manualshive.com logo in svg

Avaya ERS 2400, Техническое конфигурационное руководство

Продукт Avaya ERS 2400 - это сетевое оборудование для организаций, обеспечивающее надежное подключение и передачу данных. Вам доступен БЕСПЛАТНЫЙ технический конфигурационный руководство для этого устройства на manualshive.com, где вы можете скачать его и ознакомиться с основными настройками.

Поделиться
Скачать
background image

 

Avaya Inc. 

– Proprietary & Confidential. 

Use pursuant to the terms of your signed agreement or Avaya policy.

 

37 

avaya.com 

1.4.6  Adding User Based Policies (UBP) Option 

The  ERS  5500  and  ERS  5600  both  support  User  Based  Policies  (UBP)  that  can  be  used  with 
EAP or non-EAP MAC authentication. UBP filter sets can be configured locally on the switch and 
applied  upon  an  EAP  Supplicant  or  non-EAP  device  successfully  authenticating  against  a 
RADIUS  server.  Once  the  EAP  Supplicate  or  non-EAP  device  is  authenticated  by  RADIUS,  the 
RADIUS server can be setup to send a RADIUS attribute for UBP.  The RADIUS return attribute 
for  UBP  is  simply  the  UBP  filter  set name. This  allows  you  to  configure  different  UBP  filter  sets 
and have RADIUS tell the switch what policy to apply based on the user or device credentials.    

The following command is used to configure UBP: 

 

ERS5520(config)#

qos ubp classifier name <Word 1..16 character string> ?

 

    

addr-type      Specify the address type (IPv4, IPv6) classifier criteria 

  block          Specify the label to identify access-list elements that are of 
                 the same block 
  drop-action    Specify the drop action 
  ds-field       Specify the DSCP classifier criteria 
  dst-ip         Specify the destination IP classifier criteria 
  dst-mac        Specify the destination MAC classifier criteria 
  dst-port-min   Specify the L4 destination port minimum value classifier 
                 criteria 
  ethertype      Specify the ethertype classifier criteria 
  eval-order     Specify the evaluation order 
  flow-id        Specify the IPv6 flow identifier classifier criteria 
  next-header    Specify the IPv6 next header classifier criteria 
  priority       Specify the user priority classifier criteria 
  protocol       Specify the IPv4 protocol classifier criteria 
  set-drop-prec  Specify the set drop precedence 
  src-ip         Specify the source IP classifier criteria 
  src-mac        Specify the source MAC classifier criteria 
  src-port-min   Specify the L4 source port minimum value classifier criteria 
  update-1p      Specify the update user priority 
  update-dscp    Specify the update DSCP 
  vlan-min       Specify the Vlan ID minimum value classifier criteria 
  vlan-tag       Specify the vlan tag classifier criteria 
  <cr>

 

Assuming  we  wish  to  add  UBP  configuration  to this  example, please  following  the  configuration 
steps shown below. 

1.4.6.1 

ERS5520 Policy Configuration 

Although any number of items can be configured for the policy, we will create two simply policies 
to remark all traffic from the Philips VLAN  with a DSCP value of 26 (Gold) and remark all traffic 
from the Siemens VLAN with a DSCP value of 16 (Silver).  

ERS5520-1  Step  1 

–  Configure  a  policy  using  the  name  „philips‟  and  remark  DSCP  with  a 

DSCP value of 26. We will set the eval-order to 5 (value from 1-255) in case you wish to add 
additional filters in the future with a higher preference. 

5520-24T-1(config)# 

qos ubp classifier name philips ethertype 0x0800 update-dscp 

26 eval-order 5 

ERS5520-1 Step 2 

– Enable the UBP set 

5520-24T-1(config)# 

qos ubp set name philips  

Содержание ERS 2400

Страница 1: ...s Ignition Server Technical Configuration Guide Enterprise Solutions Engineering Document Date April 2010 Document Number NN48500 586 Document Version 2 0 Identify Engines Ignition Server Ethernet Rou...

Страница 2: ...are Ethernet attached The main components include both the Ethernet edge switches and the Network Access Control infrastructure provided by Avaya s Identity Engines portfolio The audience for this Tec...

Страница 3: ...nts Conventions 3 1 Overview Medical Device Authentication using Identify Engines 4 1 1 Access Layer 4 1 2 Ignition Server Biomedical Device Authentication 4 1 3 Configuration Examples 5 1 4 Biomedica...

Страница 4: ...hts important information about an action that may result in equipment damage configuration or data loss Text Bold text indicates emphasis Italic text in a Courier New font indicates text the user mus...

Страница 5: ...Ignition Server to authenticate biomedical devices from an EAP authenticator it must know the device identity typically the MAC address In an existing network consisting of many biomedical devices mos...

Страница 6: ...s and Siemens for this example The Ethernet Routing Switch 5500 can be configured to accept both EAP and non EAP NEAP on the same port In regards to non EAP the switch can be configured to accept a pa...

Страница 7: ...g vlan create 1600 name siemens type port 5520 24T 1 config vlan create 3000 name general type port ERS5520 1 Step 2 Enable VLAN tagging on all appropriate ports 5520 24T 1 config vlan port 23 24 tagg...

Страница 8: ...s on port uplink ports ERS5520 1 Step 1 Enable Discard Untagged Frames 5520 1 config vlan ports 23 24 filter untagged frame enable 1 4 1 6 Enable Spanning Tree Fast Start and BPDU Filtering on access...

Страница 9: ...n enable RADIUS accounting using the command radius accounting enable 1 4 1 9 Enable EAP globally ERS5520 1 Step 1 Enable non EAP NEAP 5520 24T 1 config eap multihost allow non eap enable ERS5520 1 St...

Страница 10: ...and enable RADIUS NEAP phone 5520 24T 1 config interface fastEthernet 14 20 5520 24T 1 config if eapol status auto 5520 24T 1 config if eapol multihost allow non eap enable 5520 24T 1 config if eapol...

Страница 11: ...rt 14 Admin Status Auto Auth No Admin Dir Both Oper Dir Both ReAuth Enable No ReAuth Period 3600 Quiet Period 60 Xmit Period 30 Supplic Timeout 30 Server Timeout 30 Max Req 2 RDS DSE No Port 20 Admin...

Страница 12: ...Enabled Non EAPOL RADIUS Password Attribute Format MACAddr Non EAPOL User Based Policies Enabled Non EAPOL User Based Policies Filter On MAC Addresses Disabled Use most recent RADIUS VLAN Disabled St...

Страница 13: ...OL RADIUS VLANs is Enabled globally and at interface level 1 4 2 3 Verify EAP Multihost Status Step 1 Assuming Siemens devices on ports 14 15 and Philips devices on ports19 20 verify device MAC addres...

Страница 14: ...IVL No Port Members 14 15 23 24 3000 general Port None 0x0000 Yes IVL No Port Members 14 20 23 24 Total VLANs 5 On ERS5520 1 verify the following information Option Verify Port Display the ports where...

Страница 15: ...3 IDE Setup 1 4 3 1 Create a new Nortel device template IDE Step 1 Go to Site Configuration Provisioning Vendor VSA s Nortel Device Template New IDE Step 2 Name the new Nortel device template Nortel V...

Страница 16: ...complete configuration Please note that you must change the Avaya switch device template MAC Address Source from the default setting of Inbound Calling Station Id to Inbound User Name for device authe...

Страница 17: ...re an Outbound Attribute on Ignition Server for VLAN IDE Step 1 Go to Site Configuration Provisioning Outbound Attributes New IDE Step 2 Via the Outbound Attribute window enter a name for the attribut...

Страница 18: ...ya com IDE Step 3 Go to Site Configuration Provisioning Outbound Values New IDE Step 4 Using the Outbound Attribute created in Step 2 we will add the VLAN ID value for the Philips VLAN Start by enteri...

Страница 19: ...created in Step 2 i e VLAN as used in this example via the Choose Global Outbound Attribute pull down menu Make sure the Fixed Value radio button is selected Enter an name i e Philips VLAN 1500 as us...

Страница 20: ...p 3 to 5 to add the RADIUS attribute for the Siemens VLAN Go to Site Configuration Provisioning Outbound Values New IDE Step 7 Using the Outbound Attribute created in Step 2 we will add the VLAN ID va...

Страница 21: ...he correct VLAN number i e 1600 as used in this example in the VLAN ID window Click on OK twice when done 1 4 3 3 Add Access Policy The following is a list of top biomedical manufacturers vendor MAC s...

Страница 22: ...vaya policy 21 avaya com IDE Step 1 Go to Site Configuration Access Policies MAC Auth default radius device and click on Edit IDE Step 2 First we will create a rule for the Philips medical devices Sta...

Страница 23: ...the Constraint Details window under Attribute Category select Device and then scroll down and select device address Next via the right hand side plane select Starts With make sure Static Value is sel...

Страница 24: ...hentication Policy window click the Allow radio button via Action Provisioning and move the attribute we configured above named vlan 1500 philips from All Outbound Value box to the Provision With box...

Страница 25: ...the Constraint Details window under Attribute Category select Device and then scroll down and select device address Next via the right hand side plane select Starts With make sure Static Value is sel...

Страница 26: ...cation Policy window click the Allow radio button via Action Provisioning and move the attribute we configured above named vlan 1600 Siemens from All Outbound Value box to the Provision With box IDE S...

Страница 27: ...Avaya Inc Proprietary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 26 avaya com...

Страница 28: ...s For Ignition Server to process the Avaya switch RADIUS requests each switch must be added as an Authenticator IDE Step 1 Go to Site Configuration Authenticators default For example we will create ne...

Страница 29: ...select the template we created in the section above titled Create a new Nortel device template Nortel VLAN as used in our example Make sure Enable MAC Auth is checked off and Do Not Use Password is s...

Страница 30: ...Avaya Inc Proprietary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 29 avaya com...

Страница 31: ...nal Devices Next we will add the vendor MAC prefix via the Internal Store on Ignition Server IDE Step 1 Go to Site Configuration Directories Internal Store Internal Devices First we will add the MAC p...

Страница 32: ...greement or Avaya policy 31 avaya com IDE Step 2 Go to Site Configuration Directories Internal Store Internal Devices Next we will add the MAC prefix for Siemens Via the Internal Devices window Click...

Страница 33: ...Ignition Server Advanced Troubleshooting feature For example let s assume we wish to test a Philips device which starts with a vendor MAC of 00 09 5c Step 1 Via Ignition Dashboard select the IP addre...

Страница 34: ...the following information Option Verify Results First of all if successful Device lookup successful should be displayed Virtual Attributes Verify the following pertaining to the configuration used in...

Страница 35: ...witch and various details pertaining to the device such as RADIUS attributes and device details Knowing this information you could keep a database of all medical device identifiers and the switch and...

Страница 36: ...Avaya Inc Proprietary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 35 avaya com Result...

Страница 37: ...Allow should be displayed If not verify the device using the previous step and if this also fails verify the Ignition Server configuration User Id This field displays the full MAC address of the devi...

Страница 38: ...ype Specify the ethertype classifier criteria eval order Specify the evaluation order flow id Specify the IPv6 flow identifier classifier criteria next header Specify the IPv6 next header classifier c...

Страница 39: ...T 1 config qos agent ubp high security local The default ubp classifier action non match action is for forward traffic In older software releases for the ERS5500 this was not the case and you had to e...

Страница 40: ...lips and UROLsiemens as per the policies configured on ERS5520 1 On Ignition Server the Nortel vendor VSA definitions are already defined and can be viewed by using Ignition Dashboard and going to Sit...

Страница 41: ...ement or Avaya policy 40 avaya com IDE Step 3 Go to Site Configuration Provisioning Outbound Values and click on New IDE Step 4 When the Outbound Value Details window pops up enter a name i e UROLphil...

Страница 42: ...bal Outbound Attribute and select the outbound attribute name from step 2 above Select Value of String and enter string name of UROLphilips for the UBP name of philips configured for the Philips devic...

Страница 43: ...ens as used in this example via the Outbound Value Name window and click on New IDE Step 8 When the Outbound Value instance window pops up under Choose Global Outbound Attribute and select the outboun...

Страница 44: ...43 avaya com IDE Step 9 Go to Site Configuration Access Policies MAC Auth default radius device and via the Authorization Policy tab select Philips and click on Edit IDE Step 10 Move the attribute we...

Страница 45: ...44 avaya com IDE Step 11 Go to Site Configuration Access Policies MAC Auth default radius device and via the Authorization Policy tab select Siemens and click on Edit IDE Step 12 Move the attribute we...

Страница 46: ...signed agreement or Avaya policy 45 avaya com IDE Step 13 Once complete we can go to Site Configuration Access Policy MAC Auth default radius device and clicking on Access Policy Summary to view the...

Страница 47: ...ore Destination L4 Port Max Ignore Source L4 Port Min Ignore Source L4 Port Max Ignore IPv6 Flow Id Ignore IP Flags Ignore TCP Control Flags Ignore IPv4 Options Ignore Destination MAC Addr Ignore Dest...

Страница 48: ...p No Action Update DSCP 0x10 Action Update 802 1p Priority Ignore Action Set Drop Precedence Low Drop Storage Type NonVolatile On the ERS5520 verify the following information Option Verify Name Verify...

Страница 49: ...owing command to view the UBP Policy 5520 24T 1 show qos ubp interface Result Id Unit Port Filter Set Name _____ ____ ____ _______________ 55001 1 14 siemens 55004 1 19 philips On the ERS5520 verify t...

Страница 50: ...to connect to ERS5520 1 is port 3 29 ERS8600 5 5 config ip ipfix state enable ERS8600 5 5 config ip ipfix port 3 29 all traffic enable ERS8600 6 5 show ip ipfix flows 3 IPFIX Flows Slot Number 3 Total...

Страница 51: ...ary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 50 avaya com 2 Software Baseline Product Minimum Software Level Identity Engines 6 0 1 ERS2500 4 2 ERS4500 5 3 ERS55...

Страница 52: ...ollection ERS4500_5 3_Doc_Collection_20090731 Ethernet Routing Switch 4500 Software Release 5 3 Avaya Ethernet Routing Switch 5500 Series Release 5 1 Document Collection ERS5500_6 1_Doc_Collection_200...

Отзывы:

Нет отзывов

Похожие инструкции для ERS 2400

3Com Server User Manual preview
Server
Бренд: 3Com Страницы: 48
Observint N16 Quick Setup Manual preview
N16
Бренд: Observint Страницы: 11
Garmin GND 10 Installation Instructions preview
GND 10
Бренд: Garmin Страницы: 2
Salto Node Installation Manual preview
Node
Бренд: Salto Страницы: 2
Hawking CF100W Specifications preview
CF100W
Бренд: Hawking Страницы: 2
Niveo NWAR33P User Manual preview
NWAR33P
Бренд: Niveo Страницы: 155
Premio FlacheSAN1L-D4 Quick Manual preview
FlacheSAN1L-D4
Бренд: Premio Страницы: 3
Patton electronics 3087 Quick Start Manual preview
3087
Бренд: Patton electronics Страницы: 12
Lanner ICS-P570 User Manual preview
ICS-P570
Бренд: Lanner Страницы: 63
insys icom EBW-E Quick Installation Manual preview
EBW-E
Бренд: insys icom Страницы: 4
Idis DR-1204P Installation Manual preview
DR-1204P
Бренд: Idis Страницы: 22
AMX NXF Dimensional Drawing preview
NXF
Бренд: AMX Страницы: 1
ADTRAN Express L128FP User Manual preview
Express L128FP
Бренд: ADTRAN Страницы: 161
LevelOne WBR-3402TX User Manual preview
WBR-3402TX
Бренд: LevelOne Страницы: 146
Extreme Networks ExtremeCloud Appliance E1120 User Manual preview
ExtremeCloud Appliance E1120
Бренд: Extreme Networks Страницы: 219
Alcatel-Lucent Service Aggregation Router 7705 Installation Manual preview
Service Aggregation Router 7705
Бренд: Alcatel-Lucent Страницы: 20
Alloy POEGE24T User Manual preview
POEGE24T
Бренд: Alloy Страницы: 13
Williams Sound DW SY 1 User Manual preview
DW SY 1
Бренд: Williams Sound Страницы: 2

Бренды по названию

Популярные бренды

Загрузить еще бренды