Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in Release 4.0.50
- Chapter 3: New in Release 4.0.40
- Chapter 4: New in Release 4.0
- Chapter 5: Network design fundamentals
- Chapter 6: Hardware fundamentals and guidelines
- Chapter 7: Optical routing design
- Chapter 8: Platform redundancy
- Chapter 9: Link redundancy
- Chapter 10: Layer 2 loop prevention
- Chapter 11: Spanning tree
- Chapter 12: Layer 3 network design
- Chapter 13: SPBM design guidelines
- Chapter 14: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 15: System and network stability and security
- Chapter 16: QoS design guidelines
- Chapter 17: Layer 1, 2, and 3 design examples
- Chapter 18: Software scaling capabilities
- Chapter 19: Supported standards, RFCs, and MIBs
- Glossary
Access level Description
Read Write Use this level to view and edit most device configuration. You
cannot change the security and password configuration.
Read Write All Use this level to do everything. You have all the privileges of
read-write access and the ability to change the security
configuration. The security configuration includes access
passwords and the web-based management user names and
passwords.
Read-Write-All (RWA) is the only level from which you can
modify usernames, passwords, and SNMP community strings,
with the exception of the RWA community string, which cannot
be changed.
High Secure mode
Use High Secure to disable all unsecured applications and daemons, for example, FTP, TFTP, and
rlogin. Avaya strongly recommends that you do not use unsecured protocols. See also
High Secure
mode on page 117.
Use Secure Copy (SCP) rather than FTP or TFTP.
Security and access policies
Access policies permit secure switch access by specifying a list of IP addresses or subnets that can
manage the switch for a specific daemon, such as Telnet, SNMP, HTTP, SSH, TFTP, FTP, RSH,
and rlogin. Rather than using a management VLAN that is spread out among all of the switches in
the network, you can build a full Layer 3 routed network and securely manage the switch with one of
the in-band IP addresses attached to one of the VLANs (see the following figure).
Figure 56: Access levels
Avaya recommends that you use access policies for in-band management to secure access to the
switch. By default, all services are denied. You must enable the default policy or enable a custom
Control plane security
December 2014 Network Design Reference for Avaya VSP 4000 Series 121
Comments? infodev@avaya.com