Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in Release 4.0.50
- Chapter 3: New in Release 4.0.40
- Chapter 4: New in Release 4.0
- Chapter 5: Network design fundamentals
- Chapter 6: Hardware fundamentals and guidelines
- Chapter 7: Optical routing design
- Chapter 8: Platform redundancy
- Chapter 9: Link redundancy
- Chapter 10: Layer 2 loop prevention
- Chapter 11: Spanning tree
- Chapter 12: Layer 3 network design
- Chapter 13: SPBM design guidelines
- Chapter 14: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 15: System and network stability and security
- Chapter 16: QoS design guidelines
- Chapter 17: Layer 1, 2, and 3 design examples
- Chapter 18: Software scaling capabilities
- Chapter 19: Supported standards, RFCs, and MIBs
- Glossary
equal value. For example, if you configure the server with UDP 1812, the client must use the
same UDP port value.
Other customizable RADIUS parameters require careful planning and consideration, for example,
switch timeout and retry. Use the switch timeout to define the number of seconds before the
authentication request expires. Use the retry parameter to indicate the number of retries the server
accepts before sending an authentication request failure.
Avaya recommends that you use the default value in the attribute-identifier field. If you change the
default value, you must alter the dictionary on the RADIUS server with the new value. To configure
the RADIUS feature, you require Read-Write-All access to the switch.
For more information about RADIUS, see Security for Avaya Virtual Services Platform 4000 Series,
NN46251-601.
Encryption of control plane traffic
Control-plane traffic encryption involves Secure Shell (SSHv1/v2), Secure Copy (SCP), and Simple
Network Management Protocol (SNMPv3).
Use SSH to conduct secure communications over a network between a server and a client. The
switch supports only the server mode (supply an external client to establish communication). The
server mode supports SSHv1 and SSHv2.
The SSH protocol offers:
• Authentication
SSH determines identities. During the logon process, the SSH client asks for digital proof of the
identity of the user.
• Encryption
SSH uses encryption algorithms to scramble data. This data is rendered unintelligible except to
the intended receiver.
• Integrity
SSH guarantees that data is transmitted from the sender to the receiver without alteration. If a
third party captures and modifies the traffic, SSH detects this alteration.
VSP 4000 supports:
• SSH version 1, with password and Rivest, Shamir, Adleman (RSA) authentication
• SSH version 2 with password and Digital Signature Algorithm (DSA) authentication
• Digital Encryption Standard (DES)
• Triple DES (3DES)
• Advanced Encryption Standard (AES)
You must load the encryption module before you can enable it. For more information about how to
load encryption modules, see Security for Avaya Virtual Services Platform 4000 Series,
NN46251-601.
SNMP header network address
You can direct an IP header to have the same source address as the management virtual IP
address for self-generated UDP packets. If you configure a management virtual IP address and
enable the udpsrc-by-vip flag, the network address in the SNMP header is always the
Control plane security
December 2014 Network Design Reference for Avaya VSP 4000 Series 123
Comments? infodev@avaya.com