Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this release
- Chapter 3: Network design fundamentals
- Chapter 4: Hardware fundamentals and guidelines
- Chapter 5: Optical routing design
- Chapter 6: Platform redundancy
- Chapter 7: Link redundancy
- Chapter 8: Layer 2 loop prevention
- Chapter 9: Spanning tree
- Chapter 10: Layer 3 network design
- Chapter 11: SPBM design guidelines
- Chapter 12: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 13: System and network stability and security
- Chapter 14: QoS design guidelines
- Chapter 15: Layer 1, 2, and 3 design examples
- Chapter 16: Software scaling capabilities
- Chapter 17: Supported standards, RFCs, and MIBs
- Glossary
Routing protocol security
You can protect OSPF and BGP updates with a Message Digest 5 (MD5) key on each interface. At
most, you can configure two MD5 keys for each interface. You can also use multiple MD5 key
configurations for MD5 transitions without bringing down an interface.
For more information, see Configuring OSPF and RIP on Avaya Virtual Services Platform 4000
Series, NN46251–506 and Configuring BGP on Avaya Virtual Services Platform 4000 Series,
NN46251–507.
Control plane security
The control plane physically separates management traffic using the in-band interface. The control
plane facilitates High Secure mode, management access control, access policies, authentication,
SSH and Secure Copy, and SNMP.
Management port
Avaya Virtual Services Platform 4000 Series requires one port to be configured as the management
port. This port separates user traffic from management traffic in highly sensitive environments, such
as brokerages and insurance agencies. By using this dedicated network (see Figure 55: Dedicated
Ethernet management link on page 121) to manage the switch, and by configuring access policies
(if you enable routing), you can manage the switch in a secure fashion. You can also use terminal
servers to access the console port on the CP module (see Figure 56: Terminal server access on
page 122).
Figure 55: Dedicated Ethernet management link
Control plane security
January 2015 Network Design Reference for Avaya VSP 4000 Series 121
Comments? infodev@avaya.com