Page 1 Administration for the Avaya G250 and Avaya G350 Media Gateways 03-300436 Issue 3 February 2007...
Page 2 Avaya support Avaya provides a telephone number for you to use to report problems or to ask questions about your product. The support telephone number is 1-800-242-2121 in the United States. For additional support telephone numbers, see the Avaya Web site: http://www.avaya.com/support...
Page 3: Table Of Contents
Chapter 1: Introduction ......G250 and G350 contents .......
Page 4 Accessing the CLI via a modem connection to the S8300 ... Accessing Avaya IW ........
Page 5 Configuring the Primary Management Interface (PMI) ....Setting the PMI of the G250/G350......
Page 6 SLS service........Avaya phones supported in SLS ......
Page 7 Chapter 6: Configuring Ethernet ports ....175 Ethernet ports on the G250 ......
Page 8 Header compression configuration options ....Configuring IPHC-type header compression ....8 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 9 E1/T1 default settings ......Configuring the Avaya MM342 USP WAN media module ... .
Page 10 Configuration Example for Site A..... . . Configuration Example for Site B..... . . 10 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 11 Load detection ........How the G250/G350 detects a powered device (PD)... . .
Page 12 Multi VLAN binding ....... . G250/G350 VLAN table ......
Page 13 Contents Configuring QoS fault and clear traps ....Configuring the trap rate limiter ..... . . Analyzing RTP statistics output .
Page 14 CNA tests ........Configuring the G250/G350 test plug for registration ....
Page 15 Contents Configuring DHCP and BOOTP relay......DHCP ........BOOTP .
Page 16 Chapter 19: Configuring IPSec VPN ....447 G250/G350 R2.2 VPN capabilities......
Page 17 Contents Failover using DNS ......Failover using a peer-group......Check-List for Configuring site-to-site IPSec VPN .
Page 18 Chapter 23: FIPS....... 571 G250 image and interfaces ......
Page 19 Appendix A: Traps and MIBs ......627 G250/G350 traps ........
Page 20 ........697 20 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 21: About This Book
You can download the latest version of the Administration for the Avaya G250 and Avaya G350 Media Gateways from the Avaya Web site. You must have access to the Internet, and a copy of Acrobat Reader must be installed on your personal computer.
Page 22: Related Resources
03-300430 Media Gateways and Servers Maintenance Commands for Avaya Communication Manager 4.0, 03-300431 Media Gateways and Servers Maintenance Procedures for Avaya Communication Manager 4.0, 03-300432 Media Gateways and Servers 22 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 23: Technical Assistance
Toll fraud, call Avaya Toll Fraud Intervention at 1-800-643-2353 ● International For all international resources, contact your local Avaya authorized dealer for additional help. Trademarks All trademarks identified by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.
Page 24: Sending Us Comments
E-mail, send your comments to: ● document@avaya.com Fax, send your comments to: ● 1-303-538-1741 Mention the name and number of this book, Administration for the Avaya G250 and Avaya G350 Media Gateways, 03-300436. 24 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 25: Chapter 1: Introduction
— telephone exchange and data networking. The G250 and G350 each feature a VoIP engine, WAN router, and Power over Ethernet LAN switch. The G350 provides full support for legacy DCP and analog telephones.
Page 26: G250 And G350 Support Information
ISDN BRI trunks ● G250 with WAN media module You can also add a plug-in WAN media module to the G250 for support of E1/T1 and USP WAN data lines. 26 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 27: G250 Available Models
Analog model (G250-Analog). The G250-Analog includes four analog trunk ports, two ● analog line ports, a Fast Ethernet WAN port, and eight PoE LAN ports. BRI model (G250-BRI). The G250-BRI replaces three out of four of the G250’s fixed ● analog trunk ports with two ISDN BRI trunk ports.
Page 28 Introduction 28 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 29: Chapter 2: Configuration Overview
35. Defining the Console interface The first thing you should do when configuring a new G250/G350 is to assign an IP address to the console interface. It is not necessary to include a subnet mask. 1. Use the interface console command to enter the console context.
Page 30: Defining The Usb Interface
Configuration overview Defining the USB Interface If you intend to use a USB modem to connect to the G250/G350, you should also assign an IP address to the USB interface. It is not necessary to include a subnet mask. 1. Use the interface USB command to enter the USB context.
Page 31: Configuration Using Cli
Configuration using CLI Configuration using CLI You can use the Avaya G250/G350 Media Gateway CLI to manage the G250/G350. The CLI is a command prompt interface that enables you to type commands and view responses. For instructions on how to access the G250/G350 CLI, see Accessing the CLI on page 35.
Page 32: Saving Configuration Changes
Configuration overview You can also use the Avaya G350 Manager to configure most features of the G250/G350. The Avaya G350 Manager is a GUI application. You can access the Avaya G350 Manager from Avaya Integrated Management software or from a web browser. Most of the commands that are available through the G250/G350 CLI are also available through the Avaya G350 Manager.
Page 33 If it becomes necessary to use the older version, you can type the command set boot bank bank-x and then reset the G250/G350 to use the older version. This is particularly important when uploading new versions.
Page 34 Configuration overview 34 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 35: Chapter 3: Accessing The Avaya G250/G350 Media Gateway
Chapter 3: Accessing the Avaya G250/ G350 Media Gateway You can access the Avaya G250/G350 Media Gateway using the CLI, the IW, the GIW, the PIM, and the Avaya Communication Manager. You can manage login permissions by using and configuring usernames and passwords, and by configuring the G250/G350 to use SSH, SCP, RADIUS authentication, and the 802.1x protocol.
Page 36: Cli Contexts
Vlan 1 interface and displays help for the bandwidth command. G350-001(super)# interface vlan 1 G350-001(super-if:Vlan 1)# bandwidth ? Bandwidth commands: ---------------------------------------------------------------------- Syntax: bandwidth <kilobytes size> <kilobytes size> : integer (1-10000000) Example: bandwidth 1000 36 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 37: Accessing Cli Via Local Network
PPP network connection from a modem at the remote location. You can use either a USB modem connected to the USB port on the front panel of the G250/G350 or a serial modem connected to the console port on the front panel of the G250/G350. You must only use an approved Avaya serial cable.
Page 38: Accessing The Cli Via A Serial Modem
4. Open any standard telnet program on the remote computer. 5. Open a telnet session to the IP address of the USB port on the G250/G350. For instructions on how to set the IP address of the USB port (i.e., the USB interface), see...
Page 39: G250/G350 Serial Modems
Configuring the Primary Management Interface (PMI) page 70. 1. Connect a USB modem to either of the two USB ports on the Avaya S8300 Media Server. 2. Use the Avaya Maintenance Web Interface (MWI) to configure the USB port on the S8300 for modem use.
Page 40: Accessing Avaya Iw
The Avaya Installation Wizard (Avaya IW) is a web-based installation wizard that is used with the Avaya G250/G350 Media Gateway to perform initial configuration tasks and to upgrade software and firmware. The Avaya IW is designed for use with systems that include an S8300 Media Server, operating in either ICC or LSP mode. See...
Page 41: Accessing Giw
G250/G350 that does not include an S8300 Media Server. You can use the GIW to perform initial configuration of the G250/G350 and to upgrade software and firmware. Specifically, you can perform the following tasks with the GIW: Configure PMI information —...
Page 42: Access The Giw
85 Access the GIW 1. Install GIW on a laptop computer from the CD provided by Avaya. The laptop should be running Windows 2000 or Windows XP. 2. Plug one end of an RJ-45 to RJ-45 cable into a DB-9 adapter.
Page 43: Accessing Pim
G250/G350 Media Gateway provides. Run the Avaya Communication Manager software on a media server. There might be several media servers on your network that can control the Avaya G250/G350 Media Gateway. Access Avaya Communication Manager on any media server that is a Media Gateway Controller (MGC) for the Avaya G250/G350 Media Gateway.
Page 44: Managing Login Permissions
In addition to its basic security mechanism, the G250/G350 supports secure data transfer via SSH and SCP. The G250/G350 can be configured to work with an external RADIUS server to provide user authentication. When RADIUS authentication is enabled on the G250/G350, the RADIUS server operates in conjunction with the G250/G350 security mechanism.
Page 45: Privilege Level
Managing login permissions Privilege level When you start to use Avaya G350 Manager or the CLI, you must enter a username. The username that you enter sets your privilege level. The commands that are available to you during the session depend on your privilege level. If you use RADIUS authentication, the RADIUS server sets your privilege level.
Page 46: Rsa Authentication Process
The G250/G350 sends the public key (the fingerprint) to the client computer. This public ● key is used by the client to encrypt the data it sends to the G250/G350. The G250/G350 decrypts the data using the private key. Both sides negotiate and must agree on the same chipper type. The G250/G350 only ●...
Page 47: Scp Protocol Support
In addition to data transfer via an SSH session, the SSH protocol is used to support SCP for secure file transfer. When using SCP, the G250/G350 is the client, and an SCP server must be installed on the management station. After users are defined on the SCP server, the G250/ G350 acts as an SCP client.
Page 48: Using Radius Authentication
3. Use the set radius authentication server command to set the IP address of the primary or secondary RADIUS Authentication server. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. 48 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 49: Changing Radius Parameters
LAN port and of preventing access to that port in cases where the authentication process fails. On the G350, you can enable 802.1x on the MM314 and MM316 media modules’ 10/100 Ethernet ports. On the G250, you can enable 802.1x on the eight Ethernet LAN PoE ports located on the G250’s front panel.
Page 50: Authentication Modes
Supplicant — an entity (the host) at one end of a point-to-point LAN segment that is ● requesting authentication Authenticator — an entity (in this case the G250/G350) at the other end of a point-to-point ● LAN segment that facilitates authentication of the Supplicant Authentication (RADIUS) Server —...
Page 51: 802.1X Modes
LAN and WAN port on the chassis nor the uplink port in the MM314 (10/100/1G copper) and MM316 (10/100/1G copper) media modules support 802.1x. On the G250, you can enable 802.1x on the eight Ethernet LAN PoE ports located on the G250’s front panel. 802.1x is not supported on the G250-DCP model.
Page 52 For example: G350-001(super)# set dot1x system-auth-control enable To disable 802.1x authentication on the G250/G350, use the command set dot1x system-auth-control disable. Once the authentication process is enabled, the process proceeds as follows: The Supplicant is asked to supply a user name and password.
Page 53 Managing login permissions 5. Use the set dot1x port-mode command, followed by an authentication mode, to specify the mode of authentication for all G250/G350 ports: port-based (single supplicant) or MAC-based (multi supplicants). For example: G350-001(super)# set dot1x port mode mac-based-authentication...
Page 54: Manual Re-Authentication
● to 65535), to set the authenticator-to-supplicant retransmission timeout period (the time for the G250/G350 to wait for a reply from the Authenticated Station) for all ports on which 802.1x is enabled. Use the set port dot1x supp-timeout command, followed by the module and port ●...
Page 55: Displaying 802.1X Parameters
Use the show dot1x command to display the system 802.1x parameters, including ● whether 802.1x is enabled or disabled on the G250/G350 and the Supplicants’ status. Use the show port dot1x command to display all the configurable values associated ●...
Page 56 The number of currently connected supplicants. Authenticated The number of authenticated supplicants connected to Supplicants the G250/G350. Authenticating The number of supplicants connected to the G250/ Supplicants G350 being authenticated (not authenticated yet). 56 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 57: Special Security Features
The G250/G350 includes a special recovery password. The purpose of the recovery password is to enable the system administrator to access the G250/G350 in the event that the regular password is forgotten. You can only use the recovery password when accessing the G250/ G350 via a direct connection to the console port.
Page 58: Enabling And Disabling Telnet Access
The new MCK is now in effect. Enabling SYN cookies The G250/G350 provides various TCP/IP services and is therefore exposed to a myriad of TCP/ IP based DoS attacks. 58 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 59 Special security features DoS (Denial of Service) attacks refers to a wide range of malicious attacks that can cause a denial of one or more services provided by a targeted host. Specifically, a SYN attack is a well-known TCP/IP attack in which a malicious attacker targets a vulnerable device and effectively denies it from establishing new TCP connections.
Page 60: Configuring Syn Cookies
Media Gateway IP interfaces and gateway applications such as WAN routers, PoE switches, and VPN devices can be at risk for Denial of Service (DoS) attacks. The G250/G350 identifies predefined or custom-defined traffic patterns as suspected DoS attacks and generates SNMP notifications, referred to as Managed Security Services (MSS) notifications.
Page 61: Mss Reporting Mechanism
MSS notifications are intercepted and, if certain conditions are met, may be forwarded to the Avaya Security Operations Center (SOC) as INADS alarms. The SOC is an Avaya service group that handles DoS alerts, responding as necessary to any DoS attack or related security issue.
Page 62 3. Use the set mss-notification rate command to modify the MSS reporting rate, if necessary. The default is 300 seconds. The G250/G350 counts events for each Denial of Service (DoS) class for the duration of the interval. At the end of each interval, if the count...
Page 63: Dos Attack Classifications
MALFRAGMENTED_IP Malfragmented IP packets on "TO-ME" interfaces. MALFORMED_IP Malformed IP packets. The G250/G350 reports malformed IP packets when: The IP version in the IP header is a value ● other than 4. The IP header length is smaller than 20.
Page 64: Defining Custom Dos Classifications
3. Use the dos-classification command to configure the name of the DoS attack classification. Possible values are: fraggle, smurf, ip-spoofing, other-attack-100, other-attack-101, other-attack-102, other-attack-103, other-attack-104, and other-attack-105. For example: G350-001(super-ACL 301/ip rule 1)# dos-classification smurf Done! 64 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 65 Special security features 4. Define the packet criteria to which the ACL rule should apply. See Rule criteria page 540. For example, you can use destination-ip to specify that the rule applies to packets with a specific destination address and you can use ip-protocol to specify that the rule applies to packets with a specific protocol: G350-001(super-ACL 301/ip rule 1)# destination-ip 255.255.255.255 0.0.0.0 Done!
Page 66: Mss Cli Commands
MSS notifications. Sets the interval time, in seconds, Config set mss-notification rate between MSS notifications. seconds Shows the interval time, in seconds, Read Only show mss-notification rate between MSS notifications. 66 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 67: Example
Special security features Example The following example demonstrates the configuration of MSS notifications using ACL rules. In this example, smurf packets (ICMP packets that are sent to a limited broadcast destination) arriving at interface VLAN 203 are defined as a DoS attack to be reported in MSS notifications. //create and enter the configuration mode of access control list 301: G350-001(super)# ip access-control-list 301 //create and enter the configuration mode of ip rule 1:...
Page 68 Accessing the Avaya G250/G350 Media Gateway 68 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 69: Chapter 4: Basic Device Configuration
G250/G350 ● Defining an interface All interfaces on the G250 and G350 must be defined by the administrator, after installation of the G250/G350. 1. Use the interface command to enter the interface context. Some types of interfaces require an identifier as a parameter.
Page 70: Configuring The Primary Management Interface (Pmi)
G250/G350 automatically becomes the PMI. You can subsequently assign any IP interface to be the PMI. The PMI is used as the IP address of the G250/G350 for the following management functions: Registration of the G250/G350 to an MGC ●...
Page 71: Defining The Default Gateway
● Defining the default gateway The G250/G350 uses a default gateway to connect to outside networks that are not listed on the G250/G350’s routing table. To define a default gateway, use the ip default-gateway command, followed by either the IP address or name (type and number) of the interface you want to define as the default gateway.
Page 72: Survivability And Migration Options
Several options exist to minimize network disruption in the event that connectivity between the G250/G350 and the media server or media gateway controller (MGC) is lost. MGC list. You must register the G250/G350 with at least one, and up to four, MGCs. The ●...
Page 73: Configuring The Mgc List
Enhanced Local Survivability (ELS). ELS is available for both the G250 and the G350 ● using a local S8300 or S8500 functioning in LSP mode. If the ECC stops serving the G250/ G350, the S8300 takes over the service. Auto fallback to primary MGC. This feature provides a means by which a G250/G350 ●...
Page 74: Setting The G250/G350'S Mgc
Basic device configuration Setting the G250/G350’s MGC Use the set mgc list command to set the G250/G350’s MGC. You can enter the IP addresses of up to four MGCs with the set mgc list command. The first MGC on the list is the primary MGC.
Page 75: Removing One Or More Mgcs
G350-001(super)# set reset-times transition-point 1 Done! In this example, in the event of a loss of connection with the registered MGC, the G250/G350 searches for the primary MGC on its MGC list for 20 minutes. If the G250/G350 does not establish a connection with the primary MGC within this time, it searches for the other MGCs on the list for a total of 40 minutes.
Page 76: Accessing The Registered Mgc
When a local MGC controls telephone services on the Avaya G250/G350 Media Gateway in ICC or LSP mode, the G250/G350 monitors the connection with the MGC. If the connection with the MGC is lost, the G250/G350 starts a recovery process.
Page 77: Dns Resolver
- Dialer interface - Serial interface The most common application of this configuration is for connecting the G250/G350 to the Internet and getting the DNS server information from the ISP. Therefore, interfaces configured to automatically learn the DNS servers in the system are usually the Fast Ethernet with PPPoE interface and the Dialer interface.
Page 78: Typical Dns Resolver Application - Vpn Failover
IP address of the second main office. It will then start a VPN tunnel with the second main office. This typical application is described in full in Failover using DNS on page 511. Figure 3: VPN DNS topology 78 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 79: Configuring Dns Resolver
Specify the domain name. ● 6. Repeat step 5 to configure additional domain names. You can configure up to six domain names. G350-001(config)# ip domain list 1 avaya.com Done! G350-001(config)# ip domain list 2 emea.avaya.com Done! 7. Optionally, configure the number of DNS query retries, using the ip domain retry command.
Page 80 G350-001(config)# ip domain lookup Done! Important: If either DHCP Client or PPP are configured in the G250/G350, you need not Important: configure DNS Resolver at all, because: - DNS Resolver is enabled by default, and - DHCP Client and PPP discover DNS servers automatically, so the list of DNS servers will include the automatically-learned DNS servers.
Page 81: Dns Resolver Configuration Example
G350-001(config-name-server-list:1)# name-server 1 1.1.1.1 Done! G350-001(config-name-server-list:1)# name-server 2 2.2.2.2 Done! G350-001(config-name-server-list:1)# name-server 3 3.3.3.3 Done! G350-001(config-name-server-list:1)# exit G350-001(config)# ip domain list 1 support.avaya.com Done! G350-001(config)# ip domain list 2 global.avaya.com Done! G350-001(config)# ip domain list 3 avaya.com Done! G350-001(config)# ip domain retry 4...
Page 82: Maintaining Dns Resolver
You can also enable logging messages to a log file or a Syslog server. For a full Note: description of logging on the G250/G350, see Chapter 7: Configuring logging on page 187. 82 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 83: Viewing The Status Of The Device
Viewing the status of the device Viewing the status of the device To view the status of the Avaya G250/G350 Media Gateway, use the following commands. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437.
Page 84: Software And Firmware Management
The Avaya G250/G350 Media Gateway can be a client for the FTP and TFTP protocols. Use either a USB device or the FTP or TFTP protocols to transfer files between the Avaya G250/ G350 Media Gateway and other devices. You can use file transfer to: Install software and firmware upgrades on the G250/G350 ●...
Page 85: Software And Firmware Upgrades
To use FTP/TFTP file transfer, you need to have an FTP server or TFTP server on your network. Note: If you use an FTP server, the G250/G350 prompts you for a username and Note: password when you enter a command to transfer a file. Also, when opening an FTP connection to the S8300, all anonymous FTP file transfers are restricted to the /pub directory.
Page 86: Upgrading Software And Firmware Using Ftp/Tftp
Loading firmware from the non-default bank You can use the ASB button on the G250/G350 front panel to load firmware from the bank other than the default bank during startup: 1. Press and hold the reset button.
Page 87: Upgrading Firmware Using A Usb Mass Storage Device
Use the copy tftp SW_imageB command to upgrade the G250/G350 firmware into ● Bank B from a TFTP server. Use the copy tftp EW_archive command to upgrade the Java applet for Avaya G350 ● Manager software from a TFTP server.
Page 88 Basic device configuration 3. Remove the USB storage device from the PC, and insert it in the G250/G350 USB port. 4. Copy the firmware file(s) to the G250/G350 using one of the following commands: Use the copy usb SW_imageA command to upgrade the G250/G350 firmware into ●...
Page 89: Backing Up And Restoring The G250/G350 Using A Usb Mass Storage Device
CLI commands for backing up and restoring files to/from a USB mass storage device enable you to use the USB port for efficient restoring or replicating of a G250/G350 media gateway and for replacing and upgrading media modules. Using the USB port you can back up or restore multiple files with one CLI command, which is simpler than the alternative TFTP/FTP/SCP method, in which files are copied and restored individually.
Page 90 Back up the gateway regularly to a USB mass storage device. This backup can be very helpful in restoring the gateway’s configuration if it becomes faulty, or in restoring the entire gateway. 1. Connect a USB mass storage device to the G250/G350 USB port. 2. Type copy running-config startup-config to commit the current configuration to NVRAM.
Page 91: Restoring Backed Up Configuration And Administration Files To A Gateway Using A Usb Mass Storage Device
Restoring backed up configuration and administration files to a gateway using a USB mass storage device 1. Make sure you have a backup of the G250/G350 on a USB mass storage device. Refer to Backing up administration and configuration files using a USB mass storage device page 89.
Page 92 Basic device configuration 6. If the new G250/G350 firmware version is 26.x.y or above, add a G250/G350 firmware to the USB storage device, as follows: a. From the Avaya support web site, download to your PC the same version of G250/ G350 firmware as was running in the faulty G250/G350.
Page 93 Software and Firmware Management Table 8: Backup file and directory naming convention on a USB mass storage device Root directory Sub-directory Files Comments Backup directory name backup-25-Nov-2005 File with backup info readme.txt Configuration file startup_config.cfg Customer-specific Voip audio.bin parameters VPN license file vpn_license.cfg Authentication file auth-file.cfg...
Page 94: Replacing/Adding/Upgrading Media Modules Using A Usb Mass Storage Device
Installing and Upgrading the Avaya G250 Media Gateway, 03-300434 or Installing and Upgrading the Avaya G350 Media Gateway, 03-300394. 17. Update the S8300 on the new G250/G350 with the serial number of the new gateway, otherwise the gateway is not be able to register in the Avaya Communication Manager.
Page 95: Copying Files To/From A Usb Mass Storage Device
555-233-506. Copying files to/from a USB mass storage device You can use a USB mass storage device inserted into the G250/G350 USB port to copy individual files to/from a USB mass storage device. Copying files to a USB mass storage device...
Page 96: Backing Up And Restoring Configuration Files
A configuration file is a data file that contains a complete set of configuration settings for the Avaya G250/G350 Media Gateway. You can use configuration files to back up and restore the configuration of the G250/G350. You can back up either the running configuration or the startup configuration to the server as a configuration file.
Page 97: Backing Up/Restoring A Configuration File Using Ftp/Tftp/Scp
Listing the files on the Avaya G250/G350 Media Gateway Use the dir command to list all G250/G350 files. When you list the files, you can see the version numbers of the software components. The dir command also shows the booter file, which cannot be changed.
Page 98 Basic device configuration 98 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 99: Chapter 5: Configuring Standard Local Survivability (Sls)
Chapter 5: Configuring Standard Local Survivability (SLS) Standard Local Survivability (SLS) provides a local G250/G350 with a limited subset of MGC functionality when there is no IP-routed WAN link available to an MGC, or no MGC is available. SLS is not a replacement for ELS or LSP survivability, which offer full call-feature functionality and full translations in the survivable mode.
Page 100: Avaya Phones Supported In Sls
2420 4602sw 6402 4610sw 6402D 4612 6408 (default) 4620 6408+ 4620sw 6408D 4621 6408D+ 4622 6416D+ 4624 6424D+ 4625 8403B 8405B 8405B+ 8405D 8405D+ 8410B 8410D 8411B 8411D 8434D 100 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 101: Call Processing In Sls Mode
The new Avaya 96xx IP phone family is not directly referenced in the G250/G350 CLI. When you administer these phones via the CLI, use the following mapping: Model name CLI interface name 9610 4606 9620 4610 9630 4620 9640 4620...
Page 102: Call Processing Not Supported By Sls
Last Number Redial ● Call Forwarding-Busy/Don’t Answer ● No Music On Hold source or announcement playback ● Call Center features, including ASAI ● Connection Preserving Failover/Failback for H.248 Gateways ● 102 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 103: Provisioning Data
Provisioning data SLS requires that the G250/G350 has connected to an MGC at least once and has received provisioning information, including: Avaya Communication Manager port information sent through the H.248 control channel: ● - Tone sources, including a distinctly different dial tone to inform users that the system is...
Page 104: Pim Configuration Data
RAM (NVRAM) on the G250/G350. After the initial data collection, PIM retains a copy of the data set for each G250/ G350. This set is compared with subsequent data sets to determine if anything has changed: If the data set changes, the newer data set is pushed down to the media gateway.
Page 105: Setup State
The G250/G350 closes the SLS socket after maintenance determines that it has ● completed an H.248 registration with the primary MGC. SLS determines that it needs to unregister with the G250/G350 due to internal error ● conditions. Issue 3 February 2007...
Page 106: Sls Interaction With Specific G250/G350 Features
PSTN trunk to the DID port. The number of sent digits (3-4 typically) and signaling type (Pulse/DTMF) are also configurable at ordering time. 106 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 107: Multiple Call Appearances In Sls Mode
● Pressing the winking call appearance button ● Analog phones Newer analog phones (for example, Avaya 62xx series) have buttons with specific functions for placing a call on Hold: Hold button sends the hold message to the server ● Flash button sends switchhook signal to the server ●...
Page 108 If you want to toggle between the first and second calls, press the switchhook and dial the FAC once each time you want to change calls. 108 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 109: Call Transfer In Sls Mode
Transferring an established call from an analog phone Newer analog phones (for example, Avaya 62xx series) have buttons with specific functions for transferring a call. The Switchhook (receiver on/off hook) sends a disconnect signal to the server, and the Transfer/Flash button sends a transfer message to the server.
Page 110: Using Contact Closure In Sls Mode
Note: If the Contact Closures are set to manual operation, FAC operation will not work Note: even though the confirmation tone is heard. An event will be logged, however. 110 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 111: Ip Softphone Shared Administrative Identity In Sls Mode
The SLS mode supports shared administrative identity with the Avaya Softphone application, but requires specific station administration. 1. Access the CM administrative SAT interface. For instructions on accessing the Avaya Communication Manager through the G250/G350, see Accessing the registered MGC page 76.
Page 112: Emergency Transfer In Sls Mode
ETR mode after the gateway registers with a new server, Communication Manager maintenance must busy out the ports until it receives notification that the ports are idle and available for use. 112 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 113: Sls Logging Activities
● Example of CDR log entries and format Figure 6: CDR log example G250-SLS(super)# show logging cdr file content 02/18/2005,10:46:35:CDR-Informational: 10:46 00:00 A 700 50029555 52001 v301 02/18/2005,10:45:46:CDR-Informational: 10:45 00:00 A 700 50029 52001 v301 02/18/2005,10:45:14:CDR-Informational: 10:45 00:00 A 700 52 52001 v301...
Page 114: Example Of Cdr Log With Contact Closure
15840 is the extension that activated the feature. ● PULSE indicates the Contact Closure operation (could also be OPEN or CLOSE) ● 003 is the media gateway number. ● 2 is the Contact Closure number. ● 114 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 115: Configuring Sls
Configuring SLS Configuring SLS SLS is installed when the G250/G350 is installed. However, for SLS to actually work, the following conditions must be met: Avaya Communication Manager must be configured for SLS and Auto Fallback. For ● instructions on configuring SLS in Avaya Communication Manager, see...
Page 116 This field value (immediately) is only one of the four (4) possible choices. See Note: the Administrator Guide for Avaya Communication Manager (03-300509) for more information on the values for this field. 9. Submit the form. 116 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 117 Configuring the SLS data through the CLI on page 142, Step 2). Max Survivable IP Ext field only appears when the Type field is G250 or G350. The ● current maximum product limits enforced by the SLS gateway’s firmware module are: G250: a limit of 12 ●...
Page 118 Survivable ARS Analysis Table. Those strings administered as deny are also denied to these users as well. Note: This field is only for analog and IP station types. Note: 118 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 119 Configuring SLS Figure 8 shows the hierarchical relationship among the calling-restriction categories. Figure 8: Inherited Class of Restriction (COR) permissions Emergency Internal Local Toll Unrestricted cydsetru LAO 031405 Figure notes: Unrestricted: users can dial any Local: users can only dial these call valid routable number, except an types: ARS pattern specifically...
Page 120: Using Pim To Manage Sls Administration On The Gateway
121) and perform the following: a. Check the Enable the SLS feature on this device? box to enable SLS on the G250/ G350. A cleared box means that SLS is disabled. b. Check the Perform scheduled SLS updates on this device? box to send the SLS...
Page 121 Configuring SLS Figure 9: SLS / ARS page View Extract displays the current SLS administration data set for this gateway. ● Perform Extract extracts the SLS information from the controlling Communication ● Manager server for this Media Gateway. Actions enables you to edit or delete a previously-administered entry: ●...
Page 122 The number of dialed digits to be deleted from the beginning of the dialed string. Default: 0. Inserted Digits The digit string to be inserted at the beginning of the dialed string. Default: 0. 1 of 2 122 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 123 Configuring SLS Table 11: SLS ARS Entry page field options (continued) Field Description Call Type Can be any of the following: emer (emergency call) fnpa (10-digit NANP call) hnpa (7-digit NANP call) intl (public-network international number call) iop (international operator call) locl (public-network local number call) natl (non-NANP call) op (operator)
Page 124 Note: The Daily Updates must be at least 4 hours apart. Note: c. Click Submit. 11. Use the Backup/Restore page (Figure 12) to backup the PIM database backup schedule. 124 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 125 Configuring SLS Figure 12: Backup/Restore page (PIM) Note: Step 11 backs up the PIM database. Avaya encourages users to set a PIM Note: backup schedule/policy independent of the SLS implementation. Note: If you require the use of the Incoming Call Handling Treatment option for adding/...
Page 126: Enabling And Disabling Sls
SLS enabled on the G250/G350 through its CLI ● S8300 is not serving as an LSP ● G250/G350 is not subtending to another external server (including ESS or another LSP in ● another gateway) Planning and preparing the SLS data set...
Page 127 * 72 stations maximum (all types) You can collect the Communication Manager data using the CM administrative SAT interface. For instructions on accessing the Avaya Communication Manager through the G250/G350, see Accessing the registered MGC on page 76.
Page 128 Trunk destination while in SLS mode Switchhook Flash This field appears when Type is 2500. Name This is the user’s name * Page numbers might vary for your system. 128 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 129 Collecting DCP stations data 1. At the SAT, type list media-gateway and press Enter to display a list of administered gateways. 2. Look for any of the following supported gateways in the Type field: G250/G250-BRI/G250-DCP/G250-DS1 ● G350 ● 3. Once you know the media gateway of interest, match the gateway model with the digital...
Page 130 1. At the SAT, type list media-gateway and press Enter to display a list of administered gateways. 2. Look for any of the following supported gateways in the Type field: G250/G250-BRI/G250-DCP/G250-DS1 ● G350 ● 130 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 131 Configuring SLS 3. Type display media-gateway and press Enter and read the reported IP address for this gateway. 4. Type list node-name ip and compare the IP address of the media gateway in the list with the IP address of the gateway that you are administering for SLS. When you find a match in the node-name ip form, read the assigned node-name.
Page 132 ● G250-DCP: none ● G250-DS1: ports V401-V431 ● G350: refer to Table 32: Media Module-port values in SLS trunk-group context for the ● G350 (Analog Trunks) on page 164 132 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 133 Configuring SLS 7. Identify the G350 modules and check for provisioned trunk ports. 8. At the SAT, type display port portid, where the portid is the analog trunks port on the target gateway. The system reports the Trunk Group Number/Member Number for this particular port. 9.
Page 134 Connect Before Disconnect Send Name Specifies whether name is to be shared with network Send Calling Specifies whether number is to be shared with network Number 2 of 3 134 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 135 Configuring SLS Table 15: Trunk group data to assemble for SLS (continued) Page Field Name Notes Incoming Specifies how to fill the Calling Party Number and Called Calling Number Party Number IEs - Format Incoming Sets a destination station for routing incoming trunk group Destination calls Trunk Hunt...
Page 136 For the gateways, the first component is the 3 digit gateway number, followed next by a ‘v’, followed by the slot number, followed by 24 (T1) or 16 (E1). 1 of 2 136 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 137 This is needed only if the ‘Associated Signaling’ is administered as ‘no’. This does not apply to SLS on the G250. Specifies the channel of the DS1 circuit that carries the D-channel for ISDN signaling. This is an integer from ‘0’ through ‘31’.
Page 138 SLS data set. If there is no administered location, then at the SAT type display ● feature-access-codes and press Enter and gather the FAC information listed Table 138 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 139 Collecting System parameters data 1. At the SAT, type list media-gateway and press Enter to display a list of administered gateways. 2. Look for any of the following supported gateways in the Type field: G250/G250-BRI/G250-DCP/G250-DS1 ● G350 ● 3. Once you have determined the media gateway of interest, note its IP-Network-Region.
Page 140 Enter to display the administered route pattern(s). 2. For the first preference for this route-pattern entry, read the values of the following fields (described in Table 21): a. No Deleted Digits b. Inserted Digits 140 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 141 Configuring SLS 3. At the SAT, type list ars analysis and press Enter to search the ARS Analysis table for row entries whose Route Pattern field matches the route-pattern value(s) that were obtained in Step 1. Once you discover a match with Route Pattern, use the entries from this row in the ARS Analysis table to complete the following three entries for the SLS Dial-Pattern table (see Table...
Page 142: Configuring The Sls Data Through The Cli
Enter to enter the ● second-level subcontext for administering ISDN BRI links. 142 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 143 Configuring SLS dial-pattern context that is invoked by typing dial-pattern dialed-string and ● pressing Enter to enter the second-level subcontext for administering dial pattern strings. incoming-routing context that is invoked by typing incoming-routing ● tgnum mode pattern length and pressing Enter to enter the second-level subcontext for administering incoming routing.
Page 144 2 of 6 144 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 145 Configuring SLS Table 23: SLS CLI command hierarchy (continued) Root Level Commands First Level Context Second Level Context (survivable commands) Trunk-group set dial <tgnum>[<group-type>] set tac clear tac add port remove port set supervision set digit-treatment set digits set name set codeset-display set codeset-national set channel-preference...
Page 146 4 of 6 146 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 147 Configuring SLS Table 23: SLS CLI command hierarchy (continued) Root Level Commands First Level Context Second Level Context (survivable commands) bri<port-address> set name set interface set side set country-protocol set bearer-capability set interface-companding set tei-assignment set directory-number-a set directory-number-b set spid-a set spid-b set endpoint-init set layer1-stable...
Page 148 SLS administration of the gateway. 5. If you want to change the maximum allowable IP registrations from the default, use the set max-ip-registrations n command, where n is between 1-12 for the G250 and between 1-72 for the G350.
Page 149 10. Administer DS1 trunks as required (for G250-DS1and G350 only). Refer to Administering DS1 parameters on page 155. 11. Administer BRI links as required (for G250-BRI and G350 only). Refer to Administering BRI parameters on page 159. 12. Administer the trunk groups as described in Administering Trunk-group parameters page 161.
Page 150 18. At the gateway command prompt, type set survivable-call-engine enable to enable SLS on the gateway. 19. At the gateway command prompt, type copy running-config startup-config to save the changes. 150 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 151: Administering Station Parameters
Configuring SLS Administering Station parameters 1. At the gateway command prompt, type station extension class and press Enter to enter a second-level subcontext to administer each phone that you want covered by SLS. In this command, extension is a 1-13 digit numeric string that may begin with "0", and class is analog, dcp, or ip.
Page 152 Table 26: Module-port values in SLS station configuration mode Gateway Media Analog station module ports G250 V305, V306 G250-BRI V302, V303 G250-DCP V305, V306 V401-V412 G250-DS1 V302, V303 1 of 2 152 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 153 Examples set port v305 sets the previously-administered analog station "1234567" to the ● first physical analog station port on the G250-Analog gateway. set port v401 sets the previously-administered dcp station "1234567" to the first ● physical DCP station port on the G250-DCP gateway.
Page 154 ‘aaa.bbb.ccc.ddd’ Note: For currently-registered IP phones or IP Softphones, the IP address is displayed. Note: 11. Type exit to leave the station context in SLS. 154 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 155: Administering Ds1 Parameters
Configuring SLS Administering DS1 parameters 1. Type ds1 slot-address, where slot-address is any permitted port. The command line prompt changes to super-survivable-call-engine/ ds1-<port-address>. If you want to remove the ds1 trunk from the SLS administration, type exit to leave the second-level ds1 context to return to the (super-survivable-call-engine)# context, and then type clear ds1 slot-address.
Page 156 United States (AT&T mode, also known as 5ESS) Australia (Australia National PRI) Japan Italy Netherlands Singapore Mexico Belgium Saudi Arabia United Kingdom (ETSI) Spain France (ETSI) Germany (ETSI) 1 of 2 156 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 157 Configuring SLS Table 27: ISDN Layer-3 country codes (continued) Czech Republic Russia Argentina Greece China Hong Kong Thailand Macedonia Poland Brazil Nordic countries South Africa etsi ETSI (no use of RESTART message) qsig QSIG 2 of 2 10. For countries whose public networks allow for multiple ISDN Layer-3 country protocols for ISDN Primary Rate service, type set protocol-version option to specify the mode (see Table...
Page 158 11. If the DS1 link is employed with ISDN, type set bearer-cability bearer to set the Information Transfer Rate field of the Bearer Capability IE, where bearer is any of the following values: 3khz: 3.1kHz audio encoding ● speech: Speech encoding ● 158 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 159: Administering Bri Parameters
Configuring SLS 12. Type set interface-companding type to set the interface to agree with the companding method used by the far-end of the DS1 circuit for SLS mode, where type is any of the following values: alaw: A-law companding ● ulaw: U-law companding ●...
Page 160 (stable) between calls. Some European countries, France, for example, require that the physical layer is deactivated when there is no active call. 160 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 161: Administering Trunk-Group Parameters
Configuring SLS 15. Type show to check the BRI administration. The report lists the BRI parameters: Name = BRI-SLS1 Interface Side Country Bearer Compand Endpt-Init Layer1-Stable --------- ---- -------- ------ ------- ---------- ------------- v401 user country1 speech ulaw Dir-NumberA Dir-NumberB Spid-A Spid-B ----------- ----------- -------------- -------------- 3033234567...
Page 162 Configuring Standard Local Survivability (SLS) The maximum limits for a given trunk type are defined by the built-in ports on the G250 family members and are defined by the slot-configuration assignment for the G350. The maximum number of ports allowed per interface module is defined in...
Page 163 88 establishes access to this trunk group by dialing "88". ● 4. Type add port module port sig-group to specify the virtual integrated port (for G250/G350) or media module port (for G350) that is compatible with the device and/or media module (see Table 31...
Page 164 - G250 analog trunks: 4 members - G250 digital trunks: 30 members - G350 analog trunks: 99 members - G350 digital trunks: 99 members Table 31: Module-port values in SLS trunk-group context for the G250 (Analog Trunks) G250 model Analog loop-start trunks...
Page 165 Configuring SLS Table 33: Trunk port values in SLS trunk-group context for the G250 (Digital Trunks) G250 Model BRI Trunks DS1 Trunks group-type parameter is group-type parameter is: t1-isdn ● t1-inband ● e1-isdn ● e1-inband ● G250 G250-BRI V401 - Port 1, Channel B1...
Page 166 V304 administers an analog loop-start trunk through port V304 on either ● the G250-Analog or the G250-DCP. Example add port v401 adds a BRI trunk for the first physical port of the G250-BRI to a trunk ● group using one B-channel of the BRI link. Note: You cannot mix BRI and PRI trunks within the same trunk group.
Page 167 Configuring SLS insert1 ● insert2 ● insert3 ● insert4 ● Examples set digit-treatment absorb1 removes the first digit from the incoming DID ● trunk. set digit-treatment blank removes any digit treatment from the trunk group. ● 8. For analog DID trunk groups or DS1 tie trunk groups, type set digits digits to define the inserted digit string, where digits is the number of digits.
Page 168 19. For non-ISDN digital trunks, type set incoming-dialtone yes | no to specify whether to provide a dial tone in response to far-end trunk group seizures. 168 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 169: Administering Signaling-Group Parameters
A linear search from the highest to the lowest numbered available channels. ● 21. Type show to check the trunk-group administration. The report lists the trunk-group parameters. This example shows a G250-BRI that has all four trunk members assigned to one ● trunk-group: Group Type...
Page 170: Administering Dial-Pattern Parameters
2. Type set type dial-type, where dial-type specifies the type of outbound call and the dialing privileges available for outbound calls. The following call types are available: emer - Emergency calls only. ● fnpa - 10-digit North American Numbering Plan calls. ● 170 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 171 Configuring SLS hnpa - 7-digit North American Numbering Plan calls. ● intl - Public-network international number calls. ● iop - International operator calls. ● locl - Public-network local number calls. ● natl - Non-North American Numbering Plan calls. ● op - Operator calls. ●...
Page 172: Administering Incoming-Routing Parameters
Note that this action takes place after the deletion task has been completed for the enbloc-receiving mode. 6. Type exit to leave the incoming-routing context in SLS. 172 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 173: Up-Converting Sls Data To Release 4.0
Configuring SLS 7. Type show to check the incoming-routing administration. The report lists the incoming-routing parameters for all dial patterns that have been administered: Match_pattern Length Insert-digits Mode tgnum ------------- ------ ------------- ------ ----- 5381000 enbloc 5381001 enbloc Up-converting SLS data to Release 4.0 In order to re-use an SLS administration data set from an earlier release, you must convert it to Release 4.0 compatibility.
Page 174 Configuring Standard Local Survivability (SLS) 174 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 175: Chapter 6: Configuring Ethernet Ports
G350 Media Gateways. Ethernet ports on the G250 The switch and router on the Avaya G250 Media Gateway have various Ethernet ports. Ethernet ports on the G250 Media Gateway switch The switch on the Avaya G250 Media Gateway has the following Ethernet port: Eight 10/100 mbps fixed switch ports on the front panel (ports 10/3 - 10/10) ●...
Page 176: Ethernet Ports On The G350
Use a crossover network cable when you connect a computer or other endpoint device to the fixed router port. For the other Ethernet ports on the G250, you can use either a standard network cable or a crossover network cable to connect any device.
Page 177: Configuring Switch Ethernet Ports
295. Switch Ethernet port commands Use the following commands for basic configuration of switch Ethernet ports. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the set port auto-negotiation-flowcontrol-advertisement command ●...
Page 178: Configuring The Wan Ethernet Port
70. Advanced router features. For more information, see Chapter 18: Configuring the router. ● VoIP queuing. For more information, see Configuring QoS parameters on page 206. ● 178 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 179: Wan Ethernet Port Traffic Shaping
Configuring the WAN Ethernet port Access control policy lists and QoS policy lists. For more information, see ● Chapter 20: Configuring policy. SNMP Link Up and Link Down traps. For more information, see Configuring SNMP ● traps on page 295. WAN Ethernet port traffic shaping You can use traffic shaping to determine the data transfer rate on the WAN Ethernet port.
Page 180: Configuring Dhcp Client
DHCP client-server protocol. The DHCP server grants the G250/G350 DHCP client an IP address for a fixed amount of time, called the lease. After the lease expires, the G250/G350 DHCP client is required to stop using the IP address. The G250/G350 DHCP client periodically sends requests to the server to renew or extend the lease.
Page 181: Dhcp Client Configuration
Use the ip dhcp client client-id command to set the client-identifier for the ● DHCP client. By default, the client-identifier is usually the MAC address of the G250/ G350 Fast Ethernet interface. Use the ip dhcp client hostname command to set the host name for the DHCP ●...
Page 182 Whenever you change the value of a DHCP client parameter (such as client-id, or Note: client hostname), run ip address dhcp again to re-initiate DHCP address negotiation using the new values. 182 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 183: Releasing And Renewing A Dhcp Lease
Subnet Mask : 255.255.255.0 Default Router : 193.172.104.162 DHCP Server : 192.100.106.163 DNS Server : 192.100.106.101 Domain Name : avaya.com Lease Received (D:H:M:S) : 0:0:10:0 Lease Remains (D:H:M:S) : 0:0:9:32 Lease Rebind (D:H:M:S) : 0:0:8:45 Lease Renew (D:H:M:S) : 0:0:5:0...
Page 184: Maintaining Dhcp Client
Configuring Ethernet ports Maintaining DHCP client For a full description of the commands and their output fields see Avaya G250 and Avaya G350 Media Gateways CLI Reference, 03-300437. Use the show ip dhcp-client command to show the configuration of the DHCP ●...
Page 185: Supported Tlvs
Configuring LLDP The LLDP protocol allows stations attached to a LAN to advertise information about the system (such as its major capabilities and its management address) and information regarding the station’s point of attachment to the LAN (port ID and VLAN information) to other stations attached to the same LAN.
Page 186: Lldp Configuration
4. Verify LLDP advertisements using the show lldp command. Supported ports for LLDP Only designated ports can be configured to support LLDP. For the G250, module 10, ports 3-10. This includes all Ethernet LAN ports on the G250 ● connecting directly to the chassis.
Page 187: Chapter 7: Configuring Logging
System logging is a method of collecting system messages generated by system events. The Avaya G250/G350 Media Gateway includes a logging package that collects system messages in several output types. Each of these types is called a sink. When the system generates a logging message, the message can be sent to each sink that you have enabled.
Page 188: Configuring A Syslog Server
(Clock Daemon) clkd2 (Clock Daemon) mail (Electronic Mail) local0 – local7 (For Local Use) ftpd (FTP Daemon) kern (Kernel) alert (Log Alert) audi (Log Audit) ntp (NTP Subsystem) lpr (Printing) 188 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 189: Disabling Syslog Servers
Configuring a Syslog server sec (Security) syslog (System Logging) uucp (Unix-to-Unix Copy Program) news (Usenet news) user (User Process) 4. Optionally, limit access to the Syslog server output by typing the set logging server access-level command, followed by an access level (read-only, read-write, or admin) and the IP address of the Syslog server.
Page 190: Displaying The Status Of The Syslog Server
Syslog server. If you do not specify an IP address, the command displays the status of all Syslog servers defined for the G250/G350. As shown, the command displays whether the server is enabled or disabled, and lists all filters defined on the server.
Page 191: Configuring A Log File
Configuring a log file Configuring a log file A log file is a file of data concerning a system event, saved in the flash memory. The log files serve as the system logging database, keeping an internal record of system events. 1.
Page 192: Displaying Log File Messages
Displaying conditions defined for the file output sink Type the show logging file condition command. G350-001(super)# show logging file condition ****************************************************** *** Message logging configuration of FILE sink *** Sink Is Enabled Sink default severity: Informational 192 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 193: Log File Message Format
Configuring a session log Log file message format Log file messages appear in first in - last out order. They have the following format: 01/18/2005,10:55:09:CLI-Notification: root: set port disable 10/9 01/18/2005,10:49:03:SWITCHFABRIC-Notification: Port Connection Lost on Module 10 port 8 was cleared Each message provides the following information: The date and time (if available) ●...
Page 194: Displaying How The Session Logging Is Configured
The user enabling the log will only see entered commands with a user-level no Note: higher than the user’s own privileges. For example, a user with read-write privileges will not see entered commands having admin user level. 194 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 195: Configuring Logging Filters
Configuring logging filters Configuring logging filters You can use filters to reduce the number of collected and transmitted messages. The filtering options are based on message classification by severity for each application. For a specified sink, you can define the threshold severity for message output for each application. Messages pertaining to the specified applications, that have a severity stronger than or equal to the defined threshold, are sent to the specified sink.
Page 196: Severity Levels
Table 37: Logging applications Application Description boot System startup failures cascade Stack CASCADE mechanism Call Detail Recording (G250 only). Registers the active calls in SLS mode. 1 of 3 196 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 197 Configuring logging filters Table 37: Logging applications (continued) Application Description Application Assurance Networking. CNA test plugs report to AAN. config Configuration changes console Serial modem messages dhcpc DHCP client package dhcps DHCP server package dialer Dialer interface messages dnsc DNS client package Cooling system filesys File system problem (flash)
Page 198: Syslog Server Example
G350-001(super)# set logging server enable 147.2.3.66 Done! G350-001(super)# set logging server facility kern 147.2.3.66 Done! G350-001(super)# set logging server access-level read-write 147.2.3.66 Done! G350-001(super)# set logging server condition all error 147.2.3.66 Done! 198 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 199: Log File Example
Configuring logging filters Log file example The following example enables the logging of system messages to a log file in the flash memory and creates a filter to restrict receipt of messages from the boot application to those with severity informational or more severe, and messages from the cascade application to those with severity alert or more severe.
Page 200 Configuring logging 200 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 201: Chapter 8: Configuring Voip Qos
Configuring RTP and RTCP on page 201. You can use many types of telephones and trunks that do not directly support VoIP. The Avaya G250/G350 Media Gateway translates voice and signalling data between VoIP and the system used by the telephones and trunks.
Page 202: Header Compression Configuration Options
Configuring VoIP QoS The G250/G350 offers both RTP header compression for reducing the amount of bandwidth needed for voice traffic, and TCP and UDP header compression for reducing the amount of bandwidth needed for non-voice traffic. For header compression purposes, any UDP packet with an even destination port within a user-configurable range of ports, is considered an RTP packet.
Page 203: Configuring Iphc-Type Header Compression
Configuring header compression Note: Non-IETF encapsulation is compatible with other vendors. Note: Configuring IPHC-type header compression IHPC-type header compression applies to RTP, TCP, and UDP headers. Note: You cannot specify IPHC-type header compression for a Frame Relay non-IETF Note: interface. 1.
Page 204: Configuring Vj-Type Header Compression
TCP header compression connections supported on the interface. Use the no form of this command to restore the default value of 16 connections. G350-001(config-if:Dialer 1)# ip tcp compression-connections 24 Done! 204 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 205: Displaying And Clearing Header Compression Statistics
Clearing the statistics does not cause renegotiation of parameters. Use this command regardless of which compression method is employed. For a full description of the commands and their output fields, see Avaya G250 and Avaya G350 CLI Reference, 03-300437.
Page 206: Configuring Qos Parameters
Use the set qos control command to define the source for QoS control parameters. ● The source can be either local where the user configures the values locally on the G250/ G350, or remote in which case the values are obtained from the G250/G350’s registered MGC.
Page 207: Configuring Rtcp Qos Parameters
RSVP parameters Configuring RTCP QoS parameters Use the set qos rtcp command to permit the setup of RTCP parameters. The ● parameters that can be set are enabling or disabling RTCP reporting capability, setting the IP address of the monitor, setting the reporting period (the default is 5 sec.), and defining the listening port number.
Page 208: Configuring Weighted Fair Voip Queueing (Wfvq)
Note: There is no no form of the fair-voip-queue command. If you enter the Note: command no fair-voip-queue, it will actually enable WFVQ if WFVQ is not already enabled. 208 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 209: Chapter 9: Configuring The G250 And G350 For Modem Use
Both the USB port and the console port require configuration for modem use. You can configure the ports for modem use via the Avaya IW or the GIW. For details on using a modem with the G250 or G350, see Installing and Upgrading the Avaya G250 Media Gateway, 03-300434 or Installing and Upgrading the Avaya G350 Media Gateway, 03-300394.
Page 210 To configure this password, use the ppp chap-secret command. Note: If the G250/G350 firmware is replaced by an earlier firmware version, the ppp Note: chap-secret is erased, and must be re-configured. - ras — reserved for future use - none —...
Page 211: Configuring The Console Port For Modem Use
Use the async mode interactive command to set the console port to use modem mode every time an Avaya proprietary modem cable is plugged into the console port. If you do not want the console port to automatically detect when a modem is connected to it, use the async mode terminal command to disable interactive mode.
Page 212: Configuring The Console Device
Configuring the G250 and G350 for modem use Note: If the G250/G350 firmware is replaced by an earlier firmware version, the ppp Note: chap-secret is erased, and must be re-configured. - ras — reserved for future use - none — no password is sent...
Page 213: Chapter 10: Configuring Wan Interfaces
You can use an MM340 E1/T1 media module or an MM342 USP media module as an endpoint for a WAN line on both the G250 and the G350. You can also use the Fast Ethernet port on the G250/G350 chassis as the endpoint for a WAN line by configuring the Fast Ethernet interface for PPP over Ethernet (PPPoE).
Page 214: Serial Interface Overview
WAN media module. Serial interfaces support PPP and frame relay encapsulation protocols. The G350 supports multiple channel groups on the same E1/T1 interface. In contrast, the G250 only supports a single channel group. If a G250 user attempts to create more than one channel group, an error message appears.
Page 215: E1/T1 Port Channel Group
Serial interface overview E1/T1 port channel group Figure 15: E1/T1 Port Channel Group on page 215 illustrates an E1/T1 port channel group. All data from the channel group is encapsulated using frame relay protocol. The data is sent via a frame relay serial interface and sub-interfaces over the multiple IP interfaces defined using Data Link Connection Identifier (DLCI).
Page 216: Frame Relay Multipoint Topology Support
The Avaya G250/G350 Media Gateway supports point-to-point frame relay connections. To enable you to use the G250/G350 as an endpoint in a Point to Multi-Point (PTMP) topology, the G250/G350 supports inverse ARP replies. The G250/G350 responds to inverse ARP queries received on frame relay sub-interfaces with the proper inverse ARP replies.
Page 217: Configuring The Avaya Mm340 E1/T1 Wan Media Module
2. Use the show-ds command to check if the G250/G350 is configured for E1 or T1 operation. 3. Use the ds-mode command to set the mode of the G250/G350 to E1 or T1. Changing the line type requires resetting the module. The default value is T1.
Page 218 IP interface number. Note: The WAN media module in a G250 must always be in slot number 2. The G250 Note: only supports a single channel group.
Page 219 If you do not specify an IP interface number for the first serial interface that you define on a channel group, the G250/G350 automatically assigns IP interface number 0. For each additional serial interface that you define on the channel group, use a different IP interface number.
Page 220: E1/T1 Default Settings
Default setting DS mode E1 framing CRC4 T1 framing E1 linecode HDB3 T1 linecode Clock source Line T1 cable length Long, Gain 26.0 db Speed E1: 64kbps T1: 56kbps 220 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 221: Configuring The Avaya Mm342 Usp Wan Media Module
The transmitter-delay command is usually used when the DCE equipment Note: that is connected directly to the G250/G350, or the router on the WAN have a receive buffer that is not large enough to hold the traffic sent by the G250/G350.
Page 222: Usp Default Settings
7. Use the copy running-config startup-config command to save the configuration. USP default settings Table 40: USP default settings Function Default setting Encoding Bandwidth 2048 kbps Line-up indicator signal 222 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 223: Configuring Ppp
- Use the ppp timeout ncp command to set the maximum time to wait for the network layer to negotiate. If this time is exceeded, the G250/G350 restarts the PPP session. - Use the ppp timeout retry command to set the maximum time to wait for a response during PPP negotiation.
Page 224: Pppoe Overview
A PPPoE client can establish a tunnel that carries PPP frames between a dialing host (the G250/G350) and an access concentrator. This enables the use of PPP authentication protocols (CHAP and PAP). Unlike other tunneling protocols such as L2TP and PPTP, PPPoE works directly over Ethernet rather than IP.
Page 225: Configuring Pppoe
Initial WAN configuration Configuring PPPoE 1. Enter the context of the Fast Ethernet interface, using the command interface FastEthernet 10/2. 2. Use the encapsulation pppoe command to change the encapsulation to PPPoE. You must change the encapsulation to PPPoE before configuring an IP address on the interface.
Page 226 For more information on the PPoE commands, see Table 6. If the G250/G350 is connected to the Internet via the Fast Ethernet interface configured for PPPoE, and you define a VPN tunnel which specifies remote hosts by name, it is recommended to use the ppp ipcp dns request command.
Page 227: Pppoe Commands
Initial WAN configuration 9. Use the copy running-config startup-config command to save the configuration. 10. To shut down the port and the PPPoE client (if configured), use the shutdown command in the interface context (optional). PPPoE commands Table 41: PPPoE commands Commands Description Enters the content of the fast Ethernet Interface.
Page 228 DNS Resolver to resolve host names to IP addresses. Returns to general context. exit Saves the configuration. copy running-config startup-config Shuts down the port, and the PPPoE client, if configured. shutdown 2 of 2 228 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 229: Configuring Frame Relay
Configuring frame relay 1. Ensure that the port is configured on the media module: - For an E1/T1 port, see Configuring the Avaya MM340 E1/T1 WAN media module page 217. - For a USP port, see Configuring the Avaya MM342 USP WAN media module page 221.
Page 230 Configuring WAN interfaces Note: The WAN media module in a G250 must always be in slot number 2. The G250 Note: only supports a single channel group. Note: Currently only point-to-point frame relay sub-interfaces are supported. Note: 8. Use the frame-relay interface-dlci DLCI-number command to configure a Data Link Connection Identifier (DLCI) for the frame relay sub-interface.
Page 231: Verifying The Wan Configuration And Testing Connectivity
Use the show startup-config command to display the configuration loaded at startup. ● Use the ping command to send ICMP echo request packets from the G250/G350 to the ● interface serial peer IP address and verify that it responds.
Page 232: Backup Interfaces
For example, you can use the following command to switch over immediately to the backup interface in case of failure, and pause 60 seconds before reverting to the primary interface: G350-001(super)# interface FastEthernet 10/2 G350-001(super-if:FastEthernet 10/2)# backup delay 0 60 Done! G350-001(super-if:FastEthernet 10/2)# 232 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 233: Interface Backup Relations Rules
For example, the following command causes the G250/G350 to switch immediately to the backup interface in the event of primary interface failure, and to delay 60 seconds before reverting back to the primary interface once the...
Page 234 Dialer interface. This can be performed using access control lists (ACL), QoS lists, and Weighted Fair Queuing (WFQ) priority schemes. The administrator should apply these tools in both the G250/G350 and the Remote Access Server (RAS). For information on ACL and QoS lists, see Chapter 20: Configuring policy on page 531.
Page 235 Modem dial backup uses a modem connected directly to the G250/G350’s USB or console port. The modem can also be used to access the G250/G350 CLI from a remote location. The modem cannot do both at the same time. For information about remote access to the G250/...
Page 236: Typical Installations
G250/G350s. A reasonable assumption is that not all branch office would need modem dial backup at the same time. Therefore, the ratio of modem channels at the RAS to G250/G350s at branch offices can be less than 1:1. There are several practical ways to configure the RAS server for use with modem dial backup Dialer interfaces: The RAS can assign an IP address to the calling G250/G350.
Page 237: Configuring Modem Dial Backup
Make sure policy is configured properly at the RAS server to ensure that signaling Note: has priority over regular traffic. For modem configuration instructions, see Chapter 9: Configuring the G250 and G350 for modem use on page 209. Note: It is recommended to use the maximum UART speed for the serial modem Note: (115400 BAUD).
Page 238 Authentication parameters do not appear in the startup or running configuration Note: files. You can use the show ppp authentication command to view authentication status. The copy running-config startup-config command stores authentication parameters in NVRAM. 238 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 239 Modem dial backup 8. From the main context, use show interfaces Dialer 1 to verify that the Dialer interface has connected to the remote peer. G350-001(super)# show interfaces Dialer 1 Dialer 1 is down, line protocol is down Internet address is 4.5.6.7, mask is 255.255.255.0 MTU 1500 bytes, Bandwidth 28 kbit IPSec PMTU: copy df-bit, Min PMTU is 300 Reliability 1/255 txLoad 255/255 rxLoad 255/255...
Page 240: Modem Dial Backup Interactions With Other Features
Backup interfaces on page 232. The G250/G350’s console port is an RJ-45 asynchronous port that can be used to support ● the modem for dial backup. Thus the dialer can utilize the same serial modem that is used for remote access to the device.
Page 241: Configuration Example
The branch office is connected to the corporate network using a G250. IP phone users in the branch office connect to an MGC located in the headquarters data center, and there is an RAS located in the headquarters data center, with multiple phone lines available for dial access.
Page 242 Configuring WAN interfaces Figure 19: Modem dial backup configuration example 242 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 243: Command Sequence
!Steps 3-10 (Each command is an individual step) G250-001(super)# interface Dialer 1 G250-001(super-if:Dialer 1)# ppp chap hostname "area5" Done! G250-001(super-if:Dialer 1)# dialer persistent initial delay 5 Done! G250-001(super-if:Dialer 1)# dialer persistent delay 5 Done! G250-001(super-if:Dialer 1)# dialer string 1 3035384867...
Page 244: Command Sequence Explanation
The initial delay prevents the dialer from dialing out unnecessarily on reboot. The primary WAN interface often requires a few moments to register itself as up, and during that period, the initial delay prevents the device from activating the dialer. 244 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 245 The only modems supporting modem dial backup are the MultiTech ZBA series modems. For more information on configuring the console and USB interfaces to support modems, see Chapter 9: Configuring the G250 and G350 for modem use on page 209.
Page 246: Modem Dial Backup Maintenance
Configuring WAN interfaces Modem dial backup maintenance The G250/G350 generates specific log messages for Dialer interface activity when configured to do so. Certain dialer-related log messages are generated to aid you in troubleshooting problems with modem dial backup. In addition, messages generated by the modem and the PPP session are available to help with troubleshooting modem dial backup issues.
Page 247 Modem dial backup Table 42: Modem dial backup logging messages Log Message Severity Possible cause Action Dialer Messages - Messages generated by the Dialer interface Dialer 1 state is Debug The Dialer interface generates a None required. <state> message when a change in its operational state has been detected.
Page 248 When the timer expires, the Dialer 1 timer expired message is sent, and the dialer begins attempting to connect to the remote modem again. 2 of 6 248 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 249 Modem dial backup Table 42: Modem dial backup logging messages (continued) Log Message Severity Possible cause Action Dialer 1 Modem Warning This message is generated Troubleshooting steps: is not ready when the Dialer interface has Check modem ● been triggered and the cable connection operational state of the dialer is to serial port.
Page 250 USB modem attempts Check modem ● string error to dial and has an incorrect configuration for initialization string. The attempt proper initialization to dial fails. string. 4 of 6 250 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 251 Modem dial backup Table 42: Modem dial backup logging messages (continued) Log Message Severity Possible cause Action PPP Messages - Messages generated by the PPP session LCP Up/Down Informational LCP is used by PPP to initiate None required. and manage sessions. LCP is responsible for the initial establishment of the link, the configuration of the session, the...
Page 252: Icmp Keepalive
Normal keepalive is sufficient for testing the status of a direct connection between two points. However, in many situations the system needs to know the status of an entire path in order to ensure that packets can safely traverse it. 252 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 253: Enabling The Icmp Keepalive Feature
Headquarters Small Branch For example, your branch office may have a G250 or G350 that connects to the Headquarters over a T1 line and via an xDSL connection to the Internet. The T1 line is used for voice traffic, while data packets are sent over the xDSL line. Normal keepalive cannot report on the status of the entire WAN path.
Page 254: Defining The Icmp Keepalive Parameters
Defining the ICMP keepalive parameters Use the following commands to define the ICMP keepalive parameters. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the keepalive-icmp timeout command to set the timeout (in seconds) for ●...
Page 255: Dynamic Cac
Dynamic Call Admission Control (CAC) provides enhanced control over WAN bandwidth. When Dynamic CAC is enabled on an interface, the G250/G350 informs the MGC of the actual bandwidth of the interface and tells the MGC to block calls when the bandwidth is exhausted.
Page 256: Displaying Bandwidth Information
(optional) — If dynamic CAC is activated on more than one ● active interface, the G250/G350 reports the bearer bandwidth limit of the interface with the highest activation priority. You can set the activation priority to any number between 1 and 255.
Page 257: Object Tracking Configuration
You can register either a VPN tunnel or an interface with an object tracker. For Note: more information see the definition of the keepalive-track command in the Avaya G250 and Avaya G350 Media Gateways CLI Reference, 03-300437. Issue 3 February 2007...
Page 258: Configuring Rtr
4. Optionally, use the dscp command to set the DSCP value in the IP header of the probe packet, thus setting the packets’ priority. If you do not configure this parameter, the default value of 48 is used. G350-001(config-rtr icmp 5)# dscp 43 Done! 258 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 259 The next-hop command is disabled by default. Use the next-hop command when the G250/G350 is connected to a remote device via more than one interface, and you wish to monitor the state of one specific interface. When you specify the next-hop as the interface you wish to monitor, you ensure that the RTR will probe that interface.
Page 260: Configuring Object Tracking
Boolean AND argument. This means that the list is up if all objects are up, and down if one or more of the objects are down. 260 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 261 Object tracking 2. Use the description command to enter a description for the track list. G350-001(config-track list 10)# description "track list rtr-5 and rtr-6" Done! 3. Use the object command to add an object tracker to the list. Note: The object tracker can be a simple one tracking a single RTR, or a track list. Note: G350-001(config-track list 10)# object 1 Done!
Page 262: Object Tracking Maintenance
Viewing RTR and object trackers logging 1. Use the set logging session enable command to enable logging to the CLI terminal. G350-001# set logging session enable Done! CLI-Notification: write: set logging session enable 262 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 263: Example Of Tracking A Single Remote Device
G350-001(config)# rtr-schedule 5 start-time now life forever 2. The second step is to configure an object tracker which tracks the state of RTR 5: G250-001(config)# track 1 rtr 5 G250-001(config-track rtr 1)# description "track rtr-5" Done! G250-001(config-track rtr 1)# exit...
Page 264: Example Of Tracking A Group Of Devices
G350-001(config-rtr tcp 6)# frequency 500 milliseconds Done! G350-001(config-rtr tcp 6)# dscp 34 Done! G350-001(config-rtr tcp 6)# next-hop interface FastEthernet 10/2 mac-address 00:01:02:03:04:05 Done! G350-001(config)# rtr-schedule 6 start-time now life forever G350-001(config-rtr tcp 6)# exit 264 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 265: Typical Object Tracking Applications
2. The second step is to configure several object trackers. In this case, object tracker 1 tracks the state of RTR 5, and object tracker 2 tracks the state of RTR 6. G250-001(config)# track 1 rtr 5 G250-001(config-track rtr 1)# description "track rtr-5" Done! G250-001(config-track rtr 1)# exit G250-001(config)# track 2 rtr 6 G250-001(config-track rtr 2)# description "track rtr-6"...
Page 266: Typical Application - Vpn Failover Using Object Tracking
Typical application – VPN failover using object tracking In this application, the G250/G350 is connected to a remote site through an IPSec VPN tunnel. The remote site can be reached through two or more VPN gateways that can backup each other, such as a main gateway and a backup gateway.
Page 267 Object tracking Configuring the backup mechanism 1. Define four RTRs to probe the four entrances to the main office. Configure each RTR to run immediately and forever. 2. Define four object trackers to track the four RTRs. 3. Define a track list consisting of all four object trackers, and configure it so that if all object trackers are up, the track list is up, and if two or less of the object trackers are up, the track list is down.
Page 268 ! Assign the serial 2/1:1 interface to be the backup interface for ! interface WAN FastEthernet 10/2. interface FastEthernet 10/2 backup interface Serial 2/1:1 backup delay 0 60 exit 268 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 269: Typical Application - Interface Backup Via Policy-Based Routing
Object tracking Typical application – interface backup via policy-based routing In the previous typical application (see Typical application – backup for the WAN Fast Ethernet interface on page 266), the backup interface command is used to specify a backup interface. This typical application illustrates an alternative to the backup interface command, using policy-based routing (PBR) which configures a routing scheme for specified traffic based on configured characteristics of the traffic.
Page 270: Typical Application - Tracking The Dhcp Client Default Route
HQ peer. When the object tracker is up, the DHCP default route may be used. When the object tracker is down, the DHCP default route is not used for routing and traffic is routed to alternate routes. 270 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 271: Frame Relay Encapsulation Features
! Apply object tracking on the DHCP client. interface FastEthernet 10/2 ip dhcp client route track 2 exit Frame relay encapsulation features The Avaya G250/G350 Media Gateway supports the following frame relay encapsulation features: Frame Relay Traffic Shaping and FRF.12 Fragmentation ● Priority DLCI ●...
Page 272: Frame Relay Traffic Shaping And Frf.12 Fragmentation
The G250/G350 supports class-based traffic assignment (priority DLCI). Priority DLCI is a means for implementing QoS on frame relay circuits. The G250/G350 separates traffic with different QoS levels to up to four different VCs on the same frame relay sub-interface. This feature enables you to assign unique Permanent VCs (PVC) for VoIP and non-VoIP traffic.
Page 273: Ppp Voip Configuration
DLCI is set as the High Priority DLCI in the Priority DLCI group. On the Avaya G250/G350 Media Gateway, OSPF is mapped by default to the High Priority DLCI. For better network reliability, it is recommended to verify that the same configuration exists on the other side of the frame relay connection.
Page 274: Site A Connection Details
Network IPs (24 bit subnet masks): ● - IP phones - 3.3.3.0 (VLAN 1) - Data - 33.33.33.0 (VLAN 2) - Serial - 2.2.2.2 - S8300 - 4.4.4.10 - G350 PMI - 4.4.4.11 274 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 275: Configuration Example For Site A
Priority DLCI Configuration Example for Site A You can configure PPP VoIP on the G350 at Site A. Commands with footnotes are described at the end of the configuration procedure. Loopback and PMI interfaces configuration: ● G350-001# interface Loopback 1 G350-001(if:Loopback 1)# ip address 149.49.54.82 24 Done! G350-001(if:Loopback 1)# pmi...
Page 276: Configuration Example For Site B
G350-001(if:Serial 5/1:1)# ip address 2.2.2.2 24 G350-001(if:Serial 5/1:1)# mtu 300 Note: Some LAN data applications do not support fragmented packets. In this case, do Note: not change the MTU from its default of 1500. 276 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 277: Voip Configuration
Priority DLCI VoIP configuration: ● G350-001(if:Serial 5/1:1)# ip rtp header-compression G350-001(if:Serial 5/1:1)# ip rtp compression-connections 20 G350-001(if:Serial 5/1:1)# ip rtp port-range 2048 3028 G350-001(if:Serial 5/1:1)# exit Static routes configuration: ● G350-001# ip route 1.1.1.0 24 serial 5/1:1 G350-001# ip route 11.11.11.0 24 serial 5/1:1 Issue 3 February 2007...
Page 278 Configuring WAN interfaces 278 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 279: Chapter 11: Configuring Poe
Power is supplied to a port only after it has detected that a suitable Powered Device (PD) is connected to the port. The MM314 and MM316 PoE media modules and the G250 look for an IEEE 802.3af-compliant signature from the device that indicates that the device requires power.
Page 280: Plug And Play Operation
In addition, if the PoE module in the G350 is removed and replaced with a module of the same type, the port power configuration of the module is retained. 280 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 281: Powering Devices
PD tries to draw more than the maximum allowed power per port, power is denied. The G250 has 92 W of power available for PDs. Each port can supply up to 18.8 W by default. If a PD tries to draw more than the maximum allowed power per port, power is denied.
Page 282: Poe Configuration Examples
Powering priority on port 10/3 was set to High. Configuring PoE priority on a G350 port: G350-001(super)# set port powerinline priority 6/14 high Powering priority on port 6/14 was set to High. 282 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 283 6/22 Fault telephone 6/23 Delivering Power telephone Displaying PoE information for the G250: G250-003(super)# show powerinline Actual powerinline power consumption is 4 W. Powerinline power consumption trap threshold is 90 (98%) Watts. Powerline traps are enabled Port Inline Powering...
Page 284 Configuring PoE 284 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 285: Chapter 12: Configuring Emergency Transfer Relay (Etr)
LINE 1 when the problem ends, the call continues. The fixed trunk port and analog line ports do not start to operate until the active call ends. The ETR for each of the G250/G350 models closes the tip/ring contacts for the ports listed in Table...
Page 286: Setting Etr State
(3/1 in the G250, 7/1 in the G350) and the first analog line port (3/2 in the G250, 7/2 in the G350). The other analog line port (3/3 in the G250, 7/3 in the G350) will also be disabled.
Page 287: Viewing Etr State
Viewing ETR state Viewing ETR state You can use the show etr command to display ETR information. This information includes the following: ETR setting (auto, manual-off, or manual-on) ● Module status (in service, out of service, or out of service waiting for off-hook) ●...
Page 288 Configuring Emergency Transfer Relay (ETR) 288 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 289: Chapter 13: Configuring Snmp
They allow SNMP managers to communicate with agents to configure, get statistics and information, and receive alerts from network devices. You can use any SNMP-compatible network management system to monitor and control a G250/G350. Agent and manager communication There are several ways that the SNMP manager and the agent communicate.
Page 290: Snmp Versions
SNMPv3 on the Avaya G350 Media Gateway is backwards compatible. An agent that supports SNMPv3 will also support SNMPv1 and SNMPv2c. The Avaya G250 Media Gateway supports users for all three of these versions, but only supports the SNMPv3 mechanism for sending traps. Thus, the set snmp trap command is not supported in the G250, although the set snmp trap enable auth|frame-relay command is supported.
Page 291: Snmpv1
SNMP versions SNMPv1 SNMPv1 uses community strings to limit access rights. Each SNMP device is assigned to a read community and a write community. To communicate with a device, you must send an SNMP packet with the relevant community name. By default, if you communicate with a device using only the read community, you are assigned the security name ReadCommN.
Page 292: Users
Privacy Protocol — The privacy protocol to use. Possible values are: No privacy, ● DES privacy. Privacy Password — A string of between 8 and 64 characters specifying the user’s ● privacy password. 292 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 293: Groups
The group maps its users to views based on the security mode and level with which the user is communicating with the G250/G350. Within a group, the following combinations of security mode and level can be mapped to views: SNMPv1 —...
Page 294: Creating An Snmpv3 Group
OIDs to the list or exclude OIDs from a list of all of the OIDs in the G250/G350’s MIB tree. You can use wildcards to include or exclude an entire branch of OIDs in the MIB tree, using an asterisk instead of the specific node. For a list of MIBs...
Page 295: Creating An Snmpv3 View
You can add and remove addresses from the trap receivers table. In addition, you can limit the traps sent to specified receivers. You can also enable and disable link up/down traps on specified G250/G350 interfaces. Use the following commands to configure the trap receivers table: Note: You need an Admin privilege level to use the SNMP commands.
Page 296: Notification Types
— RTP statistics: QoS fault/clear traps ● rtp-stat-qos — RTP statistics: end-of-call QoS traps ● wan — WAN router traps ● media-gateway — media gateway traps (equivalent to G700 MGP traps) ● 296 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 297: Configuring Snmp Access
— main and backup power supply notifications ● Configuring SNMP access Use the ip snmp enable command to enable SNMP access to the G250/G350. Use the ● no form of this command to disable SNMP access to the G250/G350.
Page 298: Configuring Dynamic Trap Manager
Note: Configuring dynamic trap manager Dynamic trap manager is a special feature that ensures that the G250/G350 sends traps directly to the currently active MGC. If the MGC fails, dynamic trap manager ensures that traps are sent to the backup MGC.
Page 299: Snmp Configuration Examples
SNMP configuration examples SNMP configuration examples The following example enables link up/down traps on an Ethernet interface: G350-001(super)# interface FastEthernet 10/2 G350-001(super-if:FastEthernet 10/2)# snmp trap link-status Done! The following example adds an SNMPv1 trap receiver (G350 only): G350-001(super)# set snmp trap 192.36.44.18 SNMP trap receiver added.
Page 300 The following example sets the SNMPv1 trap community: G350-001(super)# set snmp community trap trap SNMP trap community string set The following example enables link up/down trap on a LAN port on the G250: G250-001(super)# set port trap 10/3 enable Port 10/3 up/down trap enabled...
Page 301: Chapter 14: Configuring Contact Closure
1. Connect an Avaya Partner Contact Closure Adjunct to the Contact Closure port on the Avaya G250/G350 Media Gateway front panel. The Contact Closure port is labeled CCA on both the G250 and the G350 front panels. Use a telephone cable with standard RJ-11 connectors.
Page 302: Contact Closure Software Configuration
Activates contact closure for the specified relay. manual-off Deactivates contact closure for the specified relay. To configure the Avaya G250/G350 Media Gateway to activate contact closure when the feature access code is dialed: 1. Enter the set contact-closure admin command. In the following example, the command sets contact closure to work in relay 1 of the Avaya Partner Contact Closure Adjunct when activated by the call controller.
Page 303: Showing Contact Closure Status
Showing contact closure status Use the show contact-closure command to display the status of one or more contact closure relays. The following example displays the contact closure status of relay 1 of the Avaya Partner Contact Closure Adjunct box. G350-101(super)# show contact-closure...
Page 304 Configuring contact closure 304 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 305: Chapter 15: Transferring And Managing Announcement Files
Avaya Voice Announcement Manager (VAM) can be used to centrally manage announcement files for multiple voice systems, including G250/G350 media gateways. VAM is designed to be installed on a customer-provided platform at a remote location. For information about VAM, see Avaya Voice Announcement Manager Reference, 14-300613.
Page 306 ● announcement-file ftp command. Specify the file name of the announcement file in the G250/G350 announcement directory, followed by the IP address of the remote FTP server, and, optionally, a destination file name, including the full path. G350-001(super)# copy announcement-file ftp local_announcement2.wav 192.168.49.10 c:\remote_announcement2.wav...
Page 307 Announcement file operations Display the status of a download process of announcement files from the remote SCP ● server, using the show download announcement-file status command. G350-001(super)# show download announcement-file status Module #9 =========== Module Source file : hellosource.wav Destination file : hellodestination.wav Host : 135.64.102.64 Running state...
Page 308 Transferring and managing announcement files 308 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 309: Chapter 16: Configuring Advanced Switching
You can configure advanced switching on the switch ports of the Avaya G250 and G350 Media Gateways. In the G250, the switch ports are the ETH LAN PoE ports located on the front panel. For the G350, switch ports are located on the Avaya MM314 Media Module and the Avaya MM316 Media Module, either (or neither) of which may be installed.
Page 310 When traffic flows from a PC on the Sales VLAN, for example, that traffic is only forwarded out the other ports assigned to that VLAN. Thus, the Engineering and Marketing VLANs are not burdened with processing that traffic. 310 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 311: Vlan Tagging
Configuring VLANs Figure 28: VLAN Example. Sales Marketing Engineering Sales Marketing Engineering VLAN tagging VLAN Tagging is a method of controlling the distribution of information on the network. The ports on devices supporting VLAN Tagging are configured with the Port VLAN ID and Tagging Mode parameters.
Page 312: Multi Vlan Binding
VLAN for privacy. The whole building has a shared high-speed connection to the ISP. In order to accomplish this, the G250/G350 enables multiple VLANs per port. The available Port Multi-VLAN binding modes are: Bound to Configured - the port supports all the VLANs configured in the switch ●...
Page 313: Ingress Vlan Security
Unassigned packets receive the PVID of the port and are therefore allowed to enter. ICC-VLAN When the G250/G350 includes an ICC, the ICC connects to the G250/G350 via an internal switch. By default, the ICC is connected on Vlan 1. The VLAN to which the ICC connects is called the ICC-VLAN.
Page 314: Vlan Configuration Examples
This command will assign all ports on VLAN 34 to their default in the entire management domain — do you want to continue (Y/N)? y All ports on VLAN-id assigned to default VLAN. VLAN 34 was deleted successfully. 314 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 315 Configuring VLANs The following example sets the current VLAN as the ICC-VLAN: G350-001(super)# interface Vlan 66 G350-001(super-if:Vlan 66)# icc-vlan Done! The following example enters configuration mode for a VLAN interface: G350-001(super)# interface Vlan 66 G350-001(super-if:Vlan 66)# The following example deletes a VLAN interface: G350-001(super)# no interface vlan 66 Done! The following example statically binds a VLAN to a port:...
Page 316 10/3 is bind to all configured VLANs The following example displays VLAN tagging information: G350-001(super)# show trunk Port Mode Binding mode Native VLAN ------ ----- ------------------------- ----------- 10/3 dot1q bound to configured VLANs 54 316 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 317: Configuring Port Redundancy (G350 Only)
Ethernet ports (1-24) and the Gigabit Ethernet port (51) on the MM314 Media Module or the Ethernet ports (1-40) and the Gigabit Ethernet port (51) on the MM316 Media Module. Note: Port redundancy is not supported on the G250. Note: Secondary port activation The secondary port takes over within one second and is activated when the primary port link stops functioning.
Page 318: Switchback
Port redundancy CLI commands The following commands are used to configure port redundancy. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the set port redundancy enable/disable command to globally enable or ●...
Page 319: Port Redundancy Configuration Examples
Configuring port redundancy (G350 only) Port redundancy configuration examples The following example creates a port redundancy pair: G350-003(super)# set port redundancy 6/3 6/5 on 1 Monitor: Port 6/5 is redundant to port 6/3. Port redundancy is active - entry is effective immediately The following example deletes a port redundancy pair: G350-003(super)# set port redundancy 6/3 6/5 off Entry Monitor removed: Port 6/5 is not redundant to port 6/3.
Page 320: Configuring Port Mirroring
You can define one source port and one destination port on each G250/G350 for received (Rx), transmitted (Tx), or transmitted and received (both) traffic.
Page 321: Configuring Spanning Tree (G350 Only)
Configuring spanning tree (G350 only) The following example creates a port mirroring pair in the G250: G250-001(super)# set port mirror source-port 10/3 mirror-port 10/10 sampling always direction rx Mirroring rx packets from port 10/3 to port 10/10 is enabled The following example displays port mirroring information for the G350:...
Page 322: Spanning Tree Per Port
Improvement in the time it takes to propagate TC information. Specifically, TC information ● does not have to be propagated all the way back to the Root Bridge (and back) to be changed. Origination of BPDUs on a port-by-port basis ● 322 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 323 Configuring spanning tree (G350 only) Port roles At the center of RSTP — specifically as an improvement over STP (802.1d) — are the roles that are assigned to the ports. There are four port roles: Root port — port closest to the root bridge ●...
Page 324: Spanning Tree Cli Commands
Use the set spantree max-age command to specify the time to keep an information ● message before it is discarded. Use the set spantree priority command to set the bridge priority for STP. ● 324 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 325: Spanning Tree Configuration Examples
Configuring spanning tree (G350 only) Use the set spantree tx-hold-count command to set the value in packets used by ● the spanning tree in order to limit the maximum number of BPDUs transmitted during a hello-time period. Use the set spantree version command to set the version of the spanning tree ●...
Page 326 4. The following example configures the version of spanning tree to use on the device: G350-003(super)# set spantree version rapid-spanning-tree Spanning tree version is set to rapid spanning tree. 326 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 327 Configuring spanning tree (G350 only) The following example displays spanning tree information: G350-003(super)# show spantree Spanning tree state is enabled Designated Root: 00-40-0d-92-22-81 Designated Root Priority: 32768 Designated Root Cost: 19 Designated Root Port: 6/24 Root Max Age: 20 Hello Time: 2 Root Forward Delay: 15 Bridge ID MAC ADDR: 00-04-0d-29-c4-ca Bridge ID priority: 36864...
Page 328: Port Classification
Port classification With the G250/G350, you can classify any port as either regular or valuable. Classifying a port as valuable means that a link fault trap is sent in the event of a link failure. The trap is sent even when the port is disabled.
Page 329 Port classification The following example displays the port classification of all ports on the G350: G350-003(super)# show port classification Port Port Classification -------- ------------------------- regular regular regular valuable regular regular regular regular regular 6/10 regular 6/11 regular 6/12 regular 6/13 regular 6/14 regular...
Page 330 Configuring advanced switching 330 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 331: Chapter 17: Configuring Monitoring Applications
Chapter 17: Configuring monitoring applications The Avaya G250 and G350 Media Gateways provide several software tools for monitoring and diagnosing your network. Use these tools to monitor the status of your network operations, and to analyze the flow of information.
Page 332: Rmon Cli Commands
Taking delta samples, last value was 0 Rising threshold is 10000, assigned to event # 32 Falling threshold is 1000, assigned to event # 32 On startup enable rising or_falling alarms 332 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 333: Configuring And Analyzing Rtp Statistics
Configuring and analyzing RTP statistics The following example displays information about an RMON event entry: G350-003(super)# show rmon event 32 event Event 32 is active, owned by root Description is Change of device Event firing causes log,last fired 12:36:04 The following example displays information about an RMON history entry: G350-003(super)# show rmon history 80 history Entry 80 is active, owned by root...
Page 334 An alternative tool available from Avaya for debugging QoS problems is VMON. Note: VMON is an RTCP QoS reports collector. VMON support, available in all Avaya devices, is the capability of a VoIP device to send a copy of an RTCP message to the IP address of a VMON server.
Page 335: Configuring The Rtp Statistics Application
Avaya Communication Manager, where it is called “RTCP Report Period”. For information about configuring the RTCP interval (RTCP report period), see Administrator Guide for Avaya Communication Manager, 03-300509. The RTCP interval is typically 5 to 8 seconds. Thresholds types A threshold on a metric.
Page 336 Round Trip Time is the time taken for a message to get to the remote peer and back to the local receiver. echo-return-loss The echo cancellation loss on the TDM bus. Every RTCP interval. 1 of 2 336 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 337: Configuring Rtp Statistics Thresholds
Configuring and analyzing RTP statistics Table 45: QoS metrics (continued) Metric Description Evaluation time loss The estimated network RTP packet loss. Every RTCP interval. The VoIP engine evaluates the current received packet loss every RTCP interval — usually 5 to 8 seconds.
Page 338: Enabling And Resetting The Rtp Statistics Application
Note: command. Resetting the RTP statistics application 1. Use the rtp-stat clear command. For example: G350-001# rtp-stat clear All counters are reset and the RTP statistics history is erased. 338 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 339: Viewing Application Configuration
Configuring and analyzing RTP statistics Viewing application configuration Viewing the application configuration helps you see if the application is enabled, which types of traps are enabled, and how the trap rate limiter and minimum statistics window are configured. The minimum statistics window is the minimum number of observed RTP sequence increments for which the application evaluates packet loss.
Page 340 The minimum statistic window configured for the RTP statistics application. That is, the minimum number of observed RTP sequence increments for which the application evaluates packet loss. 2 of 2 340 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 341: Configuring Qos Traps
Configuring and analyzing RTP statistics Configuring QoS traps You can configure the application to automatically generate QoS traps via SNMP at the termination of RTP sessions that have QoS problems. SNMP traps are automatically sent to the SNMP trap manager on the active Media Gateway Controller (MGC). You can also configure SNMP traps to be sent to an external trap manager.
Page 342: Configuring Qos Fault And Clear Traps
The application features a trap rate limiter. The trap rate limiter limits the rate at which QoS traps are sent. The rate limiter protects against overloading the trap manager with bursts of traps when a single event causes multiple RTP sessions to terminate simultaneously. 342 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 343: Analyzing Rtp Statistics Output
Configuring and analyzing RTP statistics The trap rate limiter uses a token bucket scheme, in which traps are sent only if there are tokens in a virtual bucket. Tokens are added to the bucket every 'token interval,' which sets the maximum long term trap rate.
Page 344: Viewing Rtp Session Statistics
See Configuring QoS fault and clear traps on page 342. Engine ID The ID of the VoIP engine. Since the G250/G350 has one VoIP engine, one line appears in the table. Description Description of the VoIP engine. Uptime The uptime of the RTP statistics application.
Page 345 Configuring and analyzing RTP statistics The show rtp-stat sessions command displays a summary of the active and/or terminated RTP sessions in the session table. For example: G350-001(super)# show rtp-stat sessions last 5 QoS Start date and time End Time Type Destination ----- --- ------------------- -------- ------- --------------- 00031...
Page 346 Start-Time: 2004-10-20,11:09:07 End-Time The end time of the RTP session. End-Time: 2004-10-20,11:13:40 Duration The duration of the RTP session. Duration: 00:04:33 CName format: gwt@<MGP-address>. CName: gwp@135.8.118.252 1 of 6 346 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 347 Multiple sessions belonging to the same conference call can usually be identified by a common conference ID. Notes: Phone data is received from Avaya ● Communication Manager only if VMON is configured. If you are not running VMON, you ●...
Page 348 The estimated percentage contribution JBuf-under/overruns 0.1%/0.0% of jitter-buffer overruns to the average codec loss. Jbuf-delay The last jitter buffer delay. Jbuf-Delay 22mS 3 of 6 348 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 349 Configuring and analyzing RTP statistics Table 48: Detailed CLI output per RTP session (continued) Field Label Description From the CLI example Max-Jbuf-Delay The maximum jitter buffer delay during Max-Jbuf-Delay 60mS the session. Received RTP: Packets The total number of received packets. Packets 9236 Loss The last sampled value of network RTP...
Page 350 The network jitter experienced by the Jitter 0mS remote RTP receiver. rem-jitter #rem-jitter-ev The number of samples that were over Jitter 0mS #0 the remote jitter threshold. 5 of 6 350 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 351: Viewing Qos Traps, Qos Fault Traps, And Qos Clear Traps
The syslog messages are stored in the messages file on the MGC hard disk. You can view the syslog messages through the Avaya Maintenance Web Interface to debug the QoS problems. 1. In the Avaya Maintenance Web Interface, enter the Setup log viewing screen.
Page 352: Analyzing Qos Trap Output
The date on which the trap was received. Oct 20 The time at which the trap was received. 11:13:40 The IP address of the local MGP. 135.8.118.252 1 of 4 352 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 353 Multiple sessions belonging to the same conference call can usually be identified by a common conference ID. Notes: The phone string data is received from Avaya ● Communication Manager if VMON is configured. If you are not running VMON, you can cause ●...
Page 354 The minimum and maximum TTL values sampled in TTL 63-63 the session. A counter that increments each time two Dup 0 consecutive RTP packets with the sample RTP sequence number are received. 3 of 4 354 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 355: Analyzing Qos Fault And Clear Trap Output
Configuring and analyzing RTP statistics Table 49: QoS Trap output fields (continued) Label Description From the trap example A counter that increments each time an RTP packet Fall 0 with a sequence number less than the last known sequence is received. The average network loss experienced by the Rem{Loss 0.0% #0 Jtr #0}...
Page 356: Viewing Automatic Traceroute Results
QoS fault trap was sent. Viewing automatic traceroute results The VoIP engine automatically performs UDP traceroutes whenever the RTP statistics application is enabled. 356 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 357 Description Session ID The RTP statistics index for the RTP session From The IP address of the G250/G350 The IP address of the session destination (in this case, a destination within the specified subnet) The time the traceroute is performed...
Page 358: Rtp Statistics Examples
Figure 31 shows the locations of four telephone extensions in an example network. Telephones with extensions 2004 and 2111 are connected to the local gateway G250/G350-001. Extensions 2002 and 2101 are connected to the remote gateway G250/G350-002. Figure 31: Four telephones in a sample network...
Page 359 Configuring and analyzing RTP statistics At the site of the local gateway “G250/G350-001”, the administrator enabled and configured the RTP-MIB application as follows: //to enable the RTP statistics application: G350-001(super)# rtp-stat-service //to view the configuration of the application: G350-001(super)# show rtp-stat config...
Page 360 //to configure the minimum statistics window for evaluating packet loss: G350-001(super)# rtp-stat min-stat-win 50 //to configure an external trap manager as a trap destination in addition to the active MGC: G350-001(super)# snmp-server host 136.9.71.47 traps v1 public 360 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 361 Configuring and analyzing RTP statistics //to check SNMP configuration G350-001(super)# show snmp Authentication trap enabled Community-Access Community-String ---------------- ---------------- read-only ***** read-write ***** SNMPv3 Notifications Status ----------------------------- Traps: Enabled Informs: Enabled Retries: 3 Timeout: 3 seconds SNMP-Rec-Address Model Level Notification Trap/Inform User name ---------------- ----- ------- --------------- ----------- ------------------- 135.9.77.47 v1 noauth all trap ReadCommN UDP port: 162 DM 136.9.71.47 v1 noauth all trap WriteCommN...
Page 362: A Call Over The Wan From An Analog Phone To An Ip Phone
At 00:39 on December 7, 2004, a call is placed from analog extension 2111 to IP phone extension 2002 (see Figure 32) in the network described in Configuring the RTP statistics application for a sample network. Figure 32: Remote call from analog to IP phone 362 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 363 Configuring and analyzing RTP statistics The RTP statistics application is configured as described in Configuring the RTP statistics application for a sample network. The callers complain after the call that there were QoS problems during the call. The administrator investigates as follows: //to see if the RTP statistics application registered QoS problems for the call: G350-001(super)# show rtp sessions QoS Start date and time End Time Type...
Page 364: A Local Call Between An Ip And An Analog Phone
33) in the network described in Configuring the RTP statistics application for a sample network. The call is finished at 00:59:19. Figure 33: Local call from analog to IP phone 364 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 365 Configuring and analyzing RTP statistics After the call is ended, the administrator uses the CLI to view the QoS statistics: //to see if there were QoS problems registered during the session G350-001(super)# show rtp sessions last 1 Start date and time End Time Type Destination ----- --- ------------------- -------- ---------...
Page 366: A Remote Call Over The Wan From An Ip Phone To An Ip Phone
30.30.30.2 Sessions 13 and 14 both belong to the call, since two VoIP channels are used by an unshuffled call between two IP phones: one channel between each telephone and the G250/G350 VoIP engine. 366 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 367 Configuring and analyzing RTP statistics Session 13 has QoS problems. //to display details of session 13: G350-001(super)# show rtp-stat detailed 13 Session-ID: 13 Status: Terminated, QOS: Faulted, EngineId: 0 Start-Time: 2004-12-07,01:02:45, End-Time: 2004-12-07,01:05:15 Duration: 00:02:30 CName: gwp@30.30.30.1 Phone: 202:2004 Local-Address: 30.30.30.1:2329 SSRC 3510756141 Remote-Address: 20.20.20.2:2329 SSRC 1372162 (0) Samples: 30 (5 sec) Codec:...
Page 368 --type q to quit or space key to continue-- Remote-Statistics: Loss 0.0% #0, Avg-Loss 0.0%, Jitter 7mS #0, Avg-Jitter 7mS Echo-Cancellation: Loss 49dB #0, Len 32mS RSVP: Status Disabled, Failures 0 368 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 369: A Conference Call
Configuring and analyzing RTP statistics A conference call A conference call is placed between IP phone extension 1003, analog phone extension 80900, and IP phone extension 80886. The call is established by calling from extension 1003 to extension 80900, and then using the conference function on extension 1003 to add 80886 (see Figure 35).
Page 370 Status: Active, QOS: Ok, EngineId: 0 Start-Time: 2004-12-23,09:55:20, End-Time: - Duration: 00:00:50 CName: gwp@33.33.33.33 Phone: 140 :80886:1003 Local-Address: 33.33.33.33:61175 SSRC 3702564610 Remote-Address: 149.49.41.50:61175 SSRC 15161893 (0) Samples: 10 (5 sec) 370 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 371: Rtp Statistics Cli Commands
Configuring and analyzing RTP statistics Codec: G711U 40B 0mS Off, Silence-suppression(Tx/Rx) Disabled/Disabled, Play-Time 161.9 00sec, Loss 0.0% #0, Avg-Loss 0.0%, RTT 103mS #0, Avg-RTT 105mS, JBuf-under/over runs 0.0%/0.0%, Jbuf-Delay 11mS, Max-Jbuf-Delay 13mS Received-RTP: Packets 8094, Loss 0.0% #0, Avg-Loss 0.0%, RTT 8mS #0, Avg-RTT 9mS, Jitter 0mS # 0, Avg-Jitter 0mS, TTL(last/min/max) 0/64/64, Duplicates 0, Seq-Fall 0, DSCP 0, L2Pri 6, RTCP 30 Transmitted-RTP:...
Page 372: Configuring And Analyzing Packet Sniffing
PPP. Non-Ethernet packets are wrapped in a dummy Ethernet header to allow them to be viewed in a libpcap format. Thus, the G250/G350 allows you to analyze packets on all the interfaces of the device.
Page 373: What Can Be Captured
Configuring and analyzing packet sniffing The G250/G350’s packet sniffing service gives you full control over the memory usage of the sniffer. You can set a maximum limit for the capture buffer size, configure a circular buffer so that older information is overwritten when the buffer fills up, and specify a maximum number of bytes to capture for each packet.
Page 374: Configuring Packet Sniffing
Enabling packet sniffing Since the packet sniffing service presents a potential security breach, the administrator must first enable the service on the G250/G350 before a user can start capturing packets. Use the capture-service command to enable the packet sniffing service.
Page 375: Creating A Capture List
A capture list contains an ordered list of rules and actions. A rule specifies criteria against which packets are tested. The action tells the G250/G350 whether to capture or not capture packets matching the rule criteria. Only packets that match the specified criteria and have an action of capture are captured to the capture file.
Page 376 You can use the following rule criteria commands. These commands are described in more detail below. ● dscp ● ip protocol source ip address ● destination ip address ● ● tcp source-port ● tcp destination-port udp source-port ● udp destination-port ● 376 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 377 Configuring and analyzing packet sniffing icmp ● fragment ● Note: You can also use the description command in the rule context to add a Note: description of the rule. DSCP Use the dscp command, followed by a DSCP value (from 0 to 63) to apply the rule to all packets with the specified DSCP value.
Page 378 — the rule applies to UDP packets from ports that match the defined ● criteria udp destination-port — the rule applies to UDP packets to ports that match the ● defined criteria 378 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 379 Configuring and analyzing packet sniffing Port name or number range criteria The port name or number range criteria can be any of the following: Range. Type range, followed by two port numbers, to set a range of port numbers to ●...
Page 380 To apply the rule to non-initial fragments, use the fragment command. You cannot use the fragment command in a rule that includes UDP or TCP source or destination ports. For example: G350-001(super-Capture 520/ip rule 15)# fragment Done! G350-001(super-Capture 520/ip rule 15)# 380 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 381 Configuring and analyzing packet sniffing Capture list example The following commands create a capture list that captures all traffic from subnet 135.122.50.149 255.255.255.254 to an ECC at address 135.122.50.171, except telnet: G350-001(super)# ip capture-list 511 G350-001(super-Capture 511)# name "list #511" Done! ! Rules 10 and 15 provide that telnet packets are not captured.
Page 382: Viewing The Capture List
Applying a capture list To apply a capture list, use the capture filter-group command from the general context. For example, to set the G250/G350 to use capture list 511 on interfaces in which packet sniffing is enabled, specify the following command:...
Page 383: Configuring Packet Sniffing Settings
G350-001(super)# capture max-frame-size 4000 This command will clear the capture buffer - do you want to continue (Y/N)? y Done! G350-001(super)# Note: When you change the maximum frame size, the G250/G350 clears the capture Note: buffer. Issue 3 February 2007...
Page 384: Starting The Packet Sniffing Service
If packet sniffing has not been enabled by the administrator, the following appears: G350-001(super)# capture start Capture service is disable To enable, use the `capture-service` command in supervisor mode. G350-001(super)# 384 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 385: Analyzing Captured Packets
Configuring and analyzing packet sniffing Capturing decrypted IPSec VPN packets IPSec VPN packets are encrypted packets. The contents of encrypted packets cannot be viewed when captured. However, you can use the capture ipsec decrypted command to specify that IPSec VPN packets, handled by the internal VPN gateway process, should be captured in clear text format.
Page 386: Uploading The Capture File
WAN problem, you can upload the capture file to an S8300 Media Server and view it using t-ethereal, which is a command-line version of Ethereal. 386 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 387 Maintenance Web Interface, see Installing and Upgrading the Avaya G250 Media Gateway, 03-300434 or Installing and Upgrading the Avaya G350 Media Gateway, 03-300394. 3. In the Avaya Maintenance Web Interface, select FTP under Security in the main menu. 4. Click Start Server. 5. Log into the G250/G350.
Page 388: Analyzing The Capture File
For example, you can display only packets with a specific source address, or only those received from a specific interface. See Identifying the interface on page 389. The following figure shows a sample Ethereal screen. 388 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 389 Figure 36: Sample Ethereal screen Identifying the interface The G250/G350’s packet sniffing service can capture also non-Ethernet packets, such as frame-relay and PPP, into the capture file. This is achieved by wrapping non-Ethernet packets in a dummy Ethernet header to allow the packets to be stored in a libpcap format. This allows you to analyze packets on all the device interfaces.
Page 390: Simulating Packets
4, on port number 1, with channel group number 2. Simulating packets Capture lists support the IP simulate command. Refer to Simulating packets on page 551. 390 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 391: Packet Sniffing Cli Commands
Configuring and analyzing packet sniffing Packet sniffing CLI commands General context Table 53: Packet sniffing CLI commands in general context Command Description User Level Start capturing packets Capture start Stop capturing packets Capture stop Clear the capture buffer (useful in clear capture buffer case it holds sensitive information) Enable/disable the capture service...
Page 392: Ip Capture-List Context
IP rules are evaluated one by one (according to their number). The composite-operation (Capture/No-capture) of the first rule to match the packet is executed. If no rule is matched, the ip-rule default composite-operation is executed. 392 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 393 Configuring and analyzing packet sniffing Note: The not operator changes a field operand so it matches when the field does not Note: equal the configured value. Thus, not ip-protocol tcp specifies all protocols but TCP. Table 55: Packet sniffing CLI commands in ip-rule context Command Description User Level...
Page 394: Ip-Rule Default Context
Ip-rule default context Table 56: Packet sniffing CLI commands in ip-rule default context Command Description User Level Set the default rule action composite-operation name Shows the default rule Show ip-rule [all|rule-id] 394 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 395: Reporting On Interface Status
Shutdown FastEthernet 10/2 is Down Down AdminDown administratively down, line protocol is down For detailed specifications of CLI commands, refer to Avaya G250 and Avaya G350 Media Gateways CLI Reference, 03-300437. Issue 3 February 2007...
Page 396: Configuring And Monitoring Cna Test Plugs
Performs the specified test using the parameter values passed in the test request ● Upon successful completion of the test, sends the test results to the analyzer of the ● Chatterbox whose IP Address is designated in the test request 396 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 397: Cna Tests
Configuring and monitoring CNA test plugs CNA tests The G250/G350 test plug supports all CNA tests, which are: Traceroute. Measures per-hop round-trip delays to a target IP address by sending a ● sequence of hop-limited UDP messages, each with a TTL (time-to-live) value that is one greater than that of the preceding message.
Page 398: Configuring The G250/G350 Test Plug For Registration
Configuring monitoring applications Configuring the G250/G350 test plug for registration From the G250/G350 CLI, you can configure the G250/G350 test plug to register with a CNA scheduler. 1. Use the cna-testplug command to enter the test plug context. For example:...
Page 399: Cna Test Plug Configuration Example
Configuring and monitoring CNA test plugs CNA test plug configuration example The following example includes displaying default test plug configuration, configuring the test plug, enabling the test plug service, and displaying test plug configuration and counters. Issue 3 February 2007...
Page 400 ---------- ------ ------ --------- traceroute ping tcpconnect merge //to reenter the test plug context: G350-001(super)# cna testplug 1 //to delete scheduler 1: G350-001(super-cna testplug 1)# no scheduler 1 Done! 400 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 401 Configuring and monitoring CNA test plugs //to exit the test plug context: G350-001(super-cna testplug 1)# exit //to show that scheduler 1 is no longer configured: G350-001(super)# show cna testplug CNA testplug 1 is administratively down, test-plug status is unregistered Address 149.49.75.178, bind to PMI, ID 00:04:0d:6d:30:48 Scheduler list: 3: 135.64.102.76:50002 Ports: Control 8889,...
Page 402 Configuring monitoring applications 402 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 403: Chapter 18: Configuring The Router
Chapter 18: Configuring the router The Avaya G250 and G350 Media Gateways each have an internal router. You can configure the following routing features on the router: Interfaces ● Unnumbered IP interfaces ● Routing table ● GRE tunneling ● DHCP and BOOTP relay ●...
Page 404: Physical Router Interfaces
- The Avaya MM340 media module provides an E1/T1 WAN interface. - The Avaya MM342 media module provides a USP WAN interface. Fast Ethernet Interface — The 10/2 Fast Ethernet port on the front panel of the G250 and ●...
Page 405: Ip Interface Configuration Commands
Configuring interface parameter commands Use the following commands to configure the interface parameters. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the ip admin-state command to set the administrative state of the IP interface.
Page 406: Configuring Unnumbered Ip Interfaces
2. Enter the context of the interface on which you want to configure an unnumbered IP address (usually the Dialer interface). 3. Use the ip unnumbered command, specifying the interface from which to borrow the IP address. 406 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 407: Unnumbered Ip Examples
G250-001(super-if:Dialer 1)# dialer modem-interface USB-Modem //to configure IP unnumbered on the Dialer interface, borrowing the IP address from vlan interface 1, configured above: G250-001(super-if:Dialer 1)# ip unnumbered 1 Vlan 1 G250-001(super-if:Dialer 1)# exit G250-001(super)# ! The following sample routing table shows how routes discovered on unnumbered interfaces by...
Page 408: Configuring The Routing Table
Next-hop IP address — specifies the IP address of a router as a next-hop. The next-hop ● router must belong to one of the directly attached networks for which the Avaya G250/ G350 Media Gateway has an IP interface. Static route types Two kinds of static routes can be configured: High Preference static routes —...
Page 409: Configuring Multiple Next-Hops
Configuring the routing table Configuring multiple next-hops You can configure up to three next-hops for each static route in one of the following manners: Enter all of the next-hops using a single ip route command. To add a new next-hop to ●...
Page 410: Permanent Static Route
180. Permanent static route The Avaya G250/G350 Media Gateway enables you to configure a static route as a permanent route. Configuring this option prevents the static route from becoming inactive when the underlying Layer 2 interface is down. This prevents routing table updates from being sent each time an interface goes up or down when there is a fluctuating Layer 2 interface on the static route.
Page 411: Routing Table Commands
Use the traceroute command, followed by an IP address, to trace the route an IP ● packet would follow to the specified IP address. The G250/G350 traces the route by launching UDP probe packets with a small time to live (TTL), then listening for an ICMP time exceeded reply from a gateway.
Page 412: Routing Packets To A Gre Tunnel
The packet is routed to the tunnel interface dynamically by a routing protocol (RIP or ● OSPF). The packet is routed to the tunnel interface via policy-based routing. See Configuring ● policy-based routing on page 553. 412 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 413: Preventing Nested Tunneling In Gre Tunnels
In addition to checking for nested tunneling, the G250/G350 prevents loops in connection with GRE tunnels by preventing the same packet from being encapsulated more than once in the G250/G350.
Page 414: Recommendations On Avoiding Nested Tunneling
G350-001(super)# ip distribution access-default-action 1 default-action-permit Done! G350-001(super)# ip distribution access-list 1 10 "deny" 192.68.1.0 0.0.0.255 Done! G350-001(super)# router rip G350-001(super router:rip)# distribution-list 1 out FastEthernet 10/2 Done! G350-001(super router:rip)# exit G350-001(super)# 414 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 415: Optional Gre Tunnel Features
Configuring GRE tunneling Accept policy. ● Configure a policy rule on the source tunnel endpoint (router 1) that will cause the source endpoint to not accept routing updates that include the source network (192.68.1.0). This solution is for nested tunneling caused by RIP. For example, using the network shown in Figure 37 as an illustration, you would configure the following policy rule on router 1 and activate it on the router RIP with the matching interface:...
Page 416: Dynamic Mtu Discovery
The tunnel path-mtu-discovery command includes the following parameters: age-timer — how long, until the local tunnel endpoint returns the tunnel MTU to its ● default. The default value of this parameter is 10 minutes. 416 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 417: Setting Up A Gre Tunnel
The Avaya G250/G350 Media Gateway does not check whether the configured Note: tunnel source IP address is an existing IP address registered with the G250/G350 router. 4. In most cases, it is recommended to configure keepalive in the tunnel so that the tunnel’s source interface can determine and inform the host if the tunnel is down.
Page 418 For a list of optional GRE tunnel features, refer to Optional GRE tunnel features on page 415. For a list of additional GRE tunnel CLI commands, refer to Additional GRE tunnel parameters on page 419. 418 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 419: Additional Gre Tunnel Parameters
Additional GRE tunnel parameters Use the following commands to configure additional GRE tunnel parameters. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the tunnel checksum command in the context of the GRE tunnel interface to add a ●...
Page 420: Gre Tunnel Application Example
(11.0.0.10) as the source IP address. When the packet arrives at Router 2, which is the end point of the GRE tunnel, Router 2 removes the outer IP header and the GRE header and sends the packet to its original destination at IP address (8.0.0.2). 420 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 421 Configuring GRE tunneling You can use the following commands to configure GRE tunneling (with OSPF) in this example: Router 1 Configuration G350-001(super)# interface FastEthernet 10/2 G350-001(super-if:FastEthernet 10/2)# ip address 11.0.0.10 255.255.255.0 G350-001(super-if:FastEthernet 10/2)# exit G350-001(super)# interface tunnel 1 G350-001(super-if:Tunnel 1)# keepalive 10 3 Done! G350-001(super-if:Tunnel 1)# tunnel source 11.0.0.10 Done!
Page 422: Configuring Dhcp And Bootp Relay
DHCP and BOOTP packets. The router also relays replies from the server back to the client. The G250/G350 can alternatively function as a DHCP server, providing DHCP service to local devices. For information about configuring DHCP server on the G250/G350, see...
Page 423: Dhcp/Bootp Relay
Note: protocols. When there is more than one IP interface on a VLAN, the G250/G350 chooses the lowest IP address on this VLAN when relaying DHCP/BOOTP requests. The DHCP/BOOTP server then uses this address to decide the network from which to allocate the address. When there are multiple networks configured, the G250/G350 performs a round-robin selection process.
Page 424: Dhcp/Bootp Relay Commands
IP addresses and other parameters for each device on the network individually. Since a DHCP server can be configured on the G250/G350, local branch devices are not dependant on receiving configuration parameters over the WAN from a remote DHCP server and therefore can be assigned IP configuration parameters in case of WAN failure.
Page 425: Typical Dhcp Server Application
Configuring DHCP server The Avaya G250/G350 Media Gateway can function as a DHCP server or as a DHCP relay or both simultaneously, with each interface configured in either DHCP server mode or DHCP relay mode. For example, you can configure the G250/G350 to provide DHCP service to voice devices while DHCP requests by data devices are routed to a central remote DHCP server using DHCP relay.
Page 426: Dhcp Server Cli Configuration
10. Use the ip dhcp-server command to activate DHCP server. DHCP server is now active. If you change the pool configuration, it is recommended to do so while the pool is active. 426 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 427: Configuring Options
IP addresses. Configuring Options DHCP options are various types of network configuration information that the DHCP client can receive from the DHCP server. The G250/G350 supports all DHCP options. The most common options used for IP phones are listed in Table 59.
Page 428: Configuring Vendor-Specific Options
Done! G350-001(super-DHCP 1/option 176)# value ascii "MCIPADD=10.10.2.140, MCPORT=1719, TFTPSRVR=10.10.5.188" Done! 350-001(super-DHCP 1/option 176)# exit G350-001(super-DHCP 1)# exit G350-001(super)# ip dhcp activate pool 1 Done! G350-001(super)# ip dhcp-server Done! G350-001(super)# 428 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 429 Done! G350-001(super)# The following example configures a vendor-specific option for DHCP pool 5: G350-001(super-DHCP 5)# vendor-specific-option 1 G350-001(super-DHCP 5/vendor specific 1)# class-identifier "ccp.avaya.com" Done! G350-001(super-DHCP 5/vendor specific 1)# value raw ascii "gfdgfd" Done! G350-001(super-DHCP 5/vendor specific 1)# exit G350-001(super-DHCP 5)#...
Page 430: Configuring Broadcast Relay
For each interface on the Avaya G250/G350 Media Gateway, you can configure whether the G250/G350 forwards directed broadcast packets to the network address or subnet mask address of the interface.
Page 431: Netbios Rebroadcast
Network Basic Input Output System (NetBIOS) is a protocol for sharing resources among desktop computers on a LAN. You can configure the Avaya G250/G350 Media Gateway to relay NetBIOS UDP broadcast packets. This feature is used for applications such as WINS that use broadcast but might need to communicate with stations on other subnetworks or VLANs.
Page 432: Overview Of Arp
Static ARP table entries do not expire. You add static ARP table entries manually with the arp command. For example, to add a static ARP table entry for station 192.168.7.8 with MAC address 00:40:0d:8c:2a:01, use the following command: G350-001# arp 192.168.7.8 00:40:0d:8c:2a:01 432 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 433 Configuring the ARP table Dynamic ARP table entries are mappings between IP addresses and MAC addresses that the switch used recently. Dynamic ARP table entries expire after an amount of time that you can configure. The following figure shows how a switch adds dynamic ARP table entries: You can remove static and dynamic entries from the ARP table.
Page 434: Arp Table Commands
MAC address. Enabling proxy ARP The G250/G350 supports proxy ARP. Proxy ARP is a technique by which a router provides a false identity when answering ARP requests intended for another device. By falsifying its identify, the router accepts responsibility for routing packets to their true destination.
Page 435: Configuring Icmp Errors
439. You can configure route redistribution between OSPF, RIP, and static routes. With route redistribution, you can configure the G250/G350 to redistribute routes learned from one protocol into the domain of the other routing protocol. For more information, see Route redistribution page 441.
Page 436: Ripv2
You can assign the rules per interface and per direction. 436 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 437: Rip Limitations
Configuring RIP Up to 99 RIP distribution access lists can be configured on the Avaya G250/G350 Media Gateway. For example: To configure RIP distribution access list number 10 permitting distribution and learning of network 10.10.0.0: 1. Enter the command: ip distribution access-list 10 1 permit 10.10.0.0 0.0.255.255...
Page 438: Rip Commands
Use the no form of this command to restore the default value, disabling RIP. Use the timers basic command to set RIP timers. Use the no form of this command to ● set the RIP timers to their default values. 438 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 439: Configuring Ospf
441. OSPF dynamic cost An OSPF interface on the G250/G350 can dynamically set a Cost. The Cost represents the price assigned to each interface for purposes of determining the shortest path. By default the OSPF interface Cost is calculated based on the interface bandwidth, according to...
Page 440: Ospf Limitations
The G250/G350 can be installed in the OSPF backbone area (area 0.0.0.0) or in any OSPF area that is part of a multiple areas network. However, the G250/G350 cannot be configured to be an OSPF area border router itself.
Page 441: Route Redistribution
Route redistribution is the interaction of multiple routing protocols. OSPF and RIP can be operated concurrently in the G250/G350. In this case, you can configure the G250/G350 to redistribute routes learned from one protocol into the domain of the other routing protocol.
Page 442: Export Default Metric
Static routes are, by default, redistributed to RIP and OSPF. The G250/G350 allows the user to globally disable redistribution of static routes to RIP, and separately to globally disable redistribution of static routes to OSPF. In addition you can configure, on a per static route basis, whether the route is to be redistributed to RIP and OSPF, and what metric to use (in the range of 1-15).
Page 443: Vrrp Configuration Example
Configuring VRRP The concept underlying VRRP is that a router can backup other routers, in addition to performing its primary routing functions. This redundancy is achieved by introducing the concept of a virtual router. A virtual router is a routing entity associated with multiple physical routers.
Page 444: Vrrp Commands
There is one main router on IP subnet 20.20.20.0, such as a G350, C363T, C364T, or any router that supports VRRP, and a backup router. You can configure more backup routers. The G250/G350 itself must have an interface on the IP subnetwork, for example, ●...
Page 445: Configuring Fragmentation
● Configuring fragmentation The G250/G350 supports IP fragmentation and reassembly. The G250/G350 router can fragment and reassemble IP packets according to RFC 791. This feature allows the router to send and receive large IP packets where the underlying data link protocol constrains the Maximum Transport Unit (MTU).
Page 446: Reassembly Parameters
Fragmentation commands Use the following commands to configure fragmentation and reassembly. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the clear fragment command to clear the fragment database and restore its ●...
Page 447: Chapter 19: Configuring Ipsec Vpn
IPSec SAs secure the actual traffic between the protected networks behind the peers, while the IKE SA only secures the key exchanges that generate the IPSec SAs between the peers. The G250/G350 IPSec VPN feature is designed to support site-to-site topologies, in which the two peers are gateways.
Page 448: G250/G350 R3.0 Vpn Capabilities
Dynamic local peer IP address support through IKE aggressive mode and self-identity ● FQDN Note: The G250/G350 can acquire a dynamic IP address through PPPoE or DHCP Note: Enhanced remote peer failover support- ● - Specifying a hostname rather than IP address for the remote peer, thus allowing for a DNS server to perform a resiliency scheme when providing the IP address mapping.
Page 449: G250/G350 R3.1 Vpn Capabilities
G250/G350 R3.1 VPN capabilities R3.1 VPN supports the following, in addition to the R3.0 capabilities: Support for configurations in which the G250/G350 acts as a regional VPN hub for ● dynamically addressed peers. This is achieved by supporting Aggressive Mode as a responder in an IKE Phase-1 negotiation.
Page 450: Overview Of Ipsec Vpn Configuration
The basic IPSec VPN building blocks define how to secure packets, as follows: ISAKMP policies – define parameters for IKE phase 1 negotiation ● Transform-sets – define parameters for IKE phase 2 negotiation ● 450 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 451 Once the building blocks are defined, IPSec VPN is implemented using a crypto-list. The crypto-list defines, for the interface to which it applies, which packets should be secured and how, as follows: Each rule in the crypto-list points to a crypto-map. A crypto-map points to a transform-set, and to a peer or peer-group.
Page 452: Summary Of Configuration Steps
- isakmp-policy - pre-shared-key - initiate mode - self-identity - keepalive - keepalive-track - continuous-channel (Optional) ISAKMP peer group – crypto isakmp peer-group ● - description - set peer 452 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 453 Crypto map – crypto map ● - description - set transform-set - set peer OR set peer-group - set dscp - continuous-channel IP crypto-list – ip crypto-list ● - local-address - ip-rule description ● source-ip ● destination-ip ● protect crypto map ●...
Page 454: Configuring A Site-To-Site Ipsec Vpn
5. Reset using the reset command. Configuring IPSec VPN Prerequisites As a prerequisite to configuring IPSec VPN, a valid VPN license must be installed on the G250/ G350. For details, see Installing the VPN license file on page 454.
Page 455: Ipsec Vpn Configuration Overview
Configuring a site-to-site IPSec VPN IPSec VPN configuration overview To configure a site-to-site IPSec VPN, two devices (the G250/G350 and a peer Gateway) must be configured symmetrically. In some cases, you may wish to configure global VPN parameters (see Configuring global parameters on page 468).
Page 456: Configuring Isakmp Policies
G350-001(config-isakmp:1)# encryption des Done! G350-001(config-isakmp:1)# hash md5 Done! G350-001(config-isakmp:1)# group 1 Done! G350-001(config-isakmp:1)# lifetime 60000 Done! 3. Exit the ISAKMP policy context using the exit command. G350-001(config-isakmp:1)# exit G350-001# 456 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 457: Configuring Transform-Sets
Configuring a site-to-site IPSec VPN Configuring transform-sets A transform-set defines the IKE phase 2 parameters. It specifies the encryption and authentication algorithms to be used for, sets a security association lifetime, and specifies whether PFS is enabled and which DH group it uses. In addition, it specifies the IPSec VPN mode (tunnel or transport).
Page 458: Configuring Isakmp Peer Information
If you wish to specify the ISAKMP peer by its FQDN name, you must configure Note: the G250/G350 as a DNS client (see DNS Resolver on page 77), and make sure that the peer’s name is listed in a DNS server. 458 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 459 GNpi1odGNBrB5z4GJL G350-001(config-peer:149.49.70.1)# pre-shared-key Done! Alternatively, you can obtain a cryptographic-grade random key from the G250/G350 using the suggest-key command, and then enter it using the pre-shared-key command. The suggested key-length can vary from 8-127 alphanumeric characters, or from 8-64 bytes represented in hexadecimal notation. The default length is 32 characters.
Page 460 (for more explanations on continuous-channel see Enabling continuous channel page 483). 7. Specify the branch device (G250/G350) by its address or by the FQDN name that identifies the G250/G350 in the remote peer, using the self-identity command. G350-001(config-peer:149.49.70.1)# self-identity address Done! G350-001(config-peer:149.49.70.1)# self-identity fqdn vpn.avaya.com...
Page 461: Configuring An Isakmp Peer-Group
Configuring a site-to-site IPSec VPN 9. Bind peer status to an object tracker, which can monitor hosts inside the remote peer’s protected network. To do so, use the keepalive-track command. For more information on object trackers, see Object tracking on page 256. G350-001(config-peer:149.49.70.1)# keepalive-track 5 Done! Note:...
Page 462: Configuring Crypto Maps
The transform-set and ISAKMP policy define how to secure the traffic that matches the ip-rule that points to this crypto map. Important: It is mandatory to create at least one crypto map. Important: Note: You can configure up to 100 crypto maps. Note: 462 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 463 Configuring a site-to-site IPSec VPN 1. Use the crypto map command, followed by an index number between 1 and 50, to enter the context of a crypto map (and to create the crypto map if it does not exist). G350-001# crypto map 1 G350-001(config-crypto:1)# 2.
Page 464: Configuring Crypto-Lists
A crypto-list is an ordered list of ip-rules that control which traffic requires IPSec protection and which does not, based on IP groups (source and destination IP addresses and wildcard). A crypto-list is activated on an interface. The G250/G350 can have multiple crypto-lists activated on different interfaces.
Page 465 Configuring a site-to-site IPSec VPN Note: Specifying the interface as a name is one of the prerequisites for working with Note: dynamic local peer IP addresses. For more information about working with dynamic local peer IP addresses, see Using dynamic local peer IP on page 480.
Page 466 ● match this rule by using the following commands. For a full description of the commands see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Note that this fine-tuning is not applicable for rules whose action is protect crypto map.
Page 467: Deactivating Crypto Lists To Modify Ipsec Vpn Parameters
Configuring a site-to-site IPSec VPN Deactivating crypto lists to modify IPSec VPN parameters Most IPSec VPN parameters cannot be modified if they are linked to an active crypto list. To modify a parameter linked to an active crypto list, you must first deactivate the list using the no ip crypto-group command in the context of the interface on which the crypto list is activated.
Page 468: Configuring And Assigning An Access Control List
4500; to find out the port number, use the show crypto ipsec sa command. The G250/G350 IPSec VPN feature supports NAT Traversal. If your installation includes one or more NAT devices between the local and remote VPN peers, NAT Traversal should be enabled, although in some rare cases it may not be required.
Page 469: Assigning A Crypto-List To An Interface
NAT translation alive in the NAT device, and not let it age-out due to periods of inactivity. Set the NAT Traversal keepalive interval on the G250/G350 to be less than the NAT translation aging time on the NAT device. G350-001# crypto isakmp nat keepalive 60...
Page 470 The crypto ipsec minimal pmtu command is intended for advanced users only. ● It sets the minimal PMTU value which can be applied to an SA when the G250/G350 participates in Path MTU Discovery (PMTUD) for the tunnel pertaining to that SA.
Page 471: Ipsec Vpn Maintenance
Displaying IPSec VPN configuration You can use the following show commands to display IPSec VPN configuration. For a full description of the commands and their output fields see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the show crypto ipsec transform-set command to display configuration for a ●...
Page 472: Ipsec Vpn Intervention
Configuring logging Note: page 187. 1. Use the set logging session enable command to enable session logging. G350-001# set logging session enable Done! CLI-Notification: write: set logging session enable 472 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 473 IPSec VPN maintenance 2. Use the set logging session condition ISAKMP command to view all ISAKMP messages of Info level and above. G350-001# set logging session condition ISAKMP Info Done! CLI-Notification: write: set logging session condition ISAKMP Info 3. Use the set logging session condition IPSEC command to view all IPSec messages of Info level and above.
Page 474: Typical Installations
There is a VPN tunnel from each Spoke to the VPN hub over the Internet. ● Only VPN traffic is allowed via the Internet connection. ● Figure 43: Simple VPN topology: VPN hub and spokes 474 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 475: Configuring The Simple Vpn Topology
Typical installations Configuring the simple VPN topology 1. Configure each branch as follows: The default gateway is the Internet interface. ● VPN policy is configured on the Internet interface egress as follows: ● Traffic from the local subnets to any IP address is encrypted, using tunnel mode IPSec.
Page 476 PMTUD application to work. Egress All allowed Permit This traffic is services from tunnelled using VPN. any IP address to any local subnet Egress Default Deny 2 of 2 476 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 477: Configuration Example
Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 exit crypto isakmp peer address <Main Office Public Internet Static IP Address> pre-shared-key <secret key> isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac set pfs 2 exit crypto map 1 set peer <Main OfficeMain Office Public Internet Static IP...
Page 478 11 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t-vsu composite-operation permit exit 478 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 479 Typical installations ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 desintation-ip any source-ip host <Branch Subnet1> <Branch Subnet1 Mask> composite-operation Permit exit ip-rule 50 destination-ip any source-ip host <Branch Subnet2>...
Page 480: Using Dynamic Local Peer Ip
G250/G350 to learn the IP address dynamically using either PPPoE or DHCP Client. Note: When working with dynamic local peer IP, you must make sure that it is the G250/ Note: G350 that initiates the VPN connection. The VPN peer cannot initiate the connection since it does not know the G250/G350’s IP address.
Page 481 PPP over Ethernet (PPPoE) is a client-server protocol used for carrying Note: PPP-encapsulated data over Ethernet frames. You can configure PPPoE on the G250/G350’s ETH WAN Fast Ethernet port. For more information about PPPoE on the G250/G350, see Configuring PPPoE on page 225.
Page 482 ! Activate the Ingress and Egress ACLs on the Fast Ethernet interface G350-001(config)# interface FastEthernet 10/2 G350-001(config-if:FastEthernet 10/2)# ip access-group 301 in Done! G350-001(config-if:FastEthernet 10/2)# ip access-group 302 out Done! 482 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 483: Enabling Continuous Channel
However, there are advantages to keeping the connection continuously alive, such as eliminating the waiting time necessary to construct a new IPSec VPN connection. The G250/G350 IPSec VPN feature supports continuous channel, which maintains a continuous IPSec VPN connection. That means that when you activate the ip crypto-group command on the defined interface, the IPSec VPN tunnel is immediately started, even if no traffic is traversing the interface and the timeouts have expired.
Page 484: Full Or Partial Mesh
● There is a VPN tunnel from one spoke to another spoke. ● Only VPN traffic is allowed via the Internet connection. ● Figure 44: Full or partial mesh 484 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 485 Typical installations Configuring the mesh VPN topology 1. Configure branch office 1 as follows: The default gateway is the Internet interface. ● VPN policy is configured on the Internet interface egress as follows: ● - Traffic from the local subnets to the second spoke subnets -> encrypt, using tunnel mode IPSec, with the remote peer being the second spoke.
Page 486 Traffic ACL parameter Description Direction value Ingress IKE from Main Office IP to Permit Branch IP Ingress ESP from Main Office IP to Permit Branch IP 1 of 2 486 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 487 Typical installations Table 63: Configuring the mesh VPN topology - branch 2 (continued) Traffic ACL parameter Description Direction value Ingress IKE from First Branch IP to Permit Branch IP Ingress ESP from First Branch IP to Permit Branch IP Ingress ICMP from any IP address to Permit This allows PMTUD application...
Page 488 <Second Branch Subnet1> <Second Branch Subnet1 Mask> protect crypto map 2 exit ip-rule 3 source-ip <Branch Subnet1> <Branch Subnet1 Mask> destination-ip <Second Branch Subnet2> <Second Branch Subnet2 Mask> protect crypto map 2 exit 488 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 489 Typical installations ip-rule 4 source-ip <Branch Subnet2> <Branch Subnet2 Mask> destination-ip <Second Branch Subnet2> <Second Branch Subnet2 Mask> protect crypto map 2 exit ip-rule 10 source-ip <Branch Subnet1> <Branch Subnet1 Mask> destination-ip protect crypto map 1 exit ip-rule 20 source-ip <Branch Subnet2> <Branch Subnet2 Mask> destination-ip protect crypto map 1 exit...
Page 490 Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit 490 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 491 Typical installations ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 desintation-ip any source-ip host <Branch Subnet1> <Branch Subnet1 Mask> composite-operation Permit exit ip-rule 50 destination-ip any source-ip host <Branch Subnet2> <Branch Subnet2 Mask> composite-operation Permit exit ip-rule default composite-operation deny...
Page 492 <First Branch Subnet1> <Second Branch Subnet1 Mask> protect crypto map 2 exit ip-rule 3 source-ip <Branch Subnet1> <Branch Subnet1 Mask> destination-ip <First Branch Subnet2> <Second Branch Subnet2 Mask> protect crypto map 2 exit 492 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 493 Typical installations ip-rule 4 source-ip <Branch Subnet2> <Branch Subnet2 Mask> destination-ip <First Branch Subnet2> <Second Branch Subnet2 Mask> protect crypto map 2 exit ip-rule 10 source-ip <Branch Subnet1> <Branch Subnet1 Mask> destination-ip protect crypto map 1 exit ip-rule 20 source-ip <Branch Subnet2> <Branch Subnet2 Mask> destination-ip protect crypto map 1 exit...
Page 494 Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit 494 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 495 Typical installations ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 desintation-ip any source-ip host <Branch Subnet1> <Branch Subnet1 Mask> composite-operation Permit exit ip-rule 50 destination-ip any source-ip host <Branch Subnet2> <Branch Subnet2 Mask> composite-operation Permit exit ip-rule default composite-operation deny...
Page 496: Full Solution - Hub-And-Spoke With Vpn
Figure 45: Full solution: hub-and-spoke with VPN for data and VoIP control backup Configuring hub-and-spoke with VPN for data and VoIP control backup 1. Configure the Branch Office as follows: The default gateway is the Internet interface. ● 496 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 497 Typical installations VPN policy is configured on the Internet interface egress as follows: ● Traffic from the local GRE tunnel endpoint to the remote GRE tunnel endpoint -> encrypt, using IPSec tunnel mode, with the remote peer being the Main Office. An access control list (ACL) is configured on the Internet interface to allow only the ●...
Page 498 - Destination IP = branch VoIP subnet(s) or GW address (PMI), DSCP = control -> Route: 1. WAN 2. DBR ACM is configured to route voice calls through PSTN when the main VoIP trunk is ● down. 498 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 499 Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp peer address <Main Office Internet public Static IP Address> pre-shared-key <key1> isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit crypto map 1 set peer <Main Office Internet public Static IP Address>...
Page 500 <Branch voice Subnet> <Branch voice Subnet Mask> composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit 500 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 501 Typical installations ip-rule 11 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any...
Page 502 ! The following command specifies the Voice bearer dscp 46 next-hop list 1 exit ip-rule 20 ! The following command specifies the Voice Control dscp 34 next-hop list 2 exit ip-rule default next-hop PBR exit exit 502 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 503: Typical Failover Applications
IP address before establishing an IKE connection. Your DNS server should be able to provide an IP address of a living host. The G250/G350 will perform a new DNS query and try to re-establish the VPN connection to the newly provided IP address whenever it senses that the currently active remote peer stopped responding.
Page 504: Failover Using Gre
When configuring a crypto map, point to the peer-group instead of to a single peer. Failover using GRE A branch with a G250/G350 can connect to two or more VPN hub sites, in a way that will provide either redundancy or load sharing.
Page 505 Typical installations Figure 46: Hub-and-spoke with hub redundancy/load sharing using GRE Configuring VPN hub redundancy and load sharing topologies using GRE 1. Configure the Branch Office as follows: VPN policy is configured on the Internet interface egress as follows: ● GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 1 ->...
Page 506 ● modifications. The GRE tunnel interface is configured for the branch. ● Dynamic routing (OSPF or RIP) is configured to run over the GRE interface to the ● branch. 506 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 507 Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp peer address <Primary Main Office Internet public Static IP Address> pre-shared-key <key1> isakmp-policy 1 exit crypto isakmp peer address <Backup Main Office Internet public Static IP Address>...
Page 508 Permit exit ip-rule 50 source-ip any destination-ip host <Branch Office Public Internet Static IP Address> ip-protocol icmp composite-operation Permit exit ip-rule 60 source-ip any destination-ip any composite-operation Permit exit 508 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 509 Typical installations ip-rule 70 source-ip host <Backup Main Office GRE Tunnel end point IP Address> destination-ip host <Branch GRE Tunnel end point IP Address> composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 30 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike...
Page 510 Tunnel 2 keepalive 10 3 tunnel source <Branch GRE Tunnel end point IP Address> tunnel destination <Backup Main Office GRE Tunnel end point IP Address> ip address 20.20.20.1 255.255.255.252 exit 510 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 511: Failover Using Dns
VPN peers. On the G250/G350 configure that hostname as your remote peer. The G250/G350 will perform a DNS query in order to resolve the hostname to an IP address before establishing an IKE connection. Your DNS server should be able to provide an IP address of a living host.
Page 512 Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE). ● Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC). ● Permit ICMP traffic, to support PMTU application support, for a better fragmentation ● process. 512 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 513 Typical installations For each private subnet, add a permit rule, with the destination being the private ● subnet, and the source being any. This traffic will be allowed only if it tunnels under the VPN, because of the crypto-list. Define all other traffic (default rule) as deny in order to protect the device from ●...
Page 514 ! that is accessible without VPN. ip domain name-server-list 1 name-server 1 123.124.125.126 exit ! Define the IKE Entity crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit 514 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 515 Typical installations ! Define the remote peer as FQDN (DNS Name) crypto isakmp peer fqdn main-vpn.avaya.com pre-shared-key <key1> isakmp-policy 1 exit ! Define the IPSEC Entity crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit ! Define the VPN Tunnel crypto map 1 set peer main-vpn.avaya.com...
Page 516 Permit exit ip-rule 30 source-ip destination-ip ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip destination-ip 10.0.10.0 0.0.0.255 composite-operation Permit exit ip-rule 50 source-ip destination-ip 10.0.20.0 0.0.0.255 composite-operation Permit exit 516 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 517 Typical installations ip-rule default composite-operation deny exit exit ! Define the Egress access control list for the public interface ip access-control-list 302 ip-rule 5 source-ip destination-ip ip-protocol udp destination-port eq dns composite-operation Permit exit ip-rule 10 source-ip destination-ip ip-protocol udp destination-port eq Ike composite-operation Permit exit...
Page 518 ! Activate the crypto-list and the access control list on the public interface interface FastEthernet 10/2 ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit 518 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 519: Failover Using A Peer-Group
Typical installations Failover using a peer-group The failover VPN topology utilizes a peer-group which lists a group of redundant peers. At any point in time, only one peer is active and acting as the remote peer. An object tracker monitors the state of the active peer.
Page 520 Define a track list that will monitor (by ICMP) 5 hosts behind the specific peer. If two or more hosts are not working then the object tracker is down. The G250/G350 will then pass on to the next peer in the peer group list.
Page 521 Typical installations Permit ICMP traffic, to support PMTU application support, for a better fragmentation ● process. For each private subnet, add a permit rule, with the destination being the private ● subnet, and the source being any. This traffic will be allowed only if it tunnels under the VPN, because of the crypto-list.
Page 522 10.0.20.1 255.255.255.0 exit ! Define the Public Subnet interface FastEthernet 10/2 ip address 100.0.0.2 255.255.255.0 exit ! Define the default gateway the public interfce ip default-gateway 100.0.0.1 522 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 523 Typical installations ! We wish to check 5 hosts in the Corporate intranet behind the current VPN ! remote peer, and if 2 or more hosts don’t work then keepalive-track will fail , ! and we will move to the next peer in the peer-group rtr 1 type echo protocol ipIcmpEcho <host1 IP>...
Page 524 "Fast Ethernet 10/2.0" ip-rule 10 source-ip 10.0.10.0 0.0.0.255 destination-ip any protect crypto map 1 exit ip-rule 20 source-ip 10.0.20.0 0.0.0.255 destination-ip any protect crypto map 1 exit exit 524 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 525 Typical installations ! Define the Ingress access control list for the public interface ip access-control-list 301 ip-rule 10 source-ip destination-ip ip-protocol udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any...
Page 526 Permit exit ip-rule 40 source-ip 10.0.10.0 0.0.0.255 destination-ip composite-operation Permit exit ip-rule 50 source-ip 10.0.20.0 0.0.0.255 destination-ip composite-operation Permit exit ip-rule default composite-operation deny exit exit 526 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 527: Check-List For Configuring Site-To-Site Ipsec Vpn
301 in ip access-group 302 out exit Check-List for Configuring site-to-site IPSec VPN Use the following table to gather the information for simple G250 and G350 site-to-site IPSec VPN. Table 66: Checklist for configuring site-to-site IPSec VPN Parameter...
Page 528 ● ● ● - Lifetime seconds 120 - 86,400 ● default: 3,600 (1 hour) - Lifetime kilobytes 2,560 - 536,870,912 ● default: 4,608,000 kb disable ● 2 of 3 528 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 529 Check-List for Configuring site-to-site IPSec VPN Table 66: Checklist for configuring site-to-site IPSec VPN (continued) Parameter Possible values Actual value 6. Which packets should be secured a. Protect rules matching IP source address ● options IP destination address ● b. Bypass rules matching IP source address ●...
Page 530 Configuring IPSec VPN 530 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 531: Chapter 20: Configuring Policy
Global rules — a set of rules that are executed before the list is evaluated ● Rule list — a list of filtering rules and actions for the G250/G350 to take when a packet ● matches the rule. Match actions on this list are pointers to the composite operation table.
Page 532: Network Security Using Access Control Lists
Unwanted Inbound Traffic Unwanted Inbound Traffic Blocked by Access Control List Foreign Foreign Foreign Network Host Network Host Network Host Unwanted Outbound Traffic Unwanted Outbound Traffic Blocked by Access Control List 532 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 533: Qos Lists
DSCP values or CoS values, and can be based on specific values or groups of IP addresses, protocols, ports, IP fragments, or DSCP values. When a packet matches a rule on the QoS list, the G250/G350 sets one or both of the QoS fields in the packet. The following table shows these QoS fields:...
Page 534: Managing Policy Lists
Configuring policy Managing policy lists You can manage policy lists on the Avaya G250/G350 Media Gateway with CLI commands. You can also manage policy lists throughout your network with Avaya QoS Manager. Avaya QoS Manager is part of Avaya Integrated Management.
Page 535: Defining List Identification Attributes
● Defining list identification attributes The policy list attributes including name, owner, and cookie, are used by Avaya QoS Manager software to identify policy lists. 1. Enter the context of the policy list in which you want to define the attribute.
Page 536: Default Actions
Configuring policy Default actions When no rule matches a packet, the G250/G350 applies the default action for the list. The following table shows the default action for each type of policy list: List Default action Access control list Accept all packets...
Page 537: Packets Exiting The Interface
Access Control List and the Egress Access Control List from among the access control lists that are configured on the G250/G350. You can choose the Ingress QoS List and the Egress QoS List from among the QoS lists that are configured on the G250/G350.
Page 538: Device-Wide Policy Lists
Device-wide policy lists You can attach a policy list (other than a policy-based routing list) to every interface on the G250/G350 using one command. To do this, attach a list to the Loopback 1 interface. For more information, see Attaching policy lists to an interface on page 536.
Page 539: Defining Global Rules
Defining rules on page 539. The G250/G350 applies global rules before applying individual rules. 1. Enter the context of the access control list in which you want to define the rule. 2. Enter one of the following commands, followed by the name of a composite command: - ip-fragments-in —...
Page 540: Editing And Creating Rules
Rules work in the following ways, depending on the type of list and the type of information in the packet: Layer 4 rules in an access control list with a Permit operation are applied to non-initial ● fragments 540 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 541: Ip Protocol
Defining rules Layer 4 rules in an access control list with a Deny operation are not applied to non-initial ● fragments, and the device continues checking the next IP rule. This is to prevent cases in which fragments that belong to other L4 sessions may be blocked by the other L4 session which is blocked.
Page 542: Source And Destination Port Range
— type eq, followed by a port name or number, to set a port name or port number to ● which the rule applies 542 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 543: Icmp Type And Code
Defining rules greater than — type gt, followed by a port name or port number, to apply the rule to all ● ports with a name or number greater than the specified name or number less than — type lt, followed by a port name or port number, to apply the rule to all ports ●...
Page 544: Tcp Establish Bit (Access Control Lists Only)
Operation Use the operation command, followed by the name of a composite operation, to specify an operation for the G250/G350 to perform on a packet when the packet matches the rule. For an explanation of composite operations, see Composite operations on page 545.
Page 545: Composite Operations
Composite operations The following command specifies that rule 4 in access control list 302 drops packets that match the rule, and causes the G250/G350 to send a trap and reset the connection when the packet is dropped: G350-001(ACL 304/ip rule 4)# operation Deny-Notify-Rst Note: Composite operation names are case-sensitive.
Page 546: Pre-Configured Composite Operations For Qos Lists
Configuring policy Notify — determines whether the operation causes the G250/G350 to send a trap when it ● drops a packet Reset Connection — determines whether the operation causes the G250/G350 to reset ● the connection when it drops a packet...
Page 547: Configuring Composite Operations
Composite operations Trust — determines how to treat packets that have been tagged by the originator or other ● network devices. If the composite operation is set to Trust-DSCP, the packet’s CoS tag is set to 0 before the QoS list rules and DSCP map are executed. If the composite operation is set to CoSX, the DSCP map is ignored, but the QoS list rules are executed on the Ethernet IEEE 802.1p CoS field.
Page 548: Composite Operation Example
The following commands create a new composite operation called dscp5 and assign the new composite operation to rule 3 in QoS list 402. If the packet matches a rule, the G250/G350 changes the value of the DSCP field in the packet to 5.
Page 549: Changing An Entry In The Dscp Table
QoS rules on the list take precedence over the DSCP table. If a QoS rule other than the default matches the packet, the G350 does not apply the DSCP table to the packet. The G250/G350 applies only the operation specified in the QoS rule.
Page 550: Displaying And Testing Policy Lists
- show dscp-table — displays the current list’s DSCP table - show ip-rule — displays a list of all rules configured for the list - show list — displays the parameters of the current list, including its rules 550 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 551: Simulating Packets
(in or out), and a source and destination IP address. You may also specify other parameters. For a full list of parameters, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. The following command simulates the effect of applying QoS list number 401 to a packet entering the G350 through interface VLAN 2: G350-001(if:Vlan 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1...
Page 552 Configuring policy When you run the ip simulate command, the G250/G350 displays the effect of the policy rules on the simulated packet. For example: G350-001(super-if:Vlan 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1 10.2.2.2 tcp 1182 20 Rule match for simulated packet is the default rule...
Page 553: Chapter 21: Configuring Policy-Based Routing
Each PBR list includes a set of rules, and each rule includes a next hop list. Each next hop list contains up to 20 next hop destinations to which the G250/G350 sends packets that match the rule. A destination can be either an IP address or an interface.
Page 554: Applications
Internet. This saves bandwidth on the more expensive serial interface. Figure 52: Policy-based routing — Voice/Data Division By DSCP G350 Voice - DSCP=34, 41,43,44,46 Router Data - Default xDSL1 Headquarters Small Branch 554 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 555: Backup
Configuring policy-based routing Backup You can utilize policy-based routing to define backup routes for defined classes of traffic. If the first route on the next hop list fails, the packets are routed to a subsequent hop. When necessary, you can use the NULL interface to drop packets when the primary next hop fails. For example, voice packets are usually sent over a WAN line, and not the Internet.
Page 556 Use the next-hop-ip command, followed by the index number of the entry in the ● next hop list, to define an IP address as a next hop. You can optionally apply tracking to monitor the route. 556 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 557 180. A next hop list can include the value NULL0. When the next hop is NULL0, the G250/G350 drops the packet. However, you cannot apply tracking to NULL0. The following example creates next hop list 1, named “Data to HQ”, with three entries: The first entry is IP address 172.16.1.221.
Page 558: Pbr Rules
Source TCP or UDP port or a range of ports ● Destination TCP or UDP port or a range of ports ● ICMP type and code ● Fragments ● DSCP field ● 558 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 559: Modifying Rules
Use the next-hop list command, followed by the list number of a next hop list, to specify a next hop list for the G250/G350 to apply to packets that match the rule. You can specify Destination Based Routing instead of a next hop list, in which case the G250/G350 applies destination-based routing to a packet when the packet matches the rule.
Page 560: Next Hop Lists
Configuring policy-based routing Next hop lists PBR rules include a next hop list. When the rule matches a packet, the G250/G350 routes the packet according to the specified next hop list. Each next hop list can include up to 20 entries. An entry in a next hop list can be either an IP address or an interface.
Page 561: Canceling Tracking And Keeping The Next Hop
Editing and Deleting PBR lists - To delete an interface, use the no next-hop-interface command, followed by the index number of the entry you want to delete. For example, the command no next-hop-interface 3 deletes the third entry from the next hop list. Canceling tracking and keeping the next hop 1.
Page 562: Displaying Pbr Lists
- show ip pbr-list list number detailed — displays all the parameters of the specified PBR list - show ip active-lists — displays a list of each G250/G350 interface to which a PBR list is attached, along with the number and name of the PBR list - show ip active-lists list number —...
Page 563 This example includes a voice VLAN (6) and a data VLAN (5). The PMI is on VLAN 6. The G250/G350 is managed by a remote Media Gateway Controller (MGC) with the IP address 149.49.43.210. The G250/G350 also includes a local S8300 in LSP mode.
Page 564: Configuration For The Sample Policy-Based Routing Application
G350-001(super-PBR 801/ip rule 40)# next-hop list 1 Done! G350-001(super-PBR 801/ip rule 40)# destination-ip 149.49.123.0 0.0.0.255 Done! G350-001(super-PBR 801/ip rule 40)# dscp 46 Done! G350-001(super-PBR 801/ip rule 40)# exit G350-001(super-PBR 801)# exit G350-001(super)# 564 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 565 The next set of commands applies the PBR list to the Loopback interface. This is necessary to ensure that voice packets generated by the G250/G350 itself are routed via the E1/T1 line. The Loopback interface is a logical interface that is always up. Packets sent from the G250/G350, such as signaling packets, are sent via the Loopback interface.
Page 566 (for more information on object tracking, refer to Object tracking on page 256). Note that the GRE tunnel itself has keepalive and can detect the status of the interface and therefore modify the next hop status. 566 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 567: Simulating Packets
Application example Simulating packets Policy-based routing supports the IP simulate command for testing policies. Refer to Simulating packets on page 551. Issue 3 February 2007...
Page 568 Configuring policy-based routing 568 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 569: Chapter 22: Setting Synchronization
Chapter 22: Setting synchronization If the Avaya G350 Media Gateway contains an MM710 T1/E1 media module, it is advisable to define the MM710 as the primary synchronization source for the G350. In so doing, clock synchronization signals from the Central Office (CO) are used by the MM710 to synchronize all operations of the G350.
Page 570: Synchronization Status
Setting synchronization If the Avaya G250 or G350 Media Gateway includes a second MM710 media module, enter the following additional command: set sync interface secondary v3 set sync source secondary If, for any reason, the primary MM710 media module cannot function as the clock synchronization source, the system uses the MM710 media module located in slot 3 of the Avaya G350 Media Gateway chassis as the clock synchronization source.
Page 571: Chapter 23: Fips
Chapter 23: FIPS The G250, G250-BRI, and G350 are multi-chip stand-alone cryptographic modules in commercial grade metal cases. The modules provide: VPN, Voice over Internet Protocol (VoIP) media-gateway services, Ethernet switching, IP ● routing, and data security for IP traffic Status output via LEDs and logs available through the module’s management interface...
Page 572 Table Table 69 Table 70 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250 front panel. Table 68: Physical and logical interfaces on the G250-Analog front panel Physical Quantity Description FIPS 140-2 logical...
Page 573 Table 68: Physical and logical interfaces on the G250-Analog front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface CONSOLE Console port for direct Control inputs Supports cryptographic ● connection of CLI module administration Status output ● console.
Page 574 Link state and activity ● indication on the associated data interface ETH LAN LAN status LEDs Status output Link state and activity ● indication on the associated data interface 574 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 575: G250-Bri Image And Interfaces
Table Table 72 Table 73 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250-BRI front panel. Table 71: Physical and logical interfaces on the G250-BRI front panel Physical Quantity Description FIPS 140-2 logical...
Page 576 FIPS Table 71: Physical and logical interfaces on the G250-BRI front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface RJ-45 port for ACS Power output Contact Closure Adjunct. ● (308) contact closure Powers two contact- adjunct box closure relays.
Page 577 Table 71: Physical and logical interfaces on the G250-BRI front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Control inputs ● Multitech Status output ● ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ●...
Page 578 Link state and activity ● indication on the associated data interface ETH LAN LAN status LEDs Status output Link state and activity ● indication on the associated data interface 578 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 579: G250-Dcp Image And Interfaces
Table Table 69 Table 70 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250-DCP front panel. Table 74: Physical and logical interfaces on the G250-DCP front panel Physical Quantity Description FIPS 140-2 logical...
Page 580 FIPS Table 74: Physical and logical interfaces on the G250-DCP front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface ETH WAN RJ-45 Ethernet LAN Data input Supports wide area ● switch port network connectivity Data output ●...
Page 581 Table 74: Physical and logical interfaces on the G250-DCP front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Control inputs ● Multitech Status output ● ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ●...
Page 582 Test in progress ● Call activity ● System System status LEDs Status output Indicate: ● Modem connection ● through the Console interface Alarm state ● CPU activity ● Power ● 582 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 583: G250-Ds1 Image And Interfaces
Table Table 69 Table 70 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250-DS1 front panel. Table 77: Physical and logical interfaces on the G250-DS1 front panel Physical Quantity Description FIPS 140-2 logical...
Page 584 FIPS Table 77: Physical and logical interfaces on the G250-DS1 front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface T1/E1 T1/E1 and a PRI trunk Data input ● port Data output ● Status output ● Control input ●...
Page 585 Table 77: Physical and logical interfaces on the G250-DS1 front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Control inputs ● Multitech Status output ● ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ●...
Page 586 Console interface Alarm state ● CPU activity ● Power ● ETH WAN T1/E1/PRI trunk Status output Link state and activity ● interface LEDs indication on the associated data interface 586 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 587: G350 Image And Interfaces
G350 Image and interfaces Figure 58: Image of the G350 cryptographic module 16 17 10 11 12 Figure notes: 1. V6 — high-density media module slot 9. Analog line ports 2. V2 — standard media module slot 10. CCA (Contact Closure) port 3.
Page 588 Status output ● Control input ● CONSOLE Console port for direct Control inputs Supports cryptographic ● connection of CLI module administration Status output ● console. RJ-45 connector. 1 of 2 588 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 589 Table 80: Physical and logical interfaces on the G350 front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Multitech ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ● backup and restore) Externally powered ●...
Page 590: Supported Algorithms
DES CBC for encryption of IPSec, and IKE (only supported for communication with legacy ● VPN systems) TDES CBC Encryption of the serial number date for Voice feature activation controlled by ● the ICC CM server/external blade server 590 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 591: Non-Approved Algorithms In Fips Mode
Non-Approved Algorithms in FIPS mode Diffie-Hellman for IKE key exchanges - groups 2, 5, and 14 ● MD5 for Radius Client role and peer OSPF router authentication ● HMAC-MD5-96 for SNMPv3 authentication ● The cryptographic module relies on the implemented deterministic random number generator (DRNG) that is compliant with X9.31 with 128-bit Key, 64-bit Seed for generation of all cryptographic keys.
Page 592: Security Level
Cryptographic Module Specification Module Port and Interfaces Roles, Services, and Authentication Finite State Model Physical Security Operational Environment Cryptographic Key Management EMI/EMC Self-Tests Design Assurance Mitigation of Other Attacks 592 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 593: Operational Environment
The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the device does not support the loading and execution of un-trusted code. Avaya digitally signs firmware images of the crypto module using RSA SHA1 digital signature. Through this signature, the crypto module verifies the authenticity of any update to its firmware image.
Page 594 An entity that facilitates authentication IPSec VPNs Serial Number Role-based verification TDES encrypted Gateway exchanges its Peer challenge serial number with a Server to enable feature activation 2 of 2 594 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 595: Assumptions Concerning User Behavior
● three) Device managed locally via direct link to Console port, and remotely via IPSec tunnel only. ● Commands are documented in the Avaya G250 and Avaya G350 Media Gateways CLI ● Reference, 03-300437. Critical security parameters and private keys Table 86 describes the CSPs (Critical Security Parameters) defined in the module.
Page 596 Used for authentication of default CLI user during first setup Radius Secret Used for hashing password with MD5. One secret common to both Primary and Secondary Radius server. 2 of 3 596 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 597: Public Keys
(Avaya root CA RSA public key) The Avaya Root certificate is hard-coded in the Gateway image and is used directly for authentication of the chain of trust of the Avaya Signing Authority that is downloaded together with the software. License download public key Used for authentication of license file validity.
Page 598: Csp Access Rights Within Roles And Services
Read all status indications: obtain all statuses securely via IPSEC, console port, and LEDs on the Gateway’s front panel 1 of 2 598 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 599 Table 88: CSP access rights within roles and services (continued) Service Role Read subset of status indications: obtain subset of statuses securely via IPSEC, console port and LEDs on the Gateway’s front panel Module configuration backup: backup non-CSP related configuration data via IPSEC Module configuration restore: restore...
Page 600 IKE Session phase-1 secret (SKEYID_d) IKE phase-1 HMAC Key (SKEYID_a) IKE Session phase-1 key (SKEYID_e) IKE Session phase-1 TDES IKE Session phase-1 DES IKE Session phase-1 AES 1 of 3 600 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 601 Table 89: Role and service access to CSPs (continued) IKE phase-1 TDES key (SKEYID-e) Nonce IPSEC SA phase-2 TDES IPSEC SA phase-2 AES IPSEC SA phase-2 HMAC keys IPSEC SA phase-2 keys per protocol Ephemeral DH phase-2 private key DH phase-2 shared secret User password Root password...
Page 602: Security Rules
3. When the module has not been placed in a valid role, the operator does not have access to any cryptographic services. 4. Use DES to encrypt message traffic only for communications with legacy products that do not support AES or TDES. 602 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 603 8. Data output is inhibited during key generation, self-tests, zeroization, and error states. 9. The module supports concurrent operators and maintains separation of roles and services. 10. Users can plug-in and use any Avaya Media Module that does not support cryptographic functionality without restriction.
Page 604: Password Guidelines
FIPS-approved mode of operation. Also note that execution of the NVRAM Init or zeroize commands clear the above defined FIPS-approved mode configuration and returns the box to factory defaults. 604 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 605: Prerequisites
Administration Procedures Prerequisites Avaya Communication Manager 2.2 or higher ● FIPS-ready gateway ● - Check the Material Code in Table 90. The material code is on the product label on the rear panel of the gateway. Table 90: Material codes of FIPS-compliant media gateways...
Page 606: Fips-Related Cli Commands
● enhanced security ● ● show self-test-status For a full description see Avaya G250 and Avaya G350 CLI Reference, 03-300437 Prerequisites for entering FIPS mode User type – crypto officer ● FIPS-approved hardware. Version 3.0.x or higher. ● FIPS-approved Media Gateway firmware. Refer to the “Validation Lists for cryptographic ●...
Page 607: Entering Fips Mode
Administration Procedures Entering FIPS mode 1. Log in to the device through the local console port. - User name: root - Password: root Note: Use the password “root” when the Media Gateway is running with the factory Note: default configuration. Login: root Password: **** Password accepted...
Page 608 : 00:04:0d:6d:30:e1 WAN MAC address : 00:04:0d:6d:30:e1 Serial No : 03IS07639510 Model No : G250-BRI HW Vintage HW Suffix FW Vintage : 24.11.0 HW ready for FIPS : Yes 608 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 609 Phone Image 10 phone-ImageB Phone Image 10 phone-ImageC Phone Image 10 phone-ImageD Phone Image 10 dhcp-binding DHCP Binding Nv-Ram Ip Address Binding For the G250: ● G250-N(super)# dir M# file ver num file type file location file description -- ---- --------...
Page 610 9. If a more recent FIPS-approved G250/G350 image is available, download it using the image download procedures. - Use the copy tftp image command. 10. If it has not yet been installed, download the Avaya License file with the VPN feature activated. - Use the copy tftp license-file command.
Page 611 Note: Otherwise you cannot establish a signaling link after disabling encryption in the Media Gateway. 15. Disable Avaya Media Encryption (SRTP, AEA, RTP/AES). - Use the disable media encryption command and confirm the operation. G350-N(super)# disable media encryption Warning: The following command will disable the media encryption functionality and it cannot be rolled back.
Page 612 ------ ---------- root admin local password b. If there are redundant CLI users, use the no username command to delete them. Note that you cannot delete the root user. 612 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 613 Administration Procedures c. Use the show snmp user command to list SNMPv3 users. G350-N(super)# show snmp user EngineId: 80:00:1a:e9:03:00:04:0d:29:ca:61 (local) User Name: initial Authentication Protocol: none Privacy Protocol: none Storage Type: nonVolatile Row Status: active d. If there are redundant local SNMP users, use the no snmp-server user command to delete them.
Page 614 33. Configure primary and secondary RADIUS servers. G350-N(super)# Set radius authentication enable Done! G350-N(super)# set radius authentication server 200.200.200.20 primary Done! G350-N(super)# set radius authentication secret fips_test1 Done! 614 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 615 Inhibits output data traffic during powerup/error states. ● Inhibits modification of the active IPSEC transform-set parameters. ● In the G250 only: the G250 switches from performing symmetric encryption with a ● hardware accelerator, to software-based encryption. - Use the enhanced security command.
Page 616 FIPS 37. Define an Access Control list that blocks packets with an IP destination address of any of the G250/G350 interfaces for the following protocols, and activate the ACL on the inbound direction of all clear-text interfaces. TELNET ● ●...
Page 617 Administration Procedures ip-rule 15 composite-operation "Deny" ip-protocol tcp destination-ip host 10.3.0.3 tcp destination-port eq Telnet exit ip-rule 20 composite-operation "Deny" ip-protocol tcp destination-ip host 1.0.0.1 tcp destination-port eq Ftp exit ip-rule 21 composite-operation "Deny" ip-protocol tcp destination-ip host 10.0.0.1 tcp destination-port eq Ftp exit ip-rule 22 composite-operation "Deny"...
Page 618 42 composite-operation "Deny" ip-protocol udp destination-ip host 10.20.0.1 udp destination-port eq Snmp exit ip-rule 43 composite-operation "Deny" ip-protocol udp destination-ip host 100.100.100.1 udp destination-port eq Snmp exit 618 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 619 ----------- ----------------- ----------------- ---- --- -- ----- ----- --- San Jose 111.110.110.112 IPv4 Address MM none New Jersey 149.49.70.1 vpn.ca.avaya.com AM on-de b. Use the no crypto isakmp peer address command to delete redundant VPN peers. G350-001(super)# no crypto isakmp peer address 149.49.70.1 Done! Issue 3 February 2007...
Page 620 G350-N# crypto ipsec transform-set ts1 esp-3des esp-sha-hmac comp-lzs G350-N(config-transform:ts1)# exit 43. Configure Crypto Maps using the crypto map command. G350-N# crypto map 1 G350-N(super-crypto:1)# set transform-set ts1 Done! G350-N(super-crypto:1)# set peer 20.0.0.2 Done! G350-N(crypto-map)# exit 620 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 621 Administration Procedures 44. Define one or more IPSec Crypto lists that provide encryption rules for traffic that needs protection. Use the ip crypto-list command. G350-N(super)# ip crypto-list 901 G350-N(super-Crypto 901)# local-address “FastEthernet 10/2.0” Done! G350-N(super-Crypto 901)# ip-rule 10 G350-N(super-Crypto 901/ip rule 10)# protect crypto map 1 Done! G350-N(super-Crypto 901/ip rule 10)# source-ip any Donw!
Page 622: Failure Scenarios And Repair Actions
48. Physically re-connect the network interfaces. Failure scenarios and repair actions The G250/G350 initiates power up tests automatically, without the need for operator intervention, and executes tests in the order defined below. The power-up self-tests are executed during the early boot sequence and before the G350’s data output interfaces are enabled and begin transmitting packets.
Page 623: Error States
"PRNG integrity power-up self test" "Passed" "Crypto integrity power-up self test" "Passed" "EEPROM integrity power-up self test" "Passed" If the G250/G350 fails a conditional or power-up self-test, the module enters the error state. All data output interfaces are immediately blocked. Error states...
Page 624: Recovering From An Error State
If the G350 does not recover from Error State 3, the secrets and other definitions SECURITY ALERT: are retained. If this information is highly sensitive, you should not send the G250/ G350 for repair. 624 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 625 Administration Procedures Figure 59: Recovering from an error state Power down Gatew ay Power up Gateway Gateway operates correctly? D elete setup Perform N VR AM initialization R econfigure Gateway Gateway operates correctly? C ontact Avaya representative Issue 3 February 2007...
Page 626 FIPS 626 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 627: Appendix A: Traps And Mibs
Appendix A: Traps and MIBs This appendix contains a list of all G250/G350 traps and all MIBs. G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic coldStart Boot Warning coldStart Agent Up with A coldStart trap indicates...
Page 628 Redundancy $1 manager of the deletion Trap Status definition deleted of the specified redundant link, which is identified by the softRedundancyId. It is enabled/disabled by chLntAgConfigChangeTr aps. 2 of 9 628 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 629 G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic createSW soft P330 SWITCH Info createSWRedu Software The trap is generated on Redundancy Redundancy FABRIC ndancyTrap Redundancy $1 the creation of the Trap Status definition created redundant links for the specified ports.
Page 630 Module $2 Inline This trap reports the FaultMask, FltOK Power Supply correction of a failure on genGroupId, failure was cleared an inline power supply. genGroup BUPSActivity Status 4 of 9 630 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 631 G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic WanPhysical ifIndex, Critical Cable Problem on An E1/T1/Serial cable AlarmOn ifAdminStatus, Physical port $4 was disconnected. ifOperStatus, AlarmOn ifName, ifAlias, dsx1Line Status wanPhysical ifIndex, Notification wan...
Page 632 This trap reports a PwrFlt Index, NTITY PwrFlt power supply Fault problem with a 3.3V entPhysical power supply. Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos 6 of 9 632 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 633 G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic avEnt2500mv entPhysical AVAYA-E SUPPLY avEnt2500mv 2.5V (2500mv) This trap reports a PwrFlt Index, NTITY PwrFlt power supply Fault problem with a 2.5V entPhysical power supply. Descr,...
Page 634 Fault correction of a problem entPhysical Cleared with a 1.8V power supply. Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos 8 of 9 634 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 635: G250/G350 Mib Files
Descr, to the acceptable range entPhySensor for the device. Value, avEntPhy SensorHi Warning, entPhysical ParentRelPos 9 of 9 G250/G350 MIB files MIB File MIB Module Supported by G250/G350 Load.MIB LOAD-MIB RFC1315-MIB.my RFC1315-MIB Q-BRIDGE-MIB.my Q-BRIDGE-MIB ENTITY-MIB.my ENTITY-MIB IP-FORWARD-MIB.my IP-FORWARD-MIB VRRP-MIB.my VRRP-MIB...
Page 636 IF-MIB.my IF-MIB DS0BUNDLE-MIB.my DS0BUNDLE-MIB RFC1406-MIB.my RFC1406-MIB DS0-MIB.my DS0-MIB POLICY-MIB.MY POLICY-MIB BRIDGE-MIB.my BRIDGE-MIB CONFIG-MIB.MY CONFIG-MIB G700-MG-MIB.MY G700-MG-MIB FRAME-RELAY-DTE-MIB.my FRAME-RELAY-DTE-MIB IP-MIB.my IP-MIB Load12.MIB LOAD-MIB PPP-LCP-MIB.my PPP-LCP-MIB WAN-MIB.MY WAN-MIB 2 of 3 636 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 637: Mib Files In The Load.mib File
G250/G350 MIB files MIB File MIB Module Supported by G250/G350 SNMPv2-MIB.my SNMPv2-MIB USM-MIB.my USM-MIB VACM-MIB.my VACM-MIB OSPF-MIB.my OSPF-MIB Tunnel-MIB.my TUNNEL-MIB 3 of 3 MIB files in the Load.MIB file The following table provides a list of the MIBs in the Load.MIB file that are supported by the...
Page 638: Mib Files In The Rfc1315-Mib.my File
The following table provides a list of the MIBs in the RFC1315-MIB.my file that are supported by the G250/G350 and their OIDs: Object frDlcmiIfIndex 1.3.6.1.2.1.10.32.1.1.1 frDlcmiState 1.3.6.1.2.1.10.32.1.1.2 1 of 3 638 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 639 G250/G350 MIB files Object frDlcmiAddress 1.3.6.1.2.1.10.32.1.1.3 frDlcmiAddressLen 1.3.6.1.2.1.10.32.1.1.4 frDlcmiPollingInterval 1.3.6.1.2.1.10.32.1.1.5 frDlcmiFullEnquiryInterval 1.3.6.1.2.1.10.32.1.1.6 frDlcmiErrorThreshold 1.3.6.1.2.1.10.32.1.1.7 frDlcmiMonitoredEvents 1.3.6.1.2.1.10.32.1.1.8 frDlcmiMaxSupportedVCs 1.3.6.1.2.1.10.32.1.1.9 frDlcmiMulticast 1.3.6.1.2.1.10.32.1.1.10 frCircuitIfIndex 1.3.6.1.2.1.10.32.2.1.1 frCircuitDlci 1.3.6.1.2.1.10.32.2.1.2 frCircuitState 1.3.6.1.2.1.10.32.2.1.3 frCircuitReceivedFECNs 1.3.6.1.2.1.10.32.2.1.4 frCircuitReceivedBECNs 1.3.6.1.2.1.10.32.2.1.5 frCircuitSentFrames 1.3.6.1.2.1.10.32.2.1.6 frCircuitSentOctets 1.3.6.1.2.1.10.32.2.1.7 frCircuitReceivedFrames 1.3.6.1.2.1.10.32.2.1.8 frCircuitReceivedOctets 1.3.6.1.2.1.10.32.2.1.9 frCircuitCreationTime 1.3.6.1.2.1.10.32.2.1.10 frCircuitLastTimeChange 1.3.6.1.2.1.10.32.2.1.11...
Page 640: Mib Files In The Q-Bridge-Mib.my File
1.3.6.1.2.1.17.7.1.1.4 dot1qGvrpStatus 1.3.6.1.2.1.17.7.1.1.5 dot1qVlanTimeMark 1.3.6.1.2.1.17.7.1.4.2.1.1 dot1qVlanIndex 1.3.6.1.2.1.17.7.1.4.2.1.2 dot1qVlanFdbId 1.3.6.1.2.1.17.7.1.4.2.1.3 dot1qVlanCurrentEgressPorts 1.3.6.1.2.1.17.7.1.4.2.1.4 dot1qVlanCurrentUntaggedPorts 1.3.6.1.2.1.17.7.1.4.2.1.5 dot1qVlanStatus 1.3.6.1.2.1.17.7.1.4.2.1.6 dot1qVlanCreationTime 1.3.6.1.2.1.17.7.1.4.2.1.7 dot1qVlanStaticName 1.3.6.1.2.1.17.7.1.4.3.1.1 dot1qVlanStaticEgressPorts 1.3.6.1.2.1.17.7.1.4.3.1.2 dot1qVlanForbiddenEgressPorts 1.3.6.1.2.1.17.7.1.4.3.1.3 dot1qVlanStaticUntaggedPorts 1.3.6.1.2.1.17.7.1.4.3.1.4 dot1qVlanStaticRowStatus 1.3.6.1.2.1.17.7.1.4.3.1.5 dot1qNextFreeLocalVlanIndex 1.3.6.1.2.1.17.7.1.4.4 640 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 641: Mib Files In The Entity-Mib.my File
1.3.6.1.2.1.17.7.1.4.5.1.4 dot1qPortGvrpFailedRegistrations 1.3.6.1.2.1.17.7.1.4.5.1.5 dot1qPortGvrpLastPduOrigin 1.3.6.1.2.1.17.7.1.4.5.1.6 MIB files in the ENTITY-MIB.my file The following table provides a list of the MIBs in the ENTITY-MIB.my file that are supported by the G250/G350 and their OIDs: Object entPhysicalIndex 1.3.6.1.2.1.47.1.1.1.1.1 entPhysicalDescr 1.3.6.1.2.1.47.1.1.1.1.2 entPhysicalVendorType 1.3.6.1.2.1.47.1.1.1.1.3 entPhysicalContainedIn 1.3.6.1.2.1.47.1.1.1.1.4...
Page 642: Mib Files In The Ip-Forward-Mib.my File
1.3.6.1.2.1.4.24.4.1.2 ipCidrRouteTos 1.3.6.1.2.1.4.24.4.1.3 ipCidrRouteNextHop 1.3.6.1.2.1.4.24.4.1.4 ipCidrRouteIfIndex 1.3.6.1.2.1.4.24.4.1.5 ipCidrRouteType 1.3.6.1.2.1.4.24.4.1.6 ipCidrRouteProto 1.3.6.1.2.1.4.24.4.1.7 ipCidrRouteAge 1.3.6.1.2.1.4.24.4.1.8 ipCidrRouteInfo 1.3.6.1.2.1.4.24.4.1.9 ipCidrRouteNextHopAS 1.3.6.1.2.1.4.24.4.1.10 ipCidrRouteMetric1 1.3.6.1.2.1.4.24.4.1.11 ipCidrRouteMetric2 1.3.6.1.2.1.4.24.4.1.12 ipCidrRouteMetric3 1.3.6.1.2.1.4.24.4.1.13 ipCidrRouteMetric4 1.3.6.1.2.1.4.24.4.1.14 ipCidrRouteMetric5 1.3.6.1.2.1.4.24.4.1.15 ipCidrRouteStatus 1.3.6.1.2.1.4.24.4.1.16 642 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 643: Mib Files In The Vrrp-Mib.my File
G250/G350 MIB files MIB files in the VRRP-MIB.my file The following table provides a list of the MIBs in theVRRP-MIB.my file that are supported by the G250/G350 and their OIDs: Object vrrpNodeVersion 1.3.6.1.2.1.68.1.1.1 vrrpOperVrId 1.3.6.1.2.1.68.1.1.3.1.1 vrrpOperVirtualMacAddr 1.3.6.1.2.1.68.1.1.3.1.2 vrrpOperState 1.3.6.1.2.1.68.1.1.3.1.3 vrrpOperAdminState 1.3.6.1.2.1.68.1.1.3.1.4...
Page 644: Mib Files In The Utilization-Management-Mib.my File
1.3.6.1.4.1.6889.2.1.11.1.1.1.1.3 genCpuUtilizationHighThreshold 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.4 genCpuAverageUtilization 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.5 genCpuCurrentUtilization 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.6 genCpuUtilizationHistorySampleIndex 1.3.6.1.4.1.6889.2.1.11.1.1.2.1.1 genCpuHistoryUtilization 1.3.6.1.4.1.6889.2.1.11.1.1.2.1.2 genMemUtilizationTotalRAM 1.3.6.1.4.1.6889.2.1.11.1.2.1 genMemUtilizationOperationalImage 1.3.6.1.4.1.6889.2.1.11.1.2.2 genMemUtilizationDynAllocMemUsed 1.3.6.1.4.1.6889.2.1.11.1.2.3.1 genMemUtilizationDynAllocMemMaxUsed 1.3.6.1.4.1.6889.2.1.11.1.2.3.2 genMemUtilizationDynAllocMemAvailable 1.3.6.1.4.1.6889.2.1.11.1.2.3.3 genMemUtilizationAllocationFailures 1.3.6.1.4.1.6889.2.1.11.1.2.4 genMemUtilizationID 1.3.6.1.4.1.6889.2.1.11.1.2.6.1.1 genMemUtilizationPhyRam 1.3.6.1.4.1.6889.2.1.11.1.2.6.1.2 genMemUtilizationPercentUsed 1.3.6.1.4.1.6889.2.1.11.1.2.6.1.3 644 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 645: Mib Files In The Entity-Sensor-Mib.my File
G250/G350 MIB files MIB files in the ENTITY-SENSOR-MIB.my file The following table provides a list of the MIBs in the ENTITY-SENSOR-MIB.my file that are supported by the G250/G350 and their OIDs: Object entPhySensorType 1.3.6.1.2.1.99.1.1.1.1 entPhySensorScale 1.3.6.1.2.1.99.1.1.1.2 entPhySensorPrecision 1.3.6.1.2.1.99.1.1.1.3 entPhySensorValue 1.3.6.1.2.1.99.1.1.1.4 entPhySensorOperStatus 1.3.6.1.2.1.99.1.1.1.5...
Page 646: Mib Files In The Applic-Mib.my File
The following table provides a list of the MIBs in the DS1-MIB.my file that are supported by the G250/G350 and their OIDs: Object dsx1LineIndex 1.3.6.1.2.1.10.18.6.1.1 dsx1IfIndex 1.3.6.1.2.1.10.18.6.1.2 dsx1TimeElapsed 1.3.6.1.2.1.10.18.6.1.3 dsx1ValidIntervals 1.3.6.1.2.1.10.18.6.1.4 1 of 3 646 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 647 G250/G350 MIB files Object dsx1LineType 1.3.6.1.2.1.10.18.6.1.5 dsx1LineCoding 1.3.6.1.2.1.10.18.6.1.6 dsx1SendCode 1.3.6.1.2.1.10.18.6.1.7 dsx1CircuitIdentifier 1.3.6.1.2.1.10.18.6.1.8 dsx1LoopbackConfig 1.3.6.1.2.1.10.18.6.1.9 dsx1LineStatus 1.3.6.1.2.1.10.18.6.1.10 dsx1SignalMode 1.3.6.1.2.1.10.18.6.1.11 dsx1TransmitClockSource 1.3.6.1.2.1.10.18.6.1.12 dsx1Fdl 1.3.6.1.2.1.10.18.6.1.13 dsx1InvalidIntervals 1.3.6.1.2.1.10.18.6.1.14 dsx1LineLength 1.3.6.1.2.1.10.18.6.1.15 dsx1LineStatusLastChange 1.3.6.1.2.1.10.18.6.1.16 dsx1LineStatusChangeTrapEnable 1.3.6.1.2.1.10.18.6.1.17 dsx1LoopbackStatus 1.3.6.1.2.1.10.18.6.1.18 dsx1Ds1ChannelNumber 1.3.6.1.2.1.10.18.6.1.19 dsx1Channelization 1.3.6.1.2.1.10.18.6.1.20 dsx1CurrentIndex 1.3.6.1.2.1.10.18.7.1.1 dsx1CurrentESs 1.3.6.1.2.1.10.18.7.1.2 dsx1CurrentSESs 1.3.6.1.2.1.10.18.7.1.3...
Page 648 1.3.6.1.2.1.10.18.8.1.12 dsx1IntervalValidData 1.3.6.1.2.1.10.18.8.1.13 dsx1TotalIndex 1.3.6.1.2.1.10.18.9.1.1 dsx1TotalESs 1.3.6.1.2.1.10.18.9.1.2 dsx1TotalSESs 1.3.6.1.2.1.10.18.9.1.3 dsx1TotalSEFSs 1.3.6.1.2.1.10.18.9.1.4 dsx1TotalUASs 1.3.6.1.2.1.10.18.9.1.5 dsx1TotalCSSs 1.3.6.1.2.1.10.18.9.1.6 dsx1TotalPCVs 1.3.6.1.2.1.10.18.9.1.7 dsx1TotalLESs 1.3.6.1.2.1.10.18.9.1.8 dsx1TotalBESs 1.3.6.1.2.1.10.18.9.1.9 dsx1TotalDMs 1.3.6.1.2.1.10.18.9.1.10 dsx1TotalLCVs 1.3.6.1.2.1.10.18.9.1.11 3 of 3 648 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 649: Mib Files In The Ppp-Ip-Ncp-Mib.my File
G250/G350 MIB files MIB files in the PPP-IP-NCP-MIB.my file The following table provides a list of the MIBs in the PPP-IP-NCP-MIB.my file that are supported by the G250/G350 and their OIDs: Object pppIpOperStatus 1.3.6.1.2.1.10.23.3.1.1.1 pppIpLocalToRemoteCompressionProtocol 1.3.6.1.2.1.10.23.3.1.1.2 pppIpRemoteToLocalCompressionProtocol 1.3.6.1.2.1.10.23.3.1.1.3 pppIpRemoteMaxSlotId 1.3.6.1.2.1.10.23.3.1.1.4 pppIpLocalMaxSlotId 1.3.6.1.2.1.10.23.3.1.1.5...
Page 650: Mib Files In The Rfc1213-Mib.my File
1.3.6.1.2.1.2.2.1.2 ifType 1.3.6.1.2.1.2.2.1.3 ifMtu 1.3.6.1.2.1.2.2.1.4 ifSpeed 1.3.6.1.2.1.2.2.1.5 ifPhysAddress 1.3.6.1.2.1.2.2.1.6 ifAdminStatus 1.3.6.1.2.1.2.2.1.7 ifOperStatus 1.3.6.1.2.1.2.2.1.8 ifLastChange 1.3.6.1.2.1.2.2.1.9 ifInOctets 1.3.6.1.2.1.2.2.1.10 ifInUcastPkts 1.3.6.1.2.1.2.2.1.11 ifInNUcastPkts 1.3.6.1.2.1.2.2.1.12 ifInDiscards 1.3.6.1.2.1.2.2.1.13 ifInErrors 1.3.6.1.2.1.2.2.1.14 1 of 4 650 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 651 G250/G350 MIB files Object ifInUnknownProtos 1.3.6.1.2.1.2.2.1.15 ifOutOctets 1.3.6.1.2.1.2.2.1.16 ifOutUcastPkts 1.3.6.1.2.1.2.2.1.17 ifOutNUcastPkts 1.3.6.1.2.1.2.2.1.18 ifOutDiscards 1.3.6.1.2.1.2.2.1.19 ifOutErrors 1.3.6.1.2.1.2.2.1.20 ifOutQLen 1.3.6.1.2.1.2.2.1.21 ifSpecific 1.3.6.1.2.1.2.2.1.22 ipForwarding 1.3.6.1.2.1.4.1 ipDefaultTTL 1.3.6.1.2.1.4.2 ipInReceives 1.3.6.1.2.1.4.3 ipInHdrErrors 1.3.6.1.2.1.4.4 ipInAddrErrors 1.3.6.1.2.1.4.5 ipForwDatagrams 1.3.6.1.2.1.4.6 ipInUnknownProtos 1.3.6.1.2.1.4.7 ipInDiscards 1.3.6.1.2.1.4.8 ipInDelivers 1.3.6.1.2.1.4.9 ipOutRequests 1.3.6.1.2.1.4.10 ipOutDiscards 1.3.6.1.2.1.4.11...
Page 652 1.3.6.1.2.1.4.21.1.8 ipRouteProto 1.3.6.1.2.1.4.21.1.9 ipRouteAge 1.3.6.1.2.1.4.21.1.10 ipRouteMask 1.3.6.1.2.1.4.21.1.11 ipRouteMetric5 1.3.6.1.2.1.4.21.1.12 ipRouteInfo 1.3.6.1.2.1.4.21.1.13 ipNetToMediaIfIndex 1.3.6.1.2.1.4.22.1.1 ipNetToMediaPhysAddress 1.3.6.1.2.1.4.22.1.2 ipNetToMediaNetAddress 1.3.6.1.2.1.4.22.1.3 ipNetToMediaType 1.3.6.1.2.1.4.22.1.4 ipRoutingDiscards 1.3.6.1.2.1.4.23 snmpInPkts 1.3.6.1.2.1.11.1 snmpOutPkts 1.3.6.1.2.1.11.2 3 of 4 652 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 653 G250/G350 MIB files Object snmpInBadVersions 1.3.6.1.2.1.11.3 snmpInBadCommunityNames 1.3.6.1.2.1.11.4 snmpInBadCommunityUses 1.3.6.1.2.1.11.5 snmpInASNParseErrs 1.3.6.1.2.1.11.6 snmpInTooBigs 1.3.6.1.2.1.11.8 snmpInNoSuchNames 1.3.6.1.2.1.11.9 snmpInBadValues 1.3.6.1.2.1.11.10 snmpInReadOnlys 1.3.6.1.2.1.11.11 snmpInGenErrs 1.3.6.1.2.1.11.12 snmpInTotalReqVars 1.3.6.1.2.1.11.13 snmpInTotalSetVars 1.3.6.1.2.1.11.14 snmpInGetRequests 1.3.6.1.2.1.11.15 snmpInGetNexts 1.3.6.1.2.1.11.16 snmpInSetRequests 1.3.6.1.2.1.11.17 snmpInGetResponses 1.3.6.1.2.1.11.18 snmpInTraps 1.3.6.1.2.1.11.19 snmpOutTooBigs 1.3.6.1.2.1.11.20 snmpOutNoSuchNames 1.3.6.1.2.1.11.21 snmpOutBadValues 1.3.6.1.2.1.11.22...
Page 654: Mib Files In The Avaya-Entity-Mib.my File
Traps and MIBs MIB files in the AVAYA-ENTITY-MIB.my file The following table provides a list of the MIBs in the AVAYA-ENTITY-MIB.my file that are supported by the G250/G350 and their OIDs: Object avEntPhySensorHiShutdown 1.3.6.1.4.1.6889.2.1.99.1.1.1 avEntPhySensorHiWarning 1.3.6.1.4.1.6889.2.1.99.1.1.2 avEntPhySensorHiWarningClear 1.3.6.1.4.1.6889.2.1.99.1.1.3 avEntPhySensorLoWarningClear 1.3.6.1.4.1.6889.2.1.99.1.1.4 avEntPhySensorLoWarning 1.3.6.1.4.1.6889.2.1.99.1.1.5...
Page 655: Mib Files In The Xswitch-Mib.my File
G250/G350 MIB files MIB files in the XSWITCH-MIB.my file The following table provides a list of the MIBs in the XSWITCH-MIB.my file that are supported by the G250/G350 and their OIDs: Object scGenPortGroupId 1.3.6.1.4.1.81.28.1.4.1.1.1 scGenPortId 1.3.6.1.4.1.81.28.1.4.1.1.2 scGenPortVLAN 1.3.6.1.4.1.81.28.1.4.1.1.3 scGenPortPriority 1.3.6.1.4.1.81.28.1.4.1.1.4 scGenPortSetDefaults 1.3.6.1.4.1.81.28.1.4.1.1.5...
Page 656: Mib Files In The Croute-Mib.my File
1.3.6.1.4.1.81.31.1.2.1.5 ipInterfaceBroadcastAddr 1.3.6.1.4.1.81.31.1.2.1.6 ipInterfaceProxyArp 1.3.6.1.4.1.81.31.1.2.1.7 ipInterfaceStatus 1.3.6.1.4.1.81.31.1.2.1.8 ipInterfaceMainRouterAddr 1.3.6.1.4.1.81.31.1.2.1.9 ipInterfaceARPServerStatus 1.3.6.1.4.1.81.31.1.2.1.10 ipInterfaceName 1.3.6.1.4.1.81.31.1.2.1.11 ipInterfaceNetbiosRebroadcast 1.3.6.1.4.1.81.31.1.2.1.12 ipInterfaceIcmpRedirects 1.3.6.1.4.1.81.31.1.2.1.13 ipInterfaceOperStatus 1.3.6.1.4.1.81.31.1.2.1.14 ipInterfaceDhcpRelay 1.3.6.1.4.1.81.31.1.2.1.15 ripGlobalsRIPEnable 1.3.6.1.4.1.81.31.1.3.1 ripGlobalsLeakOSPFIntoRIP 1.3.6.1.4.1.81.31.1.3.2 1 of 4 656 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 657 G250/G350 MIB files Object ripGlobalsLeakStaticIntoRIP 1.3.6.1.4.1.81.31.1.3.3 ripGlobalsPeriodicUpdateTimer 1.3.6.1.4.1.81.31.1.3.4 ripGlobalsPeriodicInvalidRouteTimer 1.3.6.1.4.1.81.31.1.3.5 ripGlobalsDefaultExportMetric 1.3.6.1.4.1.81.31.1.3.6 ripInterfaceAddr 1.3.6.1.4.1.81.31.1.4.1.1 ripInterfaceMetric 1.3.6.1.4.1.81.31.1.4.1.2 ripInterfaceSplitHorizon 1.3.6.1.4.1.81.31.1.4.1.3 ripInterfaceAcceptDefaultRoute 1.3.6.1.4.1.81.31.1.4.1.4 ripInterfaceSendDefaultRoute 1.3.6.1.4.1.81.31.1.4.1.5 ripInterfaceState 1.3.6.1.4.1.81.31.1.4.1.6 ripInterfaceSendMode 1.3.6.1.4.1.81.31.1.4.1.7 ripInterfaceVersion 1.3.6.1.4.1.81.31.1.4.1.8 ospfGlobalsLeakRIPIntoOSPF 1.3.6.1.4.1.81.31.1.5.1 ospfGlobalsLeakStaticIntoOSPF 1.3.6.1.4.1.81.31.1.5.2 ospfGlobalsLeakDirectIntoOSPF 1.3.6.1.4.1.81.31.1.5.3 ospfGlobalsDefaultExportMetric 1.3.6.1.4.1.81.31.1.5.4 relayVlIndex 1.3.6.1.4.1.81.31.1.6.1.1 relayVlPrimaryServerAddr 1.3.6.1.4.1.81.31.1.6.1.2 relayVlSeconderyServerAddr 1.3.6.1.4.1.81.31.1.6.1.3...
Page 658 1.3.6.1.4.1.81.31.1.15.1.1.3 iphcNegotiatedTcpSessions 1.3.6.1.4.1.81.31.1.15.1.1.4 iphcControlRtpAdminStatus 1.3.6.1.4.1.81.31.1.15.1.1.5 iphcRtpSessions 1.3.6.1.4.1.81.31.1.15.1.1.6 iphcNegotiatedRtpSessions 1.3.6.1.4.1.81.31.1.15.1.1.7 iphcControlNonTcpAdminStatus 1.3.6.1.4.1.81.31.1.15.1.1.8 iphcNonTcpSessions 1.3.6.1.4.1.81.31.1.15.1.1.9 iphcNegotiatedNonTcpSessions 1.3.6.1.4.1.81.31.1.15.1.1.10 iphcMaxPeriod 1.3.6.1.4.1.81.31.1.15.1.1.11 iphcMaxTime 1.3.6.1.4.1.81.31.1.15.1.1.12 iphcControRtpMinPortNumber 1.3.6.1.4.1.81.31.1.15.1.1.13 iphcControRtpMaxPortNumber 1.3.6.1.4.1.81.31.1.15.1.1.14 iphcControlRtpCompressionRatio 1.3.6.1.4.1.81.31.1.15.1.1.15 3 of 4 658 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 659: Mib Files In The Rs-232-Mib.my File
1.3.6.1.4.1.81.31.3.1.1.2 vlConfStatus 1.3.6.1.4.1.81.31.3.1.1.3 4 of 4 MIB files in the RS-232-MIB.my file The following table provides a list of the MIBs in the RS-232-MIB.my file that are supported by the G250/G350 and their OIDs: Object rs232Number 1.3.6.1.2.1.10.33.1 rs232PortIndex 1.3.6.1.2.1.10.33.2.1.1 rs232PortType 1.3.6.1.2.1.10.33.2.1.2...
Page 660 1.3.6.1.2.1.10.33.4.1.10 rs232SyncPortRTSCTSDelay 1.3.6.1.2.1.10.33.4.1.11 rs232SyncPortMode 1.3.6.1.2.1.10.33.4.1.12 rs232SyncPortIdlePattern 1.3.6.1.2.1.10.33.4.1.13 rs232SyncPortMinFlags 1.3.6.1.2.1.10.33.4.1.14 rs232InSigPortIndex 1.3.6.1.2.1.10.33.5.1.1 rs232InSigName 1.3.6.1.2.1.10.33.5.1.2 rs232InSigState 1.3.6.1.2.1.10.33.5.1.3 rs232InSigChanges 1.3.6.1.2.1.10.33.5.1.4 rs232OutSigPortIndex 1.3.6.1.2.1.10.33.6.1.1 rs232OutSigName 1.3.6.1.2.1.10.33.6.1.2 rs232OutSigState 1.3.6.1.2.1.10.33.6.1.3 rs232OutSigChanges 1.3.6.1.2.1.10.33.6.1.4 2 of 2 660 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 661: Mib Files In The Ripv2-Mib.my File
G250/G350 MIB files MIB files in the RIPv2-MIB.my file The following table provides a list of the MIBs in the RIPv2-MIB.my file that are supported by the G250/G350 and their OIDs: Object rip2GlobalRouteChanges 1.3.6.1.2.1.23.1.1 rip2GlobalQueries 1.3.6.1.2.1.23.1.2 rip2IfStatAddress 1.3.6.1.2.1.23.2.1.1 rip2IfStatRcvBadPackets 1.3.6.1.2.1.23.2.1.2 rip2IfStatRcvBadRoutes 1.3.6.1.2.1.23.2.1.3...
Page 662: Mib Files In The If-Mib.my File
1.3.6.1.2.1.2.2.1.9 ifInOctets 1.3.6.1.2.1.2.2.1.10 ifInUcastPkts 1.3.6.1.2.1.2.2.1.11 ifInNUcastPkts 1.3.6.1.2.1.2.2.1.12 ifInDiscards 1.3.6.1.2.1.2.2.1.13 ifInErrors 1.3.6.1.2.1.2.2.1.14 ifInUnknownProtos 1.3.6.1.2.1.2.2.1.15 ifOutOctets 1.3.6.1.2.1.2.2.1.16 ifOutUcastPkts 1.3.6.1.2.1.2.2.1.17 ifOutNUcastPkts 1.3.6.1.2.1.2.2.1.18 ifOutDiscards 1.3.6.1.2.1.2.2.1.19 ifOutErrors 1.3.6.1.2.1.2.2.1.20 ifOutQLen 1.3.6.1.2.1.2.2.1.21 1 of 2 662 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 663 G250/G350 MIB files Object ifSpecific 1.3.6.1.2.1.2.2.1.22 ifName 1.3.6.1.2.1.31.1.1.1.1 ifInMulticastPkts 1.3.6.1.2.1.31.1.1.1.2 ifInBroadcastPkts 1.3.6.1.2.1.31.1.1.1.3 ifOutMulticastPkts 1.3.6.1.2.1.31.1.1.1.4 ifOutBroadcastPkts 1.3.6.1.2.1.31.1.1.1.5 ifHCInOctets 1.3.6.1.2.1.31.1.1.1.6 ifHCInUcastPkts 1.3.6.1.2.1.31.1.1.1.7 ifHCInMulticastPkts 1.3.6.1.2.1.31.1.1.1.8 ifHCInBroadcastPkts 1.3.6.1.2.1.31.1.1.1.9 ifHCOutOctets 1.3.6.1.2.1.31.1.1.1.10 ifHCOutUcastPkts 1.3.6.1.2.1.31.1.1.1.11 ifHCOutMulticastPkts 1.3.6.1.2.1.31.1.1.1.12 ifHCOutBroadcastPkts 1.3.6.1.2.1.31.1.1.1.13 ifLinkUpDownTrapEnable 1.3.6.1.2.1.31.1.1.1.14 ifHighSpeed 1.3.6.1.2.1.31.1.1.1.15 ifPromiscuousMode 1.3.6.1.2.1.31.1.1.1.16 ifConnectorPresent 1.3.6.1.2.1.31.1.1.1.17 ifAlias 1.3.6.1.2.1.31.1.1.1.18...
Page 664: Mib Files In The Ds0Bundle-Mib.my File
G250/G350 and their OIDs: Object dsx1LineIndex 1.3.6.1.2.1.10.18.6.1.1 dsx1IfIndex 1.3.6.1.2.1.10.18.6.1.2 dsx1TimeElapsed 1.3.6.1.2.1.10.18.6.1.3 dsx1ValidIntervals 1.3.6.1.2.1.10.18.6.1.4 dsx1LineType 1.3.6.1.2.1.10.18.6.1.5 dsx1LineCoding 1.3.6.1.2.1.10.18.6.1.6 dsx1SendCode 1.3.6.1.2.1.10.18.6.1.7 dsx1CircuitIdentifier 1.3.6.1.2.1.10.18.6.1.8 dsx1LoopbackConfig 1.3.6.1.2.1.10.18.6.1.9 dsx1LineStatus 1.3.6.1.2.1.10.18.6.1.10 dsx1SignalMode 1.3.6.1.2.1.10.18.6.1.11 dsx1TransmitClockSource 1.3.6.1.2.1.10.18.6.1.12 1 of 3 664 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 665 G250/G350 MIB files Object dsx1Fdl 1.3.6.1.2.1.10.18.6.1.13 dsx1CurrentIndex 1.3.6.1.2.1.10.18.7.1.1 dsx1CurrentESs 1.3.6.1.2.1.10.18.7.1.2 dsx1CurrentSESs 1.3.6.1.2.1.10.18.7.1.3 dsx1CurrentSEFSs 1.3.6.1.2.1.10.18.7.1.4 dsx1CurrentUASs 1.3.6.1.2.1.10.18.7.1.5 dsx1CurrentCSSs 1.3.6.1.2.1.10.18.7.1.6 dsx1CurrentPCVs 1.3.6.1.2.1.10.18.7.1.7 dsx1CurrentLESs 1.3.6.1.2.1.10.18.7.1.8 dsx1CurrentBESs 1.3.6.1.2.1.10.18.7.1.9 dsx1CurrentDMs 1.3.6.1.2.1.10.18.7.1.10 dsx1CurrentLCVs 1.3.6.1.2.1.10.18.7.1.11 dsx1IntervalIndex 1.3.6.1.2.1.10.18.8.1.1 dsx1IntervalNumber 1.3.6.1.2.1.10.18.8.1.2 dsx1IntervalESs 1.3.6.1.2.1.10.18.8.1.3 dsx1IntervalSESs 1.3.6.1.2.1.10.18.8.1.4 dsx1IntervalSEFSs 1.3.6.1.2.1.10.18.8.1.5 dsx1IntervalUASs 1.3.6.1.2.1.10.18.8.1.6 dsx1IntervalCSSs 1.3.6.1.2.1.10.18.8.1.7...
Page 666: Mib Files In The Ds0-Mib.my File
The following table provides a list of the MIBs in the DS0-MIB.my file that are supported by the G250/G350 and their OIDs: Object dsx0Ds0ChannelNumber 1.3.6.1.2.1.10.81.1.1.1 dsx0RobbedBitSignalling 1.3.6.1.2.1.10.81.1.1.2 dsx0CircuitIdentifier 1.3.6.1.2.1.10.81.1.1.3 dsx0IdleCode 1.3.6.1.2.1.10.81.1.1.4 dsx0SeizedCode 1.3.6.1.2.1.10.81.1.1.5 dsx0ReceivedCode 1.3.6.1.2.1.10.81.1.1.6 dsx0TransmitCodesEnable 1.3.6.1.2.1.10.81.1.1.7 dsx0Ds0BundleMappedIfIndex 1.3.6.1.2.1.10.81.1.1.8 dsx0ChanMappedIfIndex 1.3.6.1.2.1.10.81.3.1.1 666 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 667: Mib Files In The Policy-Mib.my File
G250/G350 MIB files MIB files in the POLICY-MIB.my file The following table provides a list of the MIBs in the POLICY-MIB.MY file that are supported by the G250/G350 and their OIDs: Object ipPolicyListSlot 1.3.6.1.4.1.81.36.1.1.1 ipPolicyListID 1.3.6.1.4.1.81.36.1.1.2 ipPolicyListName 1.3.6.1.4.1.81.36.1.1.3 ipPolicyListValidityStatus 1.3.6.1.4.1.81.36.1.1.4 ipPolicyListChecksum 1.3.6.1.4.1.81.36.1.1.5...
Page 668 1.3.6.1.4.1.81.36.2.1.19 ipPolicyRuleDSCPOperation 1.3.6.1.4.1.81.36.2.1.20 ipPolicyRuleDSCPFilter 1.3.6.1.4.1.81.36.2.1.21 ipPolicyRuleDSCPFilterWild 1.3.6.1.4.1.81.36.2.1.22 ipPolicyRuleIcmpTypeCode 1.3.6.1.4.1.81.36.2.1.23 ipPolicyRuleSrcAddrNot 1.3.6.1.4.1.81.36.2.1.24 ipPolicyRuleDstAddrNot 1.3.6.1.4.1.81.36.2.1.25 ipPolicyRuleProtocolNot 1.3.6.1.4.1.81.36.2.1.26 ipPolicyRuleL4SrcPortNot 1.3.6.1.4.1.81.36.2.1.27 ipPolicyRuleL4DestPortNot 1.3.6.1.4.1.81.36.2.1.28 ipPolicyRuleIcmpTypeCodeNot 1.3.6.1.4.1.81.36.2.1.29 ipPolicyRuleSrcPolicyUserGroupName 1.3.6.1.4.1.81.36.2.1.30 ipPolicyRuleDstPolicyUserGroupName 1.3.6.1.4.1.81.36.2.1.31 2 of 7 668 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 669 G250/G350 MIB files Object ipPolicyControlSlot 1.3.6.1.4.1.81.36.3.1.1 ipPolicyControlActiveGeneralList 1.3.6.1.4.1.81.36.3.1.2 ipPolicyControlAllowedPolicyManagers 1.3.6.1.4.1.81.36.3.1.3 ipPolicyControlCurrentChecksum 1.3.6.1.4.1.81.36.3.1.4 ipPolicyControlMinimalPolicyManagmentVersion 1.3.6.1.4.1.81.36.3.1.5 ipPolicyControlMaximalPolicyManagmentVersion 1.3.6.1.4.1.81.36.3.1.6 ipPolicyControlMIBversion 1.3.6.1.4.1.81.36.3.1.7 ipPolicyDiffServSlot 1.3.6.1.4.1.81.36.4.1.1 ipPolicyDiffServDSCP 1.3.6.1.4.1.81.36.4.1.2 ipPolicyDiffServOperation 1.3.6.1.4.1.81.36.4.1.3 ipPolicyDiffServName 1.3.6.1.4.1.81.36.4.1.4 ipPolicyDiffServAggIndex 1.3.6.1.4.1.81.36.4.1.5 ipPolicyDiffServApplicabilityPrecedence 1.3.6.1.4.1.81.36.4.1.6 ipPolicyDiffServApplicabilityStatus 1.3.6.1.4.1.81.36.4.1.7 ipPolicyDiffServApplicabilityType 1.3.6.1.4.1.81.36.4.1.8 ipPolicyDiffServErrMsg 1.3.6.1.4.1.81.36.4.1.9 ipPolicyQuerySlot 1.3.6.1.4.1.81.36.5.1.1 ipPolicyQueryListID 1.3.6.1.4.1.81.36.5.1.2 ipPolicyQuerySrcAddr 1.3.6.1.4.1.81.36.5.1.3...
Page 670 1.3.6.1.4.1.81.36.7.1.1 ipPolicyAccessControlViolationSrcAddr 1.3.6.1.4.1.81.36.7.1.2 ipPolicyAccessControlViolationDstAddr 1.3.6.1.4.1.81.36.7.1.3 ipPolicyAccessControlViolationProtocol 1.3.6.1.4.1.81.36.7.1.4 ipPolicyAccessControlViolationL4SrcPort 1.3.6.1.4.1.81.36.7.1.5 ipPolicyAccessControlViolationL4DstPort 1.3.6.1.4.1.81.36.7.1.6 ipPolicyAccessControlViolationEstablished 1.3.6.1.4.1.81.36.7.1.7 ipPolicyAccessControlViolationDSCP 1.3.6.1.4.1.81.36.7.1.8 ipPolicyAccessControlViolationIfIndex 1.3.6.1.4.1.81.36.7.1.9 ipPolicyAccessControlViolationSubCtxt 1.3.6.1.4.1.81.36.7.1.10 ipPolicyAccessControlViolationTime 1.3.6.1.4.1.81.36.7.1.11 ipPolicyAccessControlViolationRuleType 1.3.6.1.4.1.81.36.7.1.12 ipPolicyCompositeOpEntID 1.3.6.1.4.1.81.36.8.1.1 4 of 7 670 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 671 G250/G350 MIB files Object ipPolicyCompositeOpListID 1.3.6.1.4.1.81.36.8.1.2 ipPolicyCompositeOpID 1.3.6.1.4.1.81.36.8.1.3 ipPolicyCompositeOpName 1.3.6.1.4.1.81.36.8.1.4 ipPolicyCompositeOp802priority 1.3.6.1.4.1.81.36.8.1.5 ipPolicyCompositeOpAccess 1.3.6.1.4.1.81.36.8.1.6 ipPolicyCompositeOpDscp 1.3.6.1.4.1.81.36.8.1.7 ipPolicyCompositeOpRSGQualityClass 1.3.6.1.4.1.81.36.8.1.8 ipPolicyCompositeOpNotify 1.3.6.1.4.1.81.36.8.1.9 ipPolicyCompositeOpRowStatus 1.3.6.1.4.1.81.36.8.1.10 ipPolicyCompositeOpErrorReply 1.3.6.1.4.1.81.36.8.1.11 ipPolicyCompositeOpKeepsState 1.3.6.1.4.1.81.36.8.1.12 ipPolicyDSCPmapEntID 1.3.6.1.4.1.81.36.9.1.1 ipPolicyDSCPmapListID 1.3.6.1.4.1.81.36.9.1.2 ipPolicyDSCPmapDSCP 1.3.6.1.4.1.81.36.9.1.3 ipPolicyDSCPmapOperation 1.3.6.1.4.1.81.36.9.1.4 ipPolicyDSCPmapName 1.3.6.1.4.1.81.36.9.1.5 ipPolicyDSCPmapApplicabilityPrecedence 1.3.6.1.4.1.81.36.9.1.6 ipPolicyDSCPmapApplicabilityStatus 1.3.6.1.4.1.81.36.9.1.7 ipPolicyDSCPmapApplicabilityType 1.3.6.1.4.1.81.36.9.1.8...
Page 672 1.3.6.1.4.1.81.36.11.2.1.1 ipPolicyValidRuleIfIndex 1.3.6.1.4.1.81.36.11.2.1.2 ipPolicyValidRuleSubContext 1.3.6.1.4.1.81.36.11.2.1.3 ipPolicyValidRuleListID 1.3.6.1.4.1.81.36.11.2.1.4 ipPolicyValidRuleRuleID 1.3.6.1.4.1.81.36.11.2.1.5 ipPolicyValidRuleStatus 1.3.6.1.4.1.81.36.11.2.1.6 ipPolicyValidRuleApplicabilityType 1.3.6.1.4.1.81.36.11.2.1.7 ipPolicyValidRuleErrMsg 1.3.6.1.4.1.81.36.11.2.1.8 ipPolicyValidDSCPEntID 1.3.6.1.4.1.81.36.11.3.1.1 ipPolicyValidDSCPIfIndex 1.3.6.1.4.1.81.36.11.3.1.2 ipPolicyValidDSCPSubContext 1.3.6.1.4.1.81.36.11.3.1.3 ipPolicyValidDSCPListID 1.3.6.1.4.1.81.36.11.3.1.4 ipPolicyValidDSCPvalue 1.3.6.1.4.1.81.36.11.3.1.5 6 of 7 672 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 673: Mib Files In The Bridge-Mib.my File
1.3.6.1.4.1.81.36.11.3.1.7 ipPolicyValidDSCPErrMsg 1.3.6.1.4.1.81.36.11.3.1.8 7 of 7 MIB files in the BRIDGE-MIB.my file The following table provides a list of the MIBs in the BRIDGE-MIB.my file that are supported by the G250/G350 and their OIDs: Object dot1dBaseBridgeAddress 1.3.6.1.2.1.17.1.1 dot1dBaseNumPorts 1.3.6.1.2.1.17.1.2 dot1dBaseType 1.3.6.1.2.1.17.1.3...
Page 674 1.3.6.1.2.1.17.2.15.1.2 dot1dStpPortState 1.3.6.1.2.1.17.2.15.1.3 dot1dStpPortEnable 1.3.6.1.2.1.17.2.15.1.4 dot1dStpPortPathCost 1.3.6.1.2.1.17.2.15.1.5 dot1dStpPortDesignatedRoot 1.3.6.1.2.1.17.2.15.1.6 dot1dStpPortDesignatedCost 1.3.6.1.2.1.17.2.15.1.7 dot1dStpPortDesignatedBridge 1.3.6.1.2.1.17.2.15.1.8 dot1dStpPortDesignatedPort 1.3.6.1.2.1.17.2.15.1.9 dot1dStpPortForwardTransitions 1.3.6.1.2.1.17.2.15.1.10 dot1dTpAgingTime 1.3.6.1.2.1.17.4.2 dot1dTpFdbAddress 1.3.6.1.2.1.17.4.3.1.1 dot1dTpFdbPort 1.3.6.1.2.1.17.4.3.1.2 dot1dTpFdbStatus 1.3.6.1.2.1.17.4.3.1.3 2 of 2 674 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 675: Mib Files In The Config-Mib.my File
G250/G350 MIB files MIB files in the CONFIG-MIB.my file The following table provides a list of the MIBs in the CONFIG-MIB.MY file that are supported by the G250/G350 and their OIDs: Object chHWType 1.3.6.1.4.1.81.7.1 chNumberOfSlots 1.3.6.1.4.1.81.7.2 chReset 1.3.6.1.4.1.81.7.7 chLntAgMaxNmbOfMngrs 1.3.6.1.4.1.81.7.9.3.1 chLntAgPermMngrId 1.3.6.1.4.1.81.7.9.3.2.1.1...
Page 676 1.3.6.1.4.1.81.8.1.1.19 genGroupSpecificOID 1.3.6.1.4.1.81.8.1.1.20 genGroupConfigurationSymbol 1.3.6.1.4.1.81.8.1.1.21 genGroupLastChange 1.3.6.1.4.1.81.8.1.1.22 genGroupRedunRecovery 1.3.6.1.4.1.81.8.1.1.23 genGroupHWVersion 1.3.6.1.4.1.81.8.1.1.24 genGroupHeight 1.3.6.1.4.1.81.8.1.1.25 genGroupWidth 1.3.6.1.4.1.81.8.1.1.26 genGroupIntrusionControl 1.3.6.1.4.1.81.8.1.1.27 genGroupThresholdStatus 1.3.6.1.4.1.81.8.1.1.28 genGroupEavesdropping 1.3.6.1.4.1.81.8.1.1.29 genGroupMainSWVersion 1.3.6.1.4.1.81.8.1.1.30 genGroupMPSActivityStatus 1.3.6.1.4.1.81.8.1.1.31 2 of 4 676 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 677 G250/G350 MIB files Object genGroupBUPSActivityStatus 1.3.6.1.4.1.81.8.1.1.32 genGroupPrepareCounters 1.3.6.1.4.1.81.8.1.1.33 genGroupPortLastChange 1.3.6.1.4.1.81.8.1.1.34 genGroupIntPortLastChange 1.3.6.1.4.1.81.8.1.1.35 genGroupFaultMask 1.3.6.1.4.1.81.8.1.1.36 genGroupTypeName 1.3.6.1.4.1.81.8.1.1.37 genGroupAgentSlot 1.3.6.1.4.1.81.8.1.1.38 genGroupMngType 1.3.6.1.4.1.81.8.1.1.39 genGroupNumberOfLogicalPorts 1.3.6.1.4.1.81.8.1.1.40 genGroupNumberOfInterfaces 1.3.6.1.4.1.81.8.1.1.41 genGroupCascadUpStatus 1.3.6.1.4.1.81.8.1.1.42 genGroupCascadDownStatus 1.3.6.1.4.1.81.8.1.1.43 genGroupSTARootPortID 1.3.6.1.4.1.81.8.1.1.44 genGroupCopyPortInstruction 1.3.6.1.4.1.81.8.1.1.45 genGroupLicenseKey 1.3.6.1.4.1.81.8.1.1.46 genGroupLogFileClear 1.3.6.1.4.1.81.8.1.1.47 genGroupBootVersion 1.3.6.1.4.1.81.8.1.1.48 genGroupResetLastStamp 1.3.6.1.4.1.81.8.1.1.49 genGroupSerialNumber 1.3.6.1.4.1.81.8.1.1.50...
Page 678 1.3.6.1.4.1.81.9.1.1.21 genPortClassification 1.3.6.1.4.1.81.9.1.1.22 genPortVLANBindingMode 1.3.6.1.4.1.81.9.1.1.23 softRedundancyId 1.3.6.1.4.1.81.11.1.1.1 softRedundancyName 1.3.6.1.4.1.81.11.1.1.2 softRedundancyGroupId1 1.3.6.1.4.1.81.11.1.1.3 softRedundancyPortId1 1.3.6.1.4.1.81.11.1.1.4 softRedundancyGroupId2 1.3.6.1.4.1.81.11.1.1.5 softRedundancyPortId2 1.3.6.1.4.1.81.11.1.1.6 softRedundancyStatus 1.3.6.1.4.1.81.11.1.1.7 softRedundancyGlobalStatus 1.3.6.1.4.1.81.11.2 softRedundancyMinTimeBetweenSwitchOvers 1.3.6.1.4.1.81.11.4 softRedundancySwitchBackInterval 1.3.6.1.4.1.81.11.5 4 of 4 678 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 679: Mib Files In The G700-Mg-Mib.my File
G250/G350 MIB files MIB files in the G700-MG-MIB.my file The following table provides a list of the MIBs in the G700-MG-MIB.MY file that are supported by the G250/G350 and their OIDs: Object cmgHWType 1.3.6.1.4.1.6889.2.9.1.1.1 cmgModelNumber 1.3.6.1.4.1.6889.2.9.1.1.2 cmgDescription 1.3.6.1.4.1.6889.2.9.1.1.3 cmgSerialNumber 1.3.6.1.4.1.6889.2.9.1.1.4 cmgHWVintage 1.3.6.1.4.1.6889.2.9.1.1.5...
Page 680 1.3.6.1.4.1.6889.2.9.1.2.3.2 cmgActiveClockSource 1.3.6.1.4.1.6889.2.9.1.2.3.3 cmgRegistrationState 1.3.6.1.4.1.6889.2.9.1.3.1 cmgActiveControllerAddress 1.3.6.1.4.1.6889.2.9.1.3.2 cmgH248LinkStatus 1.3.6.1.4.1.6889.2.9.1.3.3 cmgH248LinkErrorCode 1.3.6.1.4.1.6889.2.9.1.3.4 cmgUseDhcpForMgcList 1.3.6.1.4.1.6889.2.9.1.3.5 cmgStaticControllerHosts 1.3.6.1.4.1.6889.2.9.1.3.6 cmgDhcpControllerHosts 1.3.6.1.4.1.6889.2.9.1.3.7 cmgPrimarySearchTime cmgTotalSearchTime cmgTransitionPoint cmgVoipEngineUseDhcp 1.3.6.1.4.1.6889.2.9.1.4.1 cmgVoipQosControl 1.3.6.1.4.1.6889.2.9.1.4.2 cmgVoipRemoteBbeDscp 1.3.6.1.4.1.6889.2.9.1.4.3.1.1 2 of 5 680 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 681 G250/G350 MIB files Object cmgVoipRemoteEfDscp 1.3.6.1.4.1.6889.2.9.1.4.3.1.2 cmgVoipRemote802Priority 1.3.6.1.4.1.6889.2.9.1.4.3.1.3 cmgVoipRemoteMinRtpPort 1.3.6.1.4.1.6889.2.9.1.4.3.1.4 cmgVoipRemoteMaxRtpPort 1.3.6.1.4.1.6889.2.9.1.4.3.1.5 cmgVoipRemoteRtcpEnabled 1.3.6.1.4.1.6889.2.9.1.4.3.2.1 cmgVoipRemoteRtcpMonitorIpAddress 1.3.6.1.4.1.6889.2.9.1.4.3.2.2 cmgVoipRemoteRtcpMonitorPort 1.3.6.1.4.1.6889.2.9.1.4.3.2.3 cmgVoipRemoteRtcpReportPeriod 1.3.6.1.4.1.6889.2.9.1.4.3.2.4 cmgVoipRemoteRsvpEnabled 1.3.6.1.4.1.6889.2.9.1.4.3.3.1 cmgVoipRemoteRetryOnFailure 1.3.6.1.4.1.6889.2.9.1.4.3.3.2 cmgVoipRemoteRetryDelay 1.3.6.1.4.1.6889.2.9.1.4.3.3.3 cmgVoipRemoteRsvpProfile 1.3.6.1.4.1.6889.2.9.1.4.3.3.4 cmgVoipLocalBbeDscp 1.3.6.1.4.1.6889.2.9.1.4.4.1.1 cmgVoipLocalEfDscp 1.3.6.1.4.1.6889.2.9.1.4.4.1.2 cmgVoipLocal802Priority 1.3.6.1.4.1.6889.2.9.1.4.4.1.3 cmgVoipLocalMinRtpPort 1.3.6.1.4.1.6889.2.9.1.4.4.1.4 cmgVoipLocalMaxRtpPort 1.3.6.1.4.1.6889.2.9.1.4.4.1.5 cmgVoipLocalRtcpEnabled 1.3.6.1.4.1.6889.2.9.1.4.4.2.1 cmgVoipLocalRtcpMonitorIpAddress 1.3.6.1.4.1.6889.2.9.1.4.4.2.2...
Page 682 1.3.6.1.4.1.6889.2.9.1.6.1.1.2 cmgCcRelay 1.3.6.1.4.1.6889.2.9.1.6.1.1.3 cmgCcAdminState 1.3.6.1.4.1.6889.2.9.1.6.1.1.4 cmgCcPulseDuration 1.3.6.1.4.1.6889.2.9.1.6.1.1.5 cmgCcStatus 1.3.6.1.4.1.6889.2.9.1.6.1.1.6 cmgTrapManagerAddress cmgTrapManagerControl cmgTrapManagerMask cmgTrapManagerRowStatus cmgEtrModule 1.3.6.1.4.1.6889.2.9.1.7.1.1.1 cmgEtrAdminState 1.3.6.1.4.1.6889.2.9.1.7.1.1.2 cmgEtrNumberOfPairs 1.3.6.1.4.1.6889.2.9.1.7.1.1.3 cmgEtrStatus 1.3.6.1.4.1.6889.2.9.1.7.1.1.4 cmgEtrCurrentLoopDetect 1.3.6.1.4.1.6889.2.9.1.7.1.1.5 cmgDynCacStatus 1.3.6.1.4.1.6889.2.9.1.8.1 4 of 5 682 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 683: Mib Files In The Frame-Relay-Dte-Mib.my File
1.3.6.1.4.1.6889.2.9.1.8.2 cmgDynCacLastUpdate 1.3.6.1.4.1.6889.2.9.1.8.3 5 of 5 MIB files in the FRAME-RELAY-DTE-MIB.my file The following table provides a list of the MIBs in the FRAME-RELAY-DTE-MIB.my file that are supported by the G250/G350 and their OIDs: Object frDlcmiIfIndex 1.3.6.1.2.1.10.32.1.1.1 frDlcmiState 1.3.6.1.2.1.10.32.1.1.2 frDlcmiAddress 1.3.6.1.2.1.10.32.1.1.3...
Page 684 1.3.6.1.2.1.10.32.2.1.17 frCircuitReceivedDEs 1.3.6.1.2.1.10.32.2.1.18 frCircuitSentDEs 1.3.6.1.2.1.10.32.2.1.19 frCircuitLogicalIfIndex 1.3.6.1.2.1.10.32.2.1.20 frCircuitRowStatus 1.3.6.1.2.1.10.32.2.1.21 frErrIfIndex 1.3.6.1.2.1.10.32.3.1.1 frErrType 1.3.6.1.2.1.10.32.3.1.2 frErrData 1.3.6.1.2.1.10.32.3.1.3 frErrTime 1.3.6.1.2.1.10.32.3.1.4 frErrFaults 1.3.6.1.2.1.10.32.3.1.5 frErrFaultTime 1.3.6.1.2.1.10.32.3.1.6 frTrapState 1.3.6.1.2.1.10.32.4.1 frTrapMaxRate 1.3.6.1.2.1.10.32.4.2 2 of 2 684 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 685: Mib Files In The Ip-Mib.my File
G250/G350 MIB files MIB files in the IP-MIB.my file The following table provides a list of the MIBs in the IP-MIB.my file that are supported by the G250/G350 and their OIDs: Object ipForwarding 1.3.6.1.2.1.4.1 ipDefaultTTL 1.3.6.1.2.1.4.2 ipInReceives 1.3.6.1.2.1.4.3 ipInHdrErrors 1.3.6.1.2.1.4.4 ipInAddrErrors 1.3.6.1.2.1.4.5...
Page 686: Mib Files In The Load12-Mib.my File
G250/G350 and their OIDs: Object genOpModuleId 1.3.6.1.4.1.1751.2.53.1.2.1.1 genOpIndex 1.3.6.1.4.1.1751.2.53.1.2.1.2 genOpRunningState 1.3.6.1.4.1.1751.2.53.1.2.1.3 genOpSourceIndex 1.3.6.1.4.1.1751.2.53.1.2.1.4 genOpDestIndex 1.3.6.1.4.1.1751.2.53.1.2.1.5 genOpServerIP 1.3.6.1.4.1.1751.2.53.1.2.1.6 genOpUserName 1.3.6.1.4.1.1751.2.53.1.2.1.7 genOpPassword 1.3.6.1.4.1.1751.2.53.1.2.1.8 genOpProtocolType 1.3.6.1.4.1.1751.2.53.1.2.1.9 genOpFileName 1.3.6.1.4.1.1751.2.53.1.2.1.10 genOpRunningStateDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.11 genOpLastFailureIndex 1.3.6.1.4.1.1751.2.53.1.2.1.12 1 of 2 686 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 687 G250/G350 MIB files Object genOpLastFailureDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.13 genOpLastWarningDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.14 genOpErrorLogIndex 1.3.6.1.4.1.1751.2.53.1.2.1.15 genOpResetSupported 1.3.6.1.4.1.1751.2.53.1.2.1.16 genOpEnableReset 1.3.6.1.4.1.1751.2.53.1.2.1.17 genOpNextBootImageIndex 1.3.6.1.4.1.1751.2.53.1.2.1.18 genOpLastBootImageIndex 1.3.6.1.4.1.1751.2.53.1.2.1.19 genOpFileSystemType 1.3.6.1.4.1.1751.2.53.1.2.1.20 genOpReportSpecificFlags 1.3.6.1.4.1.1751.2.53.1.2.1.21 genOpOctetsReceived 1.3.6.1.4.1.1751.2.53.1.2.1.22 genAppFileId 1.3.6.1.4.1.1751.2.53.2.1.1.1 genAppFileName 1.3.6.1.4.1.1751.2.53.2.1.1.2 genAppFileType 1.3.6.1.4.1.1751.2.53.2.1.1.3 genAppFileDescription 1.3.6.1.4.1.1751.2.53.2.1.1.4 genAppFileSize 1.3.6.1.4.1.1751.2.53.2.1.1.5 genAppFileVersionNumber 1.3.6.1.4.1.1751.2.53.2.1.1.6 genAppFileLocation 1.3.6.1.4.1.1751.2.53.2.1.1.7 genAppFileDateStamp 1.3.6.1.4.1.1751.2.53.2.1.1.8 genAppFileRowStatus 1.3.6.1.4.1.1751.2.53.2.1.1.9...
Page 688: Mib Files In The Ppp-Lcp-Mib.my File
1.3.6.1.2.1.10.23.1.1.1.1.4 pppLinkStatusBadFCSs 1.3.6.1.2.1.10.23.1.1.1.1.5 pppLinkStatusLocalMRU 1.3.6.1.2.1.10.23.1.1.1.1.6 pppLinkStatusRemoteMRU 1.3.6.1.2.1.10.23.1.1.1.1.7 pppLinkStatusLocalToPeerACCMap 1.3.6.1.2.1.10.23.1.1.1.1.8 pppLinkStatusPeerToLocalACCMap 1.3.6.1.2.1.10.23.1.1.1.1.9 pppLinkStatusLocalToRemoteACCompression 1.3.6.1.2.1.10.23.1.1.1.1.12 pppLinkStatusRemoteToLocalACCompression 1.3.6.1.2.1.10.23.1.1.1.1.13 pppLinkStatusTransmitFcsSize 1.3.6.1.2.1.10.23.1.1.1.1.14 pppLinkStatusReceiveFcsSize 1.3.6.1.2.1.10.23.1.1.1.1.15 pppLinkConfigInitialMRU 1.3.6.1.2.1.10.23.1.1.2.1.1 pppLinkConfigReceiveACCMap 1.3.6.1.2.1.10.23.1.1.2.1.2 pppLinkConfigTransmitACCMap 1.3.6.1.2.1.10.23.1.1.2.1.3 pppLinkConfigMagicNumber 1.3.6.1.2.1.10.23.1.1.2.1.4 pppLinkConfigFcsSize 1.3.6.1.2.1.10.23.1.1.2.1.5 688 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 689: Mib Files In The Wan-Mib.my File
G250/G350 MIB files MIB files in the WAN-MIB.my file The following table provides a list of the MIBs in the WAN-MIB.my file that are supported by the G250/G350 and their OIDs: Object ds0BundleMemmbersList 1.3.6.1.4.1.6889.2.1.6.1.1.2.1.1 ds0BundleSpeedFactor 1.3.6.1.4.1.6889.2.1.6.1.1.2.1.2 ds1DeviceMode 1.3.6.1.4.1.6889.2.1.6.2.1.1 ifTableXtndIndex 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.1 ifTableXtndPeerAddress 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.2...
Page 690 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.31 ifTableXtndCacPriority 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.32 ifTableXtndCacifStatus 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.33 frDlcmiXtndIndex 1.3.6.1.4.1.6889.2.1.6.2.4.1.1.1 frDlcmiXtndLMIAutoSense 1.3.6.1.4.1.6889.2.1.6.2.4.1.1.2 frStaticCircuitSubIfIndex 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.1 frStaticCircuitDLCI 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.2 frStaticCircuitDLCIrole 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.3 frStaticCircuitStatus 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.4 frSubIfDlcmiIndex 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.1 frSubIfSubIndex 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.2 frSubIfType 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.3 frSubIfStatus 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.4 2 of 2 690 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 691: Mib Files In The Snmpv2-Mib.my File
G250/G350 MIB files MIB files in the SNMPv2-MIB.my file The following table provides a list of the MIBs in the SNMPv2-MIB.my file that are supported by the G250/G350 and their OIDs: Object sysDescr 1.3.6.1.2.1.1.1 sysObjectID 1.3.6.1.2.1.1.2 sysUpTime 1.3.6.1.2.1.1.3 sysContact 1.3.6.1.2.1.1.4 sysName 1.3.6.1.2.1.1.5...
Page 692: Mib Files In The Ospf-Mib.my File
The following table provides a list of the MIBs in the OSPF-MIB.my file that are supported by the G250/G350 and their OIDs: Object ospfRouterId 1.3.6.1.2.1.14.1.1 ospfAdminStat 1.3.6.1.2.1.14.1.2 ospfVersionNumber 1.3.6.1.2.1.14.1.3 ospfAreaBdrRtrStatus 1.3.6.1.2.1.14.1.4 ospfASBdrRtrStatus 1.3.6.1.2.1.14.1.5 ospfExternLsaCount 1.3.6.1.2.1.14.1.6 1 of 4 692 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 693 G250/G350 MIB files Object ospfExternLsaCksumSum 1.3.6.1.2.1.14.1.7 ospfTOSSupport 1.3.6.1.2.1.14.1.8 ospfOriginateNewLsas 1.3.6.1.2.1.14.1.9 ospfRxNewLsas 1.3.6.1.2.1.14.1.10 ospfExtLsdbLimit 1.3.6.1.2.1.14.1.11 ospfMulticastExtensions 1.3.6.1.2.1.14.1.12 ospfExitOverflowInterval 1.3.6.1.2.1.14.1.13 ospfDemandExtensions 1.3.6.1.2.1.14.1.14 ospfAreaId 1.3.6.1.2.1.14.2.1.1 ospfAuthType 1.3.6.1.2.1.14.2.1.2 ospfImportAsExtern 1.3.6.1.2.1.14.2.1.3 ospfSpfRuns 1.3.6.1.2.1.14.2.1.4 ospfAreaBdrRtrCount 1.3.6.1.2.1.14.2.1.5 ospfAsBdrRtrCount 1.3.6.1.2.1.14.2.1.6 ospfAreaLsaCount 1.3.6.1.2.1.14.2.1.7 ospfAreaLsaCksumSum 1.3.6.1.2.1.14.2.1.8 ospfAreaSummary 1.3.6.1.2.1.14.2.1.9 ospfAreaStatus 1.3.6.1.2.1.14.2.1.10 ospfLsdbAreaId 1.3.6.1.2.1.14.4.1.1...
Page 694 1.3.6.1.2.1.14.7.1.14 ospfIfEvents 1.3.6.1.2.1.14.7.1.15 ospfIfAuthKey 1.3.6.1.2.1.14.7.1.16 ospfIfStatus 1.3.6.1.2.1.14.7.1.17 ospfIfMulticastForwarding 1.3.6.1.2.1.14.7.1.18 ospfIfDemand 1.3.6.1.2.1.14.7.1.19 ospfIfAuthType 1.3.6.1.2.1.14.7.1.20 ospfIfMetricIpAddress 1.3.6.1.2.1.14.8.1.1 ospfIfMetricAddressLessIf 1.3.6.1.2.1.14.8.1.2 ospfIfMetricTOS 1.3.6.1.2.1.14.8.1.3 ospfIfMetricValue 1.3.6.1.2.1.14.8.1.4 ospfIfMetricStatus 1.3.6.1.2.1.14.8.1.5 ospfNbrIpAddr 1.3.6.1.2.1.14.10.1.1 3 of 4 694 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 695: Mib Files In The Tunnel-Mib.my File
1.3.6.1.2.1.14.12.1.6 ospfExtLsdbAdvertisement 1.3.6.1.2.1.14.12.1.7 4 of 4 MIB files in the TUNNEL-MIB.my file The following table provides a list of the MIBs in the TUNNEL-MIB.my file that are supported by the G250/G350 and their OIDs: Object tunnelIfLocalAddress 1.3.6.1.2.1.10.131.1.1.1.1.1 tunnelIfRemoteAddress 1.3.6.1.2.1.10.131.1.1.1.1.2 1 of 2...
Page 696 1.3.6.1.2.1.10.131.1.1.2.1.2 tunnelConfigEncapsMethod 1.3.6.1.2.1.10.131.1.1.2.1.3 tunnelConfigID 1.3.6.1.2.1.10.131.1.1.2.1.4 tunnelConfigStatus 1.3.6.1.2.1.10.131.1.1.2.1.5 ipTunnelIfIndex 1.3.6.1.4.1.81.31.8.1.1.1 ipTunnelIfChecksum 1.3.6.1.4.1.81.31.8.1.1.2 ipTunnelIfKey 1.3.6.1.4.1.81.31.8.1.1.3 ipTunnelIfkeyMode 1.3.6.1.4.1.81.31.8.1.1.4 ipTunnelIfAgingTimer 1.3.6.1.4.1.81.31.8.1.1.5 ipTunnelIfMTUDiscovery 1.3.6.1.4.1.81.31.8.1.1.6 ipTunnelIfMTU 1.3.6.1.4.1.81.31.8.1.1.7 ipTunnelIfKeepaliveRate 1.3.6.1.4.1.81.31.8.1.1.8 ipTunnelIfKeepaliveRetries 1.3.6.1.4.1.81.31.8.1.1.9 2 of 2 696 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 697: Index
... MAC-based authentication ..Avaya Voice Announcement Manager (VAM) ....multi supplicant mode ....
Page 698 ....capture buffer-mode ....copy ftp SW_imageA 698 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 699 Index Commands, (continued) Commands, (continued) ......copy ftp sw_imageB disable link encryption ....
Page 700 ... . ip ssh no snmp trap link-status ....ip tcp compression-connections no snmp-server community 700 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 701 Index Commands, (continued) Commands, (continued) ......no snmp-server remote-user self-identity ....
Page 702 ........set sync source show ip icmp 702 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 703 Index Commands, (continued) Commands, (continued) ......show ip interface show rtp-stat sessions ....
Page 704 ... . . Denial of Service reporting ... configuring for modem use 704 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 705 Index DHCP DLCI ..... . BOOTP relay configuring for frame relay sub-interface ....
Page 706 ... critical security parameters ... . enabling traffic shaping 706 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 707 ....G250 decompression analog model, see G250-Analog IPCH method - RTP and TCP header compression BRI model, see G250-BRI ..
Page 708 ..obtaining via PPP/IPCP negotiation ....storing in ARP table 708 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 709 ..specifying Syslog output facility ..running Avaya Communication Manager ... . . Syslog default settings ....
Page 710 ..... NetBIOS Network monitoring ....applications 710 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 711 Index Passwords ....changing ....managing Packet sniffing .
Page 712 ....configuring T1 port ..sequence of policy list application 712 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 713 Index Ports, (continued) ..configuring VLAN tagging mode ....CONSOLE ... . Console .
Page 714 ....sample network ..setting QoS event thresholds 714 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 715 ....setup ..Avaya phones supported in SLS ....teardown .
Page 716 ....overview strategies employed Standard Local Survivability, see SLS SYN flood attack protection, see SYN cookies 716 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 717 ....description ... . accessing G250/G350 via ..disconnecting USB sessions .
Page 718 ... . . configuration example ....description 718 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 719 Index ....backup interfaces ... . checking interface status ....default encapsulation .
Page 720 Index 720 Administration for the Avaya G250 and Avaya G350 Media Gateways...

This manual is also suitable for:

G350

Avaya G250 Administration

About this Book

Overview

Audience

Downloading this Book and Updates from the Web

Related Resources

Technical Assistance

Trademarks

Sending Us Comments

Chapter 1: Introduction

G250 and G350 Contents

G250 and G350 Support Information

G250 Available Models

Chapter 2: Configuration Overview

Defining the Console Interface

Defining the USB Interface

Defining Other Interfaces

Configuration Using CLI

Configuration Using GUI Applications

Saving Configuration Changes

Firmware Version Control

Chapter 3: Accessing the Avaya G250/G350 Media Gateway

Accessing the CLI

Accessing the CLI Via Modem

Accessing Avaya IW

Accessing GIW

Accessing PIM

Accessing Avaya Communication Manager

Managing Login Permissions

Special Security Features

Chapter 4: Basic Device Configuration

Defining an Interface

Configuring the Primary Management Interface (PMI)

Defining the Default Gateway

Configuring the Media Gateway Controller (MGC)

DNS Resolver

Viewing the Status of the Device

Software and Firmware Management

Chapter 5: Configuring Standard Local Survivability (SLS)

Configuring SLS

Chapter 6: Configuring Ethernet Ports

Ethernet Ports on the G250

Ethernet Ports on the G350

Configuring Switch Ethernet Ports

Configuring the WAN Ethernet Port

Configuring DHCP Client

Configuring LLDP

Chapter 7: Configuring Logging

Configuring a Syslog Server

Configuring a Log File

Configuring a Session Log

Configuring Logging Filters

Chapter 8: Configuring Voip Qos

Configuring RTP and RTCP

Configuring Header Compression

Configuring Qos Parameters

RSVP Parameters

Weighted Fair Voip Queuing (WFVQ)

Chapter 9: Configuring the G250 and G350 for Modem Use

Configuring the USB Interface

Configuring the USB Port for Modem Use

Configuring the Console Port for Modem Use

Chapter 10: Configuring WAN Interfaces

Serial Interface Overview

Initial WAN Configuration

Backup Interfaces

Modem Dial Backup

ICMP Keepalive

Dynamic CAC

Object Tracking

Frame Relay Encapsulation Features

Priority DLCI

Quick Links

Related Manuals for Avaya G250

Summary of Contents for Avaya G250