered by SLS In this command extension is a 1 to 13 digit numeric string that may begin with 0 and class is analog dcp or ip For example station 1234567 ip administers an IP phone with the extension 1234567 The comma...

Page 167: ...ed for port 1 then set port v201 sets the previously administered dcp station 1234567 to the first physical DCP station port on the Branch Gateway s media module 4 Enter set cor cor to set the class of restriction COR for this extension where cor is one of the following emergency internal default local toll unrestricted There exists a hierarchical relationship among the calling restriction categor...

Page 168: ...SLS to recognize the switchhook flash signal that offers subsequent transfer features enter set swhook flash yes 9 Enter set name name to identify the user name for the station Use the 1 to 27 character name as specified on Communication Manager Type the name string inside double quotes 10 Enter show to check the station administration of the station being programmed The report lists the station p...

Page 169: ...8405B dcp8405D dcp8405D dcp8410B dcp8410D dcp8434D Module port values in SLS station configuration mode Gateway Media module Analog station ports DCP G430 or G450 MM711 8 possible ports MM712 8 possible ports MM714 4 possible ports ports 1 4 MM714B 4 possible ports ports 1 4 MM716 24 possible ports MM717 24 possible ports Standard Local Survivability SLS Administering Avaya G430 Branch Gateway Oct...

Page 170: ... double quotes 3 Enter set bit rate rate to set the maximum transmission rate in Mbps for the DS1 facility The rate can be either 1544 T1 or 2048 E1 4 Enter set signaling mode mode type to set the signaling mode for the DS1 facility where mode type is one of the following values cas Out of band signaling for E1 service yielding thirty 64 kbps B channels for voice transmission robbed bit In band si...

Page 171: ... set in Step 7 enter set side side to specify the glare mode either a or b 9 If the DS1 link is employed with ISDN enter set country protocol country code to specify the ISDN Layer 3 country protocol type where country code is one of the values in ISDN Layer 3 country codes on page 172 10 For countries whose public networks allow for multiple ISDN Layer 3 country protocols for ISDN Primary Rate se...

Page 172: ...ling Channel Connect Interface Side Protocol Ver Bearer Cmpd Ltm v3 1544 isdnpri seq network user a country1 a speech ulaw no 15 Enter exit to leave the ds1 context in SLS ISDN Layer 3 country codes Country Code Country 1 United States AT T mode also known as 5ESS 2 Australia Australia National PRI 3 Japan 4 Italy 5 Netherlands 6 Singapore 7 Mexico 8 Belgium 9 Saudi Arabia 10 United Kingdom ETSI 1...

Page 173: ...ervice Country code Description Possible Values Country 1 United States AT T mode also known as 5ESS National ISDN 1 Nortel mode also known as DMS Telecordia NI 2 a b c d Country 2 Australia Australia National PRI ETSI invalid invalid a b c d Country 10 United Kingdom DASS ETSI invalid invalid a b c d Country 12 France French National PRI ETSI invalid invalid a b c d Standard Local Survivability S...

Page 174: ...anager add trunk group n Type the name string inside double quotes 3 Enter set interface glare mode to specify the glare handling convention glare mode can be one of the following values For non QSIG calls For QSIG calls network If the Branch Gateway is connected to a host computer and encounters glare it overrides the far end user If the Branch Gateway is connected to a public network and encount...

Page 175: ... directory number to the B1 channel of the BRI link number is the provisioned number received from the network provider The number value must be identical to the number the network provider has assigned to the circuit 10 Enter set directory number b number to assign a directory number to the B2 channel of the BRI link number is the provisioned number received from the network provider The number v...

Page 176: ...determine the validity of a port assignment at administration time As a result there may not be more active trunk groups than there are physical trunk members within a given Branch Gateway In addition a combo port may only be used for one active assignment For example the analog station DID trunk ports may be either allocated to serve as an analog station or as an analog DID trunk but not both The...

Page 177: ...numbers and ARS Feature Access Code FAC strings For example set tac 88 establishes access to this trunk group by dialing 88 4 Enter add port module port sig group to specify the port that is compatible with the device and or media module The sig group argument is necessary for a digital ISDN PRI trunk It is an integer number from 1 to 650 that specifies the signaling group associated with the mana...

Page 178: ...igns wink start incoming signaling supervision to a DID trunk group 6 For a non ISDN digital trunk t1 inband or e1 inband enter set supervision sup type to set the incoming signaling supervision mode where sup type can be one of the following loop start ground start wink wink wink immediate wink auto immediate immediate auto auto auto wink 7 For an analog DID trunk group or DS1 non ISDN tie trunk ...

Page 179: ...eset display codeset to identify which Q 931 codesets are allowed to send display information to the user phone codeset0 codeset6 or codeset7 11 For ISDN trunks enter set codeset national codeset to identify which Q 931 codesets are allowed to send National Information Elements IEs or display information to the user phone codeset6 or codeset7 12 For ISDN trunks enter set channel preference type to...

Page 180: ...ent to the network on outgoing or incoming calls method can be one of the following no The number is not sent to the network for incoming or outgoing calls yes The number is sent to the network for incoming or outgoing calls restricted The number is sent to the network as Presentation restricted Note For this release specify method as no since sending a Calling Party Number is a future feature 17 ...

Page 181: ...cular A circular search beginning with the point at which the search previously ended When the search has reached the top of the channel list it resumes at the bottom of the list in wrap around fashion descend A linear search from the highest to the lowest numbered available channels 21 Enter show to check the trunk group administration The following example shows all four trunk members assigned t...

Page 182: ...s bri MM721 16 Eight physical ports each offering B1 and B2 channels bri MM722 4 Two physical ports each offering B1 and B2 channels t1 isdn MM710 23 D channel is associated with this facility FAS t1 isdn MM710 24 D channel is not associated with this facility NFAS and the DS1 s signaling mode is set to isdnext e1 isdn MM710 30 D channel is associated with this facility FAS e1 isdn MM710 31 D chan...

Page 183: ...els bri MM720 16 bri MM721 16 bri MM722 4 t1 isdn MM710 23 FAS 24 NFAS e1 isdn MM710 30 FAS 31 NFAS t1 inband MM710 24 e1 inband MM710 30 Administering signaling group parameters Procedure 1 Enter sig group sgnum where sgnum is any number from 1 to 650 The command line prompt changes to sls sig group sgnum If you want to remove the signaling group from the SLS administration enter exit to leave th...

Page 184: ...n that context it is possible to set up NFAS using ISDN E1 interfaces If you are using NFAS enter add nfas interface gateway module interface id where gateway is the 3 digit Branch Gateway identifier module is the 2 character slot identifier and interface id is the DS1 circuit number associated with the NFAS group The value of interface id is received from the network service provider Note The Nor...

Page 185: ...tionship between the various dial types and the COR permissions 3 Enter set max length length to define the maximum length of the dialed string This must be set prior to the minimum length if the minimum length is larger than the default value 4 Enter set min length length to define the minimum length of the dialed string 5 Enter set tgnum tgnum to designate a trunk group for which this dialed str...

Page 186: ...on extension numbers when the Service Provider s DNIS plan does not directly reflect the station extension number length used in the Branch Gateway s dial plan Note Since the PIM application does not automatically extract this information from the Communication Manager SAT screen for Incoming Digit Treatment Handling you must enter this SLS information using the Branch Gateway CLI interface Proced...

Page 187: ...ne the number of digits to be deleted from a dialed string Enter set insert digits digits to define the number of digits to be inserted at the beginning of a dialed string Note that this action takes place after the deletion task has been completed for the enbloc receiving mode 6 Enter exit to leave the incoming routing context in SLS 7 Enter show to check the incoming routing administration The r...

Page 188: ...directory number to the B2 channel of the BRI interface in SLS set endpoint init Determine whether or not the far end supports endpoint initialization in SLS set interface Specify the glare handling convention for a BRI link in SLS set interface companding Set the interface to agree with the companding method used by the far end of the DS1 circuit for SLS mode set layer1 stable Determine whether o...

Page 189: ...entification TEI address in SLS show List all BRI SLS parameters for this BRI port clear attendant Delete the administered attendant provisioning in SLS clear bri Delete the administration for a given BRI channel in SLS clear dial pattern Delete a single dialed string pattern entry in the SLS data set clear ds1 Delete the administration for a specific DS1 channel in SLS clear fac Delete an adminis...

Page 190: ...S dial patterns for SLS set delete digits Specify the number of digits to be deleted from the beginning of the dialed string for an outbound call in SLS set deny Permit or deny access to an outbound trunk in SLS set insert digits Specify the number of digits to be inserted at the beginning of the dialed string for an outbound call in SLS set max length Establish the maximum length of the dialed st...

Page 191: ... DS1 link in SLS set country protocol Specify the ISDN Layer 3 country protocol type in SLS set interface Specify the glare handling convention for a DS1 link in SLS set interface companding Set the interface to agree with the companding method used by the far end of the DS1 circuit for SLS mode set long timer Increase the duration of the T303 call establishment timer in SLS set name Identify the ...

Page 192: ...he dialed string for an inbound trunk call in SLS set insert digits Specify number of digits to be inserted at the beginning of the dialed string for an inbound trunk call in SLS set length Specify the length of the dialed string in SLS set match pattern Specify the beginning digit pattern of the incoming alphanumeric dial string to be matched against in SLS show List all incoming routing SLS para...

Page 193: ...ed attendant provisioning show bri List the administered BRI parameters for SLS show date format Display the current date format for the SLS data set show dial pattern List all dial pattern strings in the SLS data set show ds1 List the administered DS1 parameters for SLS show fac List the administered Feature Access Codes for SLS show incoming routing Show all of the administered dial patterns in ...

Page 194: ... list of DS1 modules that are controlled by the primary D channel in SLS remove nfas interface Remove a member from a NFAS managed DS1 group in SLS set associated signaling Specify whether the D channel is physically present in the DS1 interface in SLS set primary dchannel Identify the D channel number in SLS set trunk group chan select Specify the trunk group number that can accept incoming calls...

Page 195: ...ook flash signal from a particular analog station and to provide a subsequent transfer service set trunk destination Administer a station extension to be included in a pool of stations that can receive incoming analog loop start trunk calls in circular queuing in SLS set type Administer specific phone models for SLS show List all Station SLS parameters for this station trunk group Administer trunk...

Page 196: ...at class of service is being specified as part of the scocs service declared in the Network Services Facility information element set channel preference Define how the Channel Identification IE field is encoded in SLS set codeset display Specify which Q 931 codesets are allowed to send display information to the user phone in SLS set codeset national Specify which Q 931 codesets are allowed to sen...

Page 197: ...ialtone Provide a dial tone in response to far end trunk group seizures in SLS set japan disconnect Perform a disconnect sequence CONNECT message followed by a DISCONNECT message in SLS set name Identify the user name for a trunk group in SLS set numbering format Specify the numbering plan for this trunk in SLS set send name Define whether or not the calling connected called or busy party s admini...

Page 198: ...e trunks only in SLS set tac Administer the trunk access codes for SLS set trunk hunt Specify the trunk hunting search within a facility in an ISDN trunk group or through a non ISDN digital trunk group in SLS show List all trunk group SLS parameters for this trunk group Standard Local Survivability SLS 198 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 199: ...n the front panel port 10 2 Cables used for connecting devices to the fixed router Use a standard network cable when you connect one of the following devices to the fixed router port WAN endpoint device Switch Router Use a crossover network cable when you connect a computer or other endpoint device to the fixed router port For all other Ethernet ports on the Branch Gateway you can use either a sta...

Page 200: ...ation CLI commands For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Command Description set port duplex Configure the duplex type full or half duplex of an Ethernet or Fast Ethernet port or range of ports You can configure Ethernet and FastEthernet interfaces to either full duplex or half duplex The duplex status of a port in auto negotiation mode is determ...

Page 201: ...he send receive mode for flow control frames IEEE 802 3x or proprietary for a full duplex port Each direction send or receive can be configured separately Use the show port flowcontrol command to display port flow control information set port level Set the default packet priority level for untagged packets Packets traveling through a port set at normal priority should be served only after packets ...

Page 202: ...configuration CLI commands on page 203 Roadmap for configuring additional features on the WAN Ethernet port Primary Management Interface PMI For more information see Primary Management Interface PMI configuration on page 64 Advanced router features For more information see The router on page 479 VoIP queuing For more information see Commands used to configure QoS parameters on page 240 Access cont...

Page 203: ... port configuration CLI commands For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command Command Description interface fastethernet Enter interface fastethernet configuration mode autoneg Set the port speed and duplex to auto negotiation mode no autoneg Disable the auto negotiation mode duplex Set the duplex setting full or half for the interfac...

Page 204: ...n to receiving an IP address an Branch Gateway DHCP client can optionally request to receive a domain name a list of default routers and a list of available DNS servers Note The Branch Gateway can function as both a DHCP server and a DHCP client simultaneously That is you can connect a cable modem for an Internet connection to the WAN Fast Ethernet in order to use the Branch Gateway as a DHCP clie...

Page 205: ...e 1 Enter the context of the FastEthernet interface For example Gxxx 001 interface fastethernet 10 2 Gxxx 001 config if FastEthernet 10 2 2 Optionally configure DHCP client parameters If you do not configure these parameters their default values are used Use the ip dhcp client client id command to set the client identifier for the DHCP client By default the client identifier is usually the MAC add...

Page 206: ...s default route The object tracker continuously checks the validity of the default route that is whether data can be transmitted over the default route Whenever the object tracker determines that the default route has become invalid the route is dropped from the routing table and traffic is routed to alternate routes If the default route becomes valid again it is added back to the routing table To...

Page 207: ...appears displaying the IP address and mask assigned by the DHCP server For example Interface FastEthernet 10 2 assigned DHCP address 193 172 104 161 mask 255 255 255 0 For a description of these commands see Summary of DHCP client configuration CLI commands on page 208 or Avaya G430 Branch Gateway CLI Reference Commands used for DHCP client maintenance show ip dhcp client show ip dhcp client stati...

Page 208: ... Avaya G430 Branch Gateway CLI Reference Summary of DHCP client configuration CLI commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command Command Description clear ip dhcp client statistics Clear the DHCP client statistics counters interf...

Page 209: ... new process of allocating a new IP address show ip dhcp client Display the configuration of the DHCP client show ip dhcp client statistics Display the DHCP client statistics counters LLDP configuration IEEE 802 1AB Link Layer Discovery Protocol LLDP simplifies troubleshooting of enterprise networks and enhances the ability of network management tools to discover and maintain accurate network topo...

Page 210: ... is stored in the network devices and is available to network management systems LLDP information is associated with the specific device that sends it The device itself is uniquely identified by the receiving party port via chassis ID and port ID values Multiple LLDP devices can reside on a single port using a hub for example and all of the devices are reported via MIB You can enable Rx only TX on...

Page 211: ...LVs and accepts LLDP TLVs from neighboring devices supporting LLDP on the specified port For example Gxxx 001 super set port lldp 10 3 rx and tx Done 3 Optionally configure additional TLVs transmission using the set port lldp tlv command This allows you to advertise additional data about the device s and port s VLAN information VLANs and system capabilities Additional TLVs are disabled by default ...

Page 212: ...he show lldp command Related topics Supported ports for LLDP on page 212 Supported ports for LLDP You can configure only ports 10 3 and 10 4 to support LLDP Summary of LLDP configuration CLI commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Command De...

Page 213: ...e transmission of the optional TLVs on a per port basis show lldp Display the LLDP information received on each port show lldp config Display the global LLDP configuration show port lldp config Display port level LLDP configuration show port lldp vlan name config Show the VLANs that are being transmitted on a specific port Switch Ethernet port configuration Administering Avaya G430 Branch Gateway ...

Page 214: ...Ethernet ports 214 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 215: ... terminated You can define filters for each sink to limit the types of messages the sink receives see Logging filter configuration on page 224 The logging facility logs configuration commands entered through the CLI or through SNMP as well as system traps and informative messages concerning the behavior of various processes However a user enabling the log will only see entered commands with a user...

Page 216: ...onfiguration A Syslog server is a remote server that receives logging messages using the Syslog protocol This enables storage of large log files that you can use to generate reports Related topics Defining Syslog servers on page 216 Disabling Syslog servers on page 218 Deleting Syslog servers on page 218 Displaying the status of the Syslog server on page 219 Syslog sink default settings on page 21...

Page 217: ...ing the set logging server facility command followed by the name of the output facility and the IP address of the Syslog server If you do not define an output facility the default local7 facility is used For example Gxxx 001 super set logging server facility auth 147 2 3 66 Done The following is a list of possible facilities auth Authorization daemon Background system process clkd Clock daemon clk...

Page 218: ... output 5 Optionally define filters to limit the types of messages received see Logging filter configuration on page 224 Disabling Syslog servers Procedure Enter set logging server disable followed by the IP address of the Syslog server For example Gxxx 001 super set logging server disable 147 2 3 66 Done Deleting Syslog servers About this task You can delete a Syslog server from the Syslog server...

Page 219: ...efined on the server Gxxx 001 super show logging server condition 147 2 3 66 Message logging configuration of SYSLOG sink Sink Is Enabled Sink default severity Warning Server name 147 2 3 66 Server facility auth Server access level read only Syslog sink default settings Severity Warning Facility Local 7 Access level Read write Syslog message format Syslog messages are arranged chronologically and ...

Page 220: ...owing commands to copy a syslog file copy syslog file ftp copy syslog file scp copy syslog file tftp copy syslog file usb For a description of these commands see Summary of logging configuration CLI commands on page 230 For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI ...

Page 221: ...e output sink on page 222 Example display of log file messages The show logging file content command displays the messages in the log file Note that the user enabling the log sees only entered commands with a user level no higher than the user s privileges A user with read only privileges does not see entered commands having a read write user level Example Gxxx 001 super show logging file content ...

Page 222: ...01 super show logging file condition Message logging configuration of FILE sink Sink Is Enabled Sink default severity Informational Log file message format Log file messages appear in first in last out order They have the following format 01 18 2005 10 55 09 CLI Notification root set port disable 10 6 01 18 2005 10 49 03 SWITCHFABRIC Notification Port Connection Lost on Module 10 port 5 Each messa...

Page 223: ... on page 223 Example display of session logging configuration on page 223 Session logging message format on page 224 Example discontinuation of the display of system messages The following output is an example of the set logging session disable command used to discontinue the display of system messages to the terminal screen Example Gxxx 001 super set logging session disable Done Example display o...

Page 224: ...s cannot see entered commands with an admin user level Logging filter configuration You can use filters to reduce the number of collected and transmitted messages The filtering options are based on message classification by severity for each application For a specified sink you can define the threshold severity level for message output for each application Messages pertaining to the specified appl...

Page 225: ...ication For a list of the severity levels and the default severity settings see Severity levels on page 225 ip address is the IP address of the Syslog server For example Gxxx 001 super set logging server condition dialer critical 147 2 3 66 Done Gxxx 001 super set logging file condition dhcps warning Done Gxxx 001 super set logging session condition ISAKMP Information Done You can also filter the ...

Page 226: ... You can define filters for any application listed in the following table Application Description arp Address Resolution Protocol mechanism boot System startup failures cdr Call Detail Recording Registers the active calls in SLS mode cli CLI cna tp CNA test plugs config Configuration changes dhcp relay DHCP requests relaying dhcpc DHCP client package dhcps DHCP server package dialer Dialer interfa...

Page 227: ... rtp stat RTP MIB statistics saa RTR probes messages security Secure logging authentication failure snmp SNMP agent stp Spanning tree package supply Power supply system switchfabric Switch fabric failures system Operating system failures tftp Internal TFTP server threshold RMON alarms tracker Object tracker messages usb USB devices messages usb modem USB modem messages vj comp Van Jacobson header ...

Page 228: ...rom the boot application to those with severity level of informational or more severe and messages from the cascade application to those with severity level of alert or more severe Gxxx 001 super set logging file enable Done Gxxx 001 super set logging file condition boot informational Done Gxxx 001 super set logging file condition cascade alert Done Session log example The following example enable...

Page 229: ...een capture log file to Avaya through an email or as an attachment For more information about accessing diagnostic logs see CLI Reference Avaya Branch Gateway G430 03 603234 For example iW ZH YL Z E M EsZ E Z ZH YL Zj M ZZZZZZDZJ _3 Zl ZNLMR EZZZZZZDZw3 Zl E ZK Esz NZDZ w _3 Z lZjLMR EZZZZZZZZDZ0 w ZiW Zl YZn ZzsDZ Z Z dizM DZwD0TD0_Z Z glgiZA 2z Z Md OZ ZZg onZZZZHHpnn WWDMMDss WsZZZZgKgjiZhtjnAg...

Page 230: ... the history log and open a new empty log file clear logging server Delete the specified Syslog message server from the Syslog server table set logging file Manage the logging of system messages to non volatile memory NVRAM set logging server Define a new Syslog output server for remote logging of system messages set logging server access level Set the access level associated with a Syslog server ...

Page 231: ...tered commands with a user level no higher than the user s privileges A user with read only privileges does not see entered commands having a read write user level show logging server condition Display the filter conditions defined for the Syslog output sink show logging session condition Display the filter conditions defined for message logging to the current console session System logging Admini...

Page 232: ...System logging 232 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 233: ...age 233 You can use many types of telephones and trunks that do not directly support VoIP The Branch Gateway translates voice and signalling data between VoIP and the system used by the telephones and trunks Related topics RTP and RTCP configuration on page 233 Header compression configuration on page 234 Commands used to configure QoS parameters on page 240 Weighted Fair VoIP Queuing on page 242 ...

Page 234: ...led However when enabling header compression on a Frame Relay interface you must first verify that the remote host is also employing header compression Header compression on a Frame Relay interface does not check what the remote host is employing Thus it may compress headers even when the remote host is not configured to decompress headers You can configure how often a full header is transmitted e...

Page 235: ... to RTP TCP and UDP headers Note You cannot specify IPHC for a Frame Relay non IETF interface Procedure 1 Optionally configure the following header compression parameters If you do not configure these parameters their default values are used ip rtp compression connections ip tcp compression connections ip rtp max period ip rtp max time ip rtp non tcp mode IETF mode is not compatible with non IETF ...

Page 236: ...he no form of the command you employed in the interface context no ip rtp header compression or no ip tcp header compression Summary of IPHC header compression CLI commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command First level comman...

Page 237: ...ers ip rtp max time Set the maximum number of seconds between full headers ip rtp non tcp mode Set the type of IP header compression to ietf or non ietf When set to ietf the command performs IP header compression according to IPHC RFCs When set to non ietf the command performs IP header compression compatible with other vendors which do not strictly follow the RFCs The default header compression m...

Page 238: ...ace Procedure 1 Optionally use the ip tcp compression connections command to control the number of TCP header compression connections supported on the interface Use the no form of this command to restore the default value of 16 connections For example Gxxx 001 config if Dialer 1 ip tcp compression connections 24 Done 2 Use the ip tcp header compression command to enable TCP header compression on t...

Page 239: ...t these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command First level command Description clear ip tcp header compression Clear TCP header compression statistics for all enabled interfaces or for a specific interface interface dialer Enter the Dialer interface context ip tc...

Page 240: ...ssion clear ip rtp header compression clear ip tcp header compression Commands used to configure QoS parameters The Branch Gateway uses MGCP H 248 protocol for call signalling and call routing information Use the following commands to configure QoS for signalling and VoIP traffic set qos control set qos signal show qos rtcp set qos bearer For more information about these commands see Summary of Qo...

Page 241: ...a Branch Gateway G450 CLI Reference Commands used to configure RSVP parameters VoIP can use the RSVP protocol to reserve network resources for voice data while communicating with other Gateways and other VoIP entities such as IP phones and Softphones set qos rsvp show qos rtcp Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see Summary of QoS RSVP and RT...

Page 242: ...or 802 1Q for the Media Gateway Processor show qos rtcp Display QoS RSVP and RTCP parameters for IPv4 and IPv6 Weighted Fair VoIP Queuing Weighted Fair VoIP Queuing WFVQ combines weighted fair queuing WFQ for data streams and priority VoIP queuing to provide the real time response time that is required for VoIP WFQ is applied to data streams to provide fair bandwidth distribution among different d...

Page 243: ...command only for troubleshooting fair voip queue Enable Weighted Fair VoIP Queuing WFVQ on the current interface WFVQ is the recommended queuing mode for interfaces The no form of the fair voip queue command does not exist If you enter the command no fair voip queue it will actually enable WFVQ if WFVQ is not already enabled priority queue Enable or disable priority queuing mode in a FastEthernet ...

Page 244: ... change in the bearer queue size Related topics Summary of priority queueing configuration CLI commands on page 244 Summary of priority queueing configuration CLI commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command Command Description...

Page 245: ...ce bandwidth voip queue Enable or disable custom queueing for VoIP traffic no voip queue Disable VoIP queueing and re enable WFVQ voip queue delay Set the maximum query delay for which to estimate the high priority queue size necessary to meet the queuing delay show queueing Display the priority queue configuration VoIP QoS Administering Avaya G430 Branch Gateway October 2013 245 ...

Page 246: ...VoIP QoS 246 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 247: ...contract no configuration of the USB port is necessary for Services personnel to remotely access the Branch Gateway through a USB modem Related topics USB modem interface configuration on page 247 USB modem interface configuration By default the USB interface is enabled Its default parameter values are Interface status up PPP timeout absolute 10 ppp authentication ras ip address 10 3 248 253 255 2...

Page 248: ...the ppp chap secret command Note If the Branch Gateway firmware is replaced by an earlier firmware version the ppp chap secret is erased and must be re configured ras Remote Access Service mode is being used for authentication This is the default none No password is sent Summary of CLI commands for configuring the USB port for modem use For more information about these commands see the Avaya Branc...

Page 249: ... page 248 ppp chap secret Configure the shared secret used in PPP sessions with CHAP authentication ppp timeout authenticatio n Set the maximum time to wait for an authentication response show ppp authenticatio n Display PPP authentication status shutdown Disconnect an active PPP session and shut down the modem timeout absolute Set the number of minutes until the system automatically disconnects a...

Page 250: ...Modems and the Branch Gateway 250 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 251: ...ee Configuring PPPoE on page 252 2 Test the WAN configuration See WAN configuration and testing connectivity 3 Enter copy running config startup config to save the configuration Related topics PPPoE overview on page 251 PPPoE overview You can configure ETH WAN Fast Ethernet ports as a WAN port using PPPoE PPP over Ethernet PPPoE offers dialup style authentication and accounting and allows subscrib...

Page 252: ...re access concentrators which are the remote access servers Figure 8 Typical PPPoE Network Topology Related topics Configuring PPPoE on page 252 Summary of PPPoE commands on page 253 Configuring PPPoE Procedure 1 Enter the FastEthernet interface context with the interface fastethernet 10 2 command 2 Enter encapsulation pppoe to change the encapsulation to PPPoE You must change the encapsulation to...

Page 253: ...e avaya32 Done Gxxx 001 super if FastEthernet 10 2 ppp chap password 123456 Done 5 If the Branch Gateway is connected to the Internet via the FastEthernet interface configured for PPPoE and you define a VPN tunnel which specifies remote hosts by name it is recommended to use the ppp ipcp dns request command The command requests the list of available DNS servers from the remote peer during the PPP ...

Page 254: ...ap hostname Override the device hostname for PPP CHAP authentication ppp chap password Set the CHAP password for authentication with a remote peer ppp chap refuse Prevent the device from authenticating with CHAP after the device is requested by the remote peer ppp ipcp dns request Enable or disable requesting the list of available DNS servers from the remote peer during the PPP IPCP session ppp pa...

Page 255: ... the USB modem interface and the Fast Ethernet interface use the show interfaces command to verify that all line signals are up For example DCD up DSR up DTR up RTS up CTS up Use the show traffic shape command to view traffic shaping configuration parameters for all interfaces Use the show ip interface command to display information about IP interfaces To display information about a specific inter...

Page 256: ...erface GRE tunnel interface or Loopback interface can serve as a backup interface to a FastEthernet interface GRE tunnel interface or Loopback interface on the same module Note If the FastEthernet interface serving as a backup interface is configured as a DHCP client it sends no DHCP packets Therefore its IP address is not renewed until it becomes the primary interface If the FastEthernet interfac...

Page 257: ... 001 super interface fastethernet 10 2 Gxxx 001 super if FastEthernet 10 2 backup delay 0 60 Done Gxxx 001 super if FastEthernet 10 2 Interface backup relations rules Each interface can have only one backup interface A backup interface can serve as a backup for only one other interface Only one member of a primary and backup pair is active at any given time An interface is automatically deactivate...

Page 258: ...ol CAC the Branch Gateway can be configured to report zero bandwidth for bearer traffic to the MGC when the primary WAN link fails A matching configuration on the MGC allows it to block new calls if their bearer is about to go over the modem dial backup interface and to alert the user with a busy tone In this case the user is still able to place external calls manually if local PSTN trunks are ava...

Page 259: ...em dial backup uses the Branch Gateway s backup interface functionality to activate the Dialer interface for modem dial backup when the primary interface fails and to deactivate the Dialer interface when the primary interface is up again Currently modem dial backup does not support such features as Dial On Demand Routing DDR callbacks or RAS Modem dial backup cannot receive backup calls For more i...

Page 260: ...ious features required for an effective backup scenario for your VoIP installation Note Modem dial backup does not support backup dial ins or callbacks Some backup configurations require the remote host to receive a request for connection acknowledge end the connection and dial back the requester This configuration is not supported Related topics Typical installations on page 260 Prerequisites for...

Page 261: ...omplex interaction with IP routing and the remote RAS server For more detailed configuration examples see Application Note VoIP Network Resiliency Prerequisites for configuring modem dial backup At least one dialer string which determines the phone number s of the remote modem s dialed by the Dialer interface A configured interface to be backed up Read write or admin access level A modem Multimode...

Page 262: ...ip address 4 5 6 7 255 255 255 0 Done Enter ip address negotiated Enter ip unnumbered interface where interface is the name of another interface in the gateway for example the WAN interface from which an IP address for the Dialer interface is borrowed Use this command when you do not know who will eventually be your peer and you want to run dynamic routing protocols for example OSPF or RIP over th...

Page 263: ...hing PPP IPCP The default is 45 seconds For example Gxxx 001 if dialer 1 dialer wait for ipcp 100 Done 7 Configure an authentication method and parameters if required For PAP authenticating enter ppp pap sent username followed by a username and password For example Gxxx 001 if dialer 1 ppp pap sent username avaya32 password 123456 Done For CHAP authentication enter ppp chap hostname followed by a ...

Page 264: ...ion the Dialer interface dials the number associated with the first dialer string 10 From the general context use the ip default gateway dialer command to configure backup routing The following example configures a simple low priority via static route Gxxx 001 super ip default gateway dialer 1 1 low Done Note Define multiple routes to ensure that traffic reaches the Dialer interface Modem dial bac...

Page 265: ...bearer traffic keeping the dial circuit from becoming fully congested IGAR provides a path for gateway to gateway traffic destined for a remote Avaya Aura Communication Manager server by forcing voice calls to and from the branch office to use the PSTN for bearer traffic For more information on configuring Dynamic CAC see Dynamic CAC on page 280 For more information on configuring IGAR see Adminis...

Page 266: ... the branch office connect to an MGC located in the headquarters data center and an RAS is located in the headquarters data center with multiple phone lines available for dial access The primary WAN connection is a broadband link connected to the WAN FastEthernet port The Dialer PPP session uses CHAP encryption The corporate network is routed using OSPF An analog trunk connects the branch office t...

Page 267: ...equence on page 267 Command sequence explanation on page 269 Command sequence Step 1 Gxxx 001 super if Loopback 1 exit Gxxx 001 super interface loopback 1 WAN interfaces Administering Avaya G430 Branch Gateway October 2013 267 ...

Page 268: ...if Dialer 1 dialer persistent delay 5 Done Gxxx 001 super if Dialer 1 dialer string 1 3035384867 Done Gxxx 001 super if Dialer 1 dialer string 2 7325213412 Done Gxxx 001 super if Dialer 1 dialer modem interface usb modem Done Gxxx 001 super if Dialer 1 ip unnumbered 1 Loopback 1 Done Gxxx 001 super if Dialer 1 ip access group 305 out Done Gxxx 001 super if Dialer 1 exit Gxxx 001 super Step 11 G430...

Page 269: ...entication and a username of area5 The username area5 must be configured on the RAS as a legitimate user 5 Assign an initial delay for dialing with the dialer persistent initial delay command The initial delay prevents the Dialer from dialing out unnecessarily on reboot The primary WAN interface often requires a few moments to register itself as up and during that period the initial delay prevents...

Page 270: ...ge 247 12 Assign the Dialer interface to the interface you want to back up with the backup interface dialer command For example interface Dialer 1 is selected as the backup interface to interface FastEthernet 10 2 the primary WAN connection to the headquarters network The Dialer activates in the event of a failure of the FastEthernet port and all permitted traffic transverses the Dialer interface ...

Page 271: ...figuration see System logging on page 215 Note Syslog and log file logging are also available See System logging on page 215 Severity levels of the logging session The set logging commands must include a severity level All logging messages with the specified severity and higher are displayed The following are the available severity levels Information This message is for informational purposes and ...

Page 272: ...ence of the triggering event for the Dialer When the primary WAN interface is returned to an operational state a message is generated indicating that the conditions for triggering the Dialer are no longer being met and that the Dialer can be brought down None required Dialer 1 string string_ID dialer_string Informational The value of string_ID is equal to the ID of the string configured using the ...

Page 273: ...ler begins attempting to connect to the remote modem again Dialer 1 Modem is not ready Warning This message is generated when the Dialer interface has been triggered and the operational state of the Dialer is up but the Dialer is unable to communicate with the modem Troubleshooting steps Check modem cable connection to port Check modem cable connection to modem Check power to modem USB Modem Messa...

Page 274: ...empt to dial fails Troubleshooting steps Check modem configuration for proper initialization string PPP Messages PPP Messages are messages generated by the PPP session Log Message Severity Possible cause Action LCP Up Down Informational LCP is used by PPP to initiate and manage sessions LCP is responsible for the initial establishment of the link the configuration of the session the maintenance of...

Page 275: ...sion but does not have the IP address of the local interface to define the session Without IP address information on both sides of the session the PPP session cannot begin passing IP traffic Troubleshooting steps Check Dialer interface configuration to ensure an IP address is configured either as a static address or through Dynamic IP addressing or through IP unnumbered Summary of modem dial backu...

Page 276: ...t for ipcp Set the maximum time the Dialer waits between dialing a number to successfully establishing PPP IPCP ip address Assign an IP address and mask to an interface ip address negotiated Enable obtaining an IP address via PPP IPCP negotiation ip unnumbered Configure an interface to borrow an IP address from another interface ppp ipcp dns request Enable requesting DNS information from the remot...

Page 277: ...which it is important to determine as quickly as possible whether the next hop is available See Policy based routing on page 587 Note ICMP keepalive has been replaced by the object tracking feature that supports keepalive probes over WAN FastEthernet Loopback PPPoE and Dialer PPP interfaces ICMP keepalive is still supported for backward compatibility For information about object tracking see Objec...

Page 278: ...anism For details see GRE tunneling on page 434 Note For details on DHCP Client see DHCP client configuration on page 204 Related topics Command used for enabling the ICMP keepalive feature on page 278 Commands used to define the ICMP keepalive parameters on page 278 Example of configuring ICMP keepalive on page 279 Summary of ICMP keepalive configuration commands on page 279 Command used for enab...

Page 279: ...icmp 135 64 2 12 11 22 33 44 55 66 Gxxx 001 super if FastEthernet 10 2 keepalive icmp interval 5 Gxxx 001 super if FastEthernet 10 2 keepalive icmp timeout 1 Gxxx 001 super if FastEthernet 10 2 keepalive icmp failure retries 3 Gxxx 001 super if FastEthernet 10 2 keepalive icmp success retries 2 Done Summary of ICMP keepalive configuration commands For more information about these commands see the ...

Page 280: ...ed on an interface the Branch Gateway informs the MGC of the actual bandwidth of the interface and instructs the MGC to block calls when the bandwidth is exhausted Dynamic CAC is especially useful in situations where a primary link is down and a backup link with less bandwidth than the primary link is active in its place Without dynamic CAC the MGC is unaware that the interface has switched over t...

Page 281: ...or Guide for Avaya Aura Communication Manager For more information about these commands see Summary of dynamic CAC configuration commands on page 281 or Avaya Branch Gateway G430 CLI Reference Summary of dynamic CAC configuration commands For more information about these commands see the Avaya G430 CLI Reference Root level command Command Description interface dialer loopback fastethernet tunnel v...

Page 282: ...ations when the state changes In particular object tracking is used to monitor Interface states and routes states where routes can be static routes the DHCP client default route or PBR next hops The purpose of object tracking is to track the state up down of various objects in the system using keepalive probes and notify registered applications when the state changes Configuring object tracking is...

Page 283: ...n commands on page 296 Configuring object tracking Procedure 1 Configure RTRs to monitor remote devices and learn if their state is up or down Each RTR has a state inactive Not running up The remote device is considered up down The remote device is considered down 2 Configure object trackers to track the states of RTRs Each object tracker calculates its own state as either up or down based on the ...

Page 284: ...er rtr followed by a number from 1 to 30 to create the RTR For example Gxxx 001 config rtr 5 Gxxx 001 config rtr 5 2 Use the type command to specify the remote device by address and specify the probing method to be employed by the RTR probe ICMP Echo or TCP Connection If you specify a TCP Connection operation also specify which port to probe in the remote device Examples Gxxx 001 config rtr 5 type...

Page 285: ...cify the same next hop for the RTR This ensures it will be sent over the next hop it should monitor If the interface is an Ethernet interface FastEthernet not running PPPoE or VLAN interface specify also the interface s MAC address For example Gxxx 001 config rtr icmp 5 next hop interface fastethernet 10 2 mac address 00 01 02 03 04 05 Done 6 Optionally use the source address command to specify a ...

Page 286: ... icmp 5 exit Gxxx 001 config rtr schedule 5 start time now life forever Once an RTR s probing method and remote device address are configured you cannot change them If you exit the RTR type context and you want to modify the configuration of the RTR you can enter the RTR context using the rtr command and specifying the RTR ID From the RTR context you can run the various modification commands descr...

Page 287: ...rack list from 1 to 50 and to specify how to calculate the state of the track list The calculation can be either a Boolean or a Threshold calculation Note If you do not specify how to calculate the state of the track list it is calculated by default using the Boolean AND argument This means that the list is up if all objects are up and down if one or more of the objects are down Examples Gxxx 001 ...

Page 288: ... track list 10 threshold count up 2 down 1 Done Note Object trackers operate indefinitely once they are defined To stop the operation of an object tracker use the no track command to delete the object tracker Object tracking configuration workflow rtr type frequency dscp next hop source address wait interval fail retries success retries rtr schedule track id rtr description track id list descripti...

Page 289: ... of tracking a group of devices on page 291 Viewing RTR and object trackers logging Procedure 1 Enter set logging session enable to enable logging to the CLI terminal For example Gxxx 001 set logging session enable Done CLI Notification write set logging session enable 2 Use the set logging session condition saa to view all RTR messages of level Info and above For example Gxxx 001 set logging sess...

Page 290: ...x 001 config rtr icmp 5 wait interval 2 seconds Done Gxxx 001 config rtr icmp 5 fail retries 3 Done Gxxx 001 config rtr icmp 5 success retries 1 Done Gxxx 001 config rtr icmp 5 exit Gxxx 001 config rtr schedule 5 start time now life forever 2 The second step is to configure an object tracker which tracks the state of RTR 5 For example Gxxx 001 config track 1 rtr 5 Gxxx 001 config track rtr 1 descr...

Page 291: ...1 config rtr 6 type tcpConnect dest address 20 0 0 1 dest port 80 Gxxx 001 config rtr tcp 6 frequency 500 milliseconds Done Gxxx 001 config rtr tcp 6 dscp 34 Done Gxxx 001 config rtr tcp 6 next hop interface fastethernet 10 2 mac address 00 01 02 03 04 05 Done Gxxx 001 config rtr schedule 6 start time now life forever Gxxx 001 config rtr tcp 6 exit 2 The second step is to configure several object ...

Page 292: ... For an example of how to track the DHCP client default route see Typical application tracking the DHCP client default route on page 296 Related topics Typical application VPN failover using object tracking on page 292 Typical application backup for the WAN FastEthernet interface on page 293 Typical application interface backup using policy based routing on page 294 Typical application tracking th...

Page 293: ...Note When using a broadband modem either xDSL or cable it is recommended to run the VPN application Related topics Configuring the backup mechanism on page 293 Configuring the backup mechanism Procedure 1 Define four RTRs to probe the four entrances to the main office Configure each RTR to run immediately and forever 2 Define four object trackers to track the four RTRs 3 Define a track list consis...

Page 294: ... with the track list interface fastethernet 10 2 bandwidth 96 encapsulation pppoe traffic shape rate 96000 ip address negotiated keepalive track 50 exit Configure the loopback 1 interface interface loopback 1 ip address 10 0 0 1 255 0 0 0 exit Assign the loopback 1 interface to be the backup interface for interface WAN FastEthernet 10 2 interface fastethernet 10 2 backup interface loopback 1 backu...

Page 295: ...ng DHCP client It is necessary to define static routes in order to prevent loops Therefore the IP route command allows configuration of static routes over WAN Fast Ethernet running DHCP client When the WAN Fast Ethernet is up policy based routing routes this traffic via the WAN FastEthernet interface When the track list defined in the previous typical application is down policy based routing route...

Page 296: ...rned from a specific interface the object tracker tracks only the first one Apply DHCP client on the WAN Fast Ethernet interface fastethernet 10 2 ip address dhcp exit Configure the RTRs and object trackers Use the next hop command to ensure that the RTR is sent over the next hop it is monitoring which is the WAN Fast Ethernet running DHCP client 192 30 3 1 is the remote HQ peer IP address rtr 2 t...

Page 297: ... probes next hop Specify the next hop for the RTR probes bypassing normal routing source address Set the source IP address for RTR operations success retries Set how many consecutive answered probes change the status of an RTR operation device from down to up wait interval Set how long to wait for a device to answer an RTR probe rtr schedule Activate or stop an RTR operation show rtr configurat io...

Page 298: ...mmand Description object Add an object tracker to a track list threshold count Set the upper and lower thresholds for the threshold in the track list command WAN interfaces 298 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 299: ...n the problem ends the call continues The trunk port and analog line port do not start to operate until the active call ends You can install an MM714B media module in any slot 1 3 5 8 When ETR is active and the Branch Gateway has power the ETR LED is lit Related topics ETR state configuration on page 299 Summary of ETR commands on page 300 ETR state configuration By default ETR is set to go into e...

Page 300: ...erminated when ETR is activated either automatically or manually Summary of ETR commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Command Description set etr Enable or disable ETR mode on the Branch Gateway chassis or on an MM714B media module or enab...

Page 301: ...e auto manual off or manual on Module status in service out of service or out of service waiting for off hook Trunk number of the trunk connected to ETR Line number of the line connected to ETR Line status off hook or on hook Emergency Transfer Relay ETR Administering Avaya G430 Branch Gateway October 2013 301 ...

Page 302: ...Emergency Transfer Relay ETR 302 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 303: ...he SNMP Manager as events occur The agent can reside on Note SNMP is supported on IPv4 only Routers Bridges Hubs Workstations Printers Other network devices There are many SNMP management applications but all these applications perform the same basic task They allow SNMP managers to communicate with agents to configure get statistics and information and receive alerts from network devices You can ...

Page 304: ...ble This minimizes the number of protocol exchanges required to retrieve a large amount of data Note Get bulk is not supported in SNMPv1 Change a configuration on the agent set The SNMP manager requests the agent to change the value of the MIB variable For example you can run a script or an application on a remote device with a set action Receive an unsolicited message notification The SNMP manage...

Page 305: ...using only the read community you are assigned the security name ReadCommN This security name is mapped to the ReadCommG group by default This allows you to view the agent s MIB tree but you cannot change any of the values in the MIB tree If you communicate with a device using the write community you are assigned the security name WriteCommN This security name is mapped to the WriteCommG group by ...

Page 306: ...tion and encryption requirements The basic components in SNMPv3 access control are users groups and views In addition SNMPv3 uses an SNMP engine ID to identify SNMP identity An SNMP engine ID is assigned to each MAC address of each device in the network Each SNMP engine ID should be unique in the network Users SNMPv3 uses the User based Security Model USM for security and the View based Access Con...

Page 307: ... associate the user The SNMP version functionality that the user is authorized to use Possible values are v1 SNMPv1 v2c SNMPv2c and v3 SNMPv3 For an SNMPv3 user which authentication protocol to use if any Possible values are md5 HMAC MD5 and sha HMAC SHA 1 If you specify an authentication protocol you must also configure an authentication password for the user The authentication password is transf...

Page 308: ...e NoAuthNoPriv view is not defined for a group SNMPv3 users with a NoAuthNoPriv security level can access the SNMPv2c view Related topics Pre configured SNMP groups on page 308 snmp server group command on page 309 Pre configured SNMP groups The Branch Gateway includes the following pre configured groups Group name Security model Security level Read view name Write view name Notify view name initi...

Page 309: ...ple snmp server view commands to either add OIDs to the list or exclude OIDs from a list of all of the OIDs in the Branch Gateway s MIB tree You can use wildcards to include or exclude an entire branch of OIDs in the MIB tree using an asterisk instead of the specific node For a list of MIBs and their OIDs see Media Gateway MIB files on page 620 Related topics SNMPv3 view creation on page 309 SNMPv...

Page 310: ...f authentication and a username to use in notifications Authentication levels are auth Authentication without encryption noauth No authentication priv authentication with encryption The UDP port of the target host to use as the destination UDP port when sending a notification to this manager Optional The default is 162 Notification filter groups to modify the types of traps that are sent to the re...

Page 311: ...edundancy notifications temperature Temperature warning notifications cam change Changes in CAM notifications 13 events Duplicate IP VLAN violations policy Policy change notifications link faults ITC proprietary link down notifications supply Main and backup power supply notifications Summary of SNMP trap configuration commands For more information about these commands see the Avaya Branch Gateway...

Page 312: ...cations from the Branch Gateway snmp server host Identify an SNMP management server and specify the kind of messages it receives Use the no form of the command to remove the specified server or to disable a particular set of notification types snmp server informs Configure the SNMPv3 timeout and retries for notifications Summary of SNMP access configuration commands For more information about thes...

Page 313: ...and the groups to which they are mapped show snmp view Display configuration information for all SNMP views snmp server community Enable or disable SNMP access to the Branch Gateway snmp server engineID Specify the SNMP Engine ID for the Branch Gateway snmp server group Define a new SNMPv3 group or configure settings for the group snmp server remote user Configure settings for a remote SNMPv3 user...

Page 314: ... a notification to this manager Optional The types of traps to be sent Optional The default is to send all types of traps For a list of possible notification types see Notification types on page 310 Summary of dynamic trap manager configuration commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see ...

Page 315: ... link status Done The following example creates a read only user Gxxx 001 snmp server user joseph ReadOnlyG v3 auth md5 katmandu priv des56 ktamatan The following example creates a read write user Gxxx 001 snmp server user johnny ReadWriteG v3 auth md5 katmandu priv des56 ktamatan The following example creates an admin user Gxxx 001 snmp server user johnny v3AdminG v3 auth md5 katmandu priv des56 ...

Page 316: ...le disables link up down trap on a LAN port on the G250 G250 001 super set port trap 10 4 disable Port 10 4 up down trap disabled The following example disables Link Up and Link Down traps on a LAN port on the Branch Gateway Gxxx 001 super set port trap 10 5 disable Port 10 5 up down trap disabled SNMP 316 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 317: ...Overview for the Avaya Branch Gateway G430 An Avaya Partner Contact Closure Adjunct contains two relays one for each electrical device You can control each relay in any of the following ways When you dial the contact closure open access code the relay opens no contact When you dial the contact closure close access code the relay closes contact When you dial the contact closure pulse access code th...

Page 318: ...ay G430 Software contact closure Contact closure modes Mode Description mgc The MGC controls contact closure In mgc mode the user dials feature access codes to activate and deactivate contact closure manual trigger Activates contact closure for the specified relay manual off Deactivates contact closure for the specified relay Configuring contact closure software About this task To configure the Br...

Page 319: ...mmand activates contact closure in relay 1 of the Avaya Partner Contact Closure Adjunct Contact closure remains active until you deactivate it by using the set contact closure admin command with the parameter manual off or mgc set contact closure admin 10 1 1 manual trigger Deactivating a contact closure manually Procedure Use the set contact closure admin command with the parameter manual off In ...

Page 320: ...e information about these commands see the Avaya Branch Gateway G430 CLI Reference Command Description set contact closure admin Specify how the contact closure relay is controlled set contact closure pulse duration Set the length of time for the relay to return to normal after the call controller triggers the relay show contact closure Display the status of one or all contact closure relays Conta...

Page 321: ...ct flash and increased RAM refer to Job Aid Installing the upgrade memory kit in the G450 G430 Branch Gateway Avaya Voice Announcement Manager VAM can be used to centrally manage announcement files for multiple voice systems including Branch Gateways VAM is designed to be installed on a customer provided platform at a remote location For information about VAM see Avaya Voice Announcement Manager R...

Page 322: ...SCP server followed by the IP address of the remote SCP server and optionally a destination file name including the full path For example Gxxx 001 super copy scp announcement file announcement_file1 wav 192 168 49 10 Uploading announcement files to a remote FTP server Procedure Upload an announcement file to a remote FTP server using the copy announcement file ftp command Specify the file name of ...

Page 323: ...y announcement file usb command Specify the file name of the announcement file in the Branch Gateway announcement directory followed by the name of the USB device and optionally a destination file name including the full path Example Gxxx 001 super copy announcement file usb local_announcement2 wav usb device0 remote_announcement2 wav Downloading an announcement file from a USB mass storage device...

Page 324: ...n the Branch Gateway announcement directory using the rename announcement file command Specify the current name of the file followed by the new name For example Gxxx 001 rename announcement file from_local_announcement1 wav to_local_announcement1 wav Displaying the announcement files stored in the directory Procedure Display the announcements files stored in the Branch Gateway announcement directo...

Page 325: ...x 001 super show download announcement file status Module 9 Module 9 Source file hellosource wav Destination file hellodestination wav Host 135 64 102 64 Running state Idle Failure display null Last warning No warning Bytes Downloaded 7825 Displaying the status of an upload process Procedure Display the status of an upload process of announcement files using the show upload announcement file statu...

Page 326: ...ouncement file from a remote SCP server to the Branch Gateway announcement directory copy usb announcement file Download an announcement file from a USB mass storage device to the Branch Gateway announcement directory erase announcement file Erase an announcement file from the Branch Gateway announcement directory rename announcement file Rename an announcement file in the Branch Gateway announcem...

Page 327: ...ore LANs that are configured so the devices operate as if they form an independent LAN These devices can in fact be located on several different LAN segments VLANs can be used to group together departments and other logical groups thereby reducing network traffic flow and increasing security within the VLAN Related topics VLAN Tagging on page 328 Multi VLAN binding on page 328 Gateway VLAN table o...

Page 328: ...rt s VLAN table These frames leave the device untagged If Tagging Mode is set to IEEE 802 1Q all frames keep their tags when they leave the device Frames that enter the switch without a VLAN tag are tagged with the VLAN ID of the port through which they entered Multi VLAN binding Multi VLAN binding also known as Multiple VLANs per port allows access to shared resources by stations that belong to d...

Page 329: ...AN 9 and any other VLANs statically configured on the port will be allowed to access this port Gateway VLAN table The Branch Gateway VLAN table lists all VLANs configured on the Branch Gateway You can configure up to 64 VLANs To display a list of VLANs use the show vlan command When the VLAN table reaches its maximum capacity you cannot configure any more VLANs If this occurs use the clear vlan co...

Page 330: ...ICC to a different VLAN Enter the context of the VLAN interface to which you want to attach the ICC switch and enter icc vlan You can use the show icc vlan command from the general context to show the current ICC VLAN Configuring ICC VLAN Before you begin About this task You muse enter the VLAN interface context to configure the ICC VLAN Procedure 1 Enter the VLAN interface context by using the in...

Page 331: ...xxx 001 super no interface vlan 66 Done The following example statically binds a VLAN to a port Gxxx 001 super set port vlan binding mode 10 3 static Set Port vlan binding method 10 3 The following example sets a port s VLAN ID Gxxx 001 super set port vlan 54 10 3 Port 10 3 added to VLAN 54 The following example sets a port s VLAN binding mode Gxxx 001 super set port vlan binding mode 10 3 bind to...

Page 332: ... 0 packets sec 0 input drops 0 output drops 0 unknown protocols 0 packets input 0 bytes 0 broadcasts received 0 giants 0 input errors 0 CRC 0 packets output 0 bytes 0 output errors 0 collisions The following example displays port VLAN binding information Gxxx 001 super show port vlan binding mode 10 port 10 3 is bind to all configured VLANs The following example displays VLAN tagging information G...

Page 333: ...de of a port set vlan Create or modify a VLAN show cam vlan Display all MAC entries in the CAM table for a specific VLAN show icc vlan Display the current ICC VLAN show interfaces Display interface configuration and statistics for a particular interface or all interfaces show port vlan binding mode Display port VLAN binding mode information show trunk Display VLAN tagging information for all or so...

Page 334: ...335 Configuring time constants on page 335 Displaying port redundancy schemes on page 335 Port redundancy configuration examples on page 336 Summary of port redundancy commands on page 336 Secondary port activation The secondary port takes over within one second and is activated when the primary port link stops functioning Subsequent switchovers take place after the minimum time between switchover...

Page 335: ...undancy command 2 To ensure that there is no redundancy scheme already defined on any of the links enter show port redundancy Configuring time constants Procedure To configure the two time constants that determine redundancy switchover parameters use the set port redundancy intervals command Displaying port redundancy schemes Procedure To display information about software port redundancy schemes ...

Page 336: ...removed The following example configures the switchback interval for all configured port redundancies Gxxx 001 super set port redundancy intervals 60 30 Done The following example displays port redundancy information G430 001 super show port redundancyRedundancy Name Primary Port Secondary Port Status Monitor 10 3 10 4 primary Minimum Time between Switchovers 60 Switchback interval 30 Summary of p...

Page 337: ...ource and destination ports as the same source and destination ports You can define one source port and one destination port on each Branch Gateway for received Rx transmitted Tx or transmitted and received both traffic Related topics Port mirroring configuration examples on page 337 Summary of port mirroring commands on page 338 Port mirroring configuration examples The following example creates ...

Page 338: ...ithm can usually restore connectivity to a network where a backbone link has failed in much less time Related topics Spanning tree protocol on page 338 Spanning tree per port on page 339 Rapid Spanning Tree Protocol RSTP on page 339 Spanning tree configuration examples on page 341 Summary of spanning tree commands on page 342 Spanning tree protocol The spanning tree algorithm ensures the existence...

Page 339: ...at service is unavailable between hosts Spanning tree per port Spanning tree can take up to 30 seconds to open traffic on a port This delay can cause problems on ports carrying time sensitive traffic You can therefore enable or disable spanning tree in the Branch Gateway on a per port basis to minimize this effect Rapid Spanning Tree Protocol RSTP The enhanced feature set of the 802 1w standard in...

Page 340: ...n the network These ports transition quickly to forwarding state However if BPDUs are received on an edge port its operational state will be changed to non edge port and bridging loops will be avoided by the RSTP algorithm The default admin state of 10 100 M ports is edge port Enter set port edge admin state followed by the module and port number or a range of port numbers to specify whether or no...

Page 341: ...g tree on a port Gxxx 001 super set port spantree enable 10 5 port 10 5 was enabled on spantree The following example disables spanning tree on a port Gxxx 001 super set port spantree disable 10 5 port 10 5 was disabled on spantree The following example sets the spanning tree cost of port 10 5 to 4096 Gxxx 001 super set port spantree cost 10 5 4096 port 10 5 spantree cost is 4096 The following exa...

Page 342: ...enabled Designated Root 00 04 0d ea b0 2d Designated Root Priority 32768 Designated Root Cost 0 Designated Root Port No root port Bridge is Designated root Root Max Age 20 Hello Time 2 Root Forward Delay 15 Bridge ID MAC ADDR 00 04 0d ea b0 2d Bridge ID priority 32768 Bridge Max Age 20 Bridge Hello Time 2 Bridge Forward Delay 15 Tx Hold Count 3 Spanning Tree Version is rapid spanning tree Spanning...

Page 343: ... time interval between the generation of configuration BPDUs by the root set spantree max age Specify the time to keep an information message before it is discarded set spantree priority Set the bridge priority for the spanning tree set spantree tx hold count Set the value in packets used by the spanning tree in order to limit the maximum number of BPDUs transmitted during a hello time period set ...

Page 344: ...n of all ports G430 001 super show port classification Port Port Classification 10 3 valuable 10 4 regular Summary of port classification commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Command Description set port classification Set the port classi...

Page 345: ...etwork information to be gathered at a single workstation You can use RMON probes to monitor and analyze a single segment only When you deploy a switch on the network there are additional components in the network that cannot be monitored using RMON These components include the switch fabric VLAN and statistics for all ports RMON is the internationally recognized and approved standard for detailed...

Page 346: ...istory entry with an index of 80 on port 10 3 recording activity over 60 intervals buckets of 20 seconds each Gxxx 001 super rmon history 80 10 3 interval 20 buckets 60 owner root history index 80 was created successfully The following example displays information about an RMON alarm entry Gxxx 001 super show rmon alarm 1 alarm alarm 1 is active owned by root Monitors ifEntry 1 16777216 every 20 s...

Page 347: ... 255 4033 256 511 137 512 1023 156 1024 1518 0 Summary of RMON commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Command Description clear rmon statistics Clear RMON statistics rmon alarm Create or delete an RMON alarm entry rmon event Create or delet...

Page 348: ...munication Manager Note The Branch Gateway performs traceroutes whenever RTP statistics is enabled The RTP statistics application provides the following functionality Procedure 1 Collects QoS data from the Branch Gateway VoIP engines including Real Time Control Protocol RTCP data traceroute reports and information from the DSP regarding jitter buffer internal delays and so on Note RTCP is a standa...

Page 349: ... over the configured thresholds reduces to a specified number Related topics Configuring the RTP statistics application on page 349 RTP statistics output on page 358 RTP statistics examples on page 373 Summary of RTP statistics commands on page 381 Configuring the RTP statistics application About this task To configure the RTP statistics application work through the following sections in order Pro...

Page 350: ...for Avaya Aura Communication Manager Related topics Thresholds types on page 350 Viewing the configured thresholds on page 351 QoS metrics on page 351 Thresholds types About this task A threshold on a metric For example you can configure a threshold on the metric packet loss The application samples the metric every RTP interval and increments a counter event counter if the sampled value is over th...

Page 351: ...le causes include jitter and packet loss Every RTCP interval Average Codec Loss The average codec loss measurement since the beginning of the RTP stream At the end of the session Codec RTT An estimation of the overall Round Trip Time RTT on the voice channel including the network delay and internal delays RTT is the time taken for a message to get to the remote peer and back to the local receiver ...

Page 352: ...P statistics thresholds About this task RTP statistics thresholds should be configured so that incrementation of QoS event counters coincides with real detectable bad QoS in your network Optimal values are different for each network Configure any thresholds that are not already configured as you require them See Viewing RTP statistics thresholds on page 350 For a description of each metric see QoS...

Page 353: ...e RTP statistics application on the Branch Gateway the application starts to collect QoS data from the VoIP engines and stores the data in the Branch Gateway RAM which holds a limited history of RTP session entries The VoIP engine also starts to perform and report UDP traceroutes Session data and automatic session traceroute results can be viewed using the CLI Related topics Enabling the RTP stati...

Page 354: ...stic Enabled QoS Trap Enabled QoS Fault Trap Enabled Fault 2 Clear 0 QoS Trap Rate Limiter Token Interval 10 00 seconds Bucket Size 5 Session Table Size 128 Reserved 64 Min Stat Win 50 Related topics RTP statistics application output field descriptions on page 354 RTP statistics application output field descriptions Name Description RTP Statistic Status of the RTP statistics application Possible v...

Page 355: ...ns with QoS problems In the example shown the table size is 128 and the reserved number is 64 If from 1000 sessions only 300 had QoS problems the session table will hold at least the last 64 sessions that had QoS problems Note that if the last 128 sessions all had QoS problems all rows in the session table will be filled with sessions that had QoS problems Min Stat Win The minimum statistic window...

Page 356: ...application from generating loss events based on too few packets and safely configure a low packet loss threshold 3 To configure an additional trap destination such as an external trap manager use the command snmp server host For example Gxxx 001 super snmp server host 136 9 71 47 traps v1 public Note When using the snmp server host command you can specify only to send certain types of traps to th...

Page 357: ...ommand For example Gxxx 001 super rtp stat fault 1 0 The fault trap boundary was set to 1 default 3 The clear trap boundary was set to 0 With this example configuration a QoS fault trap is sent if and when one active RTP session has QoS problems A QoS clear trap is then sent if and when the number of active RTP sessions with QoS problems reaches 0 The trap rate limiter The application features a t...

Page 358: ...ion statistics on page 359 Detailed CLI output per RTP session on page 361 Viewing QoS traps QoS fault traps and QoS clear traps on page 366 Example of QoS trap output on page 367 QoS Trap output fields on page 368 Example of QoS fault and clear trap output on page 370 QoS fault and clear trap output fields on page 371 Viewing automatic traceroute results on page 371 RTP traceroute results output ...

Page 359: ... fault command See QoS fault and clear traps on page 357 Engine ID The ID of the VoIP engine Since the Branch Gateway has one VoIP engine one line appears in the table Description Description of the VoIP engine Uptime The uptime of the RTP statistics application This is the time since the RTP statistics application was enabled or since the last use of the rtp stat clear command Active Session The ...

Page 360: ...information about a specified active or terminated RTP session including the QoS metrics reported by the RTP statistics application For example Gxxx 001 super show rtp stat detailed 35 Session ID 351 Status Terminated2 QOS Faulted3 EngineId 04 Start Time 2004 10 205 11 09 076 End Time 2004 10 20 11 13 407 Duration 00 04 338 CName gwp 135 8 118 2529 Phone 69 201110 Local Address 135 8 118 252 20611...

Page 361: ...4 055 Avg Loss 0 0 56 Jitter 0mS57 058 Avg Jitter 0mS59 Echo Cancellation Loss 45dB60 161 Len 32mS62 RSVP Status Disabled63 Failures 064 Detailed CLI output per RTP session The following table describes the fields in the show rtp stat detailed command output according to the numbered labels in the example Field Label Description From the CLI example Session ID 1 An arbitrary index number for the s...

Page 362: ... 7 The end time of the RTP session End Time 2004 10 20 11 13 4 0 Duration 8 The duration of the RTP session Duration 00 04 33 CName 9 format gwt MGP address CName gwp 135 8 118 25 2 Phone 10 The local extension number and conference ID in format conference ID extension number Conference calls can involve more than one entry in the session table Multiple sessions belonging to the same conference ca...

Page 363: ...ampling interval Samples 54 5 sec 16 Codec 17 The codec used for the session G723 18 The RTP packet size in bytes 62B 19 The RTP packet interval in ms 30mS 20 The encryption method Off Silence suppression Tx Rx 21 The received silence suppression method Silence suppression Tx Rx Disabled21 Not Supported 22 The transmitted silence suppression method Silence suppression Tx Rx Disabled Not Supported2...

Page 364: ...uns to the average codec loss JBuf under overruns 0 1 0 0 31 Jbuf delay 32 The last jitter buffer delay Jbuf Delay 22mS Max Jbuf Delay 33 The maximum jitter buffer delay during the session Max Jbuf Delay 60mS Received RTP Packets 34 The total number of received packets Packets 9236 Loss loss 35 The last sampled value of network RTP packet loss Loss 0 0 35 0 loss events 36 The network RTP packet lo...

Page 365: ...in the Layer 2 Ethernet topology for example loops Duplicates 0 Seq Fall 46 This counter increments each time an RTP packet with a sequence number less than the last known sequence is received Packet resequencing may be caused by switching to a backup WAN interface or route flaps Seq Fall 0 DSCP 47 The last received DSCP value of the RTP packets DSCP 46 L2Pri 48 The last received Layer 2 priority ...

Page 366: ...bus A high value that is a low absolute value may indicate impairment of DCP terminals Loss 45dB60 1 loss ev 61 A counter that increments each time the echo cancellation loss is sampled below its threshold Loss 45dB 161 Len 62 The last echo cancellation tail length used for this session Len 32mS RSVP Status 63 The current last RSVP reservation state at the end of the session Status Disabled Failur...

Page 367: ...TP session 35 see the session ID in bold that terminated at 11 13 40 on Oct 20 Oct 201 11 13 402 LZ SIT SR1 snmptrapd 9407 135 8 118 2523 135 8 118 252 Trap sysUpTime 0 Timeticks 43147723 4 days 23 51 17 234 snmpTrapOID 0 OID av RtpQoSTrap5 avRtpSessionLocAddrV4 0 IpAddress 135 8 118 2526 avRtpSessionRemAddrV4 0 IpAddress 135 8 76 1077 avRtpSessionDuration 0 INTEGER 2738 avRtpSessionCname 0 STRING...

Page 368: ...23 51 17 23 5 The trap name which indicates that this is a QoS trap snmpTrapOID 0 OID av RtpQoSTrap 6 The local gateway PMI avRtpSessionLocAddrV4 0 IpAddress 135 8 118 252 7 The remote VoIP engine gateway PMI or IP phone address avRtpSessionRemAddrV4 0 IpAddress 135 8 76 107 8 The duration of the RTP session Duration 00 04 33 9 Format gwt MGP address avRtpSessionCname 0 STRING gwp 135 8 118 252 10...

Page 369: ...s due to network conditions or the rate limiter This is also displayed by the show rtp stat summary command Traps 24 012 14 The number of times the application sampled the VoIP engine RTP receiver statistics Stats S 54 15 The total number of received RTCP packets Stats S 54 RTCP 5414 RX 9236 16 The total number of received RTP packets Stats S 54 RTCP 54 RX 923615 17 The codec used for the session ...

Page 370: ...ss than the last known sequence is received Fall 0 36 The average network loss experienced by the remote RTP receiver Rem Loss 0 0 36 0 Jtr 0 37 A counter that increments each time the remote loss is sampled over its threshold Rem Loss 0 0 037 Jtr 0 38 A counter that increments each time the network jitter experienced by the remote RTP receiver is sampled over its threshold Rem Loss 0 0 0 Jtr 038 ...

Page 371: ...cks 43131114 4 days 23 48 31 14 sysUpTime 0 Timeticks 43147723 4 days 23 51 17 23 4 The trap name Indicates that this is a QoS fault trap or a QoS clear trap snmpTrapOID 0 OID avRtpQoSFault snmpTrapOID 0 OID avRtpQoSClear 5 The QoS fault trap boundary That is the number of active sessions with QoS faults that causes a QoS fault trap to be sent avRtpQoSFaultTh 0 INTEGER 1 avRtpQoSFaultTh 0 INTEGER ...

Page 372: ...DDRESS DELAY 1 123 21 11 1 2ms 2 212 201 233 102 65ms 3 213 21 51 12 110ms 4 10 2 4 15 175ms Session ID 1234 From 123 21 11 5 To 10 2 4 5 At 2004 12 26 13 30 15 Result Note The traceroute results are displayed with the most recent first RTP traceroute results output Name Description Session ID The RTP statistics index for the RTP session From The IP address of the Branch Gateway To The IP address ...

Page 373: ...lephones in a sample network The following figure shows the locations of four telephone extensions in an example network Telephones with extensions 2004 and 2111 are connected to the local Branch Gateway 1 Extensions 2002 and 2101 are connected to the remote Branch Gateway 2 At the site of local Branch Gateway 1 the administrator enabled and configured the RTP MIB application as follows to enable ...

Page 374: ... 001 super rtp stat event threshold echo return loss 0 Gxxx 001 super rtp stat event threshold loss 1 Gxxx 001 super rtp stat event threshold remote loss 0 Gxxx 001 super rtp stat event threshold jitter 0 Gxxx 001 super rtp stat event threshold remote jitter 0 Gxxx 001 super rtp stat event threshold rtt 0 Gxxx 001 super rtp stat event threshold ssrc change 0 to review the threshold configuration a...

Page 375: ...raps Gxxx 001 super rtp stat fault 2 0 to view RTP statistics configuration again Gxxx 001 super show rtp stat config RTP Statistic Enabled QoS Trap Enabled QoS Fault Trap Enabled Fault 2 Clear 0 QoS Trap Rate Limiter Token Interval 10 00 seconds Bucket Size 5 Session Table Size 128 Reserved 64 Min Stat Win 50 A remote call from analog to IP telephone At 00 39 on December 7 2004 a call is placed f...

Page 376: ...153 Avg Loss 8 6 RTT 201mS 0 Avg RTT 210mS JBuf under o verruns 9 4 0 0 Jbuf Delay 2mS Max Jbuf Delay 35mS Received RTP Packets 3225 Loss 0 0 94 Avg Loss 8 4 RTT 124mS 0 Avg RTT 96mS Jitter 11 mS 0 Avg Jitter 9mS TTL last min max 63 63 63 Duplicates 0 Seq Fall 0 DSC P 46 L2Pri 12 RTCP 9 Transmitted RTP VLAN 1 DSCP 46 L2Pri 6 RTCP 17 Remote Statistics Loss 11 6 145 Avg Loss 8 9 Jitter 33mS 0 Avg Ji...

Page 377: ... 1 Status Terminated QOS Ok2 EngineId 0 Start Time 2004 12 07 00 57 13 End Time 2004 12 07 00 59 19 Duration 00 02 06 CName gwp 30 30 30 1 Phone 200 2111 Local Address 30 30 30 1 2165 SSRC 2533871380 Remote Address 30 30 30 2 2165 SSRC 93269 0 ip phone or another medi proc Samples 25 5 sec Codec G711U 200B 20mS Off Silence suppression Tx Rx Disabled Disabled Play Time 130 080sec Loss 0 0 03 Avg Lo...

Page 378: ... 16 All event counters are zero 3 5 7 9 11 13 15 17 A remote call from IP telephone to IP telephone An unshuffled call is placed from IP telephone extension 2004 to IP telephone extension 2002 in the network described in Four telephones in a sample network on page 373 After the call is ended the following commands are run to display the RTP sessions Gxxx 001 super show rtp sessions ID QoS Start da...

Page 379: ... 0 DSCP 46 L2Pri 12 RTCP 23 Transmitted RTP VLAN 1 DSCP 46 L2Pri 6 RTCP 27 Remote Statistics Loss 0 4 17 Avg Loss 6 5 Jitter 3mS 0 Avg Jitter 22mS Echo Cancellation Loss 49dB 0 Len 32mS RSVP Status Disabled Failures 0 Session 14 is free of QoS problems to display details of session 14 Gxxx 001 super show rtp stat detailed 14 Session ID 14 Status Terminated QOS Ok EngineId 0 Start Time 2004 12 07 0...

Page 380: ...tails of session 1 Gxxx 001 super show rtp detailed 1 Session ID 1 Status Active QOS Ok EngineId 0 Start Time 2004 12 23 09 55 17 End Time Duration 00 00 48 CName gwp 33 33 33 33 Phone 1401 80900 1003 Local Address 33 33 33 33 61999 SSRC 3585271811 Remote Address 16 16 16 101 61999 SSRC 1369159108 0 Samples 9 5 sec Codec G729 40B 0mS Off Silence suppression Tx Rx No RTP No RTP Play Time 4 760sec L...

Page 381: ... 0 Avg Jitter 0mS TTL last min max 0 64 64 Duplicates 0 Seq Fall 0 DSCP 0 L2Pri 6 RTCP 30 Transmitted RTP VLAN 400 DSCP 46 L2Pri 6 RTCP 30 Remote Statistics Loss 0 0 0 Avg Loss 0 0 Jitter 1mS 0 Avg Jitter 0mS Echo Cancellation Loss 49dB 0 Len 0mS RSVP Status Reserved Failures 0 The conference ID that appears in the Phone string for session 1 and for session 2 is identical which identifies the two ...

Page 382: ...analyze packets that pass through the Branch Gateway s interfaces Packets are captured to a buffer based on criteria that you specify The buffer is then uploaded via FTP to a file that can be analyzed using the Ethereal analysis tool The packet sniffing service on the Branch Gateway offers several advantages to the network administrator Since the capture file is saved in the libpcap format which i...

Page 383: ...e network See Roadmap for configuring packet sniffing on page 384 for a description of how to configure packet sniffing and analyze the resulting capture file Related topics Streams that can always be captured on page 383 Streams that can never be captured on page 383 Streams that can sometimes be captured on page 384 Streams that can always be captured H 248 registration RTP from the Branch Gatew...

Page 384: ...ecifies which packets to capture 4 Rule criteria for a capture list on page 386 5 Viewing the capture list on page 392 6 Applying a capture list on page 393 7 Configuring packet sniffing settings on page 393 8 Starting the packet sniffing service on page 395 Related topics Enabling and disabling packet sniffing on page 384 Limiting packet sniffing to specific interfaces on page 385 Capture lists o...

Page 385: ...cket sniffing service captures all packets passing through the interfaces on which it is enabled Use a capture list to selectively filter the packets that are captured by the service A capture list contains an ordered list of rules and actions A rule specifies criteria against which packets are tested The action tells the Branch Gateway whether to capture or not capture packets matching the rule c...

Page 386: ...apture list cookies are not currently used by any application Related topics Rule criteria for a capture list on page 386 Configuring rule criteria for a capture list on page 387 Viewing the capture list on page 392 Applying a capture list on page 393 Configuring packet sniffing settings on page 393 Starting the packet sniffing service on page 395 Rule criteria for a capture list Once in the captu...

Page 387: ... protocols on page 389 Applying rules to source or destination IP address on page 389 IP range criteria on page 389 Commands used to specify a range of source and destination ports on page 390 Port name or number range criteria on page 390 Applying rules to ICMP on page 391 Fragment command on page 391 Capture list example on page 392 Rule applications Rules work in the following ways depending on...

Page 388: ...ption command in the rule context to add a description of the rule Applying rules to packets with DSCP values Procedure Use the dscp command followed by a DSCP value from 0 to 63 to apply the rule to all packets with the specified DSCP value For example the following rule is defined to capture all VoIP Bearer packets DSCP 46 Gxxx 001 super ip capture list 520 Gxxx 001 super Capture 520 ip rule 20 ...

Page 389: ...le 20 no ip protocol tcp Done Gxxx 001 super Capture 520 ip rule 20 Applying rules to source or destination IP address Procedure 1 Use the source ip command to apply the rule to packets from the specified IP address or range of addresses 2 Use the destination ip command to apply the rule to packets going to the specified IP address or range of addresses IP range criteria Range Type two IP addresse...

Page 390: ...source port The rule applies to TCP packets from ports that match the defined criteria tcp destination port The rule applies to TCP packets to ports that match the defined criteria udp source port The rule applies to UDP packets from ports that match the defined criteria udp destination port The rule applies to UDP packets to ports that match the defined criteria For information about parameters a...

Page 391: ... use the not form of the applicable command For example Gxxx 001 super Capture 520 ip rule 20 not udp source port lt 10 Done Gxxx 001 super Capture 520 ip rule 20 Applying rules to ICMP Procedure 1 To apply the rule to a specific type of ICMP packet use the icmp command This command specifies an ICMP type and code to which the rule applies You can specify the ICMP type and code by integer or text ...

Page 392: ...5 122 50 171 and going to the subnet 135 122 50 128 including packets going to any of the 30 possible hosts in that subnet Gxxx 001 super Capture 511 ip rule 20 Gxxx 001 super Capture 511 ip rule 20 ip protocol tcp Done Gxxx 001 super Capture 511 ip rule 20 source ip host 135 122 50 171 Done Gxxx 001 super Capture 511 ip rule 20 destination ip 135 122 50 128 0 0 0 31 Done Gxxx 001 super Capture 51...

Page 393: ... For example to set the Branch Gateway to use capture list 511 on interfaces in which packet sniffing is enabled specify the following command Gxxx 001 super capture filter group 511 Done Gxxx 001 super Result If no capture list is applied the packet sniffing service captures all packets Configuring packet sniffing settings About this task The packet sniffing service provides several administrativ...

Page 394: ...01 super 3 Use the capture max frame size command to specify the maximum number of bytes captured for each packet This is useful since in most cases the packet headers contain the relevant information Available values are 14 to 4096 The default value is 128 For example Gxxx 001 super capture max frame size 4000 This command will clear the capture buffer do you want to continue Y N y Done Gxxx 001 ...

Page 395: ... been enabled by the administrator the following appears Gxxx 001 super capture start Starting the packet sniffing process Gxxx 001 super If packet sniffing has not been enabled by the administrator the following appears Gxxx 001 super capture start Capture service is disable To enable use the capture service command in supervisor mode Gxxx 001 super Related topics Decrypted IPSec VPN packets on p...

Page 396: ...ffing information Procedure 1 You can enter show capture to view information about the packet sniffing configuration and the capture state For example Gxxx 001 show capture Capture service is enabled and inactive Capture start time 19 06 2004 13 57 40 Capture stop time 19 06 2004 13 58 23 Current buffer size is 1024 KB Buffer mode is cyclic Maximum number of bytes captured from each frame 1515 Cap...

Page 397: ...ytes 00000000 ffff ffff ffff 0040 0d8a 5455 0806 0001 TU 00000010 0800 0604 0001 0040 0d8a 5455 9531 4e6a TU 1Nj 00000020 0000 0000 0000 9531 4e6a 0000 0000 0000 1Nj 00000030 0000 0000 0000 0000 0000 0000 Uploading the capture file Procedure Once the packet sniffing service is stopped upload the capture file to a server for viewing and analysis Note The capture file may contain sensitive informati...

Page 398: ...ation during this time For more information use show upload status 10 command Gxxx 001 super Uploading the capture file to an S8300 Server Procedure 1 Telnet into the S8300 Server for example by entering session mgc 2 Open the Avaya Maintenance Web Interface For instructions on accessing the Avaya Maintenance Web Interface see Installing and Upgrading the Avaya Branch Gateway G430 3 In the Avaya M...

Page 399: ...llows you to create filter expressions to filter the packets in the capture file and display desired files only For example you can display only packets with a specific source address or only those received from a specific interface See Interface identification on page 399 Related topics Interface identification on page 399 Interface identification The Branch Gateway s packet sniffing service can ...

Page 400: ...c a0 b0 01 interface vlan 1 00 00 31 00 00 01 interface dialer 1 About simulating packets Capture lists support the IP simulate command Refer to Simulating packets on page 580 Summary of packet sniffing commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Referenc...

Page 401: ...tion copy capture file ftp Upload the packet sniffing buffer to a file on a remote FTP server copy capture file scp Upload the packet sniffing buffer to a file on a remote SCP server copy capture file tftp Upload the packet sniffing buffer to a file on a remote TFTP server copy capture file usb Upload the capture file to a USB mass storage device ip capture list Enter the capture list configuratio...

Page 402: ...col to TCP and an equation on the destination port tcp source port Set ip protocol to TCP and an equation on the source port udp destination port Set ip protocol to UDP and an equation on the destination port udp source port Set ip protocol to UDP and an equation on the source port name Name a capture list owner Set the name of the person or application that has created the list show capture Show ...

Page 403: ...FastEthernet 10 3 is up line protocol is down no KeepAlive Related topics Reporting of interface status on page 403 Summary of interface status commands on page 404 Reporting of interface status Port status Keepalive status Show interfaces output Administrativ e state Operational state Extended operational state Up No Keepalive FastEthernet 10 3 is up line protocol is up Up Up Up Up Keepalive Up F...

Page 404: ...plugs The Converged Network Analyzer CNA is a distributed system for real time monitoring of IP networks using active measurements The CNA supports various network tests including connectivity tests with pings topology tests with traceroute and QoS tests with synthetic RTP streams Within a CNA system test plugs are the entities that execute the tests according to instructions from CNA schedulers a...

Page 405: ...the scheduler with its IP address and two UDP port numbers called the control port and the RTP echo port The test plug IP address is the IP address of the interface on which the PMI is configured Related topics Test plug actions on page 405 CNA tests on page 405 Test plug actions Once registered the test plug listens for test requests on the control port When the test plug receives an authenticate...

Page 406: ...I commands The defaults are UDP Port Default value Control port 8889 RTP echo port 8888 RTP test port 8887 Any changes you make to the test plug configuration such as changing scheduler addresses or port numbers only take effect when you cause the test plug to disconnect from the scheduler and register again Configuring the Branch Gateway test plug for registration About this task From the Branch ...

Page 407: ... the exit command to exit the testplug context From the general context you can enter show cna testplug to display the test plug configuration 7 From the general context enter cna testplug service to enable the test plug service For example Gxxx 001 cna testplug service The Converged Network Analyzer test plug is enabled Note The cna testplug service command requires admin access level Result The ...

Page 408: ...plug 1 exit to display test plug configuration Gxxx 001 super show cna testplug CNA testplug 1 is administratively down test plug status is unregistered Address 149 49 75 178 bind to PMI ID 00 04 0d 6d 30 48 Scheduler list 1 1 1 1 2 50002 3 135 64 102 76 50002 Ports Control 8889 RTP test 8888 RTP echo 8887 Test rate limiter Maximum 60 tests in 10 seconds Last Test none Test Count Failed Cancelled ...

Page 409: ...75 178 bind to PMI ID 00 04 0d 6d 30 48 Scheduler list 3 135 64 102 76 50002 Ports Control 8889 RTP test 8888 RTP echo 8887 Test rate limiter Maximum 60 tests in 10 seconds Last Test traceroute to 135 64 103 107 Result ip1 149 49 75 178 ip2 135 64 103 107 ttl_len 4 Test Count Failed Cancelled traceroute 4 0 0 rtp 3 0 0 ping 2 0 0 tcpconnect 4 0 0 merge 0 0 0 Resetting the CNA test plug counters Pr...

Page 410: ...lers with which the test plug can attempt to register shutdown Disable the CNA test plug test rate limit Configure the CNA test rate limiter cna testplug service Enable or disable the CNA test plug service on the Branch Gateway show cna testplug Display CNA test plug configuration and statistics Echo cancellation Echo canceller control is intended to improve voice quality on a call by call basis T...

Page 411: ...by the Branch Gateway Therefore the Branch Gateway CLI controls only the operation of the VoIP engine and analog trunk line echo cancellers in relation to the DS1 echo canceller and between themselves Related topics Summary of echo cancellation commands on page 411 Summary of echo cancellation commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Refere...

Page 412: ...surements locally Alternatively a technician can dial into a remote location that terminates in additional measurement equipment The Branch Gateway s integrated analog testing feature provides a simpler procedure in which the necessary testing is integrated into the Branch Gateway s analog ports and the Branch Gateway plays the role of the measurement equipment Using CLI commands you can Dial out ...

Page 413: ...ch Gateway collects the signal level at the reference frequency and compares it with the reference level The difference in decibel between the level sent and the level received is the loss Crosstalk test While the analog port under test is in a call and both ends of the call are silent the crosstalk port establishes another call and plays a sequence of tones The Branch Gateway collects during that...

Page 414: ... quiet for 1 second Sends a 2804 Hz tone at 16 dBm for 9 seconds Remains quiet for 30 second Sends a 2225 Hz tone progress tone at 16 dBm for half a second Forces disconnect Setting up a test profile About this task A test profile is a set of definitions for running a particular test In essence it specifies what measurements to run on which port Once you set up a test profile you can run it whenev...

Page 415: ...n the media module or the Local Exchange Carrier LEC 5 Use the set responder type command to specify the responder type The different types send different sequences of tones as explained in Types of test lines on page 414 6 If the type of the current profile is crosstalk use the following commands Use the set crosstalk port command to specify the crosstalk port The port must be on the same board a...

Page 416: ...y constraints on the analog media modules only one test can be run at a time Note A test will fail if the port specified for the test is in use for a call unless you specified set destination none for this test profile Procedure 1 Enter analog test to enter the analog test context 2 Use the launch command to launch a specific test The port specified in the test profile must be busied out from Comm...

Page 417: ... manually tune three parameters on each analog trunk port balance receive gain and transmit gain Procedure 1 Enter analog test to enter the analog test context 2 Correct the balance receive gain or transmit gain of a port using the following commands Use the set balance command to set the balance on a specific port Use the set receive gain command to set the receive gain on a specific port Use the...

Page 418: ...og test Enter the analog test context cancel Abort an analog test if it is already running clear profile Delete a test profile launch Launch a specific test profile Enter the analog test profile context to setup or edit a test profile set crosstalk destination Set the Local Exchange Carrier number destination of the call from the crosstalk port set crosstalk port Specify the crosstalk port set cro...

Page 419: ...ection Display the balance receive gain and transmit gain corrections applied to each port show profile Display the details of a test profile show result Display the result of the last measurement performed for a particular profile Service Level Agreement Monitor Agent The Service Level Agreement SLA Monitor is a diagnostic and monitoring system for the converged network It employs the use of a we...

Page 420: ...mands First level command Second level command Description show sla monitor Displays the state of the SLA Monitor Agent for example enabled or disabled The command also displays all gateway parameters pertaining to the SLA Monitor Agent set sla monitor Enables or disables the SLA Monitor Agent set sla capturemode Defines the degree of data captured by the SLA Monitor Agent By default the capture m...

Page 421: ...adcast relay ARP table ICMP errors RIP OSPF Route redistribution VRRP Fragmentation You can configure multiple routing schemes on the Branch Gateway See Routing sources on page 429 for an explanation of the priority considerations employed by the Branch Gateway to determine the next hop source Related topics Enabling and disabling the router on page 422 Interface configuration on page 422 Unnumber...

Page 422: ...tion on page 477 Enabling and disabling the router Procedure 1 Use the ip routing command to enable the router 2 Use the no ip routing command to disable the router Interface configuration You can use the CLI to configure interfaces on the router Related topics Router interface concepts on page 423 Configuring an IP interface on page 424 Interface configuration examples on page 424 Summary of basi...

Page 423: ...n 1 When you configure the Branch Gateway without an external VPN or firewall Vlan 1 is used to connect the internal Branch Gateway router to the internal Branch Gateway switch If an external firewall or VPN is connected to the Fast Ethernet port it is important to disable Vlan 1 to prevent a direct flow of packets from the WAN to the LAN Layer 2 virtual interfaces Loopback The Loopback interface ...

Page 424: ... Other types of interfaces require the interface s module and port number as a parameter For example interface vlan 1 interface fastethernet 10 2 2 Enter ip address followed by an IP address and subnet mask to assign an IP address to the interface Use the no form of this command to delete the IP interface Interface configuration examples Use the following commands to configure the fixed router por...

Page 425: ...t does not exist or delete a FastEthernet interface ip address Assign an IP address and mask to an interface or delete an interface ip admin state Set the administrative state of an IP interface ip broadcast address Update the interface broadcast address interface loopback Enter loopback interface configuration context create a Loopback interface if it does not exist or delete a Loopback interface...

Page 426: ...oint interface to borrow an IP address from another interface Unnumbered IP enables IP processing on a point to point interface without assigning an explicit IP address to the interface Although unnumbered IP is supported on all point to point interfaces the main use of the feature is to enable dynamic routing on the Dialer interface The Dialer interface is used for the modem dial backup feature R...

Page 427: ...command to display existing interface configuration 2 Enter the context of the interface on which you want to configure an unnumbered IP address usually the Dialer interface 3 Use the ip unnumbered command specifying the interface from which to borrow the IP address Unnumbered IP examples In the following example a VLAN interface is configured and then the Dialer interface is configured with an un...

Page 428: ... 22222 n a OSPF 26 0 0 0 8 Vlan 15 2 2 2 2 3 n a STAT LO 99 0 0 0 8 Vlan 99 99 1 1 1 1 n a LOCAL 135 64 0 0 16 FastEth 10 3 149 49 54 1 1 n a STAT HI 149 49 54 0 24 FastEth 10 3 149 49 54 112 1 n a LOCAL 180 0 0 0 8 Loopback 1 180 0 0 1 1 n a LOCAL Summary of unnumbered IP interface configuration commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Ref...

Page 429: ...the best match to a packet s destination IP address from all enabled routing sources If there is no best match the next hop source is determined according to the following priority order 1 High priority static route highest If a high priority static route is configured on the interface this route overrides all other sources 2 OSPF If no high priority static route is configured on the interface but...

Page 430: ...deleted A static route becomes inactive whenever the underlying Layer 2 interface is down except for permanent static routes You can disable the interface manually using the ip admin state down command For more information see Permanent static route on page 432 When the underlying Layer 2 interface becomes active the static route enters the routing table again You can monitor the status of non per...

Page 431: ...rred to routes learned from any routing protocol Low Preference static routes Used temporarily until the route is learned from a routing protocol By default a static route has low preference Configuring multiple next hops Procedure You can configure up to three next hops for each static route in one of the following manners Enter all of the next hops using a single ip route command To add a new ne...

Page 432: ...from becoming inactive when the underlying Layer 2 interface is down This prevents routing table updates from being sent each time an interface goes up or down when there is a fluctuating Layer 2 interface on the static route Configure the permanent option using the ip route command For example the command ip route 193 168 10 0 24 FastEthernet 10 2 permanent creates a permanent static route to the...

Page 433: ... about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Command Description clear ip route Delete all the dynamic routing entries from the routing table ip default gateway Define a default gateway for the router no ip default gateway Removes a default gateway for the router ip netmask ...

Page 434: ...er protocol that encapsulates packets with an IP header and enables them to pass through the Internet via a GRE tunnel A GRE tunnel is a virtual interface in which two routers serve as endpoints The first router encapsulates the packet and sends it over the Internet to a router at the far end of the GRE tunnel The second router removes the encapsulation and sends the packet towards its destination...

Page 435: ... backup interface For information on configuring backup interfaces see Backup interfaces on page 256 For an example of a GRE tunneling application see GRE tunnel application example on page 441 Related topics Packet routing to a GRE tunnel on page 435 Prevention of nested tunneling in GRE tunnels on page 436 Optional GRE tunnel features on page 438 Setting up a GRE tunnel on page 440 GRE tunnel ap...

Page 436: ... receiving tunnel endpoint via the tunnel itself The local endpoint of the tunnel learns the tunnel as a route to the tunnel s remote endpoint via OSPF or RIP A combination of static routes via parallel tunnels lead to a situation in which each tunnel is routing packets via another tunnel For example Gxxx 001 super interface tunnel 1 Gxxx 001 super if Tunnel 1 tunnel source x x x x Gxxx 001 super ...

Page 437: ...ribution access list 1 10 deny 192 68 1 0 0 0 0 255 Done Gxxx 001 super router rip Gxxx 001 super router rip distribution list 1 out FastEthernet 10 3 Done Gxxx 001 super router rip exit Gxxx 001 super Accept policy Configure a policy rule on the source tunnel endpoint router 1 that will cause the source endpoint to not accept routing updates that include the source network 192 68 1 0 This solutio...

Page 438: ... discovery parameters on page 439 Keepalive feature The tunnel keepalive feature sends keepalive packets through the Tunnel interface to determine whether the tunnel is up or down This feature enables the tunnel s source interface to inform the host if the tunnel is down When the tunnel keepalive feature is not active if the tunnel is down the tunnel s local endpoint continues to attempt to send p...

Page 439: ...f the packet since the DF bit is set the router sends an ICMP unreachable message back in the originator in this case the GRE router The GRE router then updates the tunnel s MTU limit accordingly When a packet larger than the MTU arrives at the tunnel if the packet is marked do not fragment the tunnel s source interface sends the packet back to the host requesting the host to fragment the packet W...

Page 440: ...followed by the IP address of the remote tunnel endpoint to set the destination address of the tunnel For example Gxxx 001 super if Tunnel 2 tunnel destination 20 0 1 1 Done Gxxx 001 super if Tunnel 2 Note The Branch Gateway does not check whether the configured tunnel source IP address is an existing IP address registered with the Branch Gateway router 4 In most cases it is recommended to configu...

Page 441: ...r more information on dynamic MTU discovery see Dynamic MTU discovery on page 439 The following example configures dynamic MTU discovery with an age timer of 15 minutes Gxxx 001 super if Tunnel 2 tunnel path mtu discovery age timer 15 Done Gxxx 001 super if Tunnel 2 6 Enter copy running config startup config This saves the new Tunnel interface configuration in the startup configuration file Result...

Page 442: ... 1 11 0 0 10 as the source IP address When the packet arrives at Router 2 which is the end point of the GRE tunnel Router 2 removes the outer IP header and the GRE header and sends the packet to its original destination at IP address 8 0 0 2 You can use the following commands to configure GRE tunneling with OSPF in this example Example Router 1 configuration Gxxx 001 super interface fastethernet 1...

Page 443: ...ling commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command Command Description interface tunnel Enter tunnel interface configuration context create a Tunnel interface if it does not exist or delete a Tunnel interface or sub interface ke...

Page 444: ...packet s Carrier IP header You can assign a TTL value of from 1 to 255 The default tunnel TTL value is 255 show interfaces tunnel Show interface configuration and statistics for a particular tunnel or all GRE tunnels If the Tunnel interface is down this command displays the MTU value as not available DHCP and BOOTP relay You can configure the router to relay Dynamic Host Configuration Protocol DHC...

Page 445: ...work server BOOTP BOOTP is an Internet protocol that allows a diskless workstation to discover the following Its own IP address The IP address of a BOOTP server on the network A file to be loaded into memory to boot the workstation BOOTP allows the workstation to boot without requiring a hard disk or floppy disk drive It is used when the user or station location changes frequently The protocol is ...

Page 446: ...quest and sends it to both servers This duplication provides redundancy and prevents the failure of a single server from blocking hosts from loading You can enable or disable DHCP BOOTP Relay in the Branch Gateway Summary of DHCP and BOOTP relay commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see...

Page 447: ...ually Since a DHCP server can be configured on the Branch Gateway local branch devices are not dependant on receiving configuration parameters over the WAN from a remote DHCP server and therefore can be assigned IP configuration parameters in case of WAN failure The Branch Gateway supports the following DHCP server features Up to 32 DHCP pools Up to 256 IP addresses for all DHCP pools together Aut...

Page 448: ...the DHCP server can allocate IP addresses to all devices but since no calls can be made the IP address allocation effectively applies to PCs only The branch DHCP server does not depend on the headquarters DHCP server There is no backup mechanism between the servers The branch DHCP server operates continually regardless of the status of the centralized DHCP server or the WAN link By default the DHC...

Page 449: ...ddress may not be network broadcast addresses according to the subnet mask 4 Use the subnet mask command to configure the subnet mask of the pool 5 Use the lease command to configure the lease period for IP address assignment By default the lease is eight days 6 For a manual reservation pool use the client identifier command to reserve the pool s IP address for assignment to a specific client To c...

Page 450: ...ous types of network configuration information that the DHCP client can receive from the DHCP server The Branch Gateway supports all DHCP options The most common options used for IP phones are listed in Common user configurable DHCP options on page 451 Some options are configured with specific CLI commands that are also listed in Common user configurable DHCP options on page 451 Options 0 50 51 52...

Page 451: ...ual vendor class This is called a vendor specific option option 43 Procedure 1 Use the vendor specific option command to create a vendor specific option with a unique index 2 Use the name command to name the option optional 3 Use the class identifier command to set a vendor specific identifier 4 Use the value command to set the data type and value of the vendor specific option Deleting an IP addre...

Page 452: ...option 176 value ascii MCIPADD 10 10 2 140 MCPORT 1719 TFTPSRVR 10 10 5 188 Done Gxxx 001 super DHCP 1 option 176 exit Gxxx 001 super DHCP 1 exit Gxxx 001 super ip dhcp activate pool 1 Done Gxxx 001 super ip dhcp server Done Gxxx 001 super The following example defines a dynamic pool for data devices Gxxx 001 super ip dhcp pool 2 Gxxx 001 super DHCP 2 name Data Pool Done Gxxx 001 super DHCP 2 star...

Page 453: ...ol 3 Gxxx 001 super DHCP 3 name Data 1 Server Done Gxxx 001 super DHCP 3 start ip addr 135 64 20 61 Done Gxxx 001 super DHCP 3 end ip addr 135 64 20 61 Done Gxxx 001 super DHCP 3 subnet mask 27 Done Gxxx 001 super DHCP 3 client identifier 01 11 22 33 44 55 66 Done Gxxx 001 super DHCP 3 default router 135 64 20 33 Done Gxxx 001 super DHCP 3 dns server 10 10 1 1 Done Gxxx 001 super DHCP 3 exit Gxxx ...

Page 454: ...g packet by the DHCP server to check if the IP address it is about to allocate is already in use by another client ip dhcp ping timeout Set the time the DHCP server waits for a reply to a sent ping packet before allocating an IP address to a DHCP client ip dhcp pool Create a DHCP pool bootfile Provide startup parameters for the DHCP client device client identifier Reserve the pool s IP address for...

Page 455: ... option data type and the option data server name Specify the optional server name in the boot process of a DHCP client show ip dhcp pool Display DHCP pool configurations start ip addr Set the start IP address of the range of available IP addresses that the DHCP server may assign to clients subnet mask Configure the subnet mask of the pool vendor specific option Create a vendor specific option wit...

Page 456: ...ted broadcast forwarding About this task A directed broadcast is an IP packet whose destination address is the broadcast address of a network or subnet A directed broadcast causes every host on the network to respond You can use directed broadcasts to obtain a list of all active hosts on the network A hostile user can exploit directed broadcasts to launch a denial of service attack on the network ...

Page 457: ...IP destination of the packet is replaced by the appropriate interface broadcast address If the NetBIOS broadcast packet is a limited broadcast for example 255 255 255 255 it is relayed to all VLANs on which there are NetBIOS enabled interfaces In that case the destination IP address remains the limited broadcast address Summary of broadcast relay commands For more information about these commands ...

Page 458: ...acquire a destination device hardware address from its IP address This mechanism is called ARP Static and dynamic table entries The ARP table stores pairs of IP and MAC addresses This storage saves time and communication costs since the host looks in the ARP table first when transmitting a packet If the information is not there then the host sends an ARP Request There are two types of entries in t...

Page 459: ...Adding static ARP table entries Procedure To add static ARP table entries manually use the arp command The router Administering Avaya G430 Branch Gateway October 2013 459 ...

Page 460: ...RP table no arp Remove either a static entry or a dynamically learned entry from the ARP table arp timeout Configure the amount of time in seconds that an entry remains in the ARP table Entering this command without a time parameter displays the current timeout value no arp timeout Restore the default value four hours clear arp cache Delete all dynamic entries from the ARP table and the IP route c...

Page 461: ... commands on page 461 Summary of Proxy ARP commands For more information about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command Command Description interface fastethernet vlan Enter the FastEthernet or VLAN interface context ip proxy arp Enable proxy ARP on an Branch...

Page 462: ...atic routes With route redistribution you can configure the Branch Gateway to redistribute routes learned from one protocol into the domain of the other routing protocol For more information see Route redistribution on page 472 RIP is a distance vector protocol The router decides which path to use on distance or the number of intermediate hops In order for this protocol to work correctly all the r...

Page 463: ...8 RIPv2 RIPv2 is a newer version of the RIP routing protocol RIPv2 solves some of the problems associated with RIPv1 The most important change in RIPv2 is the addition of a subnetwork mask field which allows RIPv2 to support variable length subnetworks RIPv2 also includes an authentication mechanism similar to the one used in OSPF RIPv2 is defined in RFC 2453 For more information see RIPv1 vs RIPv...

Page 464: ... split horizon mechanism By default split horizon is enabled Poison reverse updates Enter ip rip poison reverse to enable split horizon with poison reverse on an interface Use the no form of this command to disable the poison reverse mechanism RIP distribution access lists RIP distribution access lists consist of rules that specify how a router distributes and accepts RIP routing information from ...

Page 465: ...es b Enter the distribution list 10 in FastEthernet 10 3 command to apply Access List 10 on updates received on interface FastEthernet 10 3 c Enter the distribution list 10 out command to apply Access List 10 to all advertised updates d Enter the distribution list 10 out ospf command to apply Access List 10 to all advertised updates that were learned from OSPF redistributed from OSPF into RIP Resu...

Page 466: ...distribution access list ip distribution access list cookie Set the access list cookie ip distribution access list copy Copy the distribution access list ip distribution access list name Set the name of the distribution list ip distribution access list owner Set the owner of the distribution list interface dialer fastethernet loopback vlan tunnel Enter the Dialer FastEthernet Loopback Tunnel or VL...

Page 467: ...Set the RIP send and receive modes on an interface no ip rip send receive mode Set the RIP to talk that is to send reports ip rip split horizon Enable or disable the split horizon mechanism no ip rip split horizon Disable the split horizon mechanism By default split horizon is enabled router rip Enable the RIP and enter the router configuration context or disable the RIP no router rip Restore the ...

Page 468: ...t path first or link state algorithm It was introduced to overcome the limitations of RIP in increasingly complex network designs OSPF uses the cost of a path as the criterion for comparing paths In contrast RIP uses the number of hops as the criterion for comparing paths Also updates are sent when there is a topological change in the network rather than every 30 seconds as with RIP The advantage ...

Page 469: ...dwidth the lower the Cost When manually configuring the Cost of an OSPF interface ip ospf cost command dynamic bandwidth updates do not change the Cost When manually adjusting the interface s bandwidth bandwidth command if Cost is being determined dynamically it is this configured bandwidth and not the actual interface bandwidth that is used to calculate Cost OSPF limitations You can configure the...

Page 470: ...spf authentication key Configure the interface authentication password no ip ospf authentication key Remove the OSPF password ip ospf cost Configure the Cost of an OSPF interface for the purpose of determining the shortest path no ip ospf cost Set the cost to its default value ip ospf dead interval Configure the interval before declaring the neighbor as dead no ip ospf dead interval Set the dead i...

Page 471: ... value router ospf Enable OSPF protocol on the system and to enter the router configuration context no router ospf Restore the default value and disable OSPF globally area Configure the OSPF area ID of the router no area Delete the OSPF area id default metric Set the interface OSPF route metric value network Enable OSPF in a network no network Disable OSPF in a network The default value is disable...

Page 472: ...ls OSPF and RIP can be operated concurrently in the Branch Gateway In this case you can configure the Branch Gateway to redistribute routes learned from one protocol into the domain of the other routing protocol Similarly static routes can be redistributed to RIP and OSPF Note Take care when you configure route redistribution It involves metric changes and might cause routing loops in the presence...

Page 473: ...e 2 Related topics Export default metric on page 473 Summary of route redistribution commands on page 473 Export default metric The Branch Gateway enables you to configure the metric to be used in updates that are redistributed from one routing protocol to another In RIP the default is 1 and the maximum value is 16 In OSPF the default is 20 Set the default metric value before redistribution using ...

Page 474: ...routers in addition to performing its primary routing functions This redundancy is achieved by introducing the concept of a virtual router A virtual router is a routing entity associated with multiple physical routers One of the physical routers with which the virtual router is associated performs the routing functions This router is known as the master router For each virtual router VRRP selects ...

Page 475: ...ters under the same VRID for example 1 You must configure the routers per VLAN An assigned VRID must not be used in the network even in a different VLAN When router configuration is complete and the network is up the main router for each virtual router is selected according to the following order of preference The virtual router IP address is also the router s interface IP address It has the highe...

Page 476: ...on about these commands see the Avaya Branch Gateways G250 and G350 CLI Reference For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command Command Description interface fastethernet vlan Enter the FastEthernet or VLAN interface configuration context ip vrrp Create a virtual router on an interface no ip vrrp Delete a virtual router ip vrrp address...

Page 477: ...er vrrp Enable or disable VRRP routing globally show ip vrrp Display VRRP information Fragmentation The Branch Gateway supports IP fragmentation and reassembly The Branch Gateway router can fragment and reassemble IP packets according to RFC 791 This feature allows the router to send and receive large IP packets where the underlying data link protocol constrains the Maximum Transport Unit MTU IP f...

Page 478: ... and restore its default values fragment chain Set the maximum number of fragments that can comprise a single IP packet destined to the router no fragment chain Set the fragment chain to its default value fragment size Set the maximum number of fragmented IP packets destined to the router to reassemble at any given time no fragment size Set the fragment size to its default value fragment timeout S...

Page 479: ...ations SAs to maintain the private secure connection IKE operates in two phases The Phase 1 exchange negotiates an IKE SA The IKE SA created in Phase 1 secures the subsequent Phase 2 exchanges which in turn generate IPSec SAs IPSec SAs secure the actual traffic between the protected networks behind the peers while the IKE SA only secures the key exchanges that generate the IPSec SAs between the pe...

Page 480: ... IPSec VPN configuration model The following figure summarizes the components you need to define and the order in which you need to define them IPSec VPN 480 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 481: ...Table 5 Figure notes 1 ISAKMP Policy 2 IPSEC Transform set 3 ISAKMP Peer or Peer Group IPSec VPN Administering Avaya G430 Branch Gateway October 2013 481 ...

Page 482: ...is implemented using a crypto list The crypto list defines for the interface to which it applies which packets should be secured and how as follows Each rule in the crypto list points to a crypto map A crypto map points to a transform set and to a peer or peer group The peer or peer group in turn point to an ISAKMP policy IPSec VPN components The following figure describes the relationships among ...

Page 483: ...the VPN procedures see Site to site IPSec VPN on page 485 Note You must configure VPN in the order shown in the summary Commands appearing in bold are mandatory ISAKMP policy crypto isakmp policy on page 486 description authentication pre share encryption hash IPSec VPN Administering Avaya G430 Branch Gateway October 2013 483 ...

Page 484: ...e mode self identity keepalive keepalive track continuous channel Optional ISAKMP peer group crypto isakmp peer group on page 492 description set peer Crypto map crypto map on page 493 description set transform set set peer or set peer group set dscp continuous channel IP crypto list ip crypto list on page 495 local address ip rule description source ip destination ip protect crypto map IPSec VPN ...

Page 485: ...cally In some cases you may wish to configure global VPN parameters see Configuring global parameters on page 499 Note In the following sections all IPSec VPN parameters that you must configure are indicated as mandatory parameters Non mandatory VPN parameters have default values that are used unless otherwise set Thus for example although it is mandatory to define at least one ISAKMP policy it is...

Page 486: ...in the transform set see Configuring transform sets on page 488 The ISAKMP peer parameters see Configuring ISAKMP peer information on page 489 Which packets should be secured as defined in the crypto list see Configuring crypto lists on page 495 The peer addresses For each peer the local address entered in the crypto list see Configuring crypto lists on page 495 should match the ISAKMP peer addres...

Page 487: ...aes aes 192 and aes 256 Use the hash command to set the hash authentication algorithm for the ISAKMP policy Possible values are md5 and sha default Use the group command to set the Diffie Hellman group for the ISAKMP policy Possible values are 1 default 2 5 and 14 Use the lifetime command to set the lifetime of the ISAKMP SA in seconds The range of values is 60 to 86 400 seconds default is 86 400 ...

Page 488: ... sha hmac The IP compression algorithm used by the transform set The only possible value is comp lzs For example Gxxx 001 crypto ipsec transform set ts1 esp 3des esp md5 hmac comp lzs Gxxx 001 config transform ts1 2 You can use the following commands to set the parameters of the transform set Use the set pfs command to specify whether each IKE phase 2 negotiation employs Perfect Forward Secrecy PF...

Page 489: ...ansform ts1 mode tunnel Done 3 Exit the crypto transform set context with the exit command Gxxx 001 config transform ts1 exit Gxxx 001 Configuring ISAKMP peer information About this task ISAKMP peer information defines the remote peer identification the pre shared key used for peer authentication and the ISAKMP policy to be used for IKE phase 1 negotiations between the peers Note You can define up...

Page 490: ...fig peer 149 49 70 1 isakmp policy 1 Done 4 Enter the preshared key for peer authentication using the pre shared key command Important pre shared key is a mandatory command For example Gxxx 001 config peer 149 49 70 1 pre shared key GNpi1odGNBrB5z4GJL Done Alternatively you can obtain a cryptographic grade random key from the Branch Gateway with the suggest key command and then enter it using the ...

Page 491: ...512 7 Specify the branch device Branch Gateway by its address or by the FQDN name that identifies the Branch Gateway in the remote peer using the self identity command Note Specifying self identity as a name is one of the prerequisites for working with dynamic local peer IP addresses For more information about working with dynamic local peer IP addresses see Dynamic local peer IP on page 509 For e...

Page 492: ... page 512 For example Gxxx 001 config peer 149 49 70 1 continuous channel Done 11 Exit the peer context with the exit command For example Gxxx 001 config peer 149 49 70 1 exit Gxxx 001 Configuring an ISAKMP peer group About this task An ISAKMP peer group maintains an ordered list of redundant peers The purpose of the peer group is to provide a backup in the case of remote peer failure At any point...

Page 493: ...red as an ISAKMP peer see Configuring ISAKMP peer information on page 489 Optionally enter an index number specifying the relative position of the peer within the peer group If you do not enter an index number the peer is added at the end of the peer group list and is assigned an index following the last peer s index For example Gxxx 001 config peer grp NY VPN group set peer 149 49 52 135 1 Done 4...

Page 494: ...roup using the set peer group command For example Gxxx 001 config crypto 1 set peer group NY VPN group Done Important Specify either set peer or set peer group but not both 4 Specify the specific transform set to which this crypto map points using the set transform set command Important set transform set is a mandatory command For example Gxxx 001 config crypto 1 set transform set ts1 Done 5 Set t...

Page 495: ...ination IP addresses and wildcard A crypto list is activated on an interface The Branch Gateway can have multiple crypto lists activated on different interfaces Important It is mandatory to create at least one crypto list Note You can configure up to 100 crypto lists Procedure 1 Use the ip crypto list command followed by an index number from 901 to 999 to enter the context of a crypto list and to ...

Page 496: ...n to the ip rule To specify a range of source and destination IP addresses to which the rule applies use the source ip and destination ip commands followed by the IP range criteria The IP range criteria can be one of the following single address Type host followed by an IP address to set a single IP address to which the rule applies wildcard Type host followed by an IP address using wildcards to s...

Page 497: ...protocol to match tcp Specify the TCP settings to match udp Specify the UDP settings to match icmp Specify the ICMP protocol settings to match dscp Specify the DSCP to match fragment Specify whether this rule applies to non initial fragments only 6 Exit ip rule context with the exit command For example Gxxx 001 Crypto 901 ip rule 10 exit Gxxx 001 Crypto 901 7 Repeat Steps 4 to 6 for every ip rule ...

Page 498: ... if FastEthernet 10 2 ip crypto group 901 Done Changing parameters of a crypto list Procedure 1 Use the ip policy list copyold listnew list command 2 Edit the new list 3 Activate it on the interface Note that activating the new list causes all the current IPSec tunnels to close Access control lists Since VPN is intended for a public network such as the Internet it is recommended to define an acces...

Page 499: ...oblem of the scarcity and cost of public IP addresses An organization with a single public IP address can use a NAT device to connect multiple computers to the Internet sharing a single public IP address However NAT causes compatibility problems for many types of network applications including VPN NAT Traversal enables detecting the presence of NAT devices along the path of the VPN tunnel Once det...

Page 500: ...odic basis at times of inactivity when a dynamic NAT is detected along the way These keepalives are intended to maintain the NAT translation alive in the NAT device and not let it age out due to periods of inactivity Set the NAT Traversal keepalive interval on the Branch Gateway to be less than the NAT translation aging time on the NAT device For example Gxxx 001 crypto isakmp nat keepalive 60 Don...

Page 501: ...ch Gateway participates in Path MTU Discovery PMTUD for the tunnel pertaining to that SA The crypto ipsec df bit command is intended for advanced users only It sets the Do Not Fragment DF bit to either clear or copy mode copy The DF bit of the encapsulated packet is copied from the original packet and PMTUD is maintained for the IPSec tunnel clear The DF bit of the encapsulated packet is never set...

Page 502: ...ands used to display an IPSec VPN configuration on page 502 Commands used to display IPSec VPN status on page 503 Clearing both ISAKMP connection and IPSec SAs on page 503 Configuring IPSec VPN logging on page 503 Commands used to display an IPSec VPN configuration show crypto ipsec transform set show crypto isakmp policy show crypto isakmp peer show crypto isakmp peer group show crypto map show i...

Page 503: ...Branch Gateway G430 CLI Reference Clearing both ISAKMP connection and IPSec SAs Procedure 1 Clear the IPSec SAs with the clear crypto sa all command 2 Clear the ISAKMP SA with the clear crypto isakmp command Configuring IPSec VPN logging About this task IPSec VPN logging allows you to view the start and finish of IKE phase 1 and IKE phase 2 negotiations Most importantly it displays the configurati...

Page 504: ...ormational Finished IKE phase 1 negotiation creating ISAKMP SA Peers 149 49 77 202 135 64 102 109 Icookie 0e2fb5ac12ec04b2 Rcookie 541b912b0a30085d esp des esp sha hmac DH group 1 Lifetime 86400 seconds ISAKMP Informational Initiating IKE phase 2 negotiation Peers 149 49 77 202 135 64 102 109 ISAKMP Informational Finished IKE phase 2 creating outbound IPSEC SA SPI 0x4d706e3 Peers 149 49 77 202 135...

Page 505: ...band Internet connection uses cable or DSL modem with a static public IP address There is a VPN tunnel from each spoke to the VPN hub over the Internet Only VPN traffic is allowed via the Internet connection Related topics Configuring the simple VPN topology on page 505 Simple VPN topology on page 506 Simple VPN topology example on page 507 Dynamic local peer IP on page 509 Continuous channel on p...

Page 506: ...ch as follows Traffic from any to branch local subnets encrypt using tunnel mode IPSec The remote peer is the VPN spoke Branch Internet address Note For information about using access control lists see Policy lists on page 557 Simple VPN topology Traffic direction ACL parameter ACL value Description Ingress IKE Permit Ingress ESP Permit Ingress ICMP Permit This enables the PMTUD application to wor...

Page 507: ...ip crypto list 901 local address Branch Office Public Internet Static IP Address ip rule 10 source ip Branch Subnet1 Branch Subnet1 Mask destination ip any protect crypto map 1 exit ip rule 20 source ip Branch Subnet2 Branch Subnet2 Mask destination ip any protect crypto map 1 exit exit ip access control list 301 ip rule 10 source ip any destination ip any ip protocol udp udp destination port eq I...

Page 508: ...tocol udp udp destination port eq Ike composite operation Permit exit ip rule 11 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t composite operation permit exit ip rule 12 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t vsu composite operation permit exit ip rule 20 source ip any destination ip any ip protocol esp composite oper...

Page 509: ...feature provides dynamic local peer IP address support To work with dynamic local peer IP you must first configure some prerequisites and then instruct the Branch Gateway to learn the IP address dynamically using either PPPoE or DHCP client Note When working with dynamic local peer IP you must verify that it is the Branch Gateway that initiates the VPN connection The VPN peer cannot initiate the c...

Page 510: ... Procedure 1 Enter the context of the FastEthernet interface For example Gxxx 001 config interface fastethernet 10 3 Gxxx 001 config if FastEthernet 10 3 2 Enter the following commands in the context of the interface no ip address encapsulation pppoe and ip address negotiated Gxxx 001 config if FastEthernet 10 3 no ip address Done Gxxx 001 config if FastEthernet 10 3 encapsulation pppoe Done Gxxx ...

Page 511: ...ngress ACL for DHCP Gxxx 001 config ip access control list 301 Gxxx 001 config ACL 301 ip rule 25 Gxxx 001 config ACL 301 ip rule 25 source ip any Done Gxxx 001 config ACL 301 ip rule 25 destination ip any Done Gxxx 001 config ACL 301 ip rule 25 ip protocol udp Done Gxxx 001 config ACL 301 ip rule 25 udp source port eq bootps Done Gxxx 001 config ACL 301 ip rule 25 udp destination port eq bootpc D...

Page 512: ...nfiguration on page 204 Continuous channel An IPSec VPN connection exists as long as traffic is traversing the connection or the timeouts have not expired However there are advantages to keeping the connection continuously alive such as eliminating the waiting time necessary to construct a new IPSec VPN connection The Branch Gateway IPSec VPN feature supports continuous channel which maintains a c...

Page 513: ... hub and spokes installation but instead of connecting to a single central site the branch is also connected to several other branch sites by direct IPSec VPN tunnels The configuration is therefore very similar to the previous one duplicated several times In this topology The Broadband Internet connection uses cable or DSL modem with a static public IP address There is a VPN tunnel from each spoke...

Page 514: ...opology Procedure 1 Configure Branch Office 1 as follows The default gateway is the Internet interface VPN policy is configured on the Internet interface egress as follows Traffic from the local subnets to the second spoke subnets encrypt using tunnel mode IPSec with the remote peer being the second spoke Traffic from the local subnets to any IP address encrypt using tunnel mode IPSec with the rem...

Page 515: ...on the Internet interface to allow only the VPN ICMP traffic See Mesh VPN topology Branch Office 2 on page 516 for configuration settings Note For information about using access control lists see Policy lists on page 557 3 Configure the VPN Hub Main Office as follows Static routing Branch subnets Internet interface The VPN policy portion for the branch is configured as a mirror image of the branch...

Page 516: ...from Branch IP to Second Branch IP Permit This traffic is tunnelled using VPN Egress ICMP from local tunnel endpoint to any IP address Permit This enables the PMTUD application to work Egress All allowed services from any local subnet to any IP address Permit This traffic is tunnelled using VPN Egress Default Deny Mesh VPN topology Branch Office 2 Traffic direction ACL parameter ACL value Descript...

Page 517: ...work Egress All allowed services from any local subnet to any IP address Permit This traffic is tunnelled using VPN Egress Default Deny Mesh VPN topology example Branch Office 1 configuration crypto isakmp policy 1 encryption aes hash sha group 2 exit crypto isakmp peer address Main Office Public Internet Static IP Address pre shared key secret key isakmp policy 1 exit crypto isakmp peer address S...

Page 518: ...ubnet2 Branch Subnet2 Mask destination ip Second Branch Subnet2 Second Branch Subnet2 Mask protect crypto map 2 exit ip rule 10 source ip Branch Subnet1 Branch Subnet1 Mask destination ip any protect crypto map 1 exit ip rule 20 source ip Branch Subnet2 Branch Subnet2 Mask destination ip any protect crypto map 1 exit exit ip access control list 301 ip rule 10 source ip any destination ip any ip pr...

Page 519: ...mposite operation deny exit exit ip access control list 302 ip rule 10 source ip any destination ip any ip protocol udp udp destination port eq Ike composite operation Permit exit ip rule 11 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t composite operation permit exit ip rule 12 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t ...

Page 520: ...ss group 301 in ip access group 302 out exit ip default gateway FastEthernet 10 3 high Note The highlighted commands are the CLI commands that add the mesh capabilities to the simple hub and spokes configuration Branch Office 2 configuration crypto isakmp policy 1 encryption aes hash sha group 2 exit crypto isakmp peer address Main Office Public Internet Static IP Address pre shared key secret key...

Page 521: ...et2 Mask protect crypto map 2 exit ip rule 4 source ip Branch Subnet2 Branch Subnet2 Mask destination ip First Branch Subnet2 Second Branch Subnet2 Mask protect crypto map 2 exit ip rule 10 source ip Branch Subnet1 Branch Subnet1 Mask destination ip any protect crypto map 1 exit ip rule 20 source ip Branch Subnet2 Branch Subnet2 Mask destination ip any protect crypto map 1 exit exit ip access cont...

Page 522: ... composite operation deny exit exit ip access control list 302 ip rule 10 source ip any destination ip any ip protocol udp udp destination port eq Ike composite operation Permit exit ip rule 11 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t composite operation permit exit ip rule 12 source ip any destination ip any ip protocol udp udp destination port eq Ike nat...

Page 523: ...et 10 3 high Note The highlighted commands are the CLI commands that add the mesh capabilities to the simple hub and spokes configuration Full solution hub and spoke with VPN The full solution consists of a hub and spoke with VPN for data and VoIP control backup In this topology There is a direct WAN connection through an external layer 3 router in the branch to the Main Office for VoIP bearer and...

Page 524: ...Traffic from the local GRE tunnel endpoint to the remote GRE tunnel endpoint encrypt using IPSec tunnel mode with the remote peer being the Main Office An access control list ACL is configured on the Internet interface to allow only the VPN tunnel and ICMP traffic See Configuring hub and spoke with VPN for data and VoIP control backup on page 524 for configuration settings Note For information abo...

Page 525: ...1 WAN 2 DBR ACM is configured to route voice calls through PSTN when the main VoIP trunk is down Hub and spoke with VPN Traffic direction ACL parameter ACL value Ingress IKE UDP 500 from remote tunnel endpoint to local tunnel endpoint Permit Ingress ESP AH from remote tunnel endpoint to local tunnel endpoint Permit Ingress Remote GRE tunnel endpoint to local GRE tunnel endpoint Permit Ingress Allo...

Page 526: ... data Subnet Branch data Subnet Mask destination ip any protect crypto map 1 exit ip rule 20 source ip Branch voice Subnet Branch voice Subnet Mask destination ip any protect crypto map 1 exit exit ip access control list 301 ip rule 10 source ip any destination ip any ip protocol udp udp destination port eq Ike composite operation Permit exit ip rule 11 source ip any destination ip any ip protocol...

Page 527: ...p protocol udp udp destination port eq Ike composite operation Permit exit ip rule 11 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t composite operation permit exit ip rule 12 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t vsu composite operation permit exit ip rule 20 source ip any destination ip any ip protocol esp composite...

Page 528: ...net 10 3 encapsulation pppoe traffic shape rate 256000 ip address Branch Office Internet public Static IP Address Branch Office Internet public net mask ip crypto group 901 ip access group 301 in ip access group 302 out exit ip next hop list 1 next hop ip 1 external layer 3 router IP address exit ip next hop list 2 next hop interface 1 FastEthernet 10 3 next hop ip 2 external layer 3 router IP add...

Page 529: ...an be used only if it is supported also by the remote peer Bind peer status to an object tracker Object trackers track the state up down of remote devices using keepalive probes and notify registered applications such as VPN when the state changes Object tracking allows monitoring of hosts inside the remote peer s protected network not just of the remote peer itself as in DPD Backup peer mechanism...

Page 530: ...er redundancy or load sharing In this topology the Branch Gateway is connected through its 10 100 WAN Ethernet port to a DSL modem Define two GRE Tunnel interfaces GRE1 that leads to a Primary Main Office GRE End Point behind the VPN Hub Gateway GRE2 that leads to a Backup Main Office GRE End Point behind the VPN Hub Gateway Define two VPNs Connectivity to the networks in Primary Backup Main Offic...

Page 531: ...erface egress as follows GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 1 encrypt using IPSec tunnel mode with the remote peer being tunnel endpoint 1 GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 2 encrypt using IPSec tunnel mode with the remote peer being tunnel endpoint 2 b An access control list ACL is configured on the Internet interface to allow o...

Page 532: ... Permit Ingress ESP AH from remote tunnel endpoint to local tunnel endpoint Permit Ingress Allowed ICMP from any IP address to local tunnel endpoint Permit Ingress Default Deny Egress IKE UDP 500 from local tunnel endpoint to remote tunnel endpoint Permit Egress All allowed services from any local subnet to any IP address Permit Egress Allowed ICMP from local tunnel endpoint to any IP address Perm...

Page 533: ...h GRE Tunnel end point IP Address destination ip host Backup Main Office GRE Tunnel end point IP Address protect crypto map 2 exit exit ip access control list 301 ip rule 30 source ip any destination ip any ip protocol udp udp destination port eq Ike composite operation Permit exit ip rule 31 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t composite operation per...

Page 534: ... destination ip any ip protocol udp udp destination port eq Ike nat t composite operation permit exit ip rule 32 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t vsu composite operation permit exit ip rule 40 source ip any destination ip any ip protocol esp composite operation Permit exit ip rule 50 source ip any destination ip any ip protocol icmp exit ip rule 60...

Page 535: ... commands specify redundant mode To specify load sharing mode omit them backup interface tunnel 2 backup delay 20 15 keepalive 10 3 tunnel source Branch GRE Tunnel end point IP Address tunnel destination Primary MainPrimary Main Office GRE Tunnel end point IP Address ip address 10 10 10 1 255 255 255 252 exit interface Tunnel 2 keepalive 10 3 tunnel source Branch GRE Tunnel end point IP Address tu...

Page 536: ...stname to an IP address before establishing an IKE connection Your DNS server should be able to provide an IP address of a living host The Branch Gateway will perform a new DNS query and try to re establish the VPN connection to the newly provided IP address whenever it senses that the currently active remote peer stops responding The Branch Gateway can sense that a peer is dead when IKE negotiati...

Page 537: ...er address command including the pre shared key the ISAKMP policy 7 Define the IPSEC transform set using the crypto ipsec transform set command 8 Define the crypto map using the crypto map command 9 Define the crypto list as follows a Set the local address to the public interface name for example FastEthernet 10 3 0 b For each private interface define an ip rule using the following format source i...

Page 538: ... data traffic IPSEC d Permit ICMP traffic to support PMTU application support for a better fragmentation process e For each private subnet add a permit rule with the source being the private subnet and the destination being any f Define all other traffic default rule as deny in order to protect the device from sending non secure traffic 12 Activate the crypto list the ingress access control list a...

Page 539: ...t Define the IPSEC Entity crypto ipsec transform set ts1 esp 3des esp sha hmac exit Define the VPN Tunnel crypto map 1 set peer main vpn avaya com set transform set ts1 exit Define the crypto list for the public interface ip crypto list 901 local address Fast Ethernet 10 3 0 ip rule 5 allows un encrypted traffic for DNS ip rule 5 source ip any destination ip 123 124 125 126 no protect exit ip rule...

Page 540: ...tination port eq Ike nat t vsu composite operation permit exit ip rule 20 source ip any destination ip any ip protocol esp composite operation Permit exit ip rule 30 source ip any destination ip any ip protocol icmp composite operation Permit exit ip rule 40 source ip any destination ip 10 0 10 0 0 0 0 255 composite operation Permit exit ip rule 50 source ip any destination ip 10 0 20 0 0 0 0 255 ...

Page 541: ...urce ip any destination ip any ip protocol esp composite operation Permit exit ip rule 30 source ip any destination ip any ip protocol icmp composite operation Permit exit ip rule 40 source ip 10 0 10 0 0 0 0 255 destination ip any composite operation Permit exit ip rule 50 source ip 10 0 20 0 0 0 0 255 destination ip any composite operation Permit exit ip rule default composite operation deny exi...

Page 542: ...y using a peer group 1 Define the private VLAN1 and VLAN2 interfaces IP address and mask and define one of them as the PMI and ICC VLAN 2 Define the public FastEthernet 10 3 interface IP address and mask 3 Define the default gateway the IP address of the next router 4 Define the object tracking configuration and define when an object tracker is considered down as follows Define a track list that w...

Page 543: ...ace define an ip rule using the following format source ip private subnet private subnet wild card mast For example 10 10 10 0 0 0 0 255 destination ip any protect crypto map 1 11 Define the ingress access control list to protect the device from incoming traffic from the public interface as follows a Permit IKE Traffic UDP port 500 for VPN control traffic IKE Note If you are using NAT Traversal yo...

Page 544: ...Activate the crypto list the ingress access control list and the egress access control list on the public interface Failover VPN topology using a peer group example Define the Private Subnet1 interface vlan 1 description Branch Subnet1 ip address 10 0 10 1 255 255 255 0 icc vlan pmi exit Define the Private Subnet2 interface vlan 2 description Branch Subnet2 ip address 10 0 20 1 255 255 255 0 exit ...

Page 545: ...3 exit track 14 rtr 4 exit track 15 rtr 5 exit track 1 list threshold count threshold count up 5 down 3 object 11 object 12 object 13 object 14 object 15 exit Define the IKE Entity crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre share exit Define the remote peers 3 main offices crypto isakmp peer address First Main Office VPN address pre shared key key1 isakmp policy 1 ke...

Page 546: ...p 10 0 20 0 0 0 0 255 destination ip any protect crypto map 1 exit exit Define the Ingress access control list for the public interface ip access control list 301 ip rule 10 source ip any destination ip any ip protocol udp udp destination port eq Ike composite operation Permit exit ip rule 11 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t composite operation per...

Page 547: ...ration Permit exit ip rule 11 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t composite operation permit exit ip rule 12 source ip any destination ip any ip protocol udp udp destination port eq Ike nat t vsu composite operation permit exit ip rule 20 source ip any destination ip any ip protocol esp composite operation Permit exit ip rule 30 source ip any destinat...

Page 548: ...ion for simple Gateway site to site IPSec VPN Parameter Possible values Actual value 1 Type of connection to the ISP ADSL Cable Modem 2 VPN Interface FastEthernet10 3 Serial port X Y 3 VPN Local IP Address Type Static If static provide IP Address Mask Next hop Router Dynamic DHCP PPPoE 4 Coordinating with the VPN Remote peer a VPN IKE Control Phase 1 Parameters Encryption des 3des aes aes 192 aes ...

Page 549: ...hmac IP compression enable comp lzs disable PFS Group no pfs default 1 2 5 14 Lifetime seconds 120 to 86 400 default 3 600 1 hour Lifetime kilobytes 2 560 to 536 870 912 default 4 608 000 kb disable 5 Which packets should be secured a Protect rules matching options IP source address IP destination address b Bypass rules matching options IP source address IP destination address IPSec VPN Administer...

Page 550: ...P is a responder set initiate mode to aggressive device is an initiator Set self identity to identify the device in the remote peer Summary of VPN commands For more information about these commands see the Avaya Branch Gateway G430 CLI Reference Root level command First level command Second level command Description clear crypto isakmp Flush a specific ISAKMP SA or all the ISAKMP SAs clear crypto ...

Page 551: ... Set the IKE phase 2 IPSec SA lifetime crypto isakmp invalid spi recovery Enable invalid SPI recovery default setting crypto isakmp nat keepalive Re enable NAT Traversal keepalive if it was disabled and configure the keepalive interval This command keeps the NAT devices tables updated crypto isakmp peer Enter the crypto ISAKMP peer context and create or edit an ISAKMP peer continuous channel Enabl...

Page 552: ... can use as a pre shared key for IKE You must use the same key on both peers crypto isakmp peer group Enter the crypto ISAKMP peer group context and create or edit an ISAKMP peer group description Enter a description for the ISAKMP peer group set peer Add a peer to the peer group crypto isakmp policy Enter the crypto ISAKMP policy context and create or edit IKE Phase 1 parameters authenticat ion S...

Page 553: ...sion always up and running even if there is no traffic description Enter a description for the crypto map set dscp Set the DSCP value in the tunneled packet set peer Attach a peer to a crypto map set peer group Attach a peer group to a crypto map set transform set Configure the transform set interface fastethernet dialer vlan Enter the FastEthernet Dialer or VLAN interface context crypto ipsec df ...

Page 554: ... crypto map source ip Indicate that the current rule applies to packets from the specified source IP address local address Set the local IP address for the IPSec tunnels derived from this crypto list show crypto ipsec sa Display the IPSec SA database and related runtime statistical and configuration information Note The detail option in the various show crypto ipsec sa commands provides detailed c...

Page 555: ...play ISAKMP policy configuration show crypto isakmp sa Display the ISAKMP SA database status show crypto map Display all or specific crypto map configurations show ip active lists Display information about a specific policy list or all lists show ip crypto list Display all or specific crypto list configurations IPSec VPN Administering Avaya G430 Branch Gateway October 2013 555 ...

Page 556: ...IPSec VPN 556 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 557: ...f policy lists on page 557 Policy list management on page 560 Policy list configuration on page 561 Policy list attachments on page 564 Device wide policy lists on page 567 Defining global rules on page 567 Policy rule configuration on page 568 Composite operations on page 574 DSCP table on page 577 Policy list displays and tests on page 579 Summary of access control list commands on page 581 Summ...

Page 558: ...s You can use access control lists to control which packets are authorized to pass through an interface When a packet matches a rule on the access control list the rule specifies whether the Branch Gateway Accepts the packet or drops the packet Sends an ICMP error reply if it drops the packet Sends an SNMP trap if it drops the packet Network security using access control lists The primary use of a...

Page 559: ...CP table The DSCP table enables you to set one or both of the QoS fields in a packet based on the previous value of the DSCP field in the packet QoS list parts Rule list A list of filtering rules and actions for the Branch Gateway to take when a packet matches the rule Match actions on this list are pointers to the composite operation table Actions composite operation table A table that describes ...

Page 560: ...based routing is implemented by means of policy based routing PBR lists PBR lists are similar in many respects to access control lists and QoS lists However since there are also some key differences policy based routing is explained in a separate chapter Refer to Policy based routing on page 587 Policy list management You can manage policy lists on the Branch Gateway with CLI commands You can also...

Page 561: ... you can edit the list from the list context If the list does not exist entering the list context creates the list To create or edit an access control list enter ip access control list followed by a list number in the range 300 399 The Branch Gateway includes one pre configured access control list The pre configured access control list is list number 300 For example to create access control list 3...

Page 562: ...figuration on page 568 Configure composite operations see Composite operations on page 574 Configure DSCP mapping QoS lists only see DSCP table on page 577 Defining list identification attributes About this task The policy list attributes including name owner and cookie are used by Avaya QoS Manager software to identify policy lists Procedure 1 Enter the context of the policy list in which you wan...

Page 563: ...he Branch Gateway applies the default action for the list The following table shows the default action for each type of policy list List Default action Access control list Accept all packets QoS list No change to the priority or DSCP Deleting a policy list Procedure To delete a list enter one of the following commands To delete an access control list enter no ip access control list followed by the...

Page 564: ... on page 566 Packets entering the interface When a packet enters the Branch Gateway through an interface the Branch Gateway applies the policy lists in the following order 1 Apply the ingress access control list 2 If the ingress access control list does not drop the packet Apply the ingress QoS list Apply the PBR list if any The packet enters the Branch Gateway through the interface Packets exitin...

Page 565: ...teway The ingress QoS list and the egress QoS list from among the QoS lists that are configured on the Branch Gateway Attaching policy lists and access control lists Procedure Choose one of the following commands To attach an access control list to an interface as its ingress access control list enter the interface context and enter ip access group list number in To attach an access control list t...

Page 566: ...xxx 001 if VLAN 2 ip qos group 401 out Done Removing a list Procedure To remove a list from an interface use the no form of the appropriate command For example if the ingress access control list for the VLAN 1 interface is list number 302 you can remove the list from the interface by entering the following commands Gxxx 001 super interface vlan 1 Gxxx 001 super if VLAN 1 no ip access group in Done...

Page 567: ...olicy lists Outgoing packets a Apply the device wide egress policy lists b Apply the egress policy lists that are attached to the interface Defining global rules About this task In an access control list you can define global rules for packets that contain IP fragments and IP options These rules apply to all packets This is in contrast to individual rules which apply to packets that match certain ...

Page 568: ...P protocol such as TCP UDP ICMP or IGMP Source TCP or UDP port or a range of ports Destination TCP or UDP port or a range of ports ICMP type and code Fragment DSCP Use IP wildcards to specify a range of source or destination IP addresses The zero bits in the wildcard correspond to bits in the IP address that remain fixed The one bits in the wildcard correspond to bits in the IP address that can va...

Page 569: ...re not applied to non initial fragments and the device continues checking the next IP rule This is to prevent cases in which fragments that belong to other L4 sessions may be blocked by the other L4 session which is blocked Layer 3 rules apply to non initial fragments Layer 3 rules that include the fragment criteria do not apply to initial fragments or non fragment packets Layer 3 rules that do no...

Page 570: ...IGMP for rule 3 in access control list 302 Gxxx 001 ACL 302 ip rule 3 no ip protocol igmp Specifying a range of IP addresses Procedure To specify a range of source and destination IP addresses to which the rule applies use the commands source ip and destination ip followed by the IP range criteria Choose one of the following options as the IP range criteria To specify a range type two IP addresses...

Page 571: ...lowing command specifies a source IP address in the range 64 any 24 any for rule 6 in access control list 350 Gxxx 001 ACL 350 ip rule 6 source ip 64 24 Specifying source and destination port range Procedure 1 To specify a range of source and destination ports to which the rule applies use any of the following commands followed by either port name or port number range criteria tcp source port tcp ...

Page 572: ...ng command specifies any destination TCP port in the range 5000 through 5010 for rule 1 in access control list 301 Gxxx 001 ACL 301 ip rule 1 tcp destination port range 5000 5010 The following command specifies any source TCP port except a port named http for rule 7 in access control list 304 Gxxx 001 ACL 304 ip rule 7 no tcp source port eq http Applying the rule to ICMP type and code Procedure 1 ...

Page 573: ... case the command also sets the IP protocol parameter to TCP Example The following command specifies that rule 6 in access control list 301 only matches packets that are part of an established TCP session Gxxx 001 ACL 301 ip rule 6 tcp established Specifying fragments Procedure Enter fragment to apply the rule to non initial fragments You cannot use the fragment command in a rule that includes UDP...

Page 574: ...access control list rules and QoS list rules For each type of list the Branch Gateway includes a pre configured list of composite operations You cannot change or delete pre configured composite operations You can define additional composite operations Related topics Pre configured composite operations for access control lists on page 574 Pre configured composite operations for QoS lists on page 57...

Page 575: ...t the connection when it drops a packet Pre configured composite operations for QoS lists The following table lists the pre configured entries in the composite operation table for rules in a QoS list No Name CoS DSCP Trust 0 CoS0 cos0 no change No 1 CoS1 cos1 no change No 2 CoS2 cos2 no change No 3 CoS3 cos3 no change No 4 CoS4 cos4 no change No 5 CoS5 cos5 no change No 6 CoS6 cos6 no change No 7 ...

Page 576: ...can configure additional composite operations for QoS lists You can also edit composite operations that you configured You cannot edit pre configured composite operations Note You cannot configure additional composite operations for access control lists since all possible composite operations are pre configured Procedure 1 Enter the context of a QoS list 2 Enter composite operation followed by an ...

Page 577: ...one Gxxx 001 QoS 402 cot 12 cos no change Done Gxxx 001 QoS 402 cot 12 exit Gxxx 001 QoS 402 ip rule 3 Gxxx 001 QoS 402 rule 3 composite operation dscp5 Done DSCP table DSCP is a standards defined method for determining packet priority through an interface either into or out of a router There are three ways you can use the DSCP field Classifier Select a packet based on the contents of some portion...

Page 578: ... followed by the number of the DSCP value for which you want to change its composite operation 3 Enter composite operation followed by the name of the composite operation you want to execute for packets with the specified DSCP value Result The following commands specify the pre configured composite operation CoS5 for DSCP table entry 33 in QoS list 401 Every packet with DSCP equal to 33 is assigne...

Page 579: ...s produce different results in different contexts In general context show ip access control list Displays a list of all configured access control lists with their list numbers and owners show ip access control list list number detailed Displays all the parameters of the specified access control list show ip qos list Displays a list of all configured QoS lists with their list numbers and owners sho...

Page 580: ...s Procedure Use the ip simulate command in the context of an interface to test a policy list The command tests the effect of the policy list on a simulated IP packet in the interface Specify the number of a policy list the direction of the packet in or out and a source and destination IP address You may also specify other parameters For a full list of parameters see Avaya Branch Gateway G430 CLI R...

Page 581: ...scription interface dialer loopback fastethernet tunnel vlan Enter the Dialer Loopback FastEthernet Tunnel or VLAN interface configuration context ip access group Activate a specific Access Control list for a specific direction on the current interface ip simulate Test the action of a policy on a simulated packet show ip access control list Display the attributes of a specific access control list ...

Page 582: ... the current rule destination ip Apply the current rule to packets with the specified destination IP address dscp Apply the current rule to packets with the specified DSCP value fragment Apply the current rule for non initial fragments only icmp Apply the current rule to a specific type of ICMP packet ip protocol Apply the current rule to packets with the specified IP protocol show composite opera...

Page 583: ...name Assign a name to the current list owner Specify the owner of the current list show composite operation Display the composite operations configured for the list show ip rule Display the rules configured for the current list attributes of a specific rule show list Display the attributes of the current list including its rules ip policy list copy Copy an existing policy list to a new list show i...

Page 584: ...ed QoS list and create the list if it does not exist composite operation Enter the configuration mode for one of the current list s composite operations cos Set the CoS priority value for the current composite operation dscp Set the DSCP value for the current composite operation name Assign a name to the current composite operation show composite operation Display the attributes of the current com...

Page 585: ... to packets with the specified DSCP value fragment Apply the current rule for non initial fragments only icmp Apply the current rule to a specific type of ICMP packet ip protocol Apply the current rule to packets with the specified IP protocol show composite operation Display the parameters of the composite operation assigned to the current rule show dscp table Display the current list s DSCP tabl...

Page 586: ...urrent list pre classification Specify which priority tag the current QoS list uses for data flows show composite operation Display all composite operations configured for the list show dscp table Display the current list s DSCP table show ip rule Display the rules configured for the current list attributes of a specific rule show list Display the attributes of the current list including its rules...

Page 587: ...QoS List See Policy lists to packets on page 565 Note The Loopback 1 interface is an exception to this rule On the Loopback 1 interface PBR lists are applied when the packet leaves the interface This enables the PBR list to handle packets sent by the Branch Gateway device itself as explained below Note ICMP keepalive provides the interface with the ability to determine whether a next hop is or is ...

Page 588: ...list commands in context on page 597 Policy based routing application example on page 598 Summary of policy based routing commands on page 601 Applications for policy based routing The most common application for policy based routing is to provide for separate routing of voice and data traffic It can also be used as a means to provide backup routes for defined traffic types Related topics Separate...

Page 589: ... when the primary next hop fails Example Voice packets are usually sent over a WAN line and not the Internet You can configure a PBR list to drop voice packets when the WAN line is down Setting up policy based routing About this task For a full example of a policy based routing configuration see Policy based routing application example on page 598 Procedure 1 Define PBR lists In general context en...

Page 590: ...ed For an illustration see Policy based routing application example on page 598 Note Leave a gap between rule numbers in order to leave room for inserting additional rules at a later time For example ip rule 10 ip rule 20 ip rule 30 The following example creates rule 1 which routes packets going to IP address 149 49 43 210 with a DSCP value of 34 according to next hop list 1 The next step explains...

Page 591: ...nfiguration on page 204 A next hop list can include the value NULL0 When the next hop is NULL0 the Branch Gateway drops the packet However you cannot apply tracking to NULL0 The following example creates next hop list 1 named Data to HQ with the following entries The first entry is the FastEthernet 10 2 interface Object tracker 3 is applied to monitor the route For details about configuring the ob...

Page 592: ...ck interface The following example applies PBR list 802 to the Loopback interface Gxxx 001 super interface Loopback 1 Gxxx 001 super if Loopback 1 ip pbr group 802 Done Gxxx 001 super if Loopback 1 exit Gxxx 001 super 6 Enter copy running config startup config This saves the new policy based routing configuration in the startup configuration file PBR rules Each PBR list can have up to 1 500 rules ...

Page 593: ...does not catch fragments Note It is recommended to leave a gap between rule numbers in order to leave room for inserting additional rules at a later time For example ip rule 10 ip rule 20 ip rule 30 Related topics Modifying rules on page 593 PBR rule criteria on page 594 Modifying rules About this task To modify a policy based routing rule you must enter the context of the rule and redefine the ru...

Page 594: ... Branch Gateway applies destination based routing to packets that match the rule Next hop lists PBR rules include a next hop list When the rule matches a packet the Branch Gateway routes the packet according to the specified next hop list Each next hop list can include up to 20 entries An entry in a next hop list can be either an IP address or an interface The Branch Gateway attempts to route the ...

Page 595: ...llowed by the index number of the entry and the name of the interface You can optionally apply tracking to monitor the route except for the NULL0 For example the command next hop interface 3 fastethernet 10 2 sets FastEthernet 10 2 as the third entry on the next hop list Deleting an entry from a next hop list Procedure 1 Enter the context of the next hop list 2 Use one of the following commands To...

Page 596: ...er modifying the list you can reattach the list to the interface Procedure 1 To remove a list from an interface use the no form of the ip pbr group command in the interface context The following example removes the PBR list from the VLAN 2 interface Gxxx 001 super interface vlan 1 Gxxx 001 super if VLAN 1 no ip pbr group Done Gxxx 001 super if VLAN 1 2 To modify a PBR list enter ip pbr list follow...

Page 597: ...ip active lists Displays a list of each Branch Gateway interface to which a PBR list is attached along with the number and name of the PBR list show ip active lists list number Displays a list of each Branch Gateway interface to which the specified PBR list is attached along with the number and name of the PBR list show ip next hop list all Displays the number and name of all next hop lists show i...

Page 598: ...s the PMI Therefore there is no routing between the PMI and the IP phones In this example the object of policy based routing is to route all voice traffic over the E1 T1 line which is more expensive but provides the superior QoS necessary for voice traffic Remaining traffic is to be routed over the more inexpensive Internet connection It is assumed that the IP phones on VLAN 6 establish connection...

Page 599: ...cp 41 Done Gxxx 001 super PBR 801 ip rule 10 exit Done Gxxx 001 super PBR 801 ip rule 20 destination ip 149 49 123 0 0 0 0 255 Done Gxxx 001 super PBR 801 ip rule 20 dscp 43 Done Gxxx 001 super PBR 801 ip rule 20 exit Gxxx 001 super PBR 801 ip rule 30 Gxxx 001 super PBR 801 ip rule 30 next hop list 1 Done Gxxx 001 super PBR 801 ip rule 30 destination ip 149 49 123 0 0 0 0 255 Done Gxxx 001 super P...

Page 600: ...he T1 E1 line Gxxx 001 super interface Loopback 1 Gxxx 001 super if Loopback 1 ip pbr group 801 Done Gxxx 001 super if Loopback 1 exit Gxxx 001 super The next set of commands defines a new PBR list 802 This list will be applied to the data interface VLAN 5 The purpose of this is to route data traffic through interfaces other than the E1 T1 interface so that this traffic will not interface with voi...

Page 601: ...unnel 1 in order to detect whether this next hop is valid or not for more information on object tracking refer to Object tracking on page 282 Note that the GRE tunnel itself has keepalive and can detect the status of the interface and therefore modify the next hop status Packet simulation in PBR Policy based routing supports the ip simulate command for testing policies Refer to Simulating packets ...

Page 602: ...or the specified rule If the specified rule does not exist the system creates it and enters its configuration mode destination ip Specify the destination IP address of packets to which the current rule applies dscp Specify the DSCP value that is set by the current policy operation fragment Apply the current rule for non initial fragments only icmp Apply the current rule to a specific type of ICMP ...

Page 603: ...tion port udp source port Apply the rule to UDP packets from the specified source port name Assign a name to the specified list or operation owner Specify the owner of the current list show ip rule Display the attributes of a specific rule or all rules show list Display information about the specified list show ip active lists Display information about a specific policy list or all lists show ip a...

Page 604: ...Policy based routing 604 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 605: ...an H 320 video device that customers would like to retain and transmit within an IP infrastructure Use the Communication Manager s SAT Administration forms to administer Synchronization over IP Related topics Defining a stratum clock source on page 605 Setting the synchronization source on page 606 Disassociating a clock source on page 607 Enabling and disabling automatic failover and failback on ...

Page 606: ...when the primary source becomes available Result If neither primary nor secondary sources are identified the local clock becomes the active source Example The following example sets the MM710 media module located in slot 2 of the Branch Gateway chassis as the primary clock synchronization source for the Branch Gateway set sync interface primary v2 set sync source primary If the Branch Gateway incl...

Page 607: ...is on one or more channels is active If it is an ISDN facility the D channel counts as an active channel and causes the yellow ACT LED to be on When the MM710 is operating as a clock synchronization source the yellow ACT LED indicates that the MM710 is the clock synchronization source by flashing at three second intervals as follows The yellow ACT LED is on for 2 8 seconds and off for 200 millisec...

Page 608: ...al v0 Active None Active Source v0 Sync Source Switching Enabled Done Summary of synchronization commands For more information about these commands see Avaya Branch Gateway G430 CLI Reference Command Description clear sync interface Disassociate a previously specified interface as the primary or secondary clock synchronization source set sync interface Define the specified module and port as a pot...

Page 609: ...Command Description show sync timing Display the status of the primary secondary and local clock sources Synchronization Administering Avaya G430 Branch Gateway October 2013 609 ...

Page 610: ...Synchronization 610 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 611: ...icates that the entity sending the protocol is reinitializing itself in such a way as to potentially cause the alteration of either the agent s configuration or the entity s implementation warmStart STD Boot Warni ng warmSta rt Agent Up with No Changes warmStart Trap enterprise E e args A warmStart trap indicates that the entity sending the protocol is reinitializing itself in such a way as to kee...

Page 612: ...me up The data passed with the event is 1 The name and value of the ifIndex instance for the affected interface The name of the interface can be retrieved via an snmpget of 1 3 6 1 2 1 2 2 1 2 INST where INST is the instance returned with the trap linkDown ifIndex ifAdminSt atus ifOperStat us STD Syste m Warni ng linkDown Agent Interface Down linkDown Trap enterprise E e on interface 1 A linkDown ...

Page 613: ...nterprise E e args An authentication failure trap indicates that the protocol is not properly authenticated risingAlar m alarmInde x alarmVari able alarmSa mple Type alarmValu e alarmRisi ng Threshold RM ON THRE S HOLD Warni ng rising Alarm Rising Alarm 2 exceeded threshold 5 value 4 Sample type 3 alarm index 1 The SNMP trap that is generated when an alarm entry crosses its rising threshold and ge...

Page 614: ...ifies the manager of the deletion of the specified redundant link which is identified by the softRedundanc yId It is enabled disabled by chLntAgConfig ChangeTraps createSW Redundan cy Trap soft Redunda ncy Status P33 0 SWITC H FABRI C Info createS WRedun dancyTra p Software Redundan cy 1 definition created The trap is generated on the creation of the redundant links for the specified ports It give...

Page 615: ...P33 0 ROUT ER Warni ng duplicate IPTrap Duplicate IP address 2 detected MAC address 1 This trap reports to the Management station on Duplicate IP identification CRP identify the new IP on the network If it similar to one of its IP interfaces the CRP will issue a SNMP trap containing the MAC of the intruder lntPolicy ChangeEv ent ipPolicy Activation EntID ipPolicy Activation List ipPolicy Activatio...

Page 616: ...ntPolicy Access Control Violation Flt IP PolicyAcce ss Control violation if index 9 ip protocol 4 src ip 2 dst ip 3 src port 5 dst port 6 rule id 8 rule list 9 This trap reports to the Management station on IP PolicyAccess Control violation The trap includes in its varbind information about the slot where the event occurred The id of the rule that was violated in the current rules table and the qu...

Page 617: ...odule 2 Port 3 This trap reports the return of connection on a dormant port InlinePwr Flt genGroup FaultMas k genGroup Id genGroup BUPSActi vity Status P33 0 POE Error InlinePwr Flt Module 2 Inline Power Supply failure This trap reports the failure of an inline power supply InlinePwr FltOK genGroup FaultMas k genGroup Id genGroup BUPSActi vity Status P33 0 POE Notific ation InlinePwr FltOK Module ...

Page 618: ...Local alarms such as LOS wanLocal AlarmOff ifIndex ifAdminSt atus ifOperStat us ifName ifAlias dsx1Line Status WA N WAN Notific ation wanLoca l AlarmOff Local Alarm on interface 4 was cleared Local alarms such as LOS was cleared wanRemo te AlarmOn ifIndex ifAdminSt atus ifOperStat us ifName ifAlias dsx1Line Status WA N WAN Error wan Remote AlarmOn Remote Alarm on interface 4 Remote alarms such as ...

Page 619: ...Line Status WA N WAN Notific ation wanMino r AlarmOff Minor Alarm on interface 4 was cleared Normal BER AvEntFan Flt entPhysic al Index entPhysic al Descr entPhySe nsorValue avEntPhy SensorLo Warning AVA YA ENT ITY TEMP AvEntFa n Flt Fan 2 is Faulty This trap reports a faulty fan AvEntFan Ok entPhysic al Index entPhysic al Descr entPhySe nsor Value avEntPhy SensorLo Warning AVA YA ENT ITY TEMP Not...

Page 620: ...al Index entPhysic al Descr entPhySe nsor Value avEntPhy SensorHi Warning entPhysic al ParentRel Pos AVA YA ENT ITY TEMP Notific ation avEnt Ambient TempOk Ambient Temperatu re fault 3 cleared This trap reports that the ambient temperature in the device has returned to the acceptable range for the device Branch Gateway MIB files MIB File MIB Module Supported by Branch Gateway Load MIB LOAD MIB Q B...

Page 621: ... MIB POLICY MIB MY POLICY MIB BRIDGE MIB my BRIDGE MIB CONFIG MIB MY CONFIG MIB G700 MG MIB MY G700 MG MIB FRAME RELAY DTE MIB my FRAME RELAY DTE MIB IP MIB my IP MIB Load12 MIB LOAD MIB PPP LCP MIB my PPP LCP MIB WAN MIB MY WAN MIB SNMPv2 MIB my SNMPv2 MIB USM MIB my USM MIB VACM MIB my VACM MIB OSPF MIB my OSPF MIB Tunnel MIB my TUNNEL MIB Related topics MIB objects in the Load MIB file on page ...

Page 622: ... on page 642 MIB objects in the POLICY MIB my file on page 642 MIB objects in the BRIDGE MIB my file on page 647 MIB objects in the CONFIG MIB my file on page 649 MIB objects in the G700 MG MIB my file on page 652 MIB objects in the FRAME RELAY DTE MIB my file on page 656 MIB objects in the IP MIB my file on page 657 MIB objects in the Load12 MIB my file on page 658 MIB objects in the PPP LCP MIB ...

Page 623: ...leReset 1 3 6 1 4 1 1751 2 53 1 2 1 17 genOpNextBootImageIndex 1 3 6 1 4 1 1751 2 53 1 2 1 18 genOpLastBootImageIndex 1 3 6 1 4 1 1751 2 53 1 2 1 19 genOpFileSystemType 1 3 6 1 4 1 1751 2 53 1 2 1 20 genOpReportSpecificFlags 1 3 6 1 4 1 1751 2 53 1 2 1 21 genOpOctetsReceived 1 3 6 1 4 1 1751 2 53 1 2 1 22 genAppFileId 1 3 6 1 4 1 1751 2 53 2 1 1 1 genAppFileName 1 3 6 1 4 1 1751 2 53 2 1 1 2 genAp...

Page 624: ...tIfIndex 1 3 6 1 2 1 10 32 2 1 1 frCircuitDlci 1 3 6 1 2 1 10 32 2 1 2 frCircuitState 1 3 6 1 2 1 10 32 2 1 3 frCircuitReceivedFECNs 1 3 6 1 2 1 10 32 2 1 4 frCircuitReceivedBECNs 1 3 6 1 2 1 10 32 2 1 5 frCircuitSentFrames 1 3 6 1 2 1 10 32 2 1 6 frCircuitSentOctets 1 3 6 1 2 1 10 32 2 1 7 frCircuitReceivedFrames 1 3 6 1 2 1 10 32 2 1 8 frCircuitReceivedOctets 1 3 6 1 2 1 10 32 2 1 9 frCircuitCre...

Page 625: ...rts 1 3 6 1 2 1 17 7 1 4 2 1 4 dot1qVlanCurrentUntaggedPorts 1 3 6 1 2 1 17 7 1 4 2 1 5 dot1qVlanStatus 1 3 6 1 2 1 17 7 1 4 2 1 6 dot1qVlanCreationTime 1 3 6 1 2 1 17 7 1 4 2 1 7 dot1qVlanStaticName 1 3 6 1 2 1 17 7 1 4 3 1 1 dot1qVlanStaticEgressPorts 1 3 6 1 2 1 17 7 1 4 3 1 2 dot1qVlanForbiddenEgressPorts 1 3 6 1 2 1 17 7 1 4 3 1 3 dot1qVlanStaticUntaggedPorts 1 3 6 1 2 1 17 7 1 4 3 1 4 dot1qV...

Page 626: ...lHardwareRev 1 3 6 1 2 1 47 1 1 1 1 8 entPhysicalFirmwareRev 1 3 6 1 2 1 47 1 1 1 1 9 entPhysicalSoftwareRev 1 3 6 1 2 1 47 1 1 1 1 10 entPhysicalSerialNum 1 3 6 1 2 1 47 1 1 1 1 11 entPhysicalMfgName 1 3 6 1 2 1 47 1 1 1 1 12 entPhysicalModelName 1 3 6 1 2 1 47 1 1 1 1 13 entPhysicalAlias 1 3 6 1 2 1 47 1 1 1 1 14 entPhysicalAssetID 1 3 6 1 2 1 47 1 1 1 1 15 entPhysicalIsFRU 1 3 6 1 2 1 47 1 1 1 ...

Page 627: ...RouteMetric5 1 3 6 1 2 1 4 24 4 1 15 ipCidrRouteStatus 1 3 6 1 2 1 4 24 4 1 16 MIB objects in the VRRP MIB my file The following table provides a list of the MIBs in the VRRP MIB my file that are supported by the Branch Gateway and their OIDs Object OID vrrpNodeVersion 1 3 6 1 2 1 68 1 1 1 vrrpOperVrId 1 3 6 1 2 1 68 1 1 3 1 1 vrrpOperVirtualMacAddr 1 3 6 1 2 1 68 1 1 3 1 2 vrrpOperState 1 3 6 1 2...

Page 628: ... 1 3 genCpuUtilizationHighThreshold 1 3 6 1 4 1 6889 2 1 11 1 1 1 1 4 genCpuAverageUtilization 1 3 6 1 4 1 6889 2 1 11 1 1 1 1 5 genCpuCurrentUtilization 1 3 6 1 4 1 6889 2 1 11 1 1 1 1 6 genCpuUtilizationHistorySampleIndex 1 3 6 1 4 1 6889 2 1 11 1 1 2 1 1 genCpuHistoryUtilization 1 3 6 1 4 1 6889 2 1 11 1 1 2 1 2 genMemUtilizationTotalRAM 1 3 6 1 4 1 6889 2 1 11 1 2 1 genMemUtilizationOperationa...

Page 629: ...rValueUpdateRate 1 3 6 1 2 1 99 1 1 1 8 MIB objects in the RSTP MIB my file The following table provides a list of the MIBs in the RSTP MIB my file that are supported by the Branch Gateway and their OIDs Object OID dot1dStpVersion 1 3 6 1 2 1 17 2 16 dot1dStpTxHoldCount 1 3 6 1 2 1 17 2 17 dot1dStpPathCostDefault 1 3 6 1 2 1 17 2 18 dot1dStpPortProtocolMigration 1 3 6 1 2 1 17 2 19 1 1 dot1dStpPor...

Page 630: ...he following table provides a list of the MIBs in the PPP IP NCP MIB my file that are supported by the Branch Gateway and their OIDs Object OID pppIpOperStatus 1 3 6 1 2 1 10 23 3 1 1 1 pppIpLocalToRemoteCompressionProtocol 1 3 6 1 2 1 10 23 3 1 1 2 pppIpRemoteToLocalCompressionProtocol 1 3 6 1 2 1 10 23 3 1 1 3 pppIpRemoteMaxSlotId 1 3 6 1 2 1 10 23 3 1 1 4 pppIpLocalMaxSlotId 1 3 6 1 2 1 10 23 3...

Page 631: ... 2 2 1 7 ifOperStatus 1 3 6 1 2 1 2 2 1 8 ifLastChange 1 3 6 1 2 1 2 2 1 9 ifInOctets 1 3 6 1 2 1 2 2 1 10 ifInUcastPkts 1 3 6 1 2 1 2 2 1 11 ifInNUcastPkts 1 3 6 1 2 1 2 2 1 12 ifInDiscards 1 3 6 1 2 1 2 2 1 13 ifInErrors 1 3 6 1 2 1 2 2 1 14 ifInUnknownProtos 1 3 6 1 2 1 2 2 1 15 ifOutOctets 1 3 6 1 2 1 2 2 1 16 ifOutUcastPkts 1 3 6 1 2 1 2 2 1 17 ifOutNUcastPkts 1 3 6 1 2 1 2 2 1 18 ifOutDiscar...

Page 632: ...2 1 4 16 ipFragOKs 1 3 6 1 2 1 4 17 ipFragFails 1 3 6 1 2 1 4 18 ipFragCreates 1 3 6 1 2 1 4 19 ipAdEntAddr 1 3 6 1 2 1 4 20 1 1 ipAdEntIfIndex 1 3 6 1 2 1 4 20 1 2 ipAdEntNetMask 1 3 6 1 2 1 4 20 1 3 ipAdEntBcastAddr 1 3 6 1 2 1 4 20 1 4 ipAdEntReasmMaxSize 1 3 6 1 2 1 4 20 1 5 ipRouteDest 1 3 6 1 2 1 4 21 1 1 ipRouteIfIndex 1 3 6 1 2 1 4 21 1 2 ipRouteMetric1 1 3 6 1 2 1 4 21 1 3 ipRouteMetric2 ...

Page 633: ...unityNames 1 3 6 1 2 1 11 4 snmpInBadCommunityUses 1 3 6 1 2 1 11 5 snmpInASNParseErrs 1 3 6 1 2 1 11 6 snmpInTooBigs 1 3 6 1 2 1 11 8 snmpInNoSuchNames 1 3 6 1 2 1 11 9 snmpInBadValues 1 3 6 1 2 1 11 10 snmpInReadOnlys 1 3 6 1 2 1 11 11 snmpInGenErrs 1 3 6 1 2 1 11 12 snmpInTotalReqVars 1 3 6 1 2 1 11 13 snmpInTotalSetVars 1 3 6 1 2 1 11 14 snmpInGetRequests 1 3 6 1 2 1 11 15 snmpInGetNexts 1 3 6...

Page 634: ...rning 1 3 6 1 4 1 6889 2 1 99 1 1 2 avEntPhySensorHiWarningClear 1 3 6 1 4 1 6889 2 1 99 1 1 3 avEntPhySensorLoWarningClear 1 3 6 1 4 1 6889 2 1 99 1 1 4 avEntPhySensorLoWarning 1 3 6 1 4 1 6889 2 1 99 1 1 5 avEntPhySensorLoShutdown 1 3 6 1 4 1 6889 2 1 99 1 1 6 avEntPhySensorEventSupportMask 1 3 6 1 4 1 6889 2 1 99 1 1 7 MIB objects in the Rnd MIB my file The following table provides a list of th...

Page 635: ...chId 1 3 6 1 4 1 81 28 1 5 1 1 1 scGenSwitchSTA 1 3 6 1 4 1 81 28 1 5 1 1 13 scEthPortGroupId 1 3 6 1 4 1 81 28 2 1 1 1 1 scEthPortId 1 3 6 1 4 1 81 28 2 1 1 1 2 scEthPortFunctionalStatus 1 3 6 1 4 1 81 28 2 1 1 1 27 scEthPortMode 1 3 6 1 4 1 81 28 2 1 1 1 28 scEthPortSpeed 1 3 6 1 4 1 81 28 2 1 1 1 29 scEthPortAutoNegotiation 1 3 6 1 4 1 81 28 2 1 1 1 30 scEthPortAutoNegotiationStatus 1 3 6 1 4 1...

Page 636: ...3 6 1 4 1 81 31 1 2 1 11 ipInterfaceNetbiosRebroadcast 1 3 6 1 4 1 81 31 1 2 1 12 ipInterfaceIcmpRedirects 1 3 6 1 4 1 81 31 1 2 1 13 ipInterfaceOperStatus 1 3 6 1 4 1 81 31 1 2 1 14 ipInterfaceDhcpRelay 1 3 6 1 4 1 81 31 1 2 1 15 ripGlobalsRIPEnable 1 3 6 1 4 1 81 31 1 3 1 ripGlobalsLeakOSPFIntoRIP 1 3 6 1 4 1 81 31 1 3 2 ripGlobalsLeakStaticIntoRIP 1 3 6 1 4 1 81 31 1 3 3 ripGlobalsPeriodicUpdat...

Page 637: ...tionListRoutingProtocol 1 3 6 1 4 1 81 31 1 12 1 1 distributionListDirection 1 3 6 1 4 1 81 31 1 12 1 2 distributionListIfIndex 1 3 6 1 4 1 81 31 1 12 1 3 distributionListRouteProtocol 1 3 6 1 4 1 81 31 1 12 1 4 distributionListProtocolSpecific1 1 3 6 1 4 1 81 31 1 12 1 5 distributionListProtocolSpecific2 1 3 6 1 4 1 81 31 1 12 1 6 distributionListProtocolSpecific3 1 3 6 1 4 1 81 31 1 12 1 7 distr...

Page 638: ...1 15 1 1 16 ospfXtndIfIpAddress 1 3 6 1 4 1 81 31 1 16 1 1 ospfXtndIfAddressLessIf 1 3 6 1 4 1 81 31 1 16 1 2 ospfXtndIfPassiveMode 1 3 6 1 4 1 81 31 1 16 1 3 vlConfIndex 1 3 6 1 4 1 81 31 3 1 1 1 vlConfAlias 1 3 6 1 4 1 81 31 3 1 1 2 vlConfStatus 1 3 6 1 4 1 81 31 3 1 1 3 MIB objects in the RS 232 MIB my file The following table provides a list of the MIBs in the RS 232 MIB my file that are suppo...

Page 639: ...yncPortRTSCTSDelay 1 3 6 1 2 1 10 33 4 1 11 rs232SyncPortMode 1 3 6 1 2 1 10 33 4 1 12 rs232SyncPortIdlePattern 1 3 6 1 2 1 10 33 4 1 13 rs232SyncPortMinFlags 1 3 6 1 2 1 10 33 4 1 14 rs232InSigPortIndex 1 3 6 1 2 1 10 33 5 1 1 rs232InSigName 1 3 6 1 2 1 10 33 5 1 2 rs232InSigState 1 3 6 1 2 1 10 33 5 1 3 rs232InSigChanges 1 3 6 1 2 1 10 33 5 1 4 rs232OutSigPortIndex 1 3 6 1 2 1 10 33 6 1 1 rs232O...

Page 640: ...rip2IfConfDefaultMetric 1 3 6 1 2 1 23 3 1 7 rip2IfConfStatus 1 3 6 1 2 1 23 3 1 8 rip2IfConfSrcAddress 1 3 6 1 2 1 23 3 1 9 MIB objects in the IF MIB my file The following table provides a list of the MIBs in the IF MIB my file that are supported by the Branch Gateway and their OIDs Object OID ifNumber 1 3 6 1 2 1 2 1 ifIndex 1 3 6 1 2 1 2 2 1 1 ifDescr 1 3 6 1 2 1 2 2 1 2 ifType 1 3 6 1 2 1 2 2 ...

Page 641: ... ifInBroadcastPkts 1 3 6 1 2 1 31 1 1 1 3 ifOutMulticastPkts 1 3 6 1 2 1 31 1 1 1 4 ifOutBroadcastPkts 1 3 6 1 2 1 31 1 1 1 5 ifHCInOctets 1 3 6 1 2 1 31 1 1 1 6 ifHCInUcastPkts 1 3 6 1 2 1 31 1 1 1 7 ifHCInMulticastPkts 1 3 6 1 2 1 31 1 1 1 8 ifHCInBroadcastPkts 1 3 6 1 2 1 31 1 1 1 9 ifHCOutOctets 1 3 6 1 2 1 31 1 1 1 10 ifHCOutUcastPkts 1 3 6 1 2 1 31 1 1 1 11 ifHCOutMulticastPkts 1 3 6 1 2 1 3...

Page 642: ...Index 1 3 6 1 2 1 10 81 1 1 8 dsx0ChanMappedIfIndex 1 3 6 1 2 1 10 81 3 1 1 MIB objects in the POLICY MIB my file The following table provides a list of the MIBs in the POLICY MIB MY file that are supported by the Branch Gateway and their OIDs Object OID ipPolicyListSlot 1 3 6 1 4 1 81 36 1 1 1 ipPolicyListID 1 3 6 1 4 1 81 36 1 1 2 ipPolicyListName 1 3 6 1 4 1 81 36 1 1 3 ipPolicyListValidityStat...

Page 643: ...1 3 6 1 4 1 81 36 2 1 7 ipPolicyRuleProtocol 1 3 6 1 4 1 81 36 2 1 8 ipPolicyRuleL4SrcPortMin 1 3 6 1 4 1 81 36 2 1 9 ipPolicyRuleL4SrcPortMax 1 3 6 1 4 1 81 36 2 1 10 ipPolicyRuleL4DestPortMin 1 3 6 1 4 1 81 36 2 1 11 ipPolicyRuleL4DestPortMax 1 3 6 1 4 1 81 36 2 1 12 ipPolicyRuleEstablished 1 3 6 1 4 1 81 36 2 1 13 ipPolicyRuleOperation 1 3 6 1 4 1 81 36 2 1 14 ipPolicyRuleApplicabilityPrecedenc...

Page 644: ...sion 1 3 6 1 4 1 81 36 3 1 6 ipPolicyControlMIBversion 1 3 6 1 4 1 81 36 3 1 7 ipPolicyDiffServSlot 1 3 6 1 4 1 81 36 4 1 1 ipPolicyDiffServDSCP 1 3 6 1 4 1 81 36 4 1 2 ipPolicyDiffServOperation 1 3 6 1 4 1 81 36 4 1 3 ipPolicyDiffServName 1 3 6 1 4 1 81 36 4 1 4 ipPolicyDiffServAggIndex 1 3 6 1 4 1 81 36 4 1 5 ipPolicyDiffServApplicabilityPrecedence 1 3 6 1 4 1 81 36 4 1 6 ipPolicyDiffServApplica...

Page 645: ...ntrolErrMsg 1 3 6 1 4 1 81 36 6 1 5 ipPolicyAccessControlViolationEntID 1 3 6 1 4 1 81 36 7 1 1 ipPolicyAccessControlViolationSrcAddr 1 3 6 1 4 1 81 36 7 1 2 ipPolicyAccessControlViolationDstAddr 1 3 6 1 4 1 81 36 7 1 3 ipPolicyAccessControlViolationProtocol 1 3 6 1 4 1 81 36 7 1 4 ipPolicyAccessControlViolationL4SrcPort 1 3 6 1 4 1 81 36 7 1 5 ipPolicyAccessControlViolationL4DstPort 1 3 6 1 4 1 8...

Page 646: ...1 3 6 1 4 1 81 36 9 1 6 ipPolicyDSCPmapApplicabilityStatus 1 3 6 1 4 1 81 36 9 1 7 ipPolicyDSCPmapApplicabilityType 1 3 6 1 4 1 81 36 9 1 8 ipPolicyDSCPmapErrMsg 1 3 6 1 4 1 81 36 9 1 9 ipPolicyActivationEntID 1 3 6 1 4 1 81 36 10 1 1 ipPolicyActivationifIndex 1 3 6 1 4 1 81 36 10 1 2 ipPolicyActivationSubContext 1 3 6 1 4 1 81 36 10 1 3 ipPolicyActivationSubContextName 1 3 6 1 4 1 81 36 10 1 4 ip...

Page 647: ...ityType 1 3 6 1 4 1 81 36 11 2 1 7 ipPolicyValidRuleErrMsg 1 3 6 1 4 1 81 36 11 2 1 8 ipPolicyValidDSCPEntID 1 3 6 1 4 1 81 36 11 3 1 1 ipPolicyValidDSCPIfIndex 1 3 6 1 4 1 81 36 11 3 1 2 ipPolicyValidDSCPSubContext 1 3 6 1 4 1 81 36 11 3 1 3 ipPolicyValidDSCPListID 1 3 6 1 4 1 81 36 11 3 1 4 ipPolicyValidDSCPvalue 1 3 6 1 4 1 81 36 11 3 1 5 ipPolicyValidDSCPStatus 1 3 6 1 4 1 81 36 11 3 1 6 ipPol...

Page 648: ... 2 1 17 2 10 dot1dStpForwardDelay 1 3 6 1 2 1 17 2 11 dot1dStpBridgeMaxAge 1 3 6 1 2 1 17 2 12 dot1dStpBridgeHelloTime 1 3 6 1 2 1 17 2 13 dot1dStpBridgeForwardDelay 1 3 6 1 2 1 17 2 14 dot1dStpPort 1 3 6 1 2 1 17 2 15 1 1 dot1dStpPortPriority 1 3 6 1 2 1 17 2 15 1 2 dot1dStpPortState 1 3 6 1 2 1 17 2 15 1 3 dot1dStpPortEnable 1 3 6 1 2 1 17 2 15 1 4 dot1dStpPortPathCost 1 3 6 1 2 1 17 2 15 1 5 do...

Page 649: ...chLntAgTrapsPermMngrId 1 3 6 1 4 1 81 7 9 3 7 1 1 chLntAgTrapsId 1 3 6 1 4 1 81 7 9 3 7 1 2 chLntAgTrapsEnableFlag 1 3 6 1 4 1 81 7 9 3 7 1 3 chLntAgMaxTrapsNumber 1 3 6 1 4 1 81 7 9 3 100 chGroupList 1 3 6 1 4 1 81 7 18 chLogFileGroupId 1 3 6 1 4 1 81 7 22 1 1 chLogFileIndex 1 3 6 1 4 1 81 7 22 1 2 chLogFileName 1 3 6 1 4 1 81 7 22 1 3 chLogFileAbsoluteTime 1 3 6 1 4 1 81 7 22 1 4 chLogFileMessag...

Page 650: ... 1 3 6 1 4 1 81 8 1 1 21 genGroupLastChange 1 3 6 1 4 1 81 8 1 1 22 genGroupRedunRecovery 1 3 6 1 4 1 81 8 1 1 23 genGroupHWVersion 1 3 6 1 4 1 81 8 1 1 24 genGroupHeight 1 3 6 1 4 1 81 8 1 1 25 genGroupWidth 1 3 6 1 4 1 81 8 1 1 26 genGroupIntrusionControl 1 3 6 1 4 1 81 8 1 1 27 genGroupThresholdStatus 1 3 6 1 4 1 81 8 1 1 28 genGroupEavesdropping 1 3 6 1 4 1 81 8 1 1 29 genGroupMainSWVersion 1 ...

Page 651: ...oduleInformation 1 3 6 1 4 1 81 8 1 1 51 genGroupCascadingUpFault 1 3 6 1 4 1 81 8 1 1 52 genGroupCascadingDownFault 1 3 6 1 4 1 81 8 1 1 53 genGroupPortClassificationMask 1 3 6 1 4 1 81 8 1 1 54 genGroupPSUType 1 3 6 1 4 1 81 8 1 1 55 genGroupPolicyType 1 3 6 1 4 1 81 8 1 1 56 genPortGroupId 1 3 6 1 4 1 81 9 1 1 1 genPortId 1 3 6 1 4 1 81 9 1 1 2 genPortFunctionality 1 3 6 1 4 1 81 9 1 1 3 genPor...

Page 652: ...MIBs in the G700 MG MIB MY file that are supported by the Branch Gateway and their OIDs Object OID cmgHWType 1 3 6 1 4 1 6889 2 9 1 1 1 cmgModelNumber 1 3 6 1 4 1 6889 2 9 1 1 2 cmgDescription 1 3 6 1 4 1 6889 2 9 1 1 3 cmgSerialNumber 1 3 6 1 4 1 6889 2 9 1 1 4 cmgHWVintage 1 3 6 1 4 1 6889 2 9 1 1 5 cmgHWSuffix 1 3 6 1 4 1 6889 2 9 1 1 6 cmgStackPosition 1 3 6 1 4 1 6889 2 9 1 1 7 cmgModuleList ...

Page 653: ...6889 2 9 1 2 1 4 cmgMgpFaultMask 1 3 6 1 4 1 6889 2 9 1 2 1 15 cmgQosControl 1 3 6 1 4 1 6889 2 9 1 2 2 1 cmgRemoteSigDscp 1 3 6 1 4 1 6889 2 9 1 2 2 2 cmgRemoteSig802Priority 1 3 6 1 4 1 6889 2 9 1 2 2 3 cmgLocalSigDscp 1 3 6 1 4 1 6889 2 9 1 2 2 4 cmgLocalSig802Priority 1 3 6 1 4 1 6889 2 9 1 2 2 5 cmgStatic802Vlan 1 3 6 1 4 1 6889 2 9 1 2 2 6 cmgCurrent802Vlan 1 3 6 1 4 1 6889 2 9 1 2 2 7 cmgPr...

Page 654: ... 1 6889 2 9 1 4 3 3 1 cmgVoipRemoteRetryOnFailure 1 3 6 1 4 1 6889 2 9 1 4 3 3 2 cmgVoipRemoteRetryDelay 1 3 6 1 4 1 6889 2 9 1 4 3 3 3 cmgVoipRemoteRsvpProfile 1 3 6 1 4 1 6889 2 9 1 4 3 3 4 cmgVoipLocalBbeDscp 1 3 6 1 4 1 6889 2 9 1 4 4 1 1 cmgVoipLocalEfDscp 1 3 6 1 4 1 6889 2 9 1 4 4 1 2 cmgVoipLocal802Priority 1 3 6 1 4 1 6889 2 9 1 4 4 1 3 cmgVoipLocalMinRtpPort 1 3 6 1 4 1 6889 2 9 1 4 4 1 ...

Page 655: ...tatus 1 3 6 1 4 1 6889 2 9 1 4 5 1 12 cmgVoipEngineReset 1 3 6 1 4 1 6889 2 9 1 4 5 1 13 cmgVoipFaultMask 1 3 6 1 4 1 6889 2 9 1 4 5 1 14 cmgCcModule 1 3 6 1 4 1 6889 2 9 1 6 1 1 1 cmgCcPort 1 3 6 1 4 1 6889 2 9 1 6 1 1 2 cmgCcRelay 1 3 6 1 4 1 6889 2 9 1 6 1 1 3 cmgCcAdminState 1 3 6 1 4 1 6889 2 9 1 6 1 1 4 cmgCcPulseDuration 1 3 6 1 4 1 6889 2 9 1 6 1 1 5 cmgCcStatus 1 3 6 1 4 1 6889 2 9 1 6 1 ...

Page 656: ...cmiMonitoredEvents 1 3 6 1 2 1 10 32 1 1 8 frDlcmiMaxSupportedVCs 1 3 6 1 2 1 10 32 1 1 9 frDlcmiMulticast 1 3 6 1 2 1 10 32 1 1 10 frDlcmiStatus 1 3 6 1 2 1 10 32 1 1 11 frDlcmiRowStatus 1 3 6 1 2 1 10 32 1 1 12 frCircuitIfIndex 1 3 6 1 2 1 10 32 2 1 1 frCircuitDlci 1 3 6 1 2 1 10 32 2 1 2 frCircuitState 1 3 6 1 2 1 10 32 2 1 3 frCircuitReceivedFECNs 1 3 6 1 2 1 10 32 2 1 4 frCircuitReceivedBECNs...

Page 657: ...rrType 1 3 6 1 2 1 10 32 3 1 2 frErrData 1 3 6 1 2 1 10 32 3 1 3 frErrTime 1 3 6 1 2 1 10 32 3 1 4 frErrFaults 1 3 6 1 2 1 10 32 3 1 5 frErrFaultTime 1 3 6 1 2 1 10 32 3 1 6 frTrapState 1 3 6 1 2 1 10 32 4 1 frTrapMaxRate 1 3 6 1 2 1 10 32 4 2 MIB objects in the IP MIB my file The following table provides a list of the MIBs in the IP MIB my file that are supported by the Branch Gateway and their O...

Page 658: ...castAddr 1 3 6 1 2 1 4 20 1 4 ipAdEntReasmMaxSize 1 3 6 1 2 1 4 20 1 5 ipNetToMediaIfIndex 1 3 6 1 2 1 4 22 1 1 ipNetToMediaPhysAddress 1 3 6 1 2 1 4 22 1 2 ipNetToMediaNetAddress 1 3 6 1 2 1 4 22 1 3 ipNetToMediaType 1 3 6 1 2 1 4 22 1 4 ipRoutingDiscards 1 3 6 1 2 1 4 23 MIB objects in the Load12 MIB my file The following table provides a list of the MIBs in the Load12 MIB my file that are suppo...

Page 659: ... 2 53 1 2 1 16 genOpEnableReset 1 3 6 1 4 1 1751 2 53 1 2 1 17 genOpNextBootImageIndex 1 3 6 1 4 1 1751 2 53 1 2 1 18 genOpLastBootImageIndex 1 3 6 1 4 1 1751 2 53 1 2 1 19 genOpFileSystemType 1 3 6 1 4 1 1751 2 53 1 2 1 20 genOpReportSpecificFlags 1 3 6 1 4 1 1751 2 53 1 2 1 21 genOpOctetsReceived 1 3 6 1 4 1 1751 2 53 1 2 1 22 genAppFileId 1 3 6 1 4 1 1751 2 53 2 1 1 1 genAppFileName 1 3 6 1 4 1...

Page 660: ...ion 1 3 6 1 2 1 10 23 1 1 1 1 12 pppLinkStatusRemoteToLocalACCompression 1 3 6 1 2 1 10 23 1 1 1 1 13 pppLinkStatusTransmitFcsSize 1 3 6 1 2 1 10 23 1 1 1 1 14 pppLinkStatusReceiveFcsSize 1 3 6 1 2 1 10 23 1 1 1 1 15 pppLinkConfigInitialMRU 1 3 6 1 2 1 10 23 1 1 2 1 1 pppLinkConfigReceiveACCMap 1 3 6 1 2 1 10 23 1 1 2 1 2 pppLinkConfigTransmitACCMap 1 3 6 1 2 1 10 23 1 1 2 1 3 pppLinkConfigMagicNu...

Page 661: ... 2 1 6 2 2 1 1 15 ifTableXtndBackupCapabilities 1 3 6 1 4 1 6889 2 1 6 2 2 1 1 16 ifTableXtndBackupIf 1 3 6 1 4 1 6889 2 1 6 2 2 1 1 17 ifTableXtndBackupEnableDelay 1 3 6 1 4 1 6889 2 1 6 2 2 1 1 18 ifTableXtndBackupDisableDelay 1 3 6 1 4 1 6889 2 1 6 2 2 1 1 19 ifTableXtndPrimaryIf 1 3 6 1 4 1 6889 2 1 6 2 2 1 1 20 ifTableXtndCarrierDelay 1 3 6 1 4 1 6889 2 1 6 2 2 1 1 21 ifTableXtndDtrRestartDel...

Page 662: ...Status 1 3 6 1 4 1 6889 2 1 6 2 4 3 1 4 MIB objects in the SNMPv2 MIB my file The following table provides a list of the MIBs in the SNMPv2 MIB my file that are supported by the Branch Gateway and their OIDs Object OID sysDescr 1 3 6 1 2 1 1 1 sysObjectID 1 3 6 1 2 1 1 2 sysUpTime 1 3 6 1 2 1 1 3 sysContact 1 3 6 1 2 1 1 4 sysName 1 3 6 1 2 1 1 5 sysLocation 1 3 6 1 2 1 1 6 sysServices 1 3 6 1 2 1...

Page 663: ...tNoSuchNames 1 3 6 1 2 1 11 21 snmpOutBadValues 1 3 6 1 2 1 11 22 snmpOutGenErrs 1 3 6 1 2 1 11 24 snmpOutGetRequests 1 3 6 1 2 1 11 25 snmpOutGetNexts 1 3 6 1 2 1 11 26 snmpOutSetRequests 1 3 6 1 2 1 11 27 snmpOutGetResponses 1 3 6 1 2 1 11 28 snmpOutTraps 1 3 6 1 2 1 11 29 MIB objects in the OSPF MIB my file The following table provides a list of the MIBs in the OSPF MIB my file that are support...

Page 664: ...1 4 ospfAreaBdrRtrCount 1 3 6 1 2 1 14 2 1 5 ospfAsBdrRtrCount 1 3 6 1 2 1 14 2 1 6 ospfAreaLsaCount 1 3 6 1 2 1 14 2 1 7 ospfAreaLsaCksumSum 1 3 6 1 2 1 14 2 1 8 ospfAreaSummary 1 3 6 1 2 1 14 2 1 9 ospfAreaStatus 1 3 6 1 2 1 14 2 1 10 ospfLsdbAreaId 1 3 6 1 2 1 14 4 1 1 ospfLsdbType 1 3 6 1 2 1 14 4 1 2 ospfLsdbLsid 1 3 6 1 2 1 14 4 1 3 ospfLsdbRouterId 1 3 6 1 2 1 14 4 1 4 ospfLsdbSequence 1 3 ...

Page 665: ... 14 7 1 17 ospfIfMulticastForwarding 1 3 6 1 2 1 14 7 1 18 ospfIfDemand 1 3 6 1 2 1 14 7 1 19 ospfIfAuthType 1 3 6 1 2 1 14 7 1 20 ospfIfMetricIpAddress 1 3 6 1 2 1 14 8 1 1 ospfIfMetricAddressLessIf 1 3 6 1 2 1 14 8 1 2 ospfIfMetricTOS 1 3 6 1 2 1 14 8 1 3 ospfIfMetricValue 1 3 6 1 2 1 14 8 1 4 ospfIfMetricStatus 1 3 6 1 2 1 14 8 1 5 ospfNbrIpAddr 1 3 6 1 2 1 14 10 1 1 ospfNbrAddressLessIndex 1 3...

Page 666: ... 1 1 tunnelIfRemoteAddress 1 3 6 1 2 1 10 131 1 1 1 1 2 tunnelIfEncapsMethod 1 3 6 1 2 1 10 131 1 1 1 1 3 tunnelIfTOS 1 3 6 1 2 1 10 131 1 1 1 1 4 tunnelIfHopLimit 1 3 6 1 2 1 10 131 1 1 1 1 5 tunnelConfigLocalAddress 1 3 6 1 2 1 10 131 1 1 2 1 1 tunnelConfigRemoteAddress 1 3 6 1 2 1 10 131 1 1 2 1 2 tunnelConfigEncapsMethod 1 3 6 1 2 1 10 131 1 1 2 1 3 tunnelConfigID 1 3 6 1 2 1 10 131 1 1 2 1 4 ...

Page 667: ...pTunnelIfMTU 1 3 6 1 4 1 81 31 8 1 1 7 ipTunnelIfKeepaliveRate 1 3 6 1 4 1 81 31 8 1 1 8 ipTunnelIfKeepaliveRetries 1 3 6 1 4 1 81 31 8 1 1 9 Traps and MIBs Administering Avaya G430 Branch Gateway October 2013 667 ...

Page 668: ...Traps and MIBs 668 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...

Page 669: ... 550 Auto Fallback in SLS 102 Auto Route Selection ARS Access Code 1 158 automatic failover and failback 607 automatically activating ETR 300 autoneg 203 Autonomous System Boundary Router 469 Avaya Aura Communication Manager 33 120 accessing 33 configuring for SLS 120 functions 33 Avaya Aura Communication Manager 120 configuring for SLS 120 Avaya courses 15 Avaya G250 G350 G450 Manager User Guide ...

Page 670: ...hanging crypto list parameters 498 Channel Numbering 149 CHAP 248 Class values in SLS station context 168 class identifier 451 454 clear arp cache 460 clear attendant 187 clear bri 174 187 clear capture buffer 393 clear counter 409 clear counters 409 clear crypto isakmp 503 550 clear crypto sa 550 clear crypto sa all 503 clear crypto sa counters 503 550 clear dial pattern 185 187 clear ds1 170 187...

Page 671: ...8 400 copy capture file usb 398 400 copy ftp auth file 43 copy running config startup config 52 copy scp auth file 43 copy tftp auth file 43 copy usb auth file 43 crypto ipsec df bit 500 destination ip packet sniffing 400 dial pattern 163 ds1 163 dscp packet sniffing 400 dscp policy lists 573 erase auth file 43 fragment packet sniffing 391 400 icmp 400 incoming routing 163 interface console 425 in...

Page 672: ...ccess control list 581 composite operation DSCP table 578 583 composite operation MSS configuration 59 composite operation QoS list 576 583 Computer connecting to fixed router port 199 conference call 380 Configuration 21 24 63 64 68 98 202 205 211 233 234 247 255 313 327 defining an interface 63 DHCP client 205 dynamic trap manager 313 header compression 234 installation and setup 21 LLDP 211 man...

Page 673: ...yslog file tftp 230 copy syslog file usb 87 89 220 230 copy tftp auth file 40 copy tftp EW_archive 89 copy tftp module 89 copy tftp startup config 99 copy tftp sw_imageA 93 97 copy tftp SW_imageA 89 copy tftp SW_imageB 89 copy usb 86 copy usb announcement file 89 323 326 copy usb auth file 40 89 copy usb EW_archive 89 copy usb modules 89 copy usb phone image 89 copy usb phone script 89 copy usb st...

Page 674: ... requests 205 displaying configuration 207 displaying parameters 205 enabling 205 interface fastethernet DHCP client 205 ip address dhcp 205 ip dhcp client client id 205 ip dhcp client hostname 205 ip dhcp client lease 205 ip dhcp client request 205 ip dhcp client route track 205 lease releasing 207 lease renewing 207 maintaining 207 overview 204 setting the client identifier 205 setting the clien...

Page 675: ...eway G430 13 Maintenance Alarms for Avaya Aura Communication Manager Branch Gateways and Servers 13 Maintenance Commands for Avaya Aura Communication Manager Branch Gateways and Servers 13 Maintenance Procedures for Avaya Aura Communication Manager Branch Gateways and Servers 13 Quick Start for Hardware Installation for the Avaya Branch Gateway G430 13 domain name 451 454 lease 451 DoS reporting 5...

Page 676: ...uring interface 202 firewall connected 423 VPN connected 423 FastEthernet interface 277 280 checking status 277 dynamic bandwidth reporting 280 ICMP keepalive 277 FastEthernet Interface 423 described 423 File transfer 83 FTP or TFTP 83 File transfer see FTP or TFTP 83 fingerprint 406 409 FIPS 431 adding next hops 431 next hops static routes 431 Firewall 423 Firmware 25 83 86 89 CLI commands 89 fir...

Page 677: ...pression 240 showing rtp header compression statistics 240 showing tcp header compression statistics 240 supported methods per interface type 234 transmission rate 234 Van Jacobson Method TCP header compression CLI commands 239 Van Jacobson Method TCP header compression configuring 238 Van Jacobson Method TCP header compression disabling 238 Van Jacobson Method TCP header compression enabling 238 ...

Page 678: ... 255 USP WAN 423 virtual 423 WAN 423 Internet Key Exchange IKE 479 invalid SPI recovery 499 ip access group 565 ip access control list 59 498 561 581 ip access group 269 511 581 IP address 22 205 252 424 458 assigning to USB port 22 defining 424 obtaining via DHCP 205 obtaining via PPP IPCP negotiation 252 storing in ARP table 458 ip address dhcp 76 208 ip address negotiated 252 253 261 275 510 ip...

Page 679: ...connections 236 239 ip tcp header compression 239 IP telephones 111 ip telnet 50 51 ip telnet client 50 51 ip telnet services 51 ip unnumbered 261 269 427 IP unnumbered interface configuration 428 CLI commands 428 ip vrrp 476 ip vrrp address 476 ip vrrp auth key 476 ip vrrp override addr owner 476 ip vrrp preempt 476 ip vrrp primary 476 ip vrrp priority 476 ip vrrp timer 476 ip fragments in 567 58...

Page 680: ...iguring session log 223 configuring Syslog server 216 copying the Syslog file 220 default severity levels 225 defining filters 224 deleting log file 221 deleting Syslog server 218 Dialer interface 270 disabling log file 221 disabling session log 223 disabling Syslog server 216 displaying log file contents 221 displaying Syslog server status 219 enabling session log 223 enabling Syslog server 216 f...

Page 681: ...251 423 MM342 251 423 upgrading using a USB mass storage device 97 WAN 251 mesh VPN topology configuration 514 Metrics 473 MGC 33 67 68 70 73 258 280 accessing 33 accessing the registered MGC 72 changing the list 71 checking connectivity with 258 clearing the list 71 displaying the list 70 monitoring the ICC 73 monitoring the Survivable Remote Server 73 overview 67 reporting bandwidth to 280 runni...

Page 682: ...ject tracker 287 object tracker changes 596 object tracking 287 configuration workflow 287 Object tracking 205 258 264 282 284 286 288 289 292 294 296 430 589 activating Dialer interface 264 applying to DHCP client 205 applying to PBR next hops 589 applying to static routes 430 backup for the FastEthernet interface 293 CLI commands 296 configuration 283 enabling logging 289 interface backup using ...

Page 683: ...st 392 viewing captured packet hex dump 396 with conditional capture requirements 384 Packets simulating 580 Policy 580 Packets simulating see Policy 580 passive interfaces 470 password 38 Password authentication process 46 Password Authentication Protocol 248 password changes 37 Passwords 33 37 50 creating by the admin 35 disabling 36 displaying password information 37 managing 34 managing conten...

Page 684: ...list parts 559 QoS lists 559 rule criteria 568 sequence of device wide policy list application 567 sequence of policy list application 564 simulated packet properties 580 581 simulating packets 580 source port range 571 specifying a destination ip address 570 specifying an ip protocol 570 specifying operations 574 TCP establish bit 573 testing policy lists 579 using ip wildcards 568 Policy based r...

Page 685: ...d key 489 550 Primary Management IP address PMI 22 Priority queueing 244 CLI commands 244 Priority Queuing 244 Priority VoIP queuing 242 priority queue 243 244 Privilege levels 35 creating 35 description 35 profile 414 418 protect crypto map 495 550 Protocol Version 151 Provisioning 24 muiltiple gateways 24 Provisioning and Installation Manager 32 PIM 32 Provisioning and Installation Manager PIM 2...

Page 686: ... with OSPF 472 versions supported 462 RIPv1 and RIPv2 differences 463 RMON 345 347 agent 345 CLI commands 347 overview 345 rmon alarm 347 RMON configuration examples 346 rmon event 347 rmon history 347 Route redistribution 462 472 473 CLI commands 473 configuration 472 description 472 metric translation 472 metrics 473 Router 47 49 51 199 421 423 427 445 456 462 468 469 474 477 backup 474 computin...

Page 687: ...nt thresholds 352 setting QoS indicator thresholds 352 setting the trap rate limiter 357 statistics summary report output 358 viewing configuration 354 viewing QoS traps in messages file 367 rtp echo port 406 409 rtp stat clear 354 381 rtp stat event threshold 352 381 rtp stat fault 357 381 rtp stat min stat win 356 381 rtp stat qos trap 356 381 rtp stat qos trap rate limit 358 381 rtp stat servic...

Page 688: ...ble 174 187 set length 186 187 set lldp re init delay 211 212 set lldp system control 211 212 set lldp tx delay 211 212 set lldp tx hold multiplier 211 212 set lldp tx interval 211 212 set logging file 225 230 set logging file condition 225 set logging file disable 221 set logging file enable 220 set logging server 216 230 set logging server access level 230 set logging server access level 216 set...

Page 689: ...7 set sls 138 164 187 set snmp community 312 set snmp retries 312 set snmp timeout 312 set snmp trap 311 set spantree default path cost 342 set spantree enable disable 342 set spantree forward delay 342 set spantree hello time 342 set spantree max age 342 set spantree priority 342 set spantree tx hold count 342 set spantree version 342 set spid a 174 187 set spid b 174 187 set supervision 176 187 ...

Page 690: ... 502 550 597 show ip arp 460 show ip capture list 392 show ip crypto list 502 show ip crypto list list 502 show ip crypto lists 550 show ip dhcp client 208 show ip dhcp client statistics 207 208 show ip dhcp pool 454 show ip dhcp server bindings 454 show ip dhcp server statistics 454 show ip distribution access lists 466 show ip domain 79 show ip domain statistics 79 show ip icmp 462 show ip inter...

Page 691: ...te 371 381 show rtr configuration 288 296 show rtr operational state 288 296 show sig group 187 show slot config 187 show sls 187 show snmp 56 311 312 356 show snmp engineID 312 show snmp group 312 show snmp retries 312 show snmp timeout 312 show snmp user 312 show snmp usertogroup 312 show snmp view 312 show spantree 342 show station 187 show sync timing 608 show system 68 82 90 97 show tcp syn c...

Page 692: ... set analog stations data 140 preparing SLS data set DS1 trunks data 147 preparing SLS data set ISDN BRI trunks data 154 provisioning data 106 registered state process 108 states 107 states registered 108 states setup 108 states teardown 109 states unregistered 108 supported functionality 104 SLS changes 138 SLS codecs 159 SLS feature interactions 116 SLS station context class values 168 SNMP 55 3...

Page 693: ...rvivability 68 71 configuring the MGC list 68 setting reset times 71 Survivable COR 131 Survivable GK Node Name 131 Survivable Trunk Dest 132 Switch 199 255 423 424 connecting to fixed router port 199 displaying configuration 255 interface 423 424 Switch ports 200 configuring 200 Switch redundancy 18 19 LAN deployment 18 19 Switchback 334 Switchhook Flash 132 Switching 327 423 424 configuring 327 ...

Page 694: ...election 153 trunk group 187 tunnel checksum 443 tunnel destination 440 443 tunnel dscp 443 tunnel key 443 tunnel path mtu discovery 443 tunnel source 440 443 tunnel ttl 443 type 284 296 Type 125 Station 125 U UDP 234 header compression 234 udp destination port 390 571 581 583 udp source port 390 571 581 583 Unnumbered IP interface 258 264 426 427 configuring 427 Dialer interface 258 264 examples ...

Page 695: ...igning an access control list 498 basic parameters 486 clearing VPN data 503 CLI commands 550 commands summary 483 components and relationships 482 components overview 482 configuration overview 485 configuration procedure 485 continuous channel 512 coordinating with the VPN peer 486 crypto list assigning to an interface 500 crypto list configuring 495 crypto list deactivating 497 crypto list over...

Page 696: ...CMP keepalive 277 587 initial configuration 251 interfaces 423 overview 251 PPP 251 testing configuration 255 testing configuration CLI commands 256 WAN endpoint device 199 connecting to fixed router port 199 WAN Ethernet port 202 203 backup interfaces 203 configuring 202 traffic shaping 202 WAN Ethernet port feature configuration 202 WAN Ethernet ports 203 CLI commands 203 Warranty 16 Weighted Fa...

Reviews:

No comments

Related manuals for G430

PremierWave 2050

Brand: Lantronix Pages: 73

Brand: Lantronix Pages: 2

Brand: NetComm Wireless Pages: 28

Brand: 3onedata Pages: 4

Brand: OlenCom Pages: 299

Brand: FACTBIRD Pages: 2

Brand: Sollae Pages: 38

Brand: Opengear Pages: 4

Brand: ABB Pages: 111

Brand: ABB Pages: 72

MicroSCADA Pro SYS 600C

Brand: ABB Pages: 42

Ability ATT-VZN SIM card ready gateway

Brand: ABB Pages: 16

Brand: ABB Pages: 41

Brand: ABB Pages: 280

Brand: ABB Pages: 16

Brand: Technicolor - Thomson Pages: 21

Fieldgate PAM SFG600

Brand: Endress+Hauser Pages: 20

Brand: Yeastar Technology Pages: 62

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands