Avaya ERS 2400 Скачать руководство пользователя

Страница: 7 / 52

Avaya Inc.

– Proprietary & Confidential.

Use pursuant to the terms of your signed agreement or Avaya policy.

avaya.com



Add the recommended settings for connectivity to an SMLT Cluster

– VLACP and

Multilink Trunking (MLT) with Spanning Tree disabled on the uplink core ports 23 and 24

1.4.1 ERS Switch Configuration

1.4.1.1

Go to configuration mode.

ERS5520-1 Step 1 - Enter configuration mode

5520-24T-PWR>

enable

5520-24T-PWR#

configure terminal

5520-24T-PWR(config)#

cmd-interface cli

5520-24T-PWR(config)#

banner disable

5520-24T-PWR(config)#

snmp-server name 5520-24T-1

1.4.1.2

Create VLAN‟s

ERS5520-1 Step 1

– Create VLAN‟s 201, 1500, 1600, and 3000

5520-24T-1(config)#

vlan create 201 name mgmt type port

5520-24T-1(config)#

vlan create 1500 name philips type port

5520-24T-1(config)#

vlan create 1600 name siemens type port

5520-24T-1(config)#

vlan create 3000 name general type port

ERS5520-1 Step 2

– Enable VLAN tagging on all appropriate ports

5520-24T-1(config)#

vlan port 23-24 tagging tagall

ERS5520-1 Step 3

– Set VLAN configuration control to automatic, add VLAN port

members, and set the management VLAN to VLAN 201

5520-24T-1(config)#

vlan configcontrol automatic

5520-24T-1(config)#

vlan members add 201 23-24

5520-24T-1(config)#

vlan members add 1500 23-24

5520-24T-1(config)#

vlan members add 1600 23-24

5520-24T-1(config)#

vlan members add 3000,14-20,23-24

5520-24T-1(config)#

vlan mgmt 201

ERS5520-1 Step 4

– Remove port members from the default VLAN

5520-24T-1(config)#

vlan members remove 1 14-20,23-24



Please note that the non-EAP devices must be a member of a VLAN for the switch to
authenticate the devices. You can either leave port member 14-20 in VLAN 1 or create
a separate VLAN and add the port members as we have done by creating VLAN 3000.

Содержание ERS 2400

Страница 1: ...s Ignition Server Technical Configuration Guide Enterprise Solutions Engineering Document Date April 2010 Document Number NN48500 586 Document Version 2 0 Identify Engines Ignition Server Ethernet Rou...

Страница 2: ...are Ethernet attached The main components include both the Ethernet edge switches and the Network Access Control infrastructure provided by Avaya s Identity Engines portfolio The audience for this Tec...

Страница 3: ...nts Conventions 3 1 Overview Medical Device Authentication using Identify Engines 4 1 1 Access Layer 4 1 2 Ignition Server Biomedical Device Authentication 4 1 3 Configuration Examples 5 1 4 Biomedica...

Страница 4: ...hts important information about an action that may result in equipment damage configuration or data loss Text Bold text indicates emphasis Italic text in a Courier New font indicates text the user mus...

Страница 5: ...Ignition Server to authenticate biomedical devices from an EAP authenticator it must know the device identity typically the MAC address In an existing network consisting of many biomedical devices mos...

Страница 6: ...s and Siemens for this example The Ethernet Routing Switch 5500 can be configured to accept both EAP and non EAP NEAP on the same port In regards to non EAP the switch can be configured to accept a pa...

Страница 7: ...g vlan create 1600 name siemens type port 5520 24T 1 config vlan create 3000 name general type port ERS5520 1 Step 2 Enable VLAN tagging on all appropriate ports 5520 24T 1 config vlan port 23 24 tagg...

Страница 8: ...s on port uplink ports ERS5520 1 Step 1 Enable Discard Untagged Frames 5520 1 config vlan ports 23 24 filter untagged frame enable 1 4 1 6 Enable Spanning Tree Fast Start and BPDU Filtering on access...

Страница 9: ...n enable RADIUS accounting using the command radius accounting enable 1 4 1 9 Enable EAP globally ERS5520 1 Step 1 Enable non EAP NEAP 5520 24T 1 config eap multihost allow non eap enable ERS5520 1 St...

Страница 10: ...and enable RADIUS NEAP phone 5520 24T 1 config interface fastEthernet 14 20 5520 24T 1 config if eapol status auto 5520 24T 1 config if eapol multihost allow non eap enable 5520 24T 1 config if eapol...

Страница 11: ...rt 14 Admin Status Auto Auth No Admin Dir Both Oper Dir Both ReAuth Enable No ReAuth Period 3600 Quiet Period 60 Xmit Period 30 Supplic Timeout 30 Server Timeout 30 Max Req 2 RDS DSE No Port 20 Admin...

Страница 12: ...Enabled Non EAPOL RADIUS Password Attribute Format MACAddr Non EAPOL User Based Policies Enabled Non EAPOL User Based Policies Filter On MAC Addresses Disabled Use most recent RADIUS VLAN Disabled St...

Страница 13: ...OL RADIUS VLANs is Enabled globally and at interface level 1 4 2 3 Verify EAP Multihost Status Step 1 Assuming Siemens devices on ports 14 15 and Philips devices on ports19 20 verify device MAC addres...

Страница 14: ...IVL No Port Members 14 15 23 24 3000 general Port None 0x0000 Yes IVL No Port Members 14 20 23 24 Total VLANs 5 On ERS5520 1 verify the following information Option Verify Port Display the ports where...

Страница 15: ...3 IDE Setup 1 4 3 1 Create a new Nortel device template IDE Step 1 Go to Site Configuration Provisioning Vendor VSA s Nortel Device Template New IDE Step 2 Name the new Nortel device template Nortel V...

Страница 16: ...complete configuration Please note that you must change the Avaya switch device template MAC Address Source from the default setting of Inbound Calling Station Id to Inbound User Name for device authe...

Страница 17: ...re an Outbound Attribute on Ignition Server for VLAN IDE Step 1 Go to Site Configuration Provisioning Outbound Attributes New IDE Step 2 Via the Outbound Attribute window enter a name for the attribut...

Страница 18: ...ya com IDE Step 3 Go to Site Configuration Provisioning Outbound Values New IDE Step 4 Using the Outbound Attribute created in Step 2 we will add the VLAN ID value for the Philips VLAN Start by enteri...

Страница 19: ...created in Step 2 i e VLAN as used in this example via the Choose Global Outbound Attribute pull down menu Make sure the Fixed Value radio button is selected Enter an name i e Philips VLAN 1500 as us...

Страница 20: ...p 3 to 5 to add the RADIUS attribute for the Siemens VLAN Go to Site Configuration Provisioning Outbound Values New IDE Step 7 Using the Outbound Attribute created in Step 2 we will add the VLAN ID va...

Страница 21: ...he correct VLAN number i e 1600 as used in this example in the VLAN ID window Click on OK twice when done 1 4 3 3 Add Access Policy The following is a list of top biomedical manufacturers vendor MAC s...

Страница 22: ...vaya policy 21 avaya com IDE Step 1 Go to Site Configuration Access Policies MAC Auth default radius device and click on Edit IDE Step 2 First we will create a rule for the Philips medical devices Sta...

Страница 23: ...the Constraint Details window under Attribute Category select Device and then scroll down and select device address Next via the right hand side plane select Starts With make sure Static Value is sel...

Страница 24: ...hentication Policy window click the Allow radio button via Action Provisioning and move the attribute we configured above named vlan 1500 philips from All Outbound Value box to the Provision With box...

Страница 25: ...the Constraint Details window under Attribute Category select Device and then scroll down and select device address Next via the right hand side plane select Starts With make sure Static Value is sel...

Страница 26: ...cation Policy window click the Allow radio button via Action Provisioning and move the attribute we configured above named vlan 1600 Siemens from All Outbound Value box to the Provision With box IDE S...

Страница 27: ...Avaya Inc Proprietary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 26 avaya com...

Страница 28: ...s For Ignition Server to process the Avaya switch RADIUS requests each switch must be added as an Authenticator IDE Step 1 Go to Site Configuration Authenticators default For example we will create ne...

Страница 29: ...select the template we created in the section above titled Create a new Nortel device template Nortel VLAN as used in our example Make sure Enable MAC Auth is checked off and Do Not Use Password is s...

Страница 30: ...Avaya Inc Proprietary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 29 avaya com...

Страница 31: ...nal Devices Next we will add the vendor MAC prefix via the Internal Store on Ignition Server IDE Step 1 Go to Site Configuration Directories Internal Store Internal Devices First we will add the MAC p...

Страница 32: ...greement or Avaya policy 31 avaya com IDE Step 2 Go to Site Configuration Directories Internal Store Internal Devices Next we will add the MAC prefix for Siemens Via the Internal Devices window Click...

Страница 33: ...Ignition Server Advanced Troubleshooting feature For example let s assume we wish to test a Philips device which starts with a vendor MAC of 00 09 5c Step 1 Via Ignition Dashboard select the IP addre...

Страница 34: ...the following information Option Verify Results First of all if successful Device lookup successful should be displayed Virtual Attributes Verify the following pertaining to the configuration used in...

Страница 35: ...witch and various details pertaining to the device such as RADIUS attributes and device details Knowing this information you could keep a database of all medical device identifiers and the switch and...

Страница 36: ...Avaya Inc Proprietary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 35 avaya com Result...

Страница 37: ...Allow should be displayed If not verify the device using the previous step and if this also fails verify the Ignition Server configuration User Id This field displays the full MAC address of the devi...

Страница 38: ...ype Specify the ethertype classifier criteria eval order Specify the evaluation order flow id Specify the IPv6 flow identifier classifier criteria next header Specify the IPv6 next header classifier c...

Страница 39: ...T 1 config qos agent ubp high security local The default ubp classifier action non match action is for forward traffic In older software releases for the ERS5500 this was not the case and you had to e...

Страница 40: ...lips and UROLsiemens as per the policies configured on ERS5520 1 On Ignition Server the Nortel vendor VSA definitions are already defined and can be viewed by using Ignition Dashboard and going to Sit...

Страница 41: ...ement or Avaya policy 40 avaya com IDE Step 3 Go to Site Configuration Provisioning Outbound Values and click on New IDE Step 4 When the Outbound Value Details window pops up enter a name i e UROLphil...

Страница 42: ...bal Outbound Attribute and select the outbound attribute name from step 2 above Select Value of String and enter string name of UROLphilips for the UBP name of philips configured for the Philips devic...

Страница 43: ...ens as used in this example via the Outbound Value Name window and click on New IDE Step 8 When the Outbound Value instance window pops up under Choose Global Outbound Attribute and select the outboun...

Страница 44: ...43 avaya com IDE Step 9 Go to Site Configuration Access Policies MAC Auth default radius device and via the Authorization Policy tab select Philips and click on Edit IDE Step 10 Move the attribute we...

Страница 45: ...44 avaya com IDE Step 11 Go to Site Configuration Access Policies MAC Auth default radius device and via the Authorization Policy tab select Siemens and click on Edit IDE Step 12 Move the attribute we...

Страница 46: ...signed agreement or Avaya policy 45 avaya com IDE Step 13 Once complete we can go to Site Configuration Access Policy MAC Auth default radius device and clicking on Access Policy Summary to view the...

Страница 47: ...ore Destination L4 Port Max Ignore Source L4 Port Min Ignore Source L4 Port Max Ignore IPv6 Flow Id Ignore IP Flags Ignore TCP Control Flags Ignore IPv4 Options Ignore Destination MAC Addr Ignore Dest...

Страница 48: ...p No Action Update DSCP 0x10 Action Update 802 1p Priority Ignore Action Set Drop Precedence Low Drop Storage Type NonVolatile On the ERS5520 verify the following information Option Verify Name Verify...

Страница 49: ...owing command to view the UBP Policy 5520 24T 1 show qos ubp interface Result Id Unit Port Filter Set Name _____ ____ ____ _______________ 55001 1 14 siemens 55004 1 19 philips On the ERS5520 verify t...

Страница 50: ...to connect to ERS5520 1 is port 3 29 ERS8600 5 5 config ip ipfix state enable ERS8600 5 5 config ip ipfix port 3 29 all traffic enable ERS8600 6 5 show ip ipfix flows 3 IPFIX Flows Slot Number 3 Total...

Страница 51: ...ary Confidential Use pursuant to the terms of your signed agreement or Avaya policy 50 avaya com 2 Software Baseline Product Minimum Software Level Identity Engines 6 0 1 ERS2500 4 2 ERS4500 5 3 ERS55...

Страница 52: ...ollection ERS4500_5 3_Doc_Collection_20090731 Ethernet Routing Switch 4500 Software Release 5 3 Avaya Ethernet Routing Switch 5500 Series Release 5 1 Document Collection ERS5500_6 1_Doc_Collection_200...

Результаты поиска

Содержание ERS 2400

Отзывы:

Похожие инструкции для ERS 2400

Бренды по названию

Популярные бренды

Avaya ERS 2400, Техническое конфигурационное руководство

Результаты поиска

Содержание ERS 2400

Отзывы:

Похожие инструкции для ERS 2400

Бренды по названию

Популярные бренды