Design Reference

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesFabric-enabled multi-service edge switches

151

152

153

154

155

156

157

158

159

160

Table Of Contents

Contents
Chapter 1: Introduction
- Purpose
- Related resources
- Support
Chapter 2: New in this release
- VOSS 4.2.1
  - Features
  - Other changes
- VOSS 4.2
  - Features
  - Other changes
Chapter 3: Network design fundamentals
Chapter 4: Hardware fundamentals and guidelines
- Supported hardware
- Platform considerations
- Hardware compatibility for VSP 4000
- Supported optical devices
- Dispersion considerations for long reach
- 10/100BASE-X and 1000BASE-TX reach
- 10/100/1000BASE-TX Auto-Negotiation recommendations
- Auto MDIX
- CANA
Chapter 5: Optical routing design
- Optical routing system components
Chapter 6: Platform redundancy
- Power redundancy
- Input/output port redundancy
- Configuration redundancy
- Link redundancy
Chapter 7: Link redundancy
- Physical layer redundancy
- MultiLink Trunking
- 802.3ad-based link aggregation
Chapter 8: Layer 2 loop prevention
- Loop prevention and detection
- SLPP example scenarios
Chapter 9: Layer 2 switch clustering and SMLT
- Split MultiLink Trunk configuration
Chapter 10: Layer 3 switch clustering and RSMLT
- Routed SMLT
- Switch clustering topologies and interoperability with other products
Chapter 11: Layer 3 switch clustering and multicast SMLT
- General guidelines
- Multicast triangle topology
- Square and full-mesh topology multicast guidelines
- SMLT and multicast traffic issues
Chapter 12: Spanning tree
- Spanning tree and protection against isolated VLANs
- MSTP and RSTP considerations
Chapter 13: Layer 3 network design
- VRF Lite
- Virtual Router Redundancy Protocol
- Open Shortest Path First
- Border Gateway Protocol
- IP routed interface scaling
- IPv6
Chapter 14: SPBM design guidelines
- 802.1aq standard
- VLANs without member ports
- Provisioning
- Implementation options
- Reference architectures
- Solution-specific reference architectures
- Best practices
- SPBM restrictions and limitations
- IP multicast over Fabric Connect restrictions
Chapter 15: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Split-subnet and multicast
- Protocol Independent Multicast-Sparse Mode guidelines
- Protocol Independent Multicast-Source Specific Multicast guidelines
- Multicast for multimedia
Chapter 16: System and network stability and security
- DoS protection mechanisms
- Damage prevention
- Data plane security
- Control plane security
- Additional information
Chapter 17: QoS design guidelines
- QoS mechanisms
- QoS interface considerations
- Network congestion and QoS design
- QoS examples and recommendations
Chapter 18: Layer 1, 2, and 3 design examples
- Layer 1 example
- Layer 2 example
- Layer 3 example
Glossary

Figure 74: 802.1x and OPS interaction

Virtual Services Platform 4000 includes software support for the Preside (Funk) and Microsoft IAS

RADIUS servers. Additional RADIUS servers that support the EAP standard are also compatible

with Virtual Services Platform 4000. For more information, contact your Avaya representative.

802.1x and the LAN Enforcer or Avaya Health Agent

The Sygate LAN Enforcer or the Avaya Health Agent enables Virtual Services Platform 4000 to use

the 802.1x standard to ensure that a user who connects from inside a corporate network is

legitimate. The LAN Enforcer or Health Agent also checks the endpoint security posture, including

anti-virus, firewall definitions, Windows registry content, and specific file content (plus date and

size). Noncompliant systems that attempt to obtain switch authentication can be placed in a

remediation VLAN, where updates can be pushed to the internal user, and users can subsequently

attempt to join the network again.

VLANs and traffic isolation

You can use Avaya Virtual Services Platform 4000 Series to build secure VLANs. If you configure

port-based VLANs, each VLAN is completely separate from the others. VSP 4000 supports the

IEEE 802.1Q specification for tagging frames and coordinating VLANs across multiple switches.

VSP 4000 analyzes each packet independently of preceding packets. This mode, as opposed to the

cache mode that other vendors use, allows complete traffic isolation.

For more information about VLANs, see Configuring VLANs and Spanning Tree on Avaya Virtual

Services Platform 4000 Series, NN46251-500.

Management of access policies

At Layer 2, VSP 4000 provides the following security mechanisms:

• Access policies

If you enable access policies globally, the system creates a default policy (1) that allows File

Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Telnet, and Secure Shell (SSH).

If you enable access policies globally but disable the default policy, the system denies FTP,

HTTP, rlogin, SSH, Simple Network Management Protocol (SNMP), Telnet, and Trivial FTP

(TFTP).

System and network stability and security

152 Network Design Reference for Avaya VSP 4000 Series June 2015

Comments on this document? infodev@avaya.com