manualshive.com logo in svg

Avaya P334T-ML, Installation And Configuration Manual

Share
Download
Avaya P334T-ML Installation And Configuration Manual Download Page 57

Chapter 8        User Authentication

Avaya P334T-ML User’s Guide

41

’WriteCommG’ group by default. This allows you to

 view the agent’s MIB tree and 

change any of the values in the MIB tree.

L

If you delete the ReadCommN or WriteCommN users, the ReadCommG or 
WriteCommG groups, or the SNMPv1View you may not be able to access the 
switch using SNMPv1 or SNMPv2c.

In addition, traps are sent to designated trap receivers. Packets with trap 
information also contains a trap community string.

SNMPv2c

SNMPv2c is very similar to SNMPv1. However, SNMPv2c adds support for the 

get-bulk

 action and supports a different trap format.

SNMPv3

SNMPv3 enables the following features over SNMPv1 or v2c:

User authentication with a username and password.

Communication encryption between the Network Management Station (NMS) 
and the SNMP agent at the application level

Access control definition for specific MIB items available on the SNMP agent

Notification of specified network events directed toward specified users

Definition of roles using access control, each with unique access permissions 
and authentication/encryption requirements

The basic components in SNMPv3 access control are users, groups, and views. 
In addition. SNMPv3 uses an SNMP engine ID to identify SNMP identity. An 
SNMP engine ID is assigned to each IP address of each device in the network. Each 
SNMP engine ID should be unique in the network.

Users

SNMPv3 uses the User-based Security Model (USM) for security, and the 
View-based Access Control Model (VACM) for access control. USM uses the 
HMAC-MD5-96 and HMAC-SHA-96 protocols for user authentication, and the 
CBC-DES56 protocol for encryption or privacy.
A maximum of 21 users, including local users and remote users getting notifications 
can be defined on a stack. If the SNMP engine ID changes, all users other than the 
default user for the stack are invalid and must be redefined. The SNMP engine ID 
can be changed via the CLI. In addition, a change in the IP address of the stack 
automatically changes the SNMP engine ID.
SNMPv3 supports three security levels:

NoAuthNoPriv

 – This is the lowest level of SNMPv3 security. No (Message 

Authentication Code) MAC is provided with the message, and no encryption is 
performed. This method is maintains the same security level as SNMPv1, but 
provides a method for limiting the access rights of a user.

Summary of Contents for P334T-ML

Page 1: ...Avaya Installation and Configuration Guide AVAYA P334T ML STACKABLE SWITCH SOFTWARE VERSION 4 5 January 2004 ...

Page 2: ...aya Inc All rights reserved All trademarks identified by the or TM are registered trademarks or trademarks respectively of Avaya Inc All other trademarks are the property of their respective owners Document no 10 300128 ...

Page 3: ...4T ML 1 Avaya P334T ML Features 1 Layer 3 Features P330 ML 2 Network Management and Monitoring 2 Device Manager Embedded Web 2 Command Line Interface CLI 2 Avaya Integrated Manager 3 Port Mirroring 3 SMON 3 Fans Power Supply and BUPS ML Monitoring 4 Chapter 2 Standards and Compatibility 5 Avaya P330 Standards Supported 5 IEEE 5 IETF Layer 2 5 IETF Layer 3 5 IETF Network Monitoring 6 Chapter 3 Spec...

Page 4: ...nstallation Chapter 4 Installation 17 Required Tools 17 Site Preparation 17 Rack Mounting Optional 19 Installing the X330STK ML Stacking Sub Module Optional 20 Connecting Stacked Switches 20 To connect stacked switches 20 Making Connections to Network Equipment 23 Prerequisites 23 Connecting Cables to Network Equipment 23 Chapter 5 Powering Up the Avaya P330 25 Powering On Avaya P330 Module AC 25 ...

Page 5: ... Level 38 Entering the CLI 38 Chapter 8 User Authentication 39 Introduction 39 SNMP Support 39 Introduction to SNMP 39 SNMP Versions 39 Managers and Agents 39 Manager Agent Communication 40 SNMPv1 40 SNMPv2c 41 SNMPv3 41 SNMP Commands 43 SSH Protocol Support 46 Introduction to SSH 46 SSH Commands 47 SCP Protocol Support 48 RADIUS 49 Introduction to RADIUS 49 Radius Commands 51 Telnet Client Suppor...

Page 6: ...tion File 66 Layer 3 Configuration File 68 System Logging 70 System Logging Introduction 70 System Logging Messages 70 Sinks 71 Applications 71 Syslog Servers 72 Syslog Configuration CLI Commands 73 Monitoring CPU Utilization 75 Chapter 11 Avaya P330 Layer 2 Features 77 Overview 77 Ethernet 78 Fast Ethernet 78 Gigabit Ethernet 78 Configuring Ethernet Parameters 78 Auto Negotiation 78 Full Duplex H...

Page 7: ...amily 94 Spanning Tree Protocol CLI Commands 95 MAC Security 97 MAC Security Implementation in P330 97 MAC Security CLI Commands 98 MAC Aging 99 Overview 99 Configuring the P330 for MAC Aging 99 MAC Aging CLI Commands 99 LAG 100 LAG Overview 100 LAG CLI Commands 100 LAG Implementation in the Avaya P330 Family of Products 101 Port Redundancy 102 Port Redundancy Operation 102 Intermodule Port Redund...

Page 8: ...Redundancy 118 Stack Health 118 Overview 118 Implementation of Stack Health in the P330 Family 118 Stack Health CLI Commands 119 Chapter 12 Avaya P330 Layer 3 Features 121 Introduction 121 What is Routing 121 Routing Configuration 123 Forwarding 123 Multinetting Multiple Subnets per VLAN 123 IP Configuration 124 IP Configuration CLI Commands 124 Assigning Initial Router Parameters 125 Obtaining an...

Page 9: ...mmands 143 VRRP Virtual Router Redundancy Protocol Configuration 144 VRRP Overview 144 VRRP Configuration Example 1 145 Case 1 145 Case 2 146 VRRP CLI Commands 146 SRRP Configuration 148 SRRP Overview 148 SRRP Configuration Example 148 SRRP CLI Commands 149 Policy Configuration 150 Policy Configuration Overview 150 Policy Configuration CLI Commands 150 Policy Configuration Example 152 Policy Confi...

Page 10: ...ntents viii Avaya P334T ML User s Guide Chapter 15 Updating the Software 161 Software Download 161 Obtain Software Online 161 Downloading Software 161 Download New Version without Overwriting Existing Version 162 ...

Page 11: ...harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be req...

Page 12: ...tion or hints or reference to material in other documentation Caution You should take care You could do something that may damage equipment or result in loss of data Warning This means danger Failure to follow the instructions or warnings may result in bodily injury You should ensure that you are qualified for this task and have read and understood all the instructions Warranty Avaya Inc provides ...

Page 13: ...the time of printing However information is subject to change Avaya Support Avaya provides a telephone number for you to use to report problems or to ask questions about your contact center The support telephone number is 1 800 242 2121 in the United States For additional support telephone numbers see the Avaya Web site http www avaya com ...

Page 14: ...IV Avaya P334T ML User s Guide ...

Page 15: ...Avaya SECTION 1 OVERVIEW ...

Page 16: ......

Page 17: ...on provides redundancy and hot swappability A P330 stack is managed as a single IP entity About the P334T ML Basic information about the P334T ML follows The Avaya P334T ML has forty eight 10 100BASE T and two GBIC SFP ports and provides Layer 2 and optional Layer 3 Ethernet switching Like other members of the Avaya P330 family the P334T ML is available in AC and DC versions Multilayer switching w...

Page 18: ...d monitoring are key components of today s networks Therefore we have provided multiple ways of managing the P330 ML to suit your needs Device Manager Embedded Web The built in P330 Device Manager Embedded Web Manager allows you to manage a P330 stack using a Web browser without purchasing additional software This application works with the Microsoft Internet Explorer and Netscape Navigator web br...

Page 19: ...ed Ports which are members in a Link Aggregation Group LAG cannot also be used as Port Mirroring Destination or Source ports Within the P334T ML switch port mirroring can be configured between ports in the three following groups 1 12 25 36 13 24 37 48 51 52 On the stack level port mirroring pairs can be configured between any Giga port and between any Giga port on the P334T ML and any 10 100Mbps p...

Page 20: ...w 4 Avaya P334T ML User s Guide Fans Power Supply and BUPS ML Monitoring P330 ML switches have integrated sensors which provide advance warnings of fan failure power supply failure or Backup Power Supply BUPS ML failure via management ...

Page 21: ...ication of management information for TCP IP based Internet RFC 1155 Simple Network Management Protocol version 1 SNMPv1 RFC 1157 Simple Network Management Protocol version 3 SNMPv3 RFC 2571 2576 PPP Internet Protocol Control Protocol IPCP RFC 1332 PPP Authentication Protocols PAP CHAP RFC 1334 PPP RFC 1661 ATM Management RFC 1695 RMON RFC 1757 SMON RFC 2613 Bridge MIB Groups RFC 2674 dot1dbase an...

Page 22: ...nd BOOTP RFC 1534 Dynamic Host Configuration Protocol RFC 1541 Clarifications and Extensions for the Bootstrap Protocol Information RFC 1542 OSPF Version 2 RFC 1583 RIP Version 2 Carrying Additional Information RFC 1723 RIP Version 2 MIB Extension RFC 1724 Requirements for IP Version 4 Routers RFC 1812 OSPF Version 2 Management Information Base RFC 1850 IP Forwarding Table MIB RFC 2096 Virtual Rou...

Page 23: ...mm 3 5 Width 482 6 mm 19 Depth 450 mm 17 7 Weight 15 6 lb AC DC Input voltage 90 to 265 VAC 50 60 Hz 36 to 72 VDC Power dissipation 100 W max 100 W max Input current 1 5 A 100 VAC 0 75 A 200VAC 4 A max Inrush current 15 A 100 VAC max 30 A 200VAC max 40 A max Operating Temp 5 to 50 C 23 122 F Rel Humidity 5 to 95 non condensing ...

Page 24: ...icted Access Areas only Installation Codes This unit must be installed in accordance with the US National Electrical Code Article 110 and the Canadian Electrical Code Section 12 Conductor Ampacity Per UL 1950 Annex NAE NEC Article 645 5 a the branch circuit conductors supply shall have the ampacity of not less than 125 percent of the total connected load For input leads use at least 18 AWG copper ...

Page 25: ...ectors 2 x SFP pluggable gigabit ethernet fiber optic connectors RS 232 for terminal setup via RJ 45 connector on front panel Basic MTBF P334T ML 118 723 hrs minimum P334T ML and X330STK ML 113 549 hrs minimum Stacking Sub module Basic MTBF 2 605 528 hrs minimum Name Number of Ports X330STK ML 2 ...

Page 26: ...ers must be operated under recommended operating conditions Laser Classification L Class 1 lasers are inherently safe under reasonably foreseeable conditions of operation Caution The use of optical instruments with this product will increase eye hazard Usage Restriction When a SFF SFP GBIC transceiver is inserted in the module but is not in use the Tx and Rx ports should be protected with an optic...

Page 27: ...nsceiver A 9 µm or 10 µm single mode fiber SMF cable may be connected to a 1000Base LX SFF SFP GBIC port The maximum length is 10 km 32 808 ft A 50 µm or 62 5 µm multimode MMF fiber cable may be connected to a 1000Base LX SFF SFP GBIC port The maximum length is 550 m 1 804 ft for 50 µm and 62 5 µm cable The LX transceiver has a Wavelength of 1300 nm Transmission Rate of 1 25 Gbps Input Voltage of ...

Page 28: ...0 10 and 1040 11 and CE for Europe EN60950 Std Complies with EN 60825 1 Gigabit Fiber Optic Cabling Gigabit Interface Fiber Type Diameter µm Modal Bandwidth MhzKm Maximum Distance m Minimum Distance m Wavelength nm 1000BASE SX MM 62 5 160 220 2 850 1000BASE SX MM 62 5 200 275 2 850 1000BASE SX MM 50 400 500 2 850 1000BASE SX MM 50 500 550 2 850 1000BASE LX MM 62 5 500 550 2 1310 1000BASE LX MM 50 ...

Page 29: ...erminal using the supplied RJ 45 crossed cable and RJ 45 to DB 9 adapter L Pin 1 of the Modem DB 25 connector is internally connected to Pin 7 GND Avaya P330 RJ 45 Pin Name DCE View Terminal DB 9 Pins Modem DB 25 Pins 1 For future use NC See note 2 TXD P330 input 3 3 3 RXD P330 output 2 2 4 CD 4 8 5 GND 5 7 6 DTR 1 20 7 RTS 8 4 8 CTS 7 5 ...

Page 30: ...Chapter 3 14 Avaya P334T ML User s Guide ...

Page 31: ...SECTION 2 INSTALLATION ...

Page 32: ......

Page 33: ...ciding where to position the unit ensure that It is accessible and cables can be connected easily and according to the configuration rule Cabling is away from sources of electrical noise such as radio transmitters broadcast amplifiers power lines and fluorescent lighting fixtures Water or moisture cannot enter the case of the unit There is a free flow of air around the unit and that the vents in t...

Page 34: ...rce matches the specifications listed below Table 4 2 Power Requirements AC Table 4 3 Power Requirements DC Input voltage 90 to 265 VAC 50 60 Hz Power dissipation 100 W max Input current 1 5 A Input voltage 36 to 72 VDC Power dissipation 100 W max Input current 4 A max ...

Page 35: ...s of the front panel to reveal the fixing holes 2 Insert the unit into the rack Ensure that the four P334T ML screw holes are aligned with the rack hole positions as shown in Figure 4 1 Figure 4 1 P334T ML Rack Mounting 3 Secure the unit in the rack using the screws Use two screws on each side Do not overtighten the screws 4 Snap close the hinged ends of the front panel 5 Ensure that ventilation h...

Page 36: ... two ends of the Octaplane cable terminate with different connectors Each connector can only be connected to its matching port You can use the following cables to connect stacked switches Short Octaplane cable X330SC ivory colored used to connect adjacent switches Catalog No CB0223 or switches separated by a BUPS unit Long Extra Long Octaplane cable X330LC X330L LC ivory colored used to connect sw...

Page 37: ...and one black redundancy cable Figure 4 2 shows an incorrect connection L You can build a stack of up to 10 P330 switches any mixture of P330 and P330 ML modules within a stack is possible If you do not wish to stack all the switches in a single rack use long Octaplane cables to connect two physical stacks as shown in Figure 4 3 Figure 4 2 Incorrect Stack Connection L Figures 4 2 and 4 3 show the ...

Page 38: ...Connector Power Supply Connector BUPS Connector Power Supply Connector BUPS Connector Power Supply Connector BUPS Connector 5 4 3 2 1 Cable to Upper Unit Cable to Lower Unit Cable to Upper Unit Cable to Lower Unit Cable to Upper Unit Cable to Lower Unit Cable to Upper Unit Cable to Lower Unit Cable to Upper Unit Cable to Lower Unit Power Supply Connector BUPS Connector Power Supply Connector BUPS ...

Page 39: ...port 10 100BASE T and SFP GBIC To connect the cables 1 Insert an SFP GBIC Small Form Factor Plugable Gigabit Interface Converter transceiver not supplied to port housings numbered 51 and 52 L GBICs are 3 3V 2 Connect an Ethernet fiberoptic cable not supplied to the GBIC transceiver You can use LC or MT RJ fiberoptic cables depending on the GBIC type you are using For a list of approved SFP GBIC tr...

Page 40: ... Gigabit Ethernet Cabling Gigabit Interface Fiber Type Diameter µm Modal Bandwidth MhzKm Maximum Distance m Minimum Distance m Wavelength nm 1000BASE SX MM 62 5 160 220 2 850 1000BASE SX MM 62 5 200 275 2 850 1000BASE SX MM 50 400 500 2 850 1000BASE SX MM 50 500 550 2 850 1000BASE LX MM 62 5 500 550 2 1310 1000BASE LX MM 50 400 550 2 1310 1000BASE LX SM 9 NA 10 000 2 1310 1000BASE ELX SM 9 NA 70 0...

Page 41: ...our P330 ML units to the BUPS ML only The P330 BUPS is not compatible with P330 ML units Powering On Avaya P330 Switch DC For the DC input version of the Avaya P330 connect the power cable to the switch at the input terminal block 1 The terminals are marked and with the IEC 5019a Ground symbol 2 The size of the three screws in the terminal block is M3 5 3 The pitch between each screw is 9 5mm Conn...

Page 42: ... following indicate that you have performed the installation procedure correctly If you do not receive the appropriate indication please refer to Troubleshooting the Installation Table 5 1 Post Installation Indications Procedure Indication Troubleshooting Information Powering the P330 All front panel LEDs illuminate briefly Page 157 Creating Stacks The LED next to the appropriate connection Cable ...

Page 43: ...1 24 are displayed and when the 25 48 LED is ON ports 25 48 are displayed The information for the SFP ports 51 52 is displayed regardless of the status of the 25 48 LED For example if the COL LED is illuminated and the 25 48 LED is off then all Port LEDs show the collision status of ports 1 24 If you wish to select the LAG function for the same ports then press the right button until the LAG Funct...

Page 44: ...ht Front Panel Buttons Table 6 1 Avaya P334T ML LED Descriptions LED Name Description LED Status PWR Power Status OFF Power is off ON Power is on Blink Using BUPS ML power only OPR CPU Operation OFF Module is booting ON Normal operation LNK 4 FC Rx COL Tx 1 FDX 3 2 LAG 25 48 Hspd 5 6 7 51 54 55 56 53 OPR Rout 8 SYS 10 9 PWR 52 11 12 13 14 15 16 17 18 19 20 21 22 23 24 ...

Page 45: ...LEDs apply to all ports LNK Port Status ON Link is OK OFF Port is disabled Blink Port is enabled but Link is down COL Collision OFF No collision or full duplex port for ports 1 48 always OFF for ports 51 52 ON Collision occurred on line Tx Transmit to line OFF No transmit activity ON Data transmitted on line from the module Rx Receive from line OFF No receive activity ON Data received from the lin...

Page 46: ...of the three possible flow control modes is enabled Note FC LED for Gigabit Ethernet ports reflect the last negotiated mode when autonegotiation is enabled and the link is down LAG Link Aggregation Group Trunking OFF No LAG defined for this port ON Port belongs to a LAG Table 6 1 Avaya P334T ML LED Descriptions Continued LED Name Description LED Status ...

Page 47: ... AC version Back Panel with Stacking Sub module BUPS ML connector cover plate removed Figure 6 5 P334T ML DC Back Panel without Stacking Sub module installed BUPS ML connector cover plate shown Table 6 2 Avaya P334T ML Select buttons Description Function Left Right Individual select LED function see table above Reset module Press both right and left buttons together for approximately 2 seconds All...

Page 48: ...e BUPS ML Input Connector The BUPS ML input connector is a 3 3 VDC and 5 VDC connector for use with the P330 BUPS ML unit only A BUPS Input sticker appears directly above the BUPS ML input connector which is covered with a metal plate Figure 6 6 BUPS ML Input Connector Sticker ...

Page 49: ...port pin assignments refer to Console Pin Assignments on page 13 Configuring the Terminal Serial Port Parameters The serial port settings for using a terminal or terminal emulator are as follows Baud Rate 9600 bps Data Bits 8 bits Parity None Stop Bit 1 Flow Control None Terminal Emulation VT 100 Connecting a Terminal to the Avaya P330 Serial port Perform the following steps to connect a terminal ...

Page 50: ...you use the session command the security level stays the same Assigning P330 s IP Stack Address L All P330 switches are shipped with the same default IP address You must change the IP address of the master P330 switch in a stack in order to guarantee that the stack has its own unique IP address in the network The network management station or a workstation running Telnet session can establish comm...

Page 51: ...connection is established with the Switch CLI entity of the Master module When you see the Welcome to P330 menu and are prompted for a Login Name enter the default name root 4 When you are prompted for a password enter the User Level password root in lower case letters do NOT use uppercase letters The User level prompt will appear when you have established communications with the Avaya P330 5 Pres...

Page 52: ...Name enter the default name root 3 When you are prompted for a password enter the password root You are now in Supervisor Level 4 At the prompt type set interface ppp ip_addr net mask with an IP address and netmask to be used by the Avaya P330 to connect via its PPP interface L The PPP interface configured with the set interface ppp command must be on a different subnet from the stack inband inter...

Page 53: ...nd the commands The login name password and access type i e security level for a user account are established using the username command Switching between the entities does not effect the security level since security levels are established specifically for each user For example if the operator with a privileged security level in the Switch entity switches to the Router entity the privileged secur...

Page 54: ...s indicated in the prompt as follows The User level prompt is shown below Cajun_P330 N The Privileged level prompt is shown below Cajun_P330 N The Configure level prompt for Layer 3 configuration is shown below P330 N configure The Supervisor level prompt is shown below Cajun_P330 N super In order to Use the following command Add a local user account and configure a user name password and access l...

Page 55: ...d controls all other SNMP managed devices or network nodes on the network There must be at least one SNMP Manager in a managed network The manager is installed on a workstation located on the network An agent resides in a managed device or network node The agent receives instructions from the SNMP Manager generates reports in response to requests from the SNMP Manager and also sends management inf...

Page 56: ...k is not supported in SNMPv1 Change a setting on the agent a set action The SNMP manager requests the agent to change the value of the MIB variable For example you can enable or disable a port An agent can send an unsolicited message to the manager at any time if a significant predetermined event takes place on the agent This message is called a trap When a trap condition occurs the SNMP agent sen...

Page 57: ...ions and authentication encryption requirements The basic components in SNMPv3 access control are users groups and views In addition SNMPv3 uses an SNMP engine ID to identify SNMP identity An SNMP engine ID is assigned to each IP address of each device in the network Each SNMP engine ID should be unique in the network Users SNMPv3 uses the User based Security Model USM for security and the View ba...

Page 58: ... name of the group SecurityModel The security model to use Possible values are 1 SNMPv1 2 SNMPv2c 3 USM Groups In SNMPv3 each user is mapped to a group The group maps its users to defined views These views define sets of access rights including read write and trap or inform notifications the users can receive The group maps its users to views based on the security mode and level with which the use...

Page 59: ...B tree This list can be created using multiple snmp server view commands to either add OIDs to the list or exclude OIDs from a list of all of the OIDs in the switch s MIB tree You can use wildcards to include or exclude an entire branch of OIDs in the MIB tree using an asterisk instead of the specific node To create an SNMPv3 view the following information must be provided ViewName 32 character st...

Page 60: ...v3 views show snmp view Display a table of SNMPv3 users and the groups with which they are mapped show snmp userToGroup Display the SNMPv3 engine ID show snmp engineID Display a list of SNMPv3 groups show snmp group Display a list of SNMPv3 users show snmp user Display a list of SNMPv3 notification receivers and SNMPv1 trap receivers show snmp Enable or disable link up link down notifications and ...

Page 61: ...er notifications Create an SNMPv3 remote user for SNMP notifications snmp server remote user Remove an SNMPv3 remote user for SNMP notifications no snmp server remote user Configure the SNMPv3 timeout and retries for notifications snmp server informs Define an SNMPv3 notification host snmp server host Remove an SNMPv3 notification host no snmp server host In order to Use the following command ...

Page 62: ...th 512 2048 bits using the DSA encryption method This is the private key The P330 calculates an MD5 Hash of the public key called a fingerprint The fingerprint is always 16 bytes long This fingerprint is displayed The P330 sends the public key i e the fingerprint to the client computer This public key is used by the client to encrypt the data it sends to the P330 The P330 decrypts the data using t...

Page 63: ...d is only available from the master module switch context and from all router contexts show ip ssh Disconnect an existing SSH session If an SSH session was entered from the router it can only be disconnected from router mode disconnect ssh Generate an SSH host key pair crypto key generate dsa SSH Client SSHServer Username List Host RSA key Hostnames List Establish Connection Public Key and Encrypt...

Page 64: ...sh a secured channel to the secured file server The P330 authenticates itself to the server by providing a user name and password With a Windows based SSH server WinSSHD the user name provided must be a defined user on the Windows machine with read write privileges The files transferred via SCP are saved in the C Documents and Settings username directory The network element performs file transfer ...

Page 65: ...e switch will send an Authentication Request to the RADIUS server in an attempt to authenticate the user remotely If the user name and password are authenticated then the RADIUS server responds to the switch with an Authentication Acknowledgement that includes information on the user s privileges administrator read write or read only and the user is allowed to gain access to the switch If the user...

Page 66: ...DIUS Authentication Procedure User attempts login Local User account authenticated in switch Perform log in according to user s priviliege level to switch Yes Authentication request sent to RADIUS Server No User name and password authenticated Yes Authentication Reject sent to switch User cannot access switch embedded managegment No ...

Page 67: ...rver IP address set radius authentication server Configure a character string to be used as a shared secret between the switch and the RADIUS server set radius authentication secret Set the RFC 2138 approved UDP port number set radius authentication udp port Set the number of times an access request is sent when there is no response set radius authentication retry number Set the time to wait befor...

Page 68: ...ction authentication local or RADIUS L Enabling and disabling the Telnet client service can only be done using a direct console connection via the Console port By default the Telnet client service is disabled Telnet Commands The following Telnet commands are available For a complete description of the Telnet CLI commands including syntax and output examples refer to Avaya P330 Reference Guide In o...

Page 69: ...default the recovery password feature is enabled To use the recovery password feature you must connect to the switch s console port Log in using the user name root and password ggdaseuaimhrke Use the set username command to change the password for the user root L Enabling and disabling the Recovery Password protocol can only be done using a direct console connection via the Console port Recovery P...

Page 70: ...e by checking the Source IP address of the packets Thus if the Source IP address is modified on the way NAT Proxy etc even an Allowed Manager will not be able to access the P330 Allowed Managers CLI Commands The following Allowed Managers commands are available In order to Use the following command When set to enabled only managers with IP address specified in the allowed table will be able to acc...

Page 71: ...lable In order to Use the following command Enable Telnet on the switch ip telnet enable Disable Telnet on the switch no ip telnet Enable HTTP on the switch ip http enable Disable HTTP on the switch no ip http Enable the switch agent to accept ICMP redirect packets sent to it ip icmp redirect Enable the switch agent to ignore ICMP redirect packets sent to it no icmp redirect Enable SNMP on the swi...

Page 72: ...8 User Authentication 56 Avaya P334T ML User s Guide Enable Telnet access from the switch ip telnet client enable Disable Telnet access from the switch no ip telnet client In order to Use the following command ...

Page 73: ...SECTION 3 CONFIGURATION ...

Page 74: ......

Page 75: ... the graphical user interfaces see Embedded Web Manager For instructions on the use of the graphical user interfaces refer to the Device Manager User Guide on the Documentation and Utilities CD Avaya P330 Default Settings The default settings for the Avaya P330 switch and its ports are determined by the Avaya P330 software These default settings are subject to change in newer versions of the Avaya...

Page 76: ...IP address 0 0 0 0 Timezone offset 0 hours SNMPv1 communities Read only Read write Trap SNMP Public Public Public SNMPv3 user name password initial No authentication or privacy password SNMP authentication trap Disabled CLI timeout 15 Minutes System logging Disabled Allowed protocols SNMP Telnet HTTP Telnet ICMP redirect SSH Telnet client Recovery password Enabled Enabled Enabled Enabled Enabled D...

Page 77: ...plex only Port speed 10 100 Mbps Depends on auto negotiation results 1000 Mbps Auto negotiation1 1 Ensure that the other side is also set to Autonegotiation Enabled Enable Enable Flow control Disabled no pause Disabled no pause Flow control auto negotiation advertisement Not applicable Disabled no pause Administrative state Enable Enable Port VLAN ID 1 1 Tagging mode Clear Clear Port priority 0 0 ...

Page 78: ...Chapter 9 P330 Default Settings 62 Avaya P334T ML User s Guide ...

Page 79: ... and output examples are all set out in detail in the Reference Guide In order to Use the following command Open a CLI session to a P330 module in the stack ATM or WAN expansion modules and Media Gateway Processor of G700 session Display or set the terminal width in characters terminal width Display or set the terminal length in lines terminal length Display or set the prompt hostname Return the p...

Page 80: ...parameters The rules of syntax and output examples are all set out in detail in the Reference Guide Access Layer 3 configuration if not logged in as supervisor see Entering the Supervisor Level on page 37 configure In order to Use the following command Configure the system name set system name Configure the system contact person set system contact Configure the system location set system location ...

Page 81: ...9 For more information on SCP refer to SCP Protocol Support on page 48 When you make changes to a device s configuration you may find that the overall effect of the configuration change may have a negative effect on the performance of the device in your network By uploading a device s configuration file before any configuration changes you can easily restore the device to a previous configuration ...

Page 82: ...tch in the format of the CLI commands necessary to configure the device to its current configuration The user can edit the file in a text editor however it is recommended that configuration changes are performed using the MSNM P330 Device Manager and or the CLI To upload or download Layer 2 configuration files you must be in a switch mode Use the CLI commands briefly described below for uploading ...

Page 83: ... copy tftp sw_image Download embedded Web software using TFTP copy tftp ew_archive Download PoE software using TFTP copy tftp sw_powerinline_image Upload the startup configuration file from the device using SCP only applicable when the device mode is Layer 2 copy startup config scp Upload a module configuration file from the device using SCP copy module config scp Upload a stack configuration file...

Page 84: ...es you must be in a router mode Use the CLI commands briefly described below for uploading and downloading Layer 3 configuration files The rules of syntax and output examples are all set out in detail in the Reference Guide Upload a module configuration file from the device using TFTP copy module config tftp Upload a stack configuration file from the device using TFTP copy stack config tftp Upload...

Page 85: ... after the configuration file is downloaded to the device Upload a startup configuration file from the device using SCP copy startup config scp Upload the running configuration file from the device using SCP copy running config scp Upload a startup configuration file from the device using TFTP copy startup config tftp Upload the running configuration file from the device using TFTP copy running co...

Page 86: ...on Informational Debug Message Content A description of the event In order to reduce the number of collected and transmitted messages filtering options should be used The filtering options are based on message classification by application and severity For a specified sink you can define the threshold severity for messages output by each application Messages with a severity lower than the defined ...

Page 87: ...g message can originate The following table provides a list of supported applications Sink Description Session Console Telnet SSH Logging messages are sent to the current console or a Telnet or SSH session in non blocking mode Log File Logging messages are saved to a log file in the NVRAM of the master module in the stack NVRAM initialization and device reset do not erase the log file Syslog serve...

Page 88: ...ned 2 Define the syslog facility that the messages are sent to on the remote syslog server If a syslog facility is not defined the default facility local7 is used 3 Define the syslog access level The default syslog server access level is read write 4 Enable the Syslog server Syslog server sinks are created as disabled 5 Addition optional configuration includes setting the different logging filters...

Page 89: ...servers set logging server Delete a Syslog server from the Syslog server table clear logging server Enable or disable logging for a Syslog server set logging server enable disable Define a filter rule for logging messages for a Syslog server set logging server condition Update the server facility parameter of a configured Syslog server set logging server facility Defines the access level associate...

Page 90: ...e log file and open an empty log file clear logging file Outputs the messages logged in the log file to the CLI console The output is arranged in descending order of occurrence with the most recent events first show logging file content In order to Use the following command ...

Page 91: ...nabling and disabling CPU utilization monitoring and viewing CPU utilization statistics The rules of syntax and output examples are all set out in detail in the Reference Guide In order to Use the following command Enable CPU utilization monitoring on a module or stack set utilization cpu Disable CPU utilization monitoring on a module or stack clear utilization cpu Display CPU utilization statisti...

Page 92: ...Chapter 10 Switch Configuration 76 Avaya P334T ML User s Guide ...

Page 93: ...t These commands are used to configure operate or monitor switch activity for each of the Layer 2 features This section of the User s Guide explains each of the features Specifically the topics discussed here include Ethernet VLAN Port Based Network Access Control Spanning Tree Protocol Rapid Spanning Tree Protocol MAC Security MAC Aging Link Aggregation Group LAG Port Redundancy IP Multicast Filt...

Page 94: ...as 100BASE T over copper or 100BASE FX over fiber Fast Ethernet is standardized as IEEE 802 3u Gigabit Ethernet Gigabit Ethernet supports data rates of 1 Gbps It is also known as 1000BASE T over copper or 1000BASE FX over fiber Gigabit Ethernet is standardized as IEEE 802 3z Configuring Ethernet Parameters Auto Negotiation Auto Negotiation is a protocol that runs between two stations two switches ...

Page 95: ...ugh capacity to forward them to the appropriate ports This however can interrupt time sensitive traffic streams such as Voice and other converged applications These packets need to be forwarded with the minimum of delay or buffering In other words they need to be given high priority over other types of network traffic Priority determines in which order packets are sent on the network and is a key ...

Page 96: ...level CLI command MAC Address The MAC address is a unique 48 bit value associated with any network adapter MAC addresses are also known as hardware addresses or physical addresses They uniquely identify an adapter on a LAN MAC addresses are 12 digit hexadecimal numbers 48 bits in length By convention MAC addresses are usually written in one of the following two formats MM MM MM SS SS SS MM MM MM S...

Page 97: ...a name for a port set port name Set the send receive mode for flow control frames for a full duplex port set port flowcontrol Set the flow control advertisement for a Gigabit port when performing autonegotiation set port auto negotiation flowcontrol advertisement Set the priority level of a port set port level Display settings and status for all ports show port Display per port status information ...

Page 98: ...r s Guide Ethernet Implementation in the Avaya P334T ML This section describes the implementation of the Ethernet feature in the Avaya P334T ML Speed 10 100 ports 1 48 1G ports 51 52 Priority queuing 10 100 ports 4 queues 1G ports 2 queues CAM size 8K addresses ...

Page 99: ...hed to different hubs In this example the Management VLAN consists of stations on numerous floors of the building and which are connected to both Device A and Device B Figure 11 1 VLAN Overview In virtual topological networks the network devices may be located in diverse places around the LAN such as in different departments on different floors or in different buildings Connections are made throug...

Page 100: ...ID is the number of the VLAN to which the port is assigned Untagged frames and frames tagged with VLAN 0 entering the port are assigned the port s VLAN ID Tagged frames are unaffected by the port s VLAN ID The Tagging Mode determines the behavior of the port that processes outgoing frames If Tagging Mode is set to Clear the port transmits frames that belong to the port s VLAN table These frames le...

Page 101: ... manually configured on it L VLAN Binding The forwarding mechanism of the P330 ML switches is based on frame s VLAN and MAC address If a frame is destined to a known MAC address but arrives on a different VLAN than the VLAN on which this MAC address was learnt this frame will be flooded as unknown to all ports that are bound to its VLAN Hence VLAN binding should be executed with care especially on...

Page 102: ... corresponding to the VLANs which are configured on the port will be accepted Packets with other VLAN tags will be dropped VLAN CLI Commands The following table contains a list of the CLI commands for the VLAN feature The rules of syntax and output examples are all set out in detail in the Reference Guide In order to Use the following command Assign the Port VLAN ID PVID set port vlan Define the p...

Page 103: ... of the VLAN feature in the Avaya P334T ML No of VLANs 252 tagged VLANs ranging from 1 to 3071 Clear a VLAN statically configured on a port clear port static vlan Clear the dynamic vlans learned by the switch from incoming traffic clear dynamic vlans Display the MAC addresses learned on a specific VLAN show cam vlan In order to Use the following command ...

Page 104: ...users attached to a LAN port and of preventing access to that port in cases where the authentication process fails The authentication procedure is port based which means access control is achieved by enforcing authentication on connected ports if an end point station that connects to a port is not authorized the port state is set to unauthorized which closes the port to any traffic As a result of ...

Page 105: ...re the port used to access the RADIUS server as force authorized L You can configure on the RADIUS server a PVID static VLAN binding and port level for each authenticated user If the port that the user is connected to is authorized those parameters will be assigned to the port Connect the Supplicant i e Windows XP clients directly to the P330 Verify that the dot1x port control is in auto mode Set ...

Page 106: ...port dot1x Display all the port dot1x statistics show port dot1x statistics Set the minimal idle time between authentication attempts set dot1x quiet period Set the time interval between attempts to access the Authenticated Station set dot1x tx period Set the server retransmission timeout period for all ports set dot1x server timeout Set the authentication period an idle time between re authentica...

Page 107: ...d per port a time interval between attempts to access the Authenticated Station set port dot1x tx period Set the supp timeout per port a time for the port to wait for a reply from the Authenticated Station set port dot1x supp timeout Set the server timeout per port a time to wait for a reply from the Authentication Server set port dot1x server timeout Set the re authentication period per port an i...

Page 108: ...out of any arrangement of bridges The result is a single path between any two end stations on an extended network Provides a high degree of fault tolerance It allows the network to automatically reconfigure the spanning tree topology if there is a bridge or data path failure The Spanning Tree Algorithm requires five values to derive the spanning tree topology These are 1 A multicast address specif...

Page 109: ... roles rapidly through its fast topology change propagation mechanism For example a port in the blocking state can be assigned the role of alternate port When the backbone of the network fails the port may be rapidly changed to forwarding Whereas the STA passively waited for the network to converge before turning a port into the forwarding state RSTP actively confirms that a port can safely transi...

Page 110: ...ill begin to speak 802 1d on this port only Specifically this means 802 1d bridges will ignore RSTP BPDUs and drop them 802 1d bridges will send 802 1d format BPDUs back to the switch The switch will change to 802 1d mode for that port only The P330 configured to RSTP is therefore able to simultaneously work with other switches implementing either RSTP or STP without specific user intervention Spa...

Page 111: ...me Set the RSTP bridge forward delay time parameter set spantree forward delay Select between STP operation or RSTP switch operation set spantree version Display the bridge and per port spanning tree information show spantree Set the TX hold count for the STA set spantree priority Add a port to the spanning tree application set port spantree enable Remove a port from the spanning tree application ...

Page 112: ...6 Avaya P334T ML User s Guide Set the port point to point admin status set port point to point admin status Show the port s point to point admin and operational RSTP status show port point to point status In order to Use the following command ...

Page 113: ...anagement station Disable and notify Permanently disables the packets and sends a notification to the management station When the P330 is configured to send traps to report attempted intrusion to prevent the flooding of the Console s trap log network the Agent sends an intruder alert every 5 seconds for the first 3 times a specific intruder is detected on a port and then every 15 minutes if the in...

Page 114: ...rity for the switch set security mode Display the MAC security mode for the switch show security mode Enable Disable MAC security for a specific port set port security Display the MAC security mode for a port show port security Specify the action taken when there is a security violation set security violation action Add a MAC address to a port s list of allowed MAC addresses set secure mac Remove ...

Page 115: ...isabled After NVRAM INIT MAC Aging default state is enabled mac aging time is set in minutes Default 5 minutes Minimum time 1 minute maximum time 3600 min L On a mixed P330 P330 ML stack MAC Aging if enabled will apply only to P330 ML modules in the stack MAC Aging CLI Commands The following table contains a list of the CLI commands for the MAC Aging feature The rules of syntax and output examples...

Page 116: ...r The attributes of the base port such as port speed VLAN number etc are applied to all the other member ports in the LAG When created each LAG is automatically assigned a logical port number usually designated 10x This logical port number can then be used as any regular panel port for all configuration required for the LAG Spanning Tree Redundancy etc L In the P330 ML switches you need to erase a...

Page 117: ...wo GBIC ports to form a LAG you can aggregate the bandwidths of 6 groups of up to 8 10 100BaseT ports in a LAG for a maximum of 7 LAGs per switch The relationship between the P334T ML Port Numbers and the LAG logical Port Number that will be assigned to each LAG is depicted below Panel Ports in the LAG Max Number of LAGs LAG Logical Port Number 1 4 25 28 1 101 5 8 29 32 1 102 9 12 33 36 1 103 13 1...

Page 118: ...own Port redundancy provides for the following in the P330 Switchback from the secondary to primary port is allowed Switching time intervals can be set by the user L Port Redundancy interworks with the Spanning Tree Algorithm The Port Redundancy feature functions as follows Port Redundancy enables the user to establish 20 pairs of ports Within each pair primary and secondary ports are defined To p...

Page 119: ...can not be designated in any other redundancy scheme L Intermodule Port Redundancy does not interworks with the Spanning Tree Algorithm Port Redundancy CLI Commands The following table contains a list of the CLI commands for the Redundancy feature The rules of syntax and output examples are all set out in detail in the P330 Reference Guide In order to Use the following command Define or remove por...

Page 120: ...apter 11 Avaya P330 Layer 2 Features 104 Avaya P334T ML User s Guide display the intermodule redundancy entry defined for the switch show intermodule port redundancy In order to Use the following command ...

Page 121: ...pports multicast filtering The P330 learns which switch ports need to receive which multicast packets and configures the necessary information into the switch s hardware tables This learning is based on IGMP version 1 or 2 snooping The multicast filtering function in the P330 is transparent to the IP hosts and routers It does not affect the forwarding behavior apart from filtering multicast packet...

Page 122: ...on of the IP multicast feature in the Avaya P334T ML No of multicast groups 255 In order to Use the following command Enable or disable the IP multicast filtering application set intelligent multicast Define aging time for client ports set intelligent multicast client port pruning time Define aging time for router ports set intelligent multicast router port pruning time Define group filtering time...

Page 123: ...ilities provide the tools needed to monitor and analyze the behavior of segments on a network In conjunction with an RMON agent RMON gathers details and logical information about network status performance and users running applications on the network RMON has two levels RMON I analyzes the MAC layer Layer 2 in the OSI seven layer model RMON 2 analyzes the upper layers Layers 3 and above L RMON 2 ...

Page 124: ...ing scheme show rmon statistics Display the most recent RMON history log for a given History Index show rmon history Display the parameters set for a specific alarm entry that was set using the rmon alarm command show rmon alarm Display the parameters of an Event entry defined by the rmon event command or Device Manager show rmon event Clears all RMON counters in the stack clear rmon statistics In...

Page 125: ...owing ways It provides additional tools and features for monitoring in the switch environment It allows monitoring of ATM networks that are based on cells rather than packets It provides a global view of traffic flow on a network with multiple switches SMON monitoring provides A global view of traffic for all switches on the network An overall view of traffic passing through a specific switch Deta...

Page 126: ...tion port on each C460 chassis for either received Rx or transmitted and received Tx Rx traffic Port Mirroring CLI commands Port Mirroring Constraints Note the following limitations The VLAN binding parameters of the source and destination ports must be identical Ports which are members in a Link Aggregation Group LAG cannot also be used as Port Mirroring Destination or Source ports Within the P33...

Page 127: ...pecify their classification demands by defining Access Lists An Access List is an ordered list of classification rules and actions For each frame received by the system the Multilayer Policy application tries the classification rules one by one and executes the action associated with the first rule that matches Rules are based on the following properties IP IP version 4 packets with specific sourc...

Page 128: ...olicy Implementation in the P334T ML Each P334T ML can store up to 20 Policy Lists These lists consist of Access Lists DSCP to COS Maps and Trust Modes Avaya P334T ML supports two policy types Router the switch enforces the active Policy List only on routed packets This applies to P334T ML switches in Router device mode All the switch enforces the active Policy List on all packets that enter throu...

Page 129: ...icy type is all Configuring the P334T ML for Multilayer Policy This section describes the configuration of the P334T ML for Multilayer Policy functionality Configuration Requirements The following specific requirements impact on the configuration of Multilayer Policy in an Avaya P334T ML Multilayer Policy must be configured separately on each P334T ML in the stack This is done by opening a session...

Page 130: ...r copying an entire Policy List ip access list copy Set the DSCP to COS mapping Based on range and action parameters system will apply mapping to frames ip access list dscp operation Designates which original frame fields influence internal queues selection ip access list dscp trust Assign a name to a Policy List ip access list name Add the name of an owner to a Policy List ip access list owner De...

Page 131: ...List validate group Display the active policy list number show ip access group Display the DSCP to CoS map of a policy list show ip access list dscp Display summary information regarding all configured access lists show ip access list summary Set the policy control source to either local or remote policy server set qos policy source Copy current policy or policy and router configuration to the sta...

Page 132: ...ower priority queue will transmit only if none of the Higher priority queue has nothing to transmit When the Priority scheme is set to WWR with a weight factor n Giga ports the High priority queue will transmit n packets for each packet that will be transmitted from the Low priority queue P334T ML 10 100 ports The 4 queues will convert into 2 queues High and Low the High priority queue will transm...

Page 133: ...n when the port is disabled and a fast aging operation on the CAM table will be performed This feature is particularly useful for the link intermodule redundancy application where you need to be informed about a link failure on the dormant port and resume traffic quickly Port Classification CLI Commands In order to Use the following command Set the port classification to either regular or valuable...

Page 134: ...verview The Stack Health feature will identify defective modules and cables that may be installed in the P330 stack The Stack Health algorithm separately checks all stacking modules and the Octaplane connections including Redundant cable Implementation of Stack Health in the P330 Family When activating the Stack Health feature the agents in all modules start sending special packets of various leng...

Page 135: ...CLI Commands The following table contains a list of the CLI commands for the Stack Health feature The rules of syntax and output examples are all set out in detail in the Reference Guide In order to Use the following command Initiate the stack health testing procedure set stack health ...

Page 136: ...Chapter 11 Avaya P330 Layer 2 Features 120 Avaya P334T ML User s Guide ...

Page 137: ...zing Routing Updates from all routers a router can build a detailed picture of network topology A Link State Advertisement is another example of a message sent between routers Link State Advertisements inform other routers of the state of the sender s links Link information can also be used to build a complete picture of the network s topology Once the network topology is understood routers can de...

Page 138: ...nism and the information is stored within the ARP table in the router see The ARP Table on page 111 Within an enterprise routers serve as an intranet backbone that interconnects all networks This architecture strings several routers together via a high speed LAN topology such as Fast Ethernet or Gigabit Ethernet Within the global Internet routers do all the packet switching in the backbones Anothe...

Page 139: ...d For example if there are two interfaces over the same VLAN and you configure DHCP server on one interface it will be used also for the second interface over the same VLAN This behavior might be less expected and in some cases wrong In order to prevent misconfiguration and unexpected results the P330 prevents configuration of VLAN oriented commands on an interface unless explicitly requested by t...

Page 140: ...dministrative state of an IP interface ip admin state Update the interface broadcast address ip broadcast address Define a default gateway router ip default gateway Define the interface RIP route metric value default metric Enable net directed broadcast forwarding ip directed broadcast Set the IP routing mode of the interface ip routing mode Enable or disable the sending of redirect messages on th...

Page 141: ...fore you assign the Initial Router IP address 4 To access Router commands from the Master module type the command session module number router where module number is the location of the router module in the stack and press Enter The command prompt changes from P330 N to Router N where N is the number of the router in the stack see P330 Sessions 5 Type configure and press Enter The prompt Router N ...

Page 142: ... Type exit and press Enter This returns you to the prompt Router configure 11 If the management station is not on the same subnet as the switch configure a default gateway static route Use the command ip default gateway ip address and press Enter replacing ip address with the IP address of the default gateway 12 Save the configuration changes by typing copy running config startup config and press ...

Page 143: ...aya P334T ML User s Guide 127 Obtaining a Routing License Key To obtain a License Key that enables routing features 1 Go to http license lsg avaya com and click request new license 2 Enter the Certificate Key and Certificate Type 3 Click Next ...

Page 144: ...128 Avaya P334T ML User s Guide 4 Enter contact information once per certificate 5 Click Next 6 View number of licenses left 7 Enter serial number of the switch es or module To identify serial numbers use the CLI command show module identity ...

Page 145: ...set license module license featureName where module P330 ML module number the location of the device in the stack license license code featureName routing and press Enter 2 Reset the module 3 Check that the license is activated using the CLI Use the show license CLI command License Key CLI Commands In order to Use the following command Configure the feature license set license Display the feature ...

Page 146: ...Chapter 12 Avaya P330 Layer 3 Features 130 Avaya P334T ML User s Guide ...

Page 147: ...g RIPv1 you must not configure supernets which are networks with a mask smaller than the natural net mask of the address class such as 192 1 0 0 with mask 255 255 0 0 smaller than the natural class C mask which is 255 255 255 0 For detailed descriptions of RIP refer to the standards and published literature RIPv2 is a new version of the RIP routing protocol but with some advantages over RIPv1 RIPv...

Page 148: ...e following command Configure the Routing Information Protocol RIP router rip Specify a list of networks on which the RIP is running network Redistribute routing information from other protocols into RIP redistribute Specify the RIP version running on the interface basis ip rip rip version Set the interface RIP route metric value default metric Set the RIP Send and Receive mode on an interface ip ...

Page 149: ... Guide 133 Specify the type of authentication used in RIP Version 2 packets ip rip authentication mode Set the authentication string used on the interface ip rip authentication key Specify the RIP timers values timers basic In order to Use the following command ...

Page 150: ... state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node This calculation is based on a topography of the Internet constructed by each node Each router sends that portion of the routing table keeps track of routes to particular network destinations that describes the state of its own links and it also sends the complete routing str...

Page 151: ...spf cost Specify the time interval between hellos the router sends ip ospf hello interval Configure the interval before declaring the neighbor as dead ip ospf dead interval Configure interface priority used in DR election ip ospf priority Configure the interface authentication password ip ospf authentication key Display general information about OSPF routing show ip ospf Display the OSPF related i...

Page 152: ...ce Local static routes such as those that have no next hop are not allowed Two kinds of static routes can be configured High Preference static routes which are preferred to routes learned from any routing protocol Low Preference static routes which are used temporarily until the route is learned from a routing protocol By default a static route has Low Preference Static routes can be advertised by...

Page 153: ...fault route will not be preferred over a RIP route to the subnet of the destination P330 protocol preferences are listed below from the most to the least preferred 1 Local directly attached net 2 High preference static manually configured routes 3 OSPF internal routes 4 RIP 5 OSPF external routes 6 Low preference static manually configured routes Define a default gateway router ip default gateway ...

Page 154: ... 1 OSPF external type 2 metric N to RIP metric N 1 Static to OSPF external type 2 metric configurable default 1 RIP metric N to OSPF external type 2 metric N Direct to OSPF external type 2 metric 1 By default the P330 does not redistribute routes between OSPF and RIP Redistribution from one protocol to the other can be configured By default static routes are not redistributed to RIP and OSPF The P...

Page 155: ... address from its IP address This mechanism ability is called ARP Address Resolution Protocol The following mechanism describes how a station builds an ARP Table Figure 12 2 Building an ARP Table Station 1 sends ARP Request Broadcast specifying IP address of Station 2 Station 2 receives the broadcast and identifies its IP address Station 2 sends an ARP Reply to Station 1 containing Station 2 MAC A...

Page 156: ...ache arp Configure the amount of time that an entry remains in the ARP cache arp timeout Set the amount of time that an entry remains in the ARP cache back to default no arp timeout Set the maximum number of ARP cache entries allowed in the ARP cache ip max arp entries Set the maximum number of ARP cache back to default no ip max arp entries Enable proxy ARP on an interface ip proxy arp Disable pr...

Page 157: ...ck of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address Many ISPs use dynamic IP addressing for dial up users However dynamic addressing may not be desirable for a network server DHCP BOOTP Relay The P330 supports the DHCP BOOTP Relay Agent function This is ...

Page 158: ...each request and sends it to both servers This provides redundancy and prevents the failure of a single server from blocking hosts from loading You can enable or disable or DHCP BOOTP Relay in P330 BOOTP DHCP CLI Commands In order to Use the following command Enable or disable relaying of bootp and dhcp requests to the BOOTP DHCP server no ip bootp dhcp relay no restores default Add or remove a BO...

Page 159: ...terface basis When a netbios broadcast packet arrives from an interface on which netbios rebroadcast is enabled the packet is distributed to all other interfaces configured to rebroadcast netbios If the netbios packet is a net directed broadcast e g 149 49 255 255 the packet is relayed to all other interfaces on the list and the IP destination of the packet is replaced by the appropriate interface...

Page 160: ...ctions of the virtual router are performed by one of the physical routers with which it is associated This router is known as the master router For each virtual router VRRP selects a master router If the selected master router fails another router is selected as master router In VRRP two or more physical routers can be associated with a virtual router thus achieving extreme reliability In a VRRP e...

Page 161: ...e network even in different VLAN By the end of the routers configuration and when the network is up the main router for each virtual router will be elected according to this order of preference The virtual router IP address is also the router s interface IP address It has the highest priority you can configure this parameter It has the highest IP address if the previous cases do not apply Backup R...

Page 162: ...RP requests Therefore the stations will not sense any change neither in the configured DG nor in the MAC level VRRP has no provisions for routing data base synchronization among the redundant routers You need to perform this manually Case 2 One router is Main on one IP subnet e g 20 20 20 0 and redundant on another e g 30 30 30 0 In this case each IP subnet must be in different VRID e g 1 2 The ab...

Page 163: ...outer ID Ip vrrp preempt Set the primary address that shall be used as the source address of VRRP packets for the virtual router ID Ip vrrp primary Accept or discard packets addressed to the IP address es associated with the virtual router such as ICMP SNMP and TELNET if it is not the IP address owner Ip vrrp override addr owner Display VRRP information show ip vrrp Display full VRRP related infor...

Page 164: ...up P330 sends a gratuitous ARP message that causes all stations to send their IP traffic to the backup P330 MAC address instead of the failed unit MAC address As long as it is an active backup resulting from the failure of the main unit the backup P330 answers ARP requests for the main unit providing its own MAC address SRRP Configuration Example The P330 in SRRP mode can backup any other router T...

Page 165: ...he SRRP configuration mode router srrp Disable SRRP no router srrp Backup an additional interface of the main router using the SRRP application ip srrp backup Configure the polling interval in seconds used by SRRP poll interval Set the polling interval used by SRRP back to default no poll interval Configure the timeout after which SRRP declares the main router dead if it does not reply to polling ...

Page 166: ...rules define how the P330 should handle routed packets There are three possible ways to handle such packets Forward the packet Permit operation Discard the packet Deny operation Discard the packet and notify the management station Deny and Notify The Avaya P330 can enforce Access Control policy on each routed packet according to the following criteria Matching the packet s source or destination IP...

Page 167: ...st ip access list name Add the name of an owner to a Policy List ip access list owner Delete an access list element or a Policy List no ip access list Activate a Policy List ip access group Deactivate a Policy List no ip access group Display the DSCP to CoS map of a policy list show ip access list dscp Set the list cookie for a specific policy list ip access list cookie Display an access list show...

Page 168: ...ontrol source to either local or remote policy server set qos policy source Copy current policy and router configuration to the startup configuration file copy running config startup config Set whether a module enforces the active Policy List on all packets or only routed packets set policy type Show whether the module enforces the policy list on all packets or only on routed packets show policy t...

Page 169: ...ating in network 149 49 0 0 rule 1 2 Assigning priority 3 to all TCP traffic going to the host 172 44 17 1 rule 2 3 Denying Telnet sessions originated by the host 192 168 5 33 rule 3 P330 1 super ip access list 100 1 fwd6 tcp 149 49 0 0 0 0 255 255 any done P330 1 super ip access list 100 2 fwd3 tcp any host 172 44 17 1 done P330 1 super ip access list 100 3 deny tcp host 192 168 5 33 any eq 23 do...

Page 170: ...tation and reassembly IP Fragmentation works as follows IP packet is divided into fragments each fragment becomes its own IP packet each packet has same identifier source destination address fragments are usually not reassembled until final destination IP Fragmentation Reassembly CLI Commands In order to Use the following command Clear the fragment database and restore its defaults clear fragment ...

Page 171: ...Avaya SECTION 4 TROUBLESHOOTING AND MAINTENANCE ...

Page 172: ......

Page 173: ... correctly Replace the power cord If the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the P3330 If that device works refer to the next step If that device does not work check the AC power P3330 AC power supply not functioning Use an optional BUPS Backup Power Supply Contact your local Avaya distributor The power supply is not use...

Page 174: ...Chapter 13 Troubleshooting the Installation 158 Avaya P334T ML User s Guide ...

Page 175: ...2 Loosen the screws to the stacking sub module by turning the knobs 3 Take hold of the two knobs one near each side of the front panel and pull gently but firmly towards yourself 4 Insert the new stacking sub module gently into the slot ensuring that the metal base plate is aligned with the guide rails The metal plate not the PCB of the X330STK ML fits onto the guide rails 5 Press the sub module i...

Page 176: ...Chapter 14 Maintenance 160 Avaya P334T ML User s Guide ...

Page 177: ...r from the Software Download section at www avaya com support Downloading Software Download the firmware and Embedded Web Manager as follows Use the command in the Avaya P330 CLI copy tftp SW_image image file EW_archive filename ip mod_num Please see the CLI Chapters of the User s Guides for related information L Please download both the new Avaya firmware and the new Embedded Web Manager versions...

Page 178: ...a non existent file name for the Embedded Web image file preserves the old version in Bank A allows the user to boot from either Bank A or Bank B i e using either the old or new software version L In normal operation the Embedded Web file should be copied to Bank A and the new software version should be downloaded to Bank B This process copies the old software version to Bank A and the new softwar...

Reviews:

No comments

Brands by name

Popular brands

Load more brands