Network security
Security at Layer 3: announce and accept policies
You can use route policies to selectively accept/announce some networks and to block the
propagation of some routes. Route policies enhance the security in a network by hiding the visibility
of some networks (subnets) to other parts of the network.
You can apply one policy for one purpose. For example, you can apply a RIP announce policy on a
given RIP interface. In such cases, all sequence numbers under the given policy are applied to that
filter. A sequence number also acts as an implicit preference (that is, a lower sequence number is
preferred).
For more information about routing policies, see
Routing protocol security
You can protect OSPF and BGP updates with an MD5 key on each interface. At most, you can
configure two MD5 keys per interface. You can also use multiple MD5 key configurations for MD5
transitions without bringing down an interface.
For more information, see Avaya Ethernet Routing Switch 8800/8600 Configuration — OSPF and
RIP, NN46205-522 and Avaya Ethernet Routing Switch 8800/8600 Configuration — BGP Services,
NN46205-510.
Control plane security
The control plane physically separates management traffic using the out of band (OOB) interface.
The control plane facilitates High Secure mode, management access control, access policies,
authentication, Secure Shell and Secure Copy, and SNMP, each of which is described in the
sections that follow.
Control plane security navigation
•
Management port
•
Management access control
•
High Secure mode
•
Security and access policies
•
RADIUS authentication
•
TACACS+
on page 284
•
Encryption of control plane traffic
June 2016
on page 279
on page 280
on page 271
on page 281
on page 282
on page 285
Planning and Engineering — Network Design
Comments on this document? infodev@avaya.com
DVMRP policies
on page 193.
278