Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this release
- Chapter 3: Network design fundamentals
- Chapter 4: Hardware fundamentals and guidelines
- Chapter 5: Optical routing design
- Chapter 6: Platform redundancy
- Chapter 7: Link redundancy
- Chapter 8: Layer 2 loop prevention
- Chapter 9: Spanning tree
- Chapter 10: Layer 3 network design
- Chapter 11: SPBM design guidelines
- Chapter 12: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 13: System and network stability and security
- Chapter 14: QoS design guidelines
- Chapter 15: Layer 1, 2, and 3 design examples
- Chapter 16: Software scaling capabilities
- Chapter 17: Supported standards, RFCs, and MIBs
- Glossary
TrustedHostAddr: N/A
TrustedHostUserName: none
AccessLevel: readOnly
AccessStrict: false
Usage: 0
If you disable access-strict (false), the policy looks at the value for accesslevel, and
then the system applies the policy to anyone with equivalent rights or higher. In this example,
all levels include readonly so the default policy applies to l1, l2, l3, rw, ro, and rwa. If you
enable access-strict, the system applies the policy only to ro.
Note:
If you configure the access policy mode to deny, the system checks the mode and service,
and if they match the system denies the connection. With the access policy mode
configured to deny, the system does not check accesslevel or access-strict
information. If you configure the access policy mode to allow, the system continues to
check the accesslevel and access-strict information.
For SNMP and access policies, you must apply the service to the access policy. The only
choice is SNMPv3 but this parameter applies to all versions of SNMP. The additional command
access-policy <1–65535> snmp-group WORD<1–32> <snmpv1|snmpv2|usm>
applies the policy to the SNMP community or the SNMP group.
•
Filters
ACL filters are used by individual VLANs to filter out packets based on source MAC,
destination MAC and other criteria.
For more information about these filters, see Configuration - QoS and ACL-Based Traffic
Filtering Avaya Virtual Services Platform 4000 Series, NN46251-502.
• Limited MAC learning
This feature limits the number of forwarding database (FDB) entries learned on a particular port
to a user-specified value. After the number of learned FDB entries reaches the maximum limit,
the switch drops packets with unknown source MAC addresses.
Note:
The current release of the VSP 4000 allows you to enable limit-learning on a port and
configure the maximum number of MAC entries on this port.
VSP-switch(config-if)#mac-security limit-learning ?
enable Enable limit-learning on this port
max-addrs Set the maximum number of entries on this port
Security at Layer 3: filtering
At Layer 3 and higher, VSP 4000 provides enhanced filtering capabilities as part of its security
strategy to protect the network from different attacks.
VSP 4000 supports advanced filters based on Access Control Lists (ACL).
Customer Support Bulletins (CSBs) are available on the Avaya Technical Support website to
provide information and configuration examples about how to block some attacks.
System and network stability and security
120 Network Design Reference for Avaya VSP 4000 Series January 2015
Comments? infodev@avaya.com