Overview - Avaya ERS 2500 Technical Configuration Manual

1. Overview

On an ERS 2500, ERS 4500, or ERS 5000 series switch, there is no access security enabled by
default. This allows a user to access the switch either via the local serial port, HTTP (WEB), or via
Telnet without any user name or password protection. Password protection for Telnet, WEB, or
SSH (user name & password) can be added using local user names and passwords or
authenticating against an external RADIUS or TACACS+ server. In regards to SSH, password
authentication can be enable or disabled in addition to using SSH with public key authentication.
By default, SNMPv1/SNMPv2c is enabled using read and write community strings of public and
private. This can be changed if you wish to use community strings for authentication. Or for
added security, you may wish to disable SNMPv1 and SNMPv2c and only use SNMPv3.
For added security, a source IP manager control list can be added. This list can contain
anywhere from 1 to 50 source IPv4 and/or IPv6 addresses, up to 50 each, that are allowed
access to the switch. This control list in turn can be applied to any access method including
SNMP, SSH, Telnet, and/or WEB.
If SSH is required, the secure version of the software must be installed on the switch.

For each switch model, there is a secure image and standard software image available.
All switches ship with the standard agent image installed.
Avaya Inc. – External Distribution
avaya.com
5