Design Reference

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesFabric-enabled multi-service edge switches

151

152

153

154

155

156

157

158

159

160

Table Of Contents

Contents
Chapter 1: Introduction
- Purpose
- Related resources
- Support
Chapter 2: New in this release
- VOSS 4.2.1
  - Features
  - Other changes
- VOSS 4.2
  - Features
  - Other changes
Chapter 3: Network design fundamentals
Chapter 4: Hardware fundamentals and guidelines
- Supported hardware
- Platform considerations
- Hardware compatibility for VSP 4000
- Supported optical devices
- Dispersion considerations for long reach
- 10/100BASE-X and 1000BASE-TX reach
- 10/100/1000BASE-TX Auto-Negotiation recommendations
- Auto MDIX
- CANA
Chapter 5: Optical routing design
- Optical routing system components
Chapter 6: Platform redundancy
- Power redundancy
- Input/output port redundancy
- Configuration redundancy
- Link redundancy
Chapter 7: Link redundancy
- Physical layer redundancy
- MultiLink Trunking
- 802.3ad-based link aggregation
Chapter 8: Layer 2 loop prevention
- Loop prevention and detection
- SLPP example scenarios
Chapter 9: Layer 2 switch clustering and SMLT
- Split MultiLink Trunk configuration
Chapter 10: Layer 3 switch clustering and RSMLT
- Routed SMLT
- Switch clustering topologies and interoperability with other products
Chapter 11: Layer 3 switch clustering and multicast SMLT
- General guidelines
- Multicast triangle topology
- Square and full-mesh topology multicast guidelines
- SMLT and multicast traffic issues
Chapter 12: Spanning tree
- Spanning tree and protection against isolated VLANs
- MSTP and RSTP considerations
Chapter 13: Layer 3 network design
- VRF Lite
- Virtual Router Redundancy Protocol
- Open Shortest Path First
- Border Gateway Protocol
- IP routed interface scaling
- IPv6
Chapter 14: SPBM design guidelines
- 802.1aq standard
- VLANs without member ports
- Provisioning
- Implementation options
- Reference architectures
- Solution-specific reference architectures
- Best practices
- SPBM restrictions and limitations
- IP multicast over Fabric Connect restrictions
Chapter 15: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Split-subnet and multicast
- Protocol Independent Multicast-Sparse Mode guidelines
- Protocol Independent Multicast-Source Specific Multicast guidelines
- Multicast for multimedia
Chapter 16: System and network stability and security
- DoS protection mechanisms
- Damage prevention
- Data plane security
- Control plane security
- Additional information
Chapter 17: QoS design guidelines
- QoS mechanisms
- QoS interface considerations
- Network congestion and QoS design
- QoS examples and recommendations
Chapter 18: Layer 1, 2, and 3 design examples
- Layer 1 example
- Layer 2 example
- Layer 3 example
Glossary

The access-strict parameter ties to the accesslevel parameter. If you enable access-

strict, the access policy looks at the accesslevel parameter, and only applies to that

access level. Use the following configuration as an example:

VSP-9012:1(config)#show access-policy

AccessPolicyEnable: off

Id: 1

Name: default

PolicyEnable: false

Mode: allow

Service: ftp|http|telnet|ssh

Precedence: 128

NetAddrType: any

NetAddr: N/A

NetMask: N/A

TrustedHostAddr: N/A

TrustedHostUserName: none

AccessLevel: readOnly

AccessStrict: false

Usage: 0

If you disable access-strict (false), the policy looks at the value for accesslevel, and

then the system applies the policy to anyone with equivalent rights or higher. In this example,

all levels include read-only so the default policy applies to l1, l2, l3, rw, ro, and rwa. If you

enable access-strict, the system applies the policy only to ro.

Note:

If you configure the access policy mode to deny, the system checks the mode and service,

and if they match the system denies the connection. With the access policy mode

configured to deny, the system does not check accesslevel or access-strict

information. If you configure the access policy mode to allow, the system continues to

check the accesslevel and access-strict information.

For SNMP and access policies, you must apply the service to the access policy. The only

choice is SNMPv3 but this parameter applies to all versions of SNMP. The additional command

access-policy <1–65535> snmp-group WORD<1–32> <snmpv1|snmpv2|usm>

applies the policy to the SNMP community or the SNMP group.

Note:

If you enable enhanced secure mode, the system can provide role-based access levels,

strong password requirements, and strong rules on password length, password complexity,

password change intervals, password reuse, and password maximum age use. For more

information, see Administration for Avaya Virtual Services Platform 4000 Series,

NN46251-600.

• Filters

ACL filters are used by individual VLANs to filter out packets based on source MAC,

destination MAC and other criteria.

For more information about these filters, see Configuration - QoS and ACL-Based Traffic

Filtering Avaya Virtual Services Platform 4000 Series, NN46251-502.

• Limited MAC learning

Data plane security

June 2015 Network Design Reference for Avaya VSP 4000 Series 153

Comments on this document? infodev@avaya.com