Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in Release 4.0.50
- Chapter 3: New in Release 4.0.40
- Chapter 4: New in Release 4.0
- Chapter 5: Network design fundamentals
- Chapter 6: Hardware fundamentals and guidelines
- Chapter 7: Optical routing design
- Chapter 8: Platform redundancy
- Chapter 9: Link redundancy
- Chapter 10: Layer 2 loop prevention
- Chapter 11: Spanning tree
- Chapter 12: Layer 3 network design
- Chapter 13: SPBM design guidelines
- Chapter 14: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 15: System and network stability and security
- Chapter 16: QoS design guidelines
- Chapter 17: Layer 1, 2, and 3 design examples
- Chapter 18: Software scaling capabilities
- Chapter 19: Supported standards, RFCs, and MIBs
- Glossary
TrustedHostAddr: N/A
TrustedHostUserName: none
AccessLevel: readOnly
AccessStrict: false
Usage: 0
If you disable access-strict (false), the policy looks at the value for accesslevel, and
then the system applies the policy to anyone with equivalent rights or higher. In this example,
all levels include readonly so the default policy applies to l1, l2, l3, rw, ro, and rwa. If you
enable access-strict, the system applies the policy only to ro.
For SNMP and access policies, you must apply the service to the access policy. The only
choice is SNMPv3 but this parameter applies to all versions of SNMP. The additional command
access-policy <1–65535> snmp-group WORD<1–32> <snmpv1|snmpv2|usm>
applies the policy to the SNMP community or the SNMP group.
• Filters
ACL filters are used by individual VLANs to filter out packets based on source MAC,
destination MAC and other criteria.
For more information about these filters, see Configuration - QoS and ACL-Based Traffic
Filtering Avaya Virtual Services Platform 4000 Series, NN46251-502.
• Limited MAC learning
This feature limits the number of forwarding database (FDB) entries learned on a particular port
to a user-specified value. After the number of learned FDB entries reaches the maximum limit,
the switch drops packets with unknown source MAC addresses.
Note:
The current release of the VSP 4000 allows you to enable limit-learning on a port and
configure the maximum number of MAC entries on this port.
VSP-switch(config-if)#mac-security limit-learning ?
enable Enable limit-learning on this port
max-addrs Set the maximum number of entries on this port
Security at Layer 3: filtering
At Layer 3 and higher, VSP 4000 provides enhanced filtering capabilities as part of its security
strategy to protect the network from different attacks.
VSP 4000 supports advanced filters based on Access Control Lists (ACL).
Customer Support Bulletins (CSBs) are available on the Avaya Technical Support website to
provide information and configuration examples about how to block some attacks.
Routing protocol security
You can protect OSPF and BGP updates with a Message Digest 5 (MD5) key on each interface. At
most, you can configure two MD5 keys for each interface. You can also use multiple MD5 key
configurations for MD5 transitions without bringing down an interface.
For more information, see Configuring OSPF and RIP on Avaya Virtual Services Platform 4000
Series, NN46251–506 and Configuring BGP on Avaya Virtual Services Platform 4000 Series,
NN46251–507.
System and network stability and security
118 Network Design Reference for Avaya VSP 4000 Series December 2014
Comments? infodev@avaya.com