Page 1
Administration for the Avaya G250 and Avaya G350 Media Gateways 03-300436 Issue 3 February 2007...
Page 2
Avaya support Avaya provides a telephone number for you to use to report problems or to ask questions about your product. The support telephone number is 1-800-242-2121 in the United States. For additional support telephone numbers, see the Avaya Web site: http://www.avaya.com/support...
Chapter 1: Introduction ......G250 and G350 contents .......
Page 4
Accessing the CLI via a modem connection to the S8300 ... Accessing Avaya IW ........
Page 5
Configuring the Primary Management Interface (PMI) ....Setting the PMI of the G250/G350......
Page 6
SLS service........Avaya phones supported in SLS ......
Page 7
Chapter 6: Configuring Ethernet ports ....175 Ethernet ports on the G250 ......
Page 8
Header compression configuration options ....Configuring IPHC-type header compression ....8 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 9
E1/T1 default settings ......Configuring the Avaya MM342 USP WAN media module ... .
Page 10
Configuration Example for Site A..... . . Configuration Example for Site B..... . . 10 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 11
Load detection ........How the G250/G350 detects a powered device (PD)... . .
You can download the latest version of the Administration for the Avaya G250 and Avaya G350 Media Gateways from the Avaya Web site. You must have access to the Internet, and a copy of Acrobat Reader must be installed on your personal computer.
03-300430 Media Gateways and Servers Maintenance Commands for Avaya Communication Manager 4.0, 03-300431 Media Gateways and Servers Maintenance Procedures for Avaya Communication Manager 4.0, 03-300432 Media Gateways and Servers 22 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Toll fraud, call Avaya Toll Fraud Intervention at 1-800-643-2353 ● International For all international resources, contact your local Avaya authorized dealer for additional help. Trademarks All trademarks identified by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.
E-mail, send your comments to: ● document@avaya.com Fax, send your comments to: ● 1-303-538-1741 Mention the name and number of this book, Administration for the Avaya G250 and Avaya G350 Media Gateways, 03-300436. 24 Administration for the Avaya G250 and Avaya G350 Media Gateways...
— telephone exchange and data networking. The G250 and G350 each feature a VoIP engine, WAN router, and Power over Ethernet LAN switch. The G350 provides full support for legacy DCP and analog telephones.
ISDN BRI trunks ● G250 with WAN media module You can also add a plug-in WAN media module to the G250 for support of E1/T1 and USP WAN data lines. 26 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Analog model (G250-Analog). The G250-Analog includes four analog trunk ports, two ● analog line ports, a Fast Ethernet WAN port, and eight PoE LAN ports. BRI model (G250-BRI). The G250-BRI replaces three out of four of the G250’s fixed ● analog trunk ports with two ISDN BRI trunk ports.
Page 28
Introduction 28 Administration for the Avaya G250 and Avaya G350 Media Gateways...
35. Defining the Console interface The first thing you should do when configuring a new G250/G350 is to assign an IP address to the console interface. It is not necessary to include a subnet mask. 1. Use the interface console command to enter the console context.
Configuration overview Defining the USB Interface If you intend to use a USB modem to connect to the G250/G350, you should also assign an IP address to the USB interface. It is not necessary to include a subnet mask. 1. Use the interface USB command to enter the USB context.
Configuration using CLI Configuration using CLI You can use the Avaya G250/G350 Media Gateway CLI to manage the G250/G350. The CLI is a command prompt interface that enables you to type commands and view responses. For instructions on how to access the G250/G350 CLI, see Accessing the CLI on page 35.
Configuration overview You can also use the Avaya G350 Manager to configure most features of the G250/G350. The Avaya G350 Manager is a GUI application. You can access the Avaya G350 Manager from Avaya Integrated Management software or from a web browser. Most of the commands that are available through the G250/G350 CLI are also available through the Avaya G350 Manager.
Page 33
If it becomes necessary to use the older version, you can type the command set boot bank bank-x and then reset the G250/G350 to use the older version. This is particularly important when uploading new versions.
Page 34
Configuration overview 34 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Chapter 3: Accessing the Avaya G250/ G350 Media Gateway You can access the Avaya G250/G350 Media Gateway using the CLI, the IW, the GIW, the PIM, and the Avaya Communication Manager. You can manage login permissions by using and configuring usernames and passwords, and by configuring the G250/G350 to use SSH, SCP, RADIUS authentication, and the 802.1x protocol.
PPP network connection from a modem at the remote location. You can use either a USB modem connected to the USB port on the front panel of the G250/G350 or a serial modem connected to the console port on the front panel of the G250/G350. You must only use an approved Avaya serial cable.
4. Open any standard telnet program on the remote computer. 5. Open a telnet session to the IP address of the USB port on the G250/G350. For instructions on how to set the IP address of the USB port (i.e., the USB interface), see...
Configuring the Primary Management Interface (PMI) page 70. 1. Connect a USB modem to either of the two USB ports on the Avaya S8300 Media Server. 2. Use the Avaya Maintenance Web Interface (MWI) to configure the USB port on the S8300 for modem use.
The Avaya Installation Wizard (Avaya IW) is a web-based installation wizard that is used with the Avaya G250/G350 Media Gateway to perform initial configuration tasks and to upgrade software and firmware. The Avaya IW is designed for use with systems that include an S8300 Media Server, operating in either ICC or LSP mode. See...
G250/G350 that does not include an S8300 Media Server. You can use the GIW to perform initial configuration of the G250/G350 and to upgrade software and firmware. Specifically, you can perform the following tasks with the GIW: Configure PMI information —...
85 Access the GIW 1. Install GIW on a laptop computer from the CD provided by Avaya. The laptop should be running Windows 2000 or Windows XP. 2. Plug one end of an RJ-45 to RJ-45 cable into a DB-9 adapter.
G250/G350 Media Gateway provides. Run the Avaya Communication Manager software on a media server. There might be several media servers on your network that can control the Avaya G250/G350 Media Gateway. Access Avaya Communication Manager on any media server that is a Media Gateway Controller (MGC) for the Avaya G250/G350 Media Gateway.
In addition to its basic security mechanism, the G250/G350 supports secure data transfer via SSH and SCP. The G250/G350 can be configured to work with an external RADIUS server to provide user authentication. When RADIUS authentication is enabled on the G250/G350, the RADIUS server operates in conjunction with the G250/G350 security mechanism.
Managing login permissions Privilege level When you start to use Avaya G350 Manager or the CLI, you must enter a username. The username that you enter sets your privilege level. The commands that are available to you during the session depend on your privilege level. If you use RADIUS authentication, the RADIUS server sets your privilege level.
The G250/G350 sends the public key (the fingerprint) to the client computer. This public ● key is used by the client to encrypt the data it sends to the G250/G350. The G250/G350 decrypts the data using the private key. Both sides negotiate and must agree on the same chipper type. The G250/G350 only ●...
In addition to data transfer via an SSH session, the SSH protocol is used to support SCP for secure file transfer. When using SCP, the G250/G350 is the client, and an SCP server must be installed on the management station. After users are defined on the SCP server, the G250/ G350 acts as an SCP client.
3. Use the set radius authentication server command to set the IP address of the primary or secondary RADIUS Authentication server. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. 48 Administration for the Avaya G250 and Avaya G350 Media Gateways...
LAN port and of preventing access to that port in cases where the authentication process fails. On the G350, you can enable 802.1x on the MM314 and MM316 media modules’ 10/100 Ethernet ports. On the G250, you can enable 802.1x on the eight Ethernet LAN PoE ports located on the G250’s front panel.
Supplicant — an entity (the host) at one end of a point-to-point LAN segment that is ● requesting authentication Authenticator — an entity (in this case the G250/G350) at the other end of a point-to-point ● LAN segment that facilitates authentication of the Supplicant Authentication (RADIUS) Server —...
LAN and WAN port on the chassis nor the uplink port in the MM314 (10/100/1G copper) and MM316 (10/100/1G copper) media modules support 802.1x. On the G250, you can enable 802.1x on the eight Ethernet LAN PoE ports located on the G250’s front panel. 802.1x is not supported on the G250-DCP model.
Page 52
For example: G350-001(super)# set dot1x system-auth-control enable To disable 802.1x authentication on the G250/G350, use the command set dot1x system-auth-control disable. Once the authentication process is enabled, the process proceeds as follows: The Supplicant is asked to supply a user name and password.
Page 53
Managing login permissions 5. Use the set dot1x port-mode command, followed by an authentication mode, to specify the mode of authentication for all G250/G350 ports: port-based (single supplicant) or MAC-based (multi supplicants). For example: G350-001(super)# set dot1x port mode mac-based-authentication...
● to 65535), to set the authenticator-to-supplicant retransmission timeout period (the time for the G250/G350 to wait for a reply from the Authenticated Station) for all ports on which 802.1x is enabled. Use the set port dot1x supp-timeout command, followed by the module and port ●...
Use the show dot1x command to display the system 802.1x parameters, including ● whether 802.1x is enabled or disabled on the G250/G350 and the Supplicants’ status. Use the show port dot1x command to display all the configurable values associated ●...
Page 56
The number of currently connected supplicants. Authenticated The number of authenticated supplicants connected to Supplicants the G250/G350. Authenticating The number of supplicants connected to the G250/ Supplicants G350 being authenticated (not authenticated yet). 56 Administration for the Avaya G250 and Avaya G350 Media Gateways...
The G250/G350 includes a special recovery password. The purpose of the recovery password is to enable the system administrator to access the G250/G350 in the event that the regular password is forgotten. You can only use the recovery password when accessing the G250/ G350 via a direct connection to the console port.
The new MCK is now in effect. Enabling SYN cookies The G250/G350 provides various TCP/IP services and is therefore exposed to a myriad of TCP/ IP based DoS attacks. 58 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 59
Special security features DoS (Denial of Service) attacks refers to a wide range of malicious attacks that can cause a denial of one or more services provided by a targeted host. Specifically, a SYN attack is a well-known TCP/IP attack in which a malicious attacker targets a vulnerable device and effectively denies it from establishing new TCP connections.
Media Gateway IP interfaces and gateway applications such as WAN routers, PoE switches, and VPN devices can be at risk for Denial of Service (DoS) attacks. The G250/G350 identifies predefined or custom-defined traffic patterns as suspected DoS attacks and generates SNMP notifications, referred to as Managed Security Services (MSS) notifications.
MSS notifications are intercepted and, if certain conditions are met, may be forwarded to the Avaya Security Operations Center (SOC) as INADS alarms. The SOC is an Avaya service group that handles DoS alerts, responding as necessary to any DoS attack or related security issue.
Page 62
3. Use the set mss-notification rate command to modify the MSS reporting rate, if necessary. The default is 300 seconds. The G250/G350 counts events for each Denial of Service (DoS) class for the duration of the interval. At the end of each interval, if the count...
MALFRAGMENTED_IP Malfragmented IP packets on "TO-ME" interfaces. MALFORMED_IP Malformed IP packets. The G250/G350 reports malformed IP packets when: The IP version in the IP header is a value ● other than 4. The IP header length is smaller than 20.
3. Use the dos-classification command to configure the name of the DoS attack classification. Possible values are: fraggle, smurf, ip-spoofing, other-attack-100, other-attack-101, other-attack-102, other-attack-103, other-attack-104, and other-attack-105. For example: G350-001(super-ACL 301/ip rule 1)# dos-classification smurf Done! 64 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 65
Special security features 4. Define the packet criteria to which the ACL rule should apply. See Rule criteria page 540. For example, you can use destination-ip to specify that the rule applies to packets with a specific destination address and you can use ip-protocol to specify that the rule applies to packets with a specific protocol: G350-001(super-ACL 301/ip rule 1)# destination-ip 255.255.255.255 0.0.0.0 Done!
MSS notifications. Sets the interval time, in seconds, Config set mss-notification rate between MSS notifications. seconds Shows the interval time, in seconds, Read Only show mss-notification rate between MSS notifications. 66 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Special security features Example The following example demonstrates the configuration of MSS notifications using ACL rules. In this example, smurf packets (ICMP packets that are sent to a limited broadcast destination) arriving at interface VLAN 203 are defined as a DoS attack to be reported in MSS notifications. //create and enter the configuration mode of access control list 301: G350-001(super)# ip access-control-list 301 //create and enter the configuration mode of ip rule 1:...
Page 68
Accessing the Avaya G250/G350 Media Gateway 68 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 ● Defining an interface All interfaces on the G250 and G350 must be defined by the administrator, after installation of the G250/G350. 1. Use the interface command to enter the interface context. Some types of interfaces require an identifier as a parameter.
G250/G350 automatically becomes the PMI. You can subsequently assign any IP interface to be the PMI. The PMI is used as the IP address of the G250/G350 for the following management functions: Registration of the G250/G350 to an MGC ●...
● Defining the default gateway The G250/G350 uses a default gateway to connect to outside networks that are not listed on the G250/G350’s routing table. To define a default gateway, use the ip default-gateway command, followed by either the IP address or name (type and number) of the interface you want to define as the default gateway.
Several options exist to minimize network disruption in the event that connectivity between the G250/G350 and the media server or media gateway controller (MGC) is lost. MGC list. You must register the G250/G350 with at least one, and up to four, MGCs. The ●...
Enhanced Local Survivability (ELS). ELS is available for both the G250 and the G350 ● using a local S8300 or S8500 functioning in LSP mode. If the ECC stops serving the G250/ G350, the S8300 takes over the service. Auto fallback to primary MGC. This feature provides a means by which a G250/G350 ●...
Basic device configuration Setting the G250/G350’s MGC Use the set mgc list command to set the G250/G350’s MGC. You can enter the IP addresses of up to four MGCs with the set mgc list command. The first MGC on the list is the primary MGC.
G350-001(super)# set reset-times transition-point 1 Done! In this example, in the event of a loss of connection with the registered MGC, the G250/G350 searches for the primary MGC on its MGC list for 20 minutes. If the G250/G350 does not establish a connection with the primary MGC within this time, it searches for the other MGCs on the list for a total of 40 minutes.
When a local MGC controls telephone services on the Avaya G250/G350 Media Gateway in ICC or LSP mode, the G250/G350 monitors the connection with the MGC. If the connection with the MGC is lost, the G250/G350 starts a recovery process.
- Dialer interface - Serial interface The most common application of this configuration is for connecting the G250/G350 to the Internet and getting the DNS server information from the ISP. Therefore, interfaces configured to automatically learn the DNS servers in the system are usually the Fast Ethernet with PPPoE interface and the Dialer interface.
IP address of the second main office. It will then start a VPN tunnel with the second main office. This typical application is described in full in Failover using DNS on page 511. Figure 3: VPN DNS topology 78 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Specify the domain name. ● 6. Repeat step 5 to configure additional domain names. You can configure up to six domain names. G350-001(config)# ip domain list 1 avaya.com Done! G350-001(config)# ip domain list 2 emea.avaya.com Done! 7. Optionally, configure the number of DNS query retries, using the ip domain retry command.
Page 80
G350-001(config)# ip domain lookup Done! Important: If either DHCP Client or PPP are configured in the G250/G350, you need not Important: configure DNS Resolver at all, because: - DNS Resolver is enabled by default, and - DHCP Client and PPP discover DNS servers automatically, so the list of DNS servers will include the automatically-learned DNS servers.
You can also enable logging messages to a log file or a Syslog server. For a full Note: description of logging on the G250/G350, see Chapter 7: Configuring logging on page 187. 82 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Viewing the status of the device Viewing the status of the device To view the status of the Avaya G250/G350 Media Gateway, use the following commands. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437.
The Avaya G250/G350 Media Gateway can be a client for the FTP and TFTP protocols. Use either a USB device or the FTP or TFTP protocols to transfer files between the Avaya G250/ G350 Media Gateway and other devices. You can use file transfer to: Install software and firmware upgrades on the G250/G350 ●...
To use FTP/TFTP file transfer, you need to have an FTP server or TFTP server on your network. Note: If you use an FTP server, the G250/G350 prompts you for a username and Note: password when you enter a command to transfer a file. Also, when opening an FTP connection to the S8300, all anonymous FTP file transfers are restricted to the /pub directory.
Loading firmware from the non-default bank You can use the ASB button on the G250/G350 front panel to load firmware from the bank other than the default bank during startup: 1. Press and hold the reset button.
Use the copy tftp SW_imageB command to upgrade the G250/G350 firmware into ● Bank B from a TFTP server. Use the copy tftp EW_archive command to upgrade the Java applet for Avaya G350 ● Manager software from a TFTP server.
Page 88
Basic device configuration 3. Remove the USB storage device from the PC, and insert it in the G250/G350 USB port. 4. Copy the firmware file(s) to the G250/G350 using one of the following commands: Use the copy usb SW_imageA command to upgrade the G250/G350 firmware into ●...
CLI commands for backing up and restoring files to/from a USB mass storage device enable you to use the USB port for efficient restoring or replicating of a G250/G350 media gateway and for replacing and upgrading media modules. Using the USB port you can back up or restore multiple files with one CLI command, which is simpler than the alternative TFTP/FTP/SCP method, in which files are copied and restored individually.
Page 90
Back up the gateway regularly to a USB mass storage device. This backup can be very helpful in restoring the gateway’s configuration if it becomes faulty, or in restoring the entire gateway. 1. Connect a USB mass storage device to the G250/G350 USB port. 2. Type copy running-config startup-config to commit the current configuration to NVRAM.
Restoring backed up configuration and administration files to a gateway using a USB mass storage device 1. Make sure you have a backup of the G250/G350 on a USB mass storage device. Refer to Backing up administration and configuration files using a USB mass storage device page 89.
Page 92
Basic device configuration 6. If the new G250/G350 firmware version is 26.x.y or above, add a G250/G350 firmware to the USB storage device, as follows: a. From the Avaya support web site, download to your PC the same version of G250/ G350 firmware as was running in the faulty G250/G350.
Page 93
Software and Firmware Management Table 8: Backup file and directory naming convention on a USB mass storage device Root directory Sub-directory Files Comments Backup directory name backup-25-Nov-2005 File with backup info readme.txt Configuration file startup_config.cfg Customer-specific Voip audio.bin parameters VPN license file vpn_license.cfg Authentication file auth-file.cfg...
Installing and Upgrading the Avaya G250 Media Gateway, 03-300434 or Installing and Upgrading the Avaya G350 Media Gateway, 03-300394. 17. Update the S8300 on the new G250/G350 with the serial number of the new gateway, otherwise the gateway is not be able to register in the Avaya Communication Manager.
555-233-506. Copying files to/from a USB mass storage device You can use a USB mass storage device inserted into the G250/G350 USB port to copy individual files to/from a USB mass storage device. Copying files to a USB mass storage device...
A configuration file is a data file that contains a complete set of configuration settings for the Avaya G250/G350 Media Gateway. You can use configuration files to back up and restore the configuration of the G250/G350. You can back up either the running configuration or the startup configuration to the server as a configuration file.
Listing the files on the Avaya G250/G350 Media Gateway Use the dir command to list all G250/G350 files. When you list the files, you can see the version numbers of the software components. The dir command also shows the booter file, which cannot be changed.
Page 98
Basic device configuration 98 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Chapter 5: Configuring Standard Local Survivability (SLS) Standard Local Survivability (SLS) provides a local G250/G350 with a limited subset of MGC functionality when there is no IP-routed WAN link available to an MGC, or no MGC is available. SLS is not a replacement for ELS or LSP survivability, which offer full call-feature functionality and full translations in the survivable mode.
The new Avaya 96xx IP phone family is not directly referenced in the G250/G350 CLI. When you administer these phones via the CLI, use the following mapping: Model name CLI interface name 9610 4606 9620 4610 9630 4620 9640 4620...
Last Number Redial ● Call Forwarding-Busy/Don’t Answer ● No Music On Hold source or announcement playback ● Call Center features, including ASAI ● Connection Preserving Failover/Failback for H.248 Gateways ● 102 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Provisioning data SLS requires that the G250/G350 has connected to an MGC at least once and has received provisioning information, including: Avaya Communication Manager port information sent through the H.248 control channel: ● - Tone sources, including a distinctly different dial tone to inform users that the system is...
RAM (NVRAM) on the G250/G350. After the initial data collection, PIM retains a copy of the data set for each G250/ G350. This set is compared with subsequent data sets to determine if anything has changed: If the data set changes, the newer data set is pushed down to the media gateway.
The G250/G350 closes the SLS socket after maintenance determines that it has ● completed an H.248 registration with the primary MGC. SLS determines that it needs to unregister with the G250/G350 due to internal error ● conditions. Issue 3 February 2007...
PSTN trunk to the DID port. The number of sent digits (3-4 typically) and signaling type (Pulse/DTMF) are also configurable at ordering time. 106 Administration for the Avaya G250 and Avaya G350 Media Gateways...
● Pressing the winking call appearance button ● Analog phones Newer analog phones (for example, Avaya 62xx series) have buttons with specific functions for placing a call on Hold: Hold button sends the hold message to the server ● Flash button sends switchhook signal to the server ●...
Page 108
If you want to toggle between the first and second calls, press the switchhook and dial the FAC once each time you want to change calls. 108 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Transferring an established call from an analog phone Newer analog phones (for example, Avaya 62xx series) have buttons with specific functions for transferring a call. The Switchhook (receiver on/off hook) sends a disconnect signal to the server, and the Transfer/Flash button sends a transfer message to the server.
Note: If the Contact Closures are set to manual operation, FAC operation will not work Note: even though the confirmation tone is heard. An event will be logged, however. 110 Administration for the Avaya G250 and Avaya G350 Media Gateways...
The SLS mode supports shared administrative identity with the Avaya Softphone application, but requires specific station administration. 1. Access the CM administrative SAT interface. For instructions on accessing the Avaya Communication Manager through the G250/G350, see Accessing the registered MGC page 76.
ETR mode after the gateway registers with a new server, Communication Manager maintenance must busy out the ports until it receives notification that the ports are idle and available for use. 112 Administration for the Avaya G250 and Avaya G350 Media Gateways...
● Example of CDR log entries and format Figure 6: CDR log example G250-SLS(super)# show logging cdr file content 02/18/2005,10:46:35:CDR-Informational: 10:46 00:00 A 700 50029555 52001 v301 02/18/2005,10:45:46:CDR-Informational: 10:45 00:00 A 700 50029 52001 v301 02/18/2005,10:45:14:CDR-Informational: 10:45 00:00 A 700 52 52001 v301...
15840 is the extension that activated the feature. ● PULSE indicates the Contact Closure operation (could also be OPEN or CLOSE) ● 003 is the media gateway number. ● 2 is the Contact Closure number. ● 114 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring SLS Configuring SLS SLS is installed when the G250/G350 is installed. However, for SLS to actually work, the following conditions must be met: Avaya Communication Manager must be configured for SLS and Auto Fallback. For ● instructions on configuring SLS in Avaya Communication Manager, see...
Page 116
This field value (immediately) is only one of the four (4) possible choices. See Note: the Administrator Guide for Avaya Communication Manager (03-300509) for more information on the values for this field. 9. Submit the form. 116 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 117
Configuring the SLS data through the CLI on page 142, Step 2). Max Survivable IP Ext field only appears when the Type field is G250 or G350. The ● current maximum product limits enforced by the SLS gateway’s firmware module are: G250: a limit of 12 ●...
Page 118
Survivable ARS Analysis Table. Those strings administered as deny are also denied to these users as well. Note: This field is only for analog and IP station types. Note: 118 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 119
Configuring SLS Figure 8 shows the hierarchical relationship among the calling-restriction categories. Figure 8: Inherited Class of Restriction (COR) permissions Emergency Internal Local Toll Unrestricted cydsetru LAO 031405 Figure notes: Unrestricted: users can dial any Local: users can only dial these call valid routable number, except an types: ARS pattern specifically...
121) and perform the following: a. Check the Enable the SLS feature on this device? box to enable SLS on the G250/ G350. A cleared box means that SLS is disabled. b. Check the Perform scheduled SLS updates on this device? box to send the SLS...
Page 121
Configuring SLS Figure 9: SLS / ARS page View Extract displays the current SLS administration data set for this gateway. ● Perform Extract extracts the SLS information from the controlling Communication ● Manager server for this Media Gateway. Actions enables you to edit or delete a previously-administered entry: ●...
Page 122
The number of dialed digits to be deleted from the beginning of the dialed string. Default: 0. Inserted Digits The digit string to be inserted at the beginning of the dialed string. Default: 0. 1 of 2 122 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 123
Configuring SLS Table 11: SLS ARS Entry page field options (continued) Field Description Call Type Can be any of the following: emer (emergency call) fnpa (10-digit NANP call) hnpa (7-digit NANP call) intl (public-network international number call) iop (international operator call) locl (public-network local number call) natl (non-NANP call) op (operator)
Page 124
Note: The Daily Updates must be at least 4 hours apart. Note: c. Click Submit. 11. Use the Backup/Restore page (Figure 12) to backup the PIM database backup schedule. 124 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 125
Configuring SLS Figure 12: Backup/Restore page (PIM) Note: Step 11 backs up the PIM database. Avaya encourages users to set a PIM Note: backup schedule/policy independent of the SLS implementation. Note: If you require the use of the Incoming Call Handling Treatment option for adding/...
SLS enabled on the G250/G350 through its CLI ● S8300 is not serving as an LSP ● G250/G350 is not subtending to another external server (including ESS or another LSP in ● another gateway) Planning and preparing the SLS data set...
Page 127
* 72 stations maximum (all types) You can collect the Communication Manager data using the CM administrative SAT interface. For instructions on accessing the Avaya Communication Manager through the G250/G350, see Accessing the registered MGC on page 76.
Page 128
Trunk destination while in SLS mode Switchhook Flash This field appears when Type is 2500. Name This is the user’s name * Page numbers might vary for your system. 128 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 129
Collecting DCP stations data 1. At the SAT, type list media-gateway and press Enter to display a list of administered gateways. 2. Look for any of the following supported gateways in the Type field: G250/G250-BRI/G250-DCP/G250-DS1 ● G350 ● 3. Once you know the media gateway of interest, match the gateway model with the digital...
Page 130
1. At the SAT, type list media-gateway and press Enter to display a list of administered gateways. 2. Look for any of the following supported gateways in the Type field: G250/G250-BRI/G250-DCP/G250-DS1 ● G350 ● 130 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 131
Configuring SLS 3. Type display media-gateway and press Enter and read the reported IP address for this gateway. 4. Type list node-name ip and compare the IP address of the media gateway in the list with the IP address of the gateway that you are administering for SLS. When you find a match in the node-name ip form, read the assigned node-name.
Page 132
● G250-DCP: none ● G250-DS1: ports V401-V431 ● G350: refer to Table 32: Media Module-port values in SLS trunk-group context for the ● G350 (Analog Trunks) on page 164 132 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 133
Configuring SLS 7. Identify the G350 modules and check for provisioned trunk ports. 8. At the SAT, type display port portid, where the portid is the analog trunks port on the target gateway. The system reports the Trunk Group Number/Member Number for this particular port. 9.
Page 134
Connect Before Disconnect Send Name Specifies whether name is to be shared with network Send Calling Specifies whether number is to be shared with network Number 2 of 3 134 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 135
Configuring SLS Table 15: Trunk group data to assemble for SLS (continued) Page Field Name Notes Incoming Specifies how to fill the Calling Party Number and Called Calling Number Party Number IEs - Format Incoming Sets a destination station for routing incoming trunk group Destination calls Trunk Hunt...
Page 136
For the gateways, the first component is the 3 digit gateway number, followed next by a ‘v’, followed by the slot number, followed by 24 (T1) or 16 (E1). 1 of 2 136 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 137
This is needed only if the ‘Associated Signaling’ is administered as ‘no’. This does not apply to SLS on the G250. Specifies the channel of the DS1 circuit that carries the D-channel for ISDN signaling. This is an integer from ‘0’ through ‘31’.
Page 138
SLS data set. If there is no administered location, then at the SAT type display ● feature-access-codes and press Enter and gather the FAC information listed Table 138 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 139
Collecting System parameters data 1. At the SAT, type list media-gateway and press Enter to display a list of administered gateways. 2. Look for any of the following supported gateways in the Type field: G250/G250-BRI/G250-DCP/G250-DS1 ● G350 ● 3. Once you have determined the media gateway of interest, note its IP-Network-Region.
Page 140
Enter to display the administered route pattern(s). 2. For the first preference for this route-pattern entry, read the values of the following fields (described in Table 21): a. No Deleted Digits b. Inserted Digits 140 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 141
Configuring SLS 3. At the SAT, type list ars analysis and press Enter to search the ARS Analysis table for row entries whose Route Pattern field matches the route-pattern value(s) that were obtained in Step 1. Once you discover a match with Route Pattern, use the entries from this row in the ARS Analysis table to complete the following three entries for the SLS Dial-Pattern table (see Table...
Enter to enter the ● second-level subcontext for administering ISDN BRI links. 142 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 143
Configuring SLS dial-pattern context that is invoked by typing dial-pattern dialed-string and ● pressing Enter to enter the second-level subcontext for administering dial pattern strings. incoming-routing context that is invoked by typing incoming-routing ● tgnum mode pattern length and pressing Enter to enter the second-level subcontext for administering incoming routing.
Page 144
2 of 6 144 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 145
Configuring SLS Table 23: SLS CLI command hierarchy (continued) Root Level Commands First Level Context Second Level Context (survivable commands) Trunk-group set dial <tgnum>[<group-type>] set tac clear tac add port remove port set supervision set digit-treatment set digits set name set codeset-display set codeset-national set channel-preference...
Page 146
4 of 6 146 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 147
Configuring SLS Table 23: SLS CLI command hierarchy (continued) Root Level Commands First Level Context Second Level Context (survivable commands) bri<port-address> set name set interface set side set country-protocol set bearer-capability set interface-companding set tei-assignment set directory-number-a set directory-number-b set spid-a set spid-b set endpoint-init set layer1-stable...
Page 148
SLS administration of the gateway. 5. If you want to change the maximum allowable IP registrations from the default, use the set max-ip-registrations n command, where n is between 1-12 for the G250 and between 1-72 for the G350.
Page 149
10. Administer DS1 trunks as required (for G250-DS1and G350 only). Refer to Administering DS1 parameters on page 155. 11. Administer BRI links as required (for G250-BRI and G350 only). Refer to Administering BRI parameters on page 159. 12. Administer the trunk groups as described in Administering Trunk-group parameters page 161.
Page 150
18. At the gateway command prompt, type set survivable-call-engine enable to enable SLS on the gateway. 19. At the gateway command prompt, type copy running-config startup-config to save the changes. 150 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring SLS Administering Station parameters 1. At the gateway command prompt, type station extension class and press Enter to enter a second-level subcontext to administer each phone that you want covered by SLS. In this command, extension is a 1-13 digit numeric string that may begin with "0", and class is analog, dcp, or ip.
Page 152
Table 26: Module-port values in SLS station configuration mode Gateway Media Analog station module ports G250 V305, V306 G250-BRI V302, V303 G250-DCP V305, V306 V401-V412 G250-DS1 V302, V303 1 of 2 152 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 153
Examples set port v305 sets the previously-administered analog station "1234567" to the ● first physical analog station port on the G250-Analog gateway. set port v401 sets the previously-administered dcp station "1234567" to the first ● physical DCP station port on the G250-DCP gateway.
Page 154
‘aaa.bbb.ccc.ddd’ Note: For currently-registered IP phones or IP Softphones, the IP address is displayed. Note: 11. Type exit to leave the station context in SLS. 154 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring SLS Administering DS1 parameters 1. Type ds1 slot-address, where slot-address is any permitted port. The command line prompt changes to super-survivable-call-engine/ ds1-<port-address>. If you want to remove the ds1 trunk from the SLS administration, type exit to leave the second-level ds1 context to return to the (super-survivable-call-engine)# context, and then type clear ds1 slot-address.
Page 156
United States (AT&T mode, also known as 5ESS) Australia (Australia National PRI) Japan Italy Netherlands Singapore Mexico Belgium Saudi Arabia United Kingdom (ETSI) Spain France (ETSI) Germany (ETSI) 1 of 2 156 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 157
Configuring SLS Table 27: ISDN Layer-3 country codes (continued) Czech Republic Russia Argentina Greece China Hong Kong Thailand Macedonia Poland Brazil Nordic countries South Africa etsi ETSI (no use of RESTART message) qsig QSIG 2 of 2 10. For countries whose public networks allow for multiple ISDN Layer-3 country protocols for ISDN Primary Rate service, type set protocol-version option to specify the mode (see Table...
Page 158
11. If the DS1 link is employed with ISDN, type set bearer-cability bearer to set the Information Transfer Rate field of the Bearer Capability IE, where bearer is any of the following values: 3khz: 3.1kHz audio encoding ● speech: Speech encoding ● 158 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring SLS 12. Type set interface-companding type to set the interface to agree with the companding method used by the far-end of the DS1 circuit for SLS mode, where type is any of the following values: alaw: A-law companding ● ulaw: U-law companding ●...
Page 160
(stable) between calls. Some European countries, France, for example, require that the physical layer is deactivated when there is no active call. 160 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring SLS 15. Type show to check the BRI administration. The report lists the BRI parameters: Name = BRI-SLS1 Interface Side Country Bearer Compand Endpt-Init Layer1-Stable --------- ---- -------- ------ ------- ---------- ------------- v401 user country1 speech ulaw Dir-NumberA Dir-NumberB Spid-A Spid-B ----------- ----------- -------------- -------------- 3033234567...
Page 162
Configuring Standard Local Survivability (SLS) The maximum limits for a given trunk type are defined by the built-in ports on the G250 family members and are defined by the slot-configuration assignment for the G350. The maximum number of ports allowed per interface module is defined in...
Page 163
88 establishes access to this trunk group by dialing "88". ● 4. Type add port module port sig-group to specify the virtual integrated port (for G250/G350) or media module port (for G350) that is compatible with the device and/or media module (see Table 31...
Page 164
- G250 analog trunks: 4 members - G250 digital trunks: 30 members - G350 analog trunks: 99 members - G350 digital trunks: 99 members Table 31: Module-port values in SLS trunk-group context for the G250 (Analog Trunks) G250 model Analog loop-start trunks...
Page 165
Configuring SLS Table 33: Trunk port values in SLS trunk-group context for the G250 (Digital Trunks) G250 Model BRI Trunks DS1 Trunks group-type parameter is group-type parameter is: t1-isdn ● t1-inband ● e1-isdn ● e1-inband ● G250 G250-BRI V401 - Port 1, Channel B1...
Page 166
V304 administers an analog loop-start trunk through port V304 on either ● the G250-Analog or the G250-DCP. Example add port v401 adds a BRI trunk for the first physical port of the G250-BRI to a trunk ● group using one B-channel of the BRI link. Note: You cannot mix BRI and PRI trunks within the same trunk group.
Page 167
Configuring SLS insert1 ● insert2 ● insert3 ● insert4 ● Examples set digit-treatment absorb1 removes the first digit from the incoming DID ● trunk. set digit-treatment blank removes any digit treatment from the trunk group. ● 8. For analog DID trunk groups or DS1 tie trunk groups, type set digits digits to define the inserted digit string, where digits is the number of digits.
Page 168
19. For non-ISDN digital trunks, type set incoming-dialtone yes | no to specify whether to provide a dial tone in response to far-end trunk group seizures. 168 Administration for the Avaya G250 and Avaya G350 Media Gateways...
A linear search from the highest to the lowest numbered available channels. ● 21. Type show to check the trunk-group administration. The report lists the trunk-group parameters. This example shows a G250-BRI that has all four trunk members assigned to one ● trunk-group: Group Type...
2. Type set type dial-type, where dial-type specifies the type of outbound call and the dialing privileges available for outbound calls. The following call types are available: emer - Emergency calls only. ● fnpa - 10-digit North American Numbering Plan calls. ● 170 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 171
Configuring SLS hnpa - 7-digit North American Numbering Plan calls. ● intl - Public-network international number calls. ● iop - International operator calls. ● locl - Public-network local number calls. ● natl - Non-North American Numbering Plan calls. ● op - Operator calls. ●...
Note that this action takes place after the deletion task has been completed for the enbloc-receiving mode. 6. Type exit to leave the incoming-routing context in SLS. 172 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring SLS 7. Type show to check the incoming-routing administration. The report lists the incoming-routing parameters for all dial patterns that have been administered: Match_pattern Length Insert-digits Mode tgnum ------------- ------ ------------- ------ ----- 5381000 enbloc 5381001 enbloc Up-converting SLS data to Release 4.0 In order to re-use an SLS administration data set from an earlier release, you must convert it to Release 4.0 compatibility.
Page 174
Configuring Standard Local Survivability (SLS) 174 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G350 Media Gateways. Ethernet ports on the G250 The switch and router on the Avaya G250 Media Gateway have various Ethernet ports. Ethernet ports on the G250 Media Gateway switch The switch on the Avaya G250 Media Gateway has the following Ethernet port: Eight 10/100 mbps fixed switch ports on the front panel (ports 10/3 - 10/10) ●...
Use a crossover network cable when you connect a computer or other endpoint device to the fixed router port. For the other Ethernet ports on the G250, you can use either a standard network cable or a crossover network cable to connect any device.
295. Switch Ethernet port commands Use the following commands for basic configuration of switch Ethernet ports. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the set port auto-negotiation-flowcontrol-advertisement command ●...
70. Advanced router features. For more information, see Chapter 18: Configuring the router. ● VoIP queuing. For more information, see Configuring QoS parameters on page 206. ● 178 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring the WAN Ethernet port Access control policy lists and QoS policy lists. For more information, see ● Chapter 20: Configuring policy. SNMP Link Up and Link Down traps. For more information, see Configuring SNMP ● traps on page 295. WAN Ethernet port traffic shaping You can use traffic shaping to determine the data transfer rate on the WAN Ethernet port.
DHCP client-server protocol. The DHCP server grants the G250/G350 DHCP client an IP address for a fixed amount of time, called the lease. After the lease expires, the G250/G350 DHCP client is required to stop using the IP address. The G250/G350 DHCP client periodically sends requests to the server to renew or extend the lease.
Use the ip dhcp client client-id command to set the client-identifier for the ● DHCP client. By default, the client-identifier is usually the MAC address of the G250/ G350 Fast Ethernet interface. Use the ip dhcp client hostname command to set the host name for the DHCP ●...
Page 182
Whenever you change the value of a DHCP client parameter (such as client-id, or Note: client hostname), run ip address dhcp again to re-initiate DHCP address negotiation using the new values. 182 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring Ethernet ports Maintaining DHCP client For a full description of the commands and their output fields see Avaya G250 and Avaya G350 Media Gateways CLI Reference, 03-300437. Use the show ip dhcp-client command to show the configuration of the DHCP ●...
Configuring LLDP The LLDP protocol allows stations attached to a LAN to advertise information about the system (such as its major capabilities and its management address) and information regarding the station’s point of attachment to the LAN (port ID and VLAN information) to other stations attached to the same LAN.
4. Verify LLDP advertisements using the show lldp command. Supported ports for LLDP Only designated ports can be configured to support LLDP. For the G250, module 10, ports 3-10. This includes all Ethernet LAN ports on the G250 ● connecting directly to the chassis.
System logging is a method of collecting system messages generated by system events. The Avaya G250/G350 Media Gateway includes a logging package that collects system messages in several output types. Each of these types is called a sink. When the system generates a logging message, the message can be sent to each sink that you have enabled.
Configuring a Syslog server sec (Security) syslog (System Logging) uucp (Unix-to-Unix Copy Program) news (Usenet news) user (User Process) 4. Optionally, limit access to the Syslog server output by typing the set logging server access-level command, followed by an access level (read-only, read-write, or admin) and the IP address of the Syslog server.
Syslog server. If you do not specify an IP address, the command displays the status of all Syslog servers defined for the G250/G350. As shown, the command displays whether the server is enabled or disabled, and lists all filters defined on the server.
Configuring a log file Configuring a log file A log file is a file of data concerning a system event, saved in the flash memory. The log files serve as the system logging database, keeping an internal record of system events. 1.
Displaying conditions defined for the file output sink Type the show logging file condition command. G350-001(super)# show logging file condition ****************************************************** *** Message logging configuration of FILE sink *** Sink Is Enabled Sink default severity: Informational 192 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring a session log Log file message format Log file messages appear in first in - last out order. They have the following format: 01/18/2005,10:55:09:CLI-Notification: root: set port disable 10/9 01/18/2005,10:49:03:SWITCHFABRIC-Notification: Port Connection Lost on Module 10 port 8 was cleared Each message provides the following information: The date and time (if available) ●...
The user enabling the log will only see entered commands with a user-level no Note: higher than the user’s own privileges. For example, a user with read-write privileges will not see entered commands having admin user level. 194 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring logging filters Configuring logging filters You can use filters to reduce the number of collected and transmitted messages. The filtering options are based on message classification by severity for each application. For a specified sink, you can define the threshold severity for message output for each application. Messages pertaining to the specified applications, that have a severity stronger than or equal to the defined threshold, are sent to the specified sink.
Table 37: Logging applications Application Description boot System startup failures cascade Stack CASCADE mechanism Call Detail Recording (G250 only). Registers the active calls in SLS mode. 1 of 3 196 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 197
Configuring logging filters Table 37: Logging applications (continued) Application Description Application Assurance Networking. CNA test plugs report to AAN. config Configuration changes console Serial modem messages dhcpc DHCP client package dhcps DHCP server package dialer Dialer interface messages dnsc DNS client package Cooling system filesys File system problem (flash)
G350-001(super)# set logging server enable 147.2.3.66 Done! G350-001(super)# set logging server facility kern 147.2.3.66 Done! G350-001(super)# set logging server access-level read-write 147.2.3.66 Done! G350-001(super)# set logging server condition all error 147.2.3.66 Done! 198 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring logging filters Log file example The following example enables the logging of system messages to a log file in the flash memory and creates a filter to restrict receipt of messages from the boot application to those with severity informational or more severe, and messages from the cascade application to those with severity alert or more severe.
Page 200
Configuring logging 200 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring RTP and RTCP on page 201. You can use many types of telephones and trunks that do not directly support VoIP. The Avaya G250/G350 Media Gateway translates voice and signalling data between VoIP and the system used by the telephones and trunks.
Configuring VoIP QoS The G250/G350 offers both RTP header compression for reducing the amount of bandwidth needed for voice traffic, and TCP and UDP header compression for reducing the amount of bandwidth needed for non-voice traffic. For header compression purposes, any UDP packet with an even destination port within a user-configurable range of ports, is considered an RTP packet.
TCP header compression connections supported on the interface. Use the no form of this command to restore the default value of 16 connections. G350-001(config-if:Dialer 1)# ip tcp compression-connections 24 Done! 204 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Clearing the statistics does not cause renegotiation of parameters. Use this command regardless of which compression method is employed. For a full description of the commands and their output fields, see Avaya G250 and Avaya G350 CLI Reference, 03-300437.
Use the set qos control command to define the source for QoS control parameters. ● The source can be either local where the user configures the values locally on the G250/ G350, or remote in which case the values are obtained from the G250/G350’s registered MGC.
RSVP parameters Configuring RTCP QoS parameters Use the set qos rtcp command to permit the setup of RTCP parameters. The ● parameters that can be set are enabling or disabling RTCP reporting capability, setting the IP address of the monitor, setting the reporting period (the default is 5 sec.), and defining the listening port number.
Note: There is no no form of the fair-voip-queue command. If you enter the Note: command no fair-voip-queue, it will actually enable WFVQ if WFVQ is not already enabled. 208 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Both the USB port and the console port require configuration for modem use. You can configure the ports for modem use via the Avaya IW or the GIW. For details on using a modem with the G250 or G350, see Installing and Upgrading the Avaya G250 Media Gateway, 03-300434 or Installing and Upgrading the Avaya G350 Media Gateway, 03-300394.
Page 210
To configure this password, use the ppp chap-secret command. Note: If the G250/G350 firmware is replaced by an earlier firmware version, the ppp Note: chap-secret is erased, and must be re-configured. - ras — reserved for future use - none —...
Use the async mode interactive command to set the console port to use modem mode every time an Avaya proprietary modem cable is plugged into the console port. If you do not want the console port to automatically detect when a modem is connected to it, use the async mode terminal command to disable interactive mode.
Configuring the G250 and G350 for modem use Note: If the G250/G350 firmware is replaced by an earlier firmware version, the ppp Note: chap-secret is erased, and must be re-configured. - ras — reserved for future use - none — no password is sent...
You can use an MM340 E1/T1 media module or an MM342 USP media module as an endpoint for a WAN line on both the G250 and the G350. You can also use the Fast Ethernet port on the G250/G350 chassis as the endpoint for a WAN line by configuring the Fast Ethernet interface for PPP over Ethernet (PPPoE).
WAN media module. Serial interfaces support PPP and frame relay encapsulation protocols. The G350 supports multiple channel groups on the same E1/T1 interface. In contrast, the G250 only supports a single channel group. If a G250 user attempts to create more than one channel group, an error message appears.
Serial interface overview E1/T1 port channel group Figure 15: E1/T1 Port Channel Group on page 215 illustrates an E1/T1 port channel group. All data from the channel group is encapsulated using frame relay protocol. The data is sent via a frame relay serial interface and sub-interfaces over the multiple IP interfaces defined using Data Link Connection Identifier (DLCI).
The Avaya G250/G350 Media Gateway supports point-to-point frame relay connections. To enable you to use the G250/G350 as an endpoint in a Point to Multi-Point (PTMP) topology, the G250/G350 supports inverse ARP replies. The G250/G350 responds to inverse ARP queries received on frame relay sub-interfaces with the proper inverse ARP replies.
2. Use the show-ds command to check if the G250/G350 is configured for E1 or T1 operation. 3. Use the ds-mode command to set the mode of the G250/G350 to E1 or T1. Changing the line type requires resetting the module. The default value is T1.
Page 218
IP interface number. Note: The WAN media module in a G250 must always be in slot number 2. The G250 Note: only supports a single channel group.
Page 219
If you do not specify an IP interface number for the first serial interface that you define on a channel group, the G250/G350 automatically assigns IP interface number 0. For each additional serial interface that you define on the channel group, use a different IP interface number.
The transmitter-delay command is usually used when the DCE equipment Note: that is connected directly to the G250/G350, or the router on the WAN have a receive buffer that is not large enough to hold the traffic sent by the G250/G350.
7. Use the copy running-config startup-config command to save the configuration. USP default settings Table 40: USP default settings Function Default setting Encoding Bandwidth 2048 kbps Line-up indicator signal 222 Administration for the Avaya G250 and Avaya G350 Media Gateways...
- Use the ppp timeout ncp command to set the maximum time to wait for the network layer to negotiate. If this time is exceeded, the G250/G350 restarts the PPP session. - Use the ppp timeout retry command to set the maximum time to wait for a response during PPP negotiation.
A PPPoE client can establish a tunnel that carries PPP frames between a dialing host (the G250/G350) and an access concentrator. This enables the use of PPP authentication protocols (CHAP and PAP). Unlike other tunneling protocols such as L2TP and PPTP, PPPoE works directly over Ethernet rather than IP.
Initial WAN configuration Configuring PPPoE 1. Enter the context of the Fast Ethernet interface, using the command interface FastEthernet 10/2. 2. Use the encapsulation pppoe command to change the encapsulation to PPPoE. You must change the encapsulation to PPPoE before configuring an IP address on the interface.
Page 226
For more information on the PPoE commands, see Table 6. If the G250/G350 is connected to the Internet via the Fast Ethernet interface configured for PPPoE, and you define a VPN tunnel which specifies remote hosts by name, it is recommended to use the ppp ipcp dns request command.
Initial WAN configuration 9. Use the copy running-config startup-config command to save the configuration. 10. To shut down the port and the PPPoE client (if configured), use the shutdown command in the interface context (optional). PPPoE commands Table 41: PPPoE commands Commands Description Enters the content of the fast Ethernet Interface.
Page 228
DNS Resolver to resolve host names to IP addresses. Returns to general context. exit Saves the configuration. copy running-config startup-config Shuts down the port, and the PPPoE client, if configured. shutdown 2 of 2 228 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring frame relay 1. Ensure that the port is configured on the media module: - For an E1/T1 port, see Configuring the Avaya MM340 E1/T1 WAN media module page 217. - For a USP port, see Configuring the Avaya MM342 USP WAN media module page 221.
Page 230
Configuring WAN interfaces Note: The WAN media module in a G250 must always be in slot number 2. The G250 Note: only supports a single channel group. Note: Currently only point-to-point frame relay sub-interfaces are supported. Note: 8. Use the frame-relay interface-dlci DLCI-number command to configure a Data Link Connection Identifier (DLCI) for the frame relay sub-interface.
Use the show startup-config command to display the configuration loaded at startup. ● Use the ping command to send ICMP echo request packets from the G250/G350 to the ● interface serial peer IP address and verify that it responds.
For example, you can use the following command to switch over immediately to the backup interface in case of failure, and pause 60 seconds before reverting to the primary interface: G350-001(super)# interface FastEthernet 10/2 G350-001(super-if:FastEthernet 10/2)# backup delay 0 60 Done! G350-001(super-if:FastEthernet 10/2)# 232 Administration for the Avaya G250 and Avaya G350 Media Gateways...
For example, the following command causes the G250/G350 to switch immediately to the backup interface in the event of primary interface failure, and to delay 60 seconds before reverting back to the primary interface once the...
Page 234
Dialer interface. This can be performed using access control lists (ACL), QoS lists, and Weighted Fair Queuing (WFQ) priority schemes. The administrator should apply these tools in both the G250/G350 and the Remote Access Server (RAS). For information on ACL and QoS lists, see Chapter 20: Configuring policy on page 531.
Page 235
Modem dial backup uses a modem connected directly to the G250/G350’s USB or console port. The modem can also be used to access the G250/G350 CLI from a remote location. The modem cannot do both at the same time. For information about remote access to the G250/...
G250/G350s. A reasonable assumption is that not all branch office would need modem dial backup at the same time. Therefore, the ratio of modem channels at the RAS to G250/G350s at branch offices can be less than 1:1. There are several practical ways to configure the RAS server for use with modem dial backup Dialer interfaces: The RAS can assign an IP address to the calling G250/G350.
Make sure policy is configured properly at the RAS server to ensure that signaling Note: has priority over regular traffic. For modem configuration instructions, see Chapter 9: Configuring the G250 and G350 for modem use on page 209. Note: It is recommended to use the maximum UART speed for the serial modem Note: (115400 BAUD).
Page 238
Authentication parameters do not appear in the startup or running configuration Note: files. You can use the show ppp authentication command to view authentication status. The copy running-config startup-config command stores authentication parameters in NVRAM. 238 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 239
Modem dial backup 8. From the main context, use show interfaces Dialer 1 to verify that the Dialer interface has connected to the remote peer. G350-001(super)# show interfaces Dialer 1 Dialer 1 is down, line protocol is down Internet address is 4.5.6.7, mask is 255.255.255.0 MTU 1500 bytes, Bandwidth 28 kbit IPSec PMTU: copy df-bit, Min PMTU is 300 Reliability 1/255 txLoad 255/255 rxLoad 255/255...
Backup interfaces on page 232. The G250/G350’s console port is an RJ-45 asynchronous port that can be used to support ● the modem for dial backup. Thus the dialer can utilize the same serial modem that is used for remote access to the device.
The branch office is connected to the corporate network using a G250. IP phone users in the branch office connect to an MGC located in the headquarters data center, and there is an RAS located in the headquarters data center, with multiple phone lines available for dial access.
Page 242
Configuring WAN interfaces Figure 19: Modem dial backup configuration example 242 Administration for the Avaya G250 and Avaya G350 Media Gateways...
The initial delay prevents the dialer from dialing out unnecessarily on reboot. The primary WAN interface often requires a few moments to register itself as up, and during that period, the initial delay prevents the device from activating the dialer. 244 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 245
The only modems supporting modem dial backup are the MultiTech ZBA series modems. For more information on configuring the console and USB interfaces to support modems, see Chapter 9: Configuring the G250 and G350 for modem use on page 209.
Configuring WAN interfaces Modem dial backup maintenance The G250/G350 generates specific log messages for Dialer interface activity when configured to do so. Certain dialer-related log messages are generated to aid you in troubleshooting problems with modem dial backup. In addition, messages generated by the modem and the PPP session are available to help with troubleshooting modem dial backup issues.
Page 247
Modem dial backup Table 42: Modem dial backup logging messages Log Message Severity Possible cause Action Dialer Messages - Messages generated by the Dialer interface Dialer 1 state is Debug The Dialer interface generates a None required. <state> message when a change in its operational state has been detected.
Page 248
When the timer expires, the Dialer 1 timer expired message is sent, and the dialer begins attempting to connect to the remote modem again. 2 of 6 248 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 249
Modem dial backup Table 42: Modem dial backup logging messages (continued) Log Message Severity Possible cause Action Dialer 1 Modem Warning This message is generated Troubleshooting steps: is not ready when the Dialer interface has Check modem ● been triggered and the cable connection operational state of the dialer is to serial port.
Page 250
USB modem attempts Check modem ● string error to dial and has an incorrect configuration for initialization string. The attempt proper initialization to dial fails. string. 4 of 6 250 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 251
Modem dial backup Table 42: Modem dial backup logging messages (continued) Log Message Severity Possible cause Action PPP Messages - Messages generated by the PPP session LCP Up/Down Informational LCP is used by PPP to initiate None required. and manage sessions. LCP is responsible for the initial establishment of the link, the configuration of the session, the...
Normal keepalive is sufficient for testing the status of a direct connection between two points. However, in many situations the system needs to know the status of an entire path in order to ensure that packets can safely traverse it. 252 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Headquarters Small Branch For example, your branch office may have a G250 or G350 that connects to the Headquarters over a T1 line and via an xDSL connection to the Internet. The T1 line is used for voice traffic, while data packets are sent over the xDSL line. Normal keepalive cannot report on the status of the entire WAN path.
Defining the ICMP keepalive parameters Use the following commands to define the ICMP keepalive parameters. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the keepalive-icmp timeout command to set the timeout (in seconds) for ●...
Dynamic Call Admission Control (CAC) provides enhanced control over WAN bandwidth. When Dynamic CAC is enabled on an interface, the G250/G350 informs the MGC of the actual bandwidth of the interface and tells the MGC to block calls when the bandwidth is exhausted.
(optional) — If dynamic CAC is activated on more than one ● active interface, the G250/G350 reports the bearer bandwidth limit of the interface with the highest activation priority. You can set the activation priority to any number between 1 and 255.
You can register either a VPN tunnel or an interface with an object tracker. For Note: more information see the definition of the keepalive-track command in the Avaya G250 and Avaya G350 Media Gateways CLI Reference, 03-300437. Issue 3 February 2007...
4. Optionally, use the dscp command to set the DSCP value in the IP header of the probe packet, thus setting the packets’ priority. If you do not configure this parameter, the default value of 48 is used. G350-001(config-rtr icmp 5)# dscp 43 Done! 258 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 259
The next-hop command is disabled by default. Use the next-hop command when the G250/G350 is connected to a remote device via more than one interface, and you wish to monitor the state of one specific interface. When you specify the next-hop as the interface you wish to monitor, you ensure that the RTR will probe that interface.
Boolean AND argument. This means that the list is up if all objects are up, and down if one or more of the objects are down. 260 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 261
Object tracking 2. Use the description command to enter a description for the track list. G350-001(config-track list 10)# description "track list rtr-5 and rtr-6" Done! 3. Use the object command to add an object tracker to the list. Note: The object tracker can be a simple one tracking a single RTR, or a track list. Note: G350-001(config-track list 10)# object 1 Done!
Viewing RTR and object trackers logging 1. Use the set logging session enable command to enable logging to the CLI terminal. G350-001# set logging session enable Done! CLI-Notification: write: set logging session enable 262 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G350-001(config)# rtr-schedule 5 start-time now life forever 2. The second step is to configure an object tracker which tracks the state of RTR 5: G250-001(config)# track 1 rtr 5 G250-001(config-track rtr 1)# description "track rtr-5" Done! G250-001(config-track rtr 1)# exit...
2. The second step is to configure several object trackers. In this case, object tracker 1 tracks the state of RTR 5, and object tracker 2 tracks the state of RTR 6. G250-001(config)# track 1 rtr 5 G250-001(config-track rtr 1)# description "track rtr-5" Done! G250-001(config-track rtr 1)# exit G250-001(config)# track 2 rtr 6 G250-001(config-track rtr 2)# description "track rtr-6"...
Typical application – VPN failover using object tracking In this application, the G250/G350 is connected to a remote site through an IPSec VPN tunnel. The remote site can be reached through two or more VPN gateways that can backup each other, such as a main gateway and a backup gateway.
Page 267
Object tracking Configuring the backup mechanism 1. Define four RTRs to probe the four entrances to the main office. Configure each RTR to run immediately and forever. 2. Define four object trackers to track the four RTRs. 3. Define a track list consisting of all four object trackers, and configure it so that if all object trackers are up, the track list is up, and if two or less of the object trackers are up, the track list is down.
Page 268
! Assign the serial 2/1:1 interface to be the backup interface for ! interface WAN FastEthernet 10/2. interface FastEthernet 10/2 backup interface Serial 2/1:1 backup delay 0 60 exit 268 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Object tracking Typical application – interface backup via policy-based routing In the previous typical application (see Typical application – backup for the WAN Fast Ethernet interface on page 266), the backup interface command is used to specify a backup interface. This typical application illustrates an alternative to the backup interface command, using policy-based routing (PBR) which configures a routing scheme for specified traffic based on configured characteristics of the traffic.
HQ peer. When the object tracker is up, the DHCP default route may be used. When the object tracker is down, the DHCP default route is not used for routing and traffic is routed to alternate routes. 270 Administration for the Avaya G250 and Avaya G350 Media Gateways...
! Apply object tracking on the DHCP client. interface FastEthernet 10/2 ip dhcp client route track 2 exit Frame relay encapsulation features The Avaya G250/G350 Media Gateway supports the following frame relay encapsulation features: Frame Relay Traffic Shaping and FRF.12 Fragmentation ● Priority DLCI ●...
The G250/G350 supports class-based traffic assignment (priority DLCI). Priority DLCI is a means for implementing QoS on frame relay circuits. The G250/G350 separates traffic with different QoS levels to up to four different VCs on the same frame relay sub-interface. This feature enables you to assign unique Permanent VCs (PVC) for VoIP and non-VoIP traffic.
DLCI is set as the High Priority DLCI in the Priority DLCI group. On the Avaya G250/G350 Media Gateway, OSPF is mapped by default to the High Priority DLCI. For better network reliability, it is recommended to verify that the same configuration exists on the other side of the frame relay connection.
Priority DLCI Configuration Example for Site A You can configure PPP VoIP on the G350 at Site A. Commands with footnotes are described at the end of the configuration procedure. Loopback and PMI interfaces configuration: ● G350-001# interface Loopback 1 G350-001(if:Loopback 1)# ip address 149.49.54.82 24 Done! G350-001(if:Loopback 1)# pmi...
G350-001(if:Serial 5/1:1)# ip address 2.2.2.2 24 G350-001(if:Serial 5/1:1)# mtu 300 Note: Some LAN data applications do not support fragmented packets. In this case, do Note: not change the MTU from its default of 1500. 276 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Power is supplied to a port only after it has detected that a suitable Powered Device (PD) is connected to the port. The MM314 and MM316 PoE media modules and the G250 look for an IEEE 802.3af-compliant signature from the device that indicates that the device requires power.
In addition, if the PoE module in the G350 is removed and replaced with a module of the same type, the port power configuration of the module is retained. 280 Administration for the Avaya G250 and Avaya G350 Media Gateways...
PD tries to draw more than the maximum allowed power per port, power is denied. The G250 has 92 W of power available for PDs. Each port can supply up to 18.8 W by default. If a PD tries to draw more than the maximum allowed power per port, power is denied.
Powering priority on port 10/3 was set to High. Configuring PoE priority on a G350 port: G350-001(super)# set port powerinline priority 6/14 high Powering priority on port 6/14 was set to High. 282 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 283
6/22 Fault telephone 6/23 Delivering Power telephone Displaying PoE information for the G250: G250-003(super)# show powerinline Actual powerinline power consumption is 4 W. Powerinline power consumption trap threshold is 90 (98%) Watts. Powerline traps are enabled Port Inline Powering...
Page 284
Configuring PoE 284 Administration for the Avaya G250 and Avaya G350 Media Gateways...
LINE 1 when the problem ends, the call continues. The fixed trunk port and analog line ports do not start to operate until the active call ends. The ETR for each of the G250/G350 models closes the tip/ring contacts for the ports listed in Table...
(3/1 in the G250, 7/1 in the G350) and the first analog line port (3/2 in the G250, 7/2 in the G350). The other analog line port (3/3 in the G250, 7/3 in the G350) will also be disabled.
Viewing ETR state Viewing ETR state You can use the show etr command to display ETR information. This information includes the following: ETR setting (auto, manual-off, or manual-on) ● Module status (in service, out of service, or out of service waiting for off-hook) ●...
Page 288
Configuring Emergency Transfer Relay (ETR) 288 Administration for the Avaya G250 and Avaya G350 Media Gateways...
They allow SNMP managers to communicate with agents to configure, get statistics and information, and receive alerts from network devices. You can use any SNMP-compatible network management system to monitor and control a G250/G350. Agent and manager communication There are several ways that the SNMP manager and the agent communicate.
SNMPv3 on the Avaya G350 Media Gateway is backwards compatible. An agent that supports SNMPv3 will also support SNMPv1 and SNMPv2c. The Avaya G250 Media Gateway supports users for all three of these versions, but only supports the SNMPv3 mechanism for sending traps. Thus, the set snmp trap command is not supported in the G250, although the set snmp trap enable auth|frame-relay command is supported.
SNMP versions SNMPv1 SNMPv1 uses community strings to limit access rights. Each SNMP device is assigned to a read community and a write community. To communicate with a device, you must send an SNMP packet with the relevant community name. By default, if you communicate with a device using only the read community, you are assigned the security name ReadCommN.
Privacy Protocol — The privacy protocol to use. Possible values are: No privacy, ● DES privacy. Privacy Password — A string of between 8 and 64 characters specifying the user’s ● privacy password. 292 Administration for the Avaya G250 and Avaya G350 Media Gateways...
The group maps its users to views based on the security mode and level with which the user is communicating with the G250/G350. Within a group, the following combinations of security mode and level can be mapped to views: SNMPv1 —...
OIDs to the list or exclude OIDs from a list of all of the OIDs in the G250/G350’s MIB tree. You can use wildcards to include or exclude an entire branch of OIDs in the MIB tree, using an asterisk instead of the specific node. For a list of MIBs...
You can add and remove addresses from the trap receivers table. In addition, you can limit the traps sent to specified receivers. You can also enable and disable link up/down traps on specified G250/G350 interfaces. Use the following commands to configure the trap receivers table: Note: You need an Admin privilege level to use the SNMP commands.
— main and backup power supply notifications ● Configuring SNMP access Use the ip snmp enable command to enable SNMP access to the G250/G350. Use the ● no form of this command to disable SNMP access to the G250/G350.
Note: Configuring dynamic trap manager Dynamic trap manager is a special feature that ensures that the G250/G350 sends traps directly to the currently active MGC. If the MGC fails, dynamic trap manager ensures that traps are sent to the backup MGC.
SNMP configuration examples SNMP configuration examples The following example enables link up/down traps on an Ethernet interface: G350-001(super)# interface FastEthernet 10/2 G350-001(super-if:FastEthernet 10/2)# snmp trap link-status Done! The following example adds an SNMPv1 trap receiver (G350 only): G350-001(super)# set snmp trap 192.36.44.18 SNMP trap receiver added.
Page 300
The following example sets the SNMPv1 trap community: G350-001(super)# set snmp community trap trap SNMP trap community string set The following example enables link up/down trap on a LAN port on the G250: G250-001(super)# set port trap 10/3 enable Port 10/3 up/down trap enabled...
1. Connect an Avaya Partner Contact Closure Adjunct to the Contact Closure port on the Avaya G250/G350 Media Gateway front panel. The Contact Closure port is labeled CCA on both the G250 and the G350 front panels. Use a telephone cable with standard RJ-11 connectors.
Activates contact closure for the specified relay. manual-off Deactivates contact closure for the specified relay. To configure the Avaya G250/G350 Media Gateway to activate contact closure when the feature access code is dialed: 1. Enter the set contact-closure admin command. In the following example, the command sets contact closure to work in relay 1 of the Avaya Partner Contact Closure Adjunct when activated by the call controller.
Showing contact closure status Use the show contact-closure command to display the status of one or more contact closure relays. The following example displays the contact closure status of relay 1 of the Avaya Partner Contact Closure Adjunct box. G350-101(super)# show contact-closure...
Page 304
Configuring contact closure 304 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Avaya Voice Announcement Manager (VAM) can be used to centrally manage announcement files for multiple voice systems, including G250/G350 media gateways. VAM is designed to be installed on a customer-provided platform at a remote location. For information about VAM, see Avaya Voice Announcement Manager Reference, 14-300613.
Page 306
● announcement-file ftp command. Specify the file name of the announcement file in the G250/G350 announcement directory, followed by the IP address of the remote FTP server, and, optionally, a destination file name, including the full path. G350-001(super)# copy announcement-file ftp local_announcement2.wav 192.168.49.10 c:\remote_announcement2.wav...
Page 307
Announcement file operations Display the status of a download process of announcement files from the remote SCP ● server, using the show download announcement-file status command. G350-001(super)# show download announcement-file status Module #9 =========== Module Source file : hellosource.wav Destination file : hellodestination.wav Host : 135.64.102.64 Running state...
Page 308
Transferring and managing announcement files 308 Administration for the Avaya G250 and Avaya G350 Media Gateways...
You can configure advanced switching on the switch ports of the Avaya G250 and G350 Media Gateways. In the G250, the switch ports are the ETH LAN PoE ports located on the front panel. For the G350, switch ports are located on the Avaya MM314 Media Module and the Avaya MM316 Media Module, either (or neither) of which may be installed.
Page 310
When traffic flows from a PC on the Sales VLAN, for example, that traffic is only forwarded out the other ports assigned to that VLAN. Thus, the Engineering and Marketing VLANs are not burdened with processing that traffic. 310 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring VLANs Figure 28: VLAN Example. Sales Marketing Engineering Sales Marketing Engineering VLAN tagging VLAN Tagging is a method of controlling the distribution of information on the network. The ports on devices supporting VLAN Tagging are configured with the Port VLAN ID and Tagging Mode parameters.
VLAN for privacy. The whole building has a shared high-speed connection to the ISP. In order to accomplish this, the G250/G350 enables multiple VLANs per port. The available Port Multi-VLAN binding modes are: Bound to Configured - the port supports all the VLANs configured in the switch ●...
Unassigned packets receive the PVID of the port and are therefore allowed to enter. ICC-VLAN When the G250/G350 includes an ICC, the ICC connects to the G250/G350 via an internal switch. By default, the ICC is connected on Vlan 1. The VLAN to which the ICC connects is called the ICC-VLAN.
This command will assign all ports on VLAN 34 to their default in the entire management domain — do you want to continue (Y/N)? y All ports on VLAN-id assigned to default VLAN. VLAN 34 was deleted successfully. 314 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 315
Configuring VLANs The following example sets the current VLAN as the ICC-VLAN: G350-001(super)# interface Vlan 66 G350-001(super-if:Vlan 66)# icc-vlan Done! The following example enters configuration mode for a VLAN interface: G350-001(super)# interface Vlan 66 G350-001(super-if:Vlan 66)# The following example deletes a VLAN interface: G350-001(super)# no interface vlan 66 Done! The following example statically binds a VLAN to a port:...
Page 316
10/3 is bind to all configured VLANs The following example displays VLAN tagging information: G350-001(super)# show trunk Port Mode Binding mode Native VLAN ------ ----- ------------------------- ----------- 10/3 dot1q bound to configured VLANs 54 316 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Ethernet ports (1-24) and the Gigabit Ethernet port (51) on the MM314 Media Module or the Ethernet ports (1-40) and the Gigabit Ethernet port (51) on the MM316 Media Module. Note: Port redundancy is not supported on the G250. Note: Secondary port activation The secondary port takes over within one second and is activated when the primary port link stops functioning.
Port redundancy CLI commands The following commands are used to configure port redundancy. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the set port redundancy enable/disable command to globally enable or ●...
Configuring port redundancy (G350 only) Port redundancy configuration examples The following example creates a port redundancy pair: G350-003(super)# set port redundancy 6/3 6/5 on 1 Monitor: Port 6/5 is redundant to port 6/3. Port redundancy is active - entry is effective immediately The following example deletes a port redundancy pair: G350-003(super)# set port redundancy 6/3 6/5 off Entry Monitor removed: Port 6/5 is not redundant to port 6/3.
You can define one source port and one destination port on each G250/G350 for received (Rx), transmitted (Tx), or transmitted and received (both) traffic.
Configuring spanning tree (G350 only) The following example creates a port mirroring pair in the G250: G250-001(super)# set port mirror source-port 10/3 mirror-port 10/10 sampling always direction rx Mirroring rx packets from port 10/3 to port 10/10 is enabled The following example displays port mirroring information for the G350:...
Improvement in the time it takes to propagate TC information. Specifically, TC information ● does not have to be propagated all the way back to the Root Bridge (and back) to be changed. Origination of BPDUs on a port-by-port basis ● 322 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 323
Configuring spanning tree (G350 only) Port roles At the center of RSTP — specifically as an improvement over STP (802.1d) — are the roles that are assigned to the ports. There are four port roles: Root port — port closest to the root bridge ●...
Use the set spantree max-age command to specify the time to keep an information ● message before it is discarded. Use the set spantree priority command to set the bridge priority for STP. ● 324 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring spanning tree (G350 only) Use the set spantree tx-hold-count command to set the value in packets used by ● the spanning tree in order to limit the maximum number of BPDUs transmitted during a hello-time period. Use the set spantree version command to set the version of the spanning tree ●...
Page 326
4. The following example configures the version of spanning tree to use on the device: G350-003(super)# set spantree version rapid-spanning-tree Spanning tree version is set to rapid spanning tree. 326 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 327
Configuring spanning tree (G350 only) The following example displays spanning tree information: G350-003(super)# show spantree Spanning tree state is enabled Designated Root: 00-40-0d-92-22-81 Designated Root Priority: 32768 Designated Root Cost: 19 Designated Root Port: 6/24 Root Max Age: 20 Hello Time: 2 Root Forward Delay: 15 Bridge ID MAC ADDR: 00-04-0d-29-c4-ca Bridge ID priority: 36864...
Port classification With the G250/G350, you can classify any port as either regular or valuable. Classifying a port as valuable means that a link fault trap is sent in the event of a link failure. The trap is sent even when the port is disabled.
Page 329
Port classification The following example displays the port classification of all ports on the G350: G350-003(super)# show port classification Port Port Classification -------- ------------------------- regular regular regular valuable regular regular regular regular regular 6/10 regular 6/11 regular 6/12 regular 6/13 regular 6/14 regular...
Page 330
Configuring advanced switching 330 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Chapter 17: Configuring monitoring applications The Avaya G250 and G350 Media Gateways provide several software tools for monitoring and diagnosing your network. Use these tools to monitor the status of your network operations, and to analyze the flow of information.
Taking delta samples, last value was 0 Rising threshold is 10000, assigned to event # 32 Falling threshold is 1000, assigned to event # 32 On startup enable rising or_falling alarms 332 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing RTP statistics The following example displays information about an RMON event entry: G350-003(super)# show rmon event 32 event Event 32 is active, owned by root Description is Change of device Event firing causes log,last fired 12:36:04 The following example displays information about an RMON history entry: G350-003(super)# show rmon history 80 history Entry 80 is active, owned by root...
Page 334
An alternative tool available from Avaya for debugging QoS problems is VMON. Note: VMON is an RTCP QoS reports collector. VMON support, available in all Avaya devices, is the capability of a VoIP device to send a copy of an RTCP message to the IP address of a VMON server.
Avaya Communication Manager, where it is called “RTCP Report Period”. For information about configuring the RTCP interval (RTCP report period), see Administrator Guide for Avaya Communication Manager, 03-300509. The RTCP interval is typically 5 to 8 seconds. Thresholds types A threshold on a metric.
Page 336
Round Trip Time is the time taken for a message to get to the remote peer and back to the local receiver. echo-return-loss The echo cancellation loss on the TDM bus. Every RTCP interval. 1 of 2 336 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing RTP statistics Table 45: QoS metrics (continued) Metric Description Evaluation time loss The estimated network RTP packet loss. Every RTCP interval. The VoIP engine evaluates the current received packet loss every RTCP interval — usually 5 to 8 seconds.
Note: command. Resetting the RTP statistics application 1. Use the rtp-stat clear command. For example: G350-001# rtp-stat clear All counters are reset and the RTP statistics history is erased. 338 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing RTP statistics Viewing application configuration Viewing the application configuration helps you see if the application is enabled, which types of traps are enabled, and how the trap rate limiter and minimum statistics window are configured. The minimum statistics window is the minimum number of observed RTP sequence increments for which the application evaluates packet loss.
Page 340
The minimum statistic window configured for the RTP statistics application. That is, the minimum number of observed RTP sequence increments for which the application evaluates packet loss. 2 of 2 340 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing RTP statistics Configuring QoS traps You can configure the application to automatically generate QoS traps via SNMP at the termination of RTP sessions that have QoS problems. SNMP traps are automatically sent to the SNMP trap manager on the active Media Gateway Controller (MGC). You can also configure SNMP traps to be sent to an external trap manager.
The application features a trap rate limiter. The trap rate limiter limits the rate at which QoS traps are sent. The rate limiter protects against overloading the trap manager with bursts of traps when a single event causes multiple RTP sessions to terminate simultaneously. 342 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing RTP statistics The trap rate limiter uses a token bucket scheme, in which traps are sent only if there are tokens in a virtual bucket. Tokens are added to the bucket every 'token interval,' which sets the maximum long term trap rate.
See Configuring QoS fault and clear traps on page 342. Engine ID The ID of the VoIP engine. Since the G250/G350 has one VoIP engine, one line appears in the table. Description Description of the VoIP engine. Uptime The uptime of the RTP statistics application.
Page 345
Configuring and analyzing RTP statistics The show rtp-stat sessions command displays a summary of the active and/or terminated RTP sessions in the session table. For example: G350-001(super)# show rtp-stat sessions last 5 QoS Start date and time End Time Type Destination ----- --- ------------------- -------- ------- --------------- 00031...
Page 346
Start-Time: 2004-10-20,11:09:07 End-Time The end time of the RTP session. End-Time: 2004-10-20,11:13:40 Duration The duration of the RTP session. Duration: 00:04:33 CName format: gwt@<MGP-address>. CName: gwp@135.8.118.252 1 of 6 346 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 347
Multiple sessions belonging to the same conference call can usually be identified by a common conference ID. Notes: Phone data is received from Avaya ● Communication Manager only if VMON is configured. If you are not running VMON, you ●...
Page 348
The estimated percentage contribution JBuf-under/overruns 0.1%/0.0% of jitter-buffer overruns to the average codec loss. Jbuf-delay The last jitter buffer delay. Jbuf-Delay 22mS 3 of 6 348 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 349
Configuring and analyzing RTP statistics Table 48: Detailed CLI output per RTP session (continued) Field Label Description From the CLI example Max-Jbuf-Delay The maximum jitter buffer delay during Max-Jbuf-Delay 60mS the session. Received RTP: Packets The total number of received packets. Packets 9236 Loss The last sampled value of network RTP...
Page 350
The network jitter experienced by the Jitter 0mS remote RTP receiver. rem-jitter #rem-jitter-ev The number of samples that were over Jitter 0mS #0 the remote jitter threshold. 5 of 6 350 Administration for the Avaya G250 and Avaya G350 Media Gateways...
The syslog messages are stored in the messages file on the MGC hard disk. You can view the syslog messages through the Avaya Maintenance Web Interface to debug the QoS problems. 1. In the Avaya Maintenance Web Interface, enter the Setup log viewing screen.
The date on which the trap was received. Oct 20 The time at which the trap was received. 11:13:40 The IP address of the local MGP. 135.8.118.252 1 of 4 352 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 353
Multiple sessions belonging to the same conference call can usually be identified by a common conference ID. Notes: The phone string data is received from Avaya ● Communication Manager if VMON is configured. If you are not running VMON, you can cause ●...
Page 354
The minimum and maximum TTL values sampled in TTL 63-63 the session. A counter that increments each time two Dup 0 consecutive RTP packets with the sample RTP sequence number are received. 3 of 4 354 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing RTP statistics Table 49: QoS Trap output fields (continued) Label Description From the trap example A counter that increments each time an RTP packet Fall 0 with a sequence number less than the last known sequence is received. The average network loss experienced by the Rem{Loss 0.0% #0 Jtr #0}...
QoS fault trap was sent. Viewing automatic traceroute results The VoIP engine automatically performs UDP traceroutes whenever the RTP statistics application is enabled. 356 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 357
Description Session ID The RTP statistics index for the RTP session From The IP address of the G250/G350 The IP address of the session destination (in this case, a destination within the specified subnet) The time the traceroute is performed...
Figure 31 shows the locations of four telephone extensions in an example network. Telephones with extensions 2004 and 2111 are connected to the local gateway G250/G350-001. Extensions 2002 and 2101 are connected to the remote gateway G250/G350-002. Figure 31: Four telephones in a sample network...
Page 359
Configuring and analyzing RTP statistics At the site of the local gateway “G250/G350-001”, the administrator enabled and configured the RTP-MIB application as follows: //to enable the RTP statistics application: G350-001(super)# rtp-stat-service //to view the configuration of the application: G350-001(super)# show rtp-stat config...
Page 360
//to configure the minimum statistics window for evaluating packet loss: G350-001(super)# rtp-stat min-stat-win 50 //to configure an external trap manager as a trap destination in addition to the active MGC: G350-001(super)# snmp-server host 136.9.71.47 traps v1 public 360 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 361
Configuring and analyzing RTP statistics //to check SNMP configuration G350-001(super)# show snmp Authentication trap enabled Community-Access Community-String ---------------- ---------------- read-only ***** read-write ***** SNMPv3 Notifications Status ----------------------------- Traps: Enabled Informs: Enabled Retries: 3 Timeout: 3 seconds SNMP-Rec-Address Model Level Notification Trap/Inform User name ---------------- ----- ------- --------------- ----------- ------------------- 135.9.77.47 v1 noauth all trap ReadCommN UDP port: 162 DM 136.9.71.47 v1 noauth all trap WriteCommN...
At 00:39 on December 7, 2004, a call is placed from analog extension 2111 to IP phone extension 2002 (see Figure 32) in the network described in Configuring the RTP statistics application for a sample network. Figure 32: Remote call from analog to IP phone 362 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 363
Configuring and analyzing RTP statistics The RTP statistics application is configured as described in Configuring the RTP statistics application for a sample network. The callers complain after the call that there were QoS problems during the call. The administrator investigates as follows: //to see if the RTP statistics application registered QoS problems for the call: G350-001(super)# show rtp sessions QoS Start date and time End Time Type...
33) in the network described in Configuring the RTP statistics application for a sample network. The call is finished at 00:59:19. Figure 33: Local call from analog to IP phone 364 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 365
Configuring and analyzing RTP statistics After the call is ended, the administrator uses the CLI to view the QoS statistics: //to see if there were QoS problems registered during the session G350-001(super)# show rtp sessions last 1 Start date and time End Time Type Destination ----- --- ------------------- -------- ---------...
30.30.30.2 Sessions 13 and 14 both belong to the call, since two VoIP channels are used by an unshuffled call between two IP phones: one channel between each telephone and the G250/G350 VoIP engine. 366 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 368
--type q to quit or space key to continue-- Remote-Statistics: Loss 0.0% #0, Avg-Loss 0.0%, Jitter 7mS #0, Avg-Jitter 7mS Echo-Cancellation: Loss 49dB #0, Len 32mS RSVP: Status Disabled, Failures 0 368 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing RTP statistics A conference call A conference call is placed between IP phone extension 1003, analog phone extension 80900, and IP phone extension 80886. The call is established by calling from extension 1003 to extension 80900, and then using the conference function on extension 1003 to add 80886 (see Figure 35).
PPP. Non-Ethernet packets are wrapped in a dummy Ethernet header to allow them to be viewed in a libpcap format. Thus, the G250/G350 allows you to analyze packets on all the interfaces of the device.
Configuring and analyzing packet sniffing The G250/G350’s packet sniffing service gives you full control over the memory usage of the sniffer. You can set a maximum limit for the capture buffer size, configure a circular buffer so that older information is overwritten when the buffer fills up, and specify a maximum number of bytes to capture for each packet.
Enabling packet sniffing Since the packet sniffing service presents a potential security breach, the administrator must first enable the service on the G250/G350 before a user can start capturing packets. Use the capture-service command to enable the packet sniffing service.
A capture list contains an ordered list of rules and actions. A rule specifies criteria against which packets are tested. The action tells the G250/G350 whether to capture or not capture packets matching the rule criteria. Only packets that match the specified criteria and have an action of capture are captured to the capture file.
Page 376
You can use the following rule criteria commands. These commands are described in more detail below. ● dscp ● ip protocol source ip address ● destination ip address ● ● tcp source-port ● tcp destination-port udp source-port ● udp destination-port ● 376 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 377
Configuring and analyzing packet sniffing icmp ● fragment ● Note: You can also use the description command in the rule context to add a Note: description of the rule. DSCP Use the dscp command, followed by a DSCP value (from 0 to 63) to apply the rule to all packets with the specified DSCP value.
Page 378
— the rule applies to UDP packets from ports that match the defined ● criteria udp destination-port — the rule applies to UDP packets to ports that match the ● defined criteria 378 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 379
Configuring and analyzing packet sniffing Port name or number range criteria The port name or number range criteria can be any of the following: Range. Type range, followed by two port numbers, to set a range of port numbers to ●...
Page 380
To apply the rule to non-initial fragments, use the fragment command. You cannot use the fragment command in a rule that includes UDP or TCP source or destination ports. For example: G350-001(super-Capture 520/ip rule 15)# fragment Done! G350-001(super-Capture 520/ip rule 15)# 380 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 381
Configuring and analyzing packet sniffing Capture list example The following commands create a capture list that captures all traffic from subnet 135.122.50.149 255.255.255.254 to an ECC at address 135.122.50.171, except telnet: G350-001(super)# ip capture-list 511 G350-001(super-Capture 511)# name "list #511" Done! ! Rules 10 and 15 provide that telnet packets are not captured.
Applying a capture list To apply a capture list, use the capture filter-group command from the general context. For example, to set the G250/G350 to use capture list 511 on interfaces in which packet sniffing is enabled, specify the following command:...
G350-001(super)# capture max-frame-size 4000 This command will clear the capture buffer - do you want to continue (Y/N)? y Done! G350-001(super)# Note: When you change the maximum frame size, the G250/G350 clears the capture Note: buffer. Issue 3 February 2007...
If packet sniffing has not been enabled by the administrator, the following appears: G350-001(super)# capture start Capture service is disable To enable, use the `capture-service` command in supervisor mode. G350-001(super)# 384 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and analyzing packet sniffing Capturing decrypted IPSec VPN packets IPSec VPN packets are encrypted packets. The contents of encrypted packets cannot be viewed when captured. However, you can use the capture ipsec decrypted command to specify that IPSec VPN packets, handled by the internal VPN gateway process, should be captured in clear text format.
WAN problem, you can upload the capture file to an S8300 Media Server and view it using t-ethereal, which is a command-line version of Ethereal. 386 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 387
Maintenance Web Interface, see Installing and Upgrading the Avaya G250 Media Gateway, 03-300434 or Installing and Upgrading the Avaya G350 Media Gateway, 03-300394. 3. In the Avaya Maintenance Web Interface, select FTP under Security in the main menu. 4. Click Start Server. 5. Log into the G250/G350.
For example, you can display only packets with a specific source address, or only those received from a specific interface. See Identifying the interface on page 389. The following figure shows a sample Ethereal screen. 388 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 389
Figure 36: Sample Ethereal screen Identifying the interface The G250/G350’s packet sniffing service can capture also non-Ethernet packets, such as frame-relay and PPP, into the capture file. This is achieved by wrapping non-Ethernet packets in a dummy Ethernet header to allow the packets to be stored in a libpcap format. This allows you to analyze packets on all the device interfaces.
4, on port number 1, with channel group number 2. Simulating packets Capture lists support the IP simulate command. Refer to Simulating packets on page 551. 390 Administration for the Avaya G250 and Avaya G350 Media Gateways...
IP rules are evaluated one by one (according to their number). The composite-operation (Capture/No-capture) of the first rule to match the packet is executed. If no rule is matched, the ip-rule default composite-operation is executed. 392 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 393
Configuring and analyzing packet sniffing Note: The not operator changes a field operand so it matches when the field does not Note: equal the configured value. Thus, not ip-protocol tcp specifies all protocols but TCP. Table 55: Packet sniffing CLI commands in ip-rule context Command Description User Level...
Ip-rule default context Table 56: Packet sniffing CLI commands in ip-rule default context Command Description User Level Set the default rule action composite-operation name Shows the default rule Show ip-rule [all|rule-id] 394 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Shutdown FastEthernet 10/2 is Down Down AdminDown administratively down, line protocol is down For detailed specifications of CLI commands, refer to Avaya G250 and Avaya G350 Media Gateways CLI Reference, 03-300437. Issue 3 February 2007...
Performs the specified test using the parameter values passed in the test request ● Upon successful completion of the test, sends the test results to the analyzer of the ● Chatterbox whose IP Address is designated in the test request 396 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring and monitoring CNA test plugs CNA tests The G250/G350 test plug supports all CNA tests, which are: Traceroute. Measures per-hop round-trip delays to a target IP address by sending a ● sequence of hop-limited UDP messages, each with a TTL (time-to-live) value that is one greater than that of the preceding message.
Configuring monitoring applications Configuring the G250/G350 test plug for registration From the G250/G350 CLI, you can configure the G250/G350 test plug to register with a CNA scheduler. 1. Use the cna-testplug command to enter the test plug context. For example:...
Configuring and monitoring CNA test plugs CNA test plug configuration example The following example includes displaying default test plug configuration, configuring the test plug, enabling the test plug service, and displaying test plug configuration and counters. Issue 3 February 2007...
Page 400
---------- ------ ------ --------- traceroute ping tcpconnect merge //to reenter the test plug context: G350-001(super)# cna testplug 1 //to delete scheduler 1: G350-001(super-cna testplug 1)# no scheduler 1 Done! 400 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 401
Configuring and monitoring CNA test plugs //to exit the test plug context: G350-001(super-cna testplug 1)# exit //to show that scheduler 1 is no longer configured: G350-001(super)# show cna testplug CNA testplug 1 is administratively down, test-plug status is unregistered Address 149.49.75.178, bind to PMI, ID 00:04:0d:6d:30:48 Scheduler list: 3: 135.64.102.76:50002 Ports: Control 8889,...
Page 402
Configuring monitoring applications 402 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Chapter 18: Configuring the router The Avaya G250 and G350 Media Gateways each have an internal router. You can configure the following routing features on the router: Interfaces ● Unnumbered IP interfaces ● Routing table ● GRE tunneling ● DHCP and BOOTP relay ●...
- The Avaya MM340 media module provides an E1/T1 WAN interface. - The Avaya MM342 media module provides a USP WAN interface. Fast Ethernet Interface — The 10/2 Fast Ethernet port on the front panel of the G250 and ●...
Configuring interface parameter commands Use the following commands to configure the interface parameters. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the ip admin-state command to set the administrative state of the IP interface.
2. Enter the context of the interface on which you want to configure an unnumbered IP address (usually the Dialer interface). 3. Use the ip unnumbered command, specifying the interface from which to borrow the IP address. 406 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250-001(super-if:Dialer 1)# dialer modem-interface USB-Modem //to configure IP unnumbered on the Dialer interface, borrowing the IP address from vlan interface 1, configured above: G250-001(super-if:Dialer 1)# ip unnumbered 1 Vlan 1 G250-001(super-if:Dialer 1)# exit G250-001(super)# ! The following sample routing table shows how routes discovered on unnumbered interfaces by...
Next-hop IP address — specifies the IP address of a router as a next-hop. The next-hop ● router must belong to one of the directly attached networks for which the Avaya G250/ G350 Media Gateway has an IP interface. Static route types Two kinds of static routes can be configured: High Preference static routes —...
Configuring the routing table Configuring multiple next-hops You can configure up to three next-hops for each static route in one of the following manners: Enter all of the next-hops using a single ip route command. To add a new next-hop to ●...
180. Permanent static route The Avaya G250/G350 Media Gateway enables you to configure a static route as a permanent route. Configuring this option prevents the static route from becoming inactive when the underlying Layer 2 interface is down. This prevents routing table updates from being sent each time an interface goes up or down when there is a fluctuating Layer 2 interface on the static route.
Use the traceroute command, followed by an IP address, to trace the route an IP ● packet would follow to the specified IP address. The G250/G350 traces the route by launching UDP probe packets with a small time to live (TTL), then listening for an ICMP time exceeded reply from a gateway.
The packet is routed to the tunnel interface dynamically by a routing protocol (RIP or ● OSPF). The packet is routed to the tunnel interface via policy-based routing. See Configuring ● policy-based routing on page 553. 412 Administration for the Avaya G250 and Avaya G350 Media Gateways...
In addition to checking for nested tunneling, the G250/G350 prevents loops in connection with GRE tunnels by preventing the same packet from being encapsulated more than once in the G250/G350.
G350-001(super)# ip distribution access-default-action 1 default-action-permit Done! G350-001(super)# ip distribution access-list 1 10 "deny" 192.68.1.0 0.0.0.255 Done! G350-001(super)# router rip G350-001(super router:rip)# distribution-list 1 out FastEthernet 10/2 Done! G350-001(super router:rip)# exit G350-001(super)# 414 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring GRE tunneling Accept policy. ● Configure a policy rule on the source tunnel endpoint (router 1) that will cause the source endpoint to not accept routing updates that include the source network (192.68.1.0). This solution is for nested tunneling caused by RIP. For example, using the network shown in Figure 37 as an illustration, you would configure the following policy rule on router 1 and activate it on the router RIP with the matching interface:...
The tunnel path-mtu-discovery command includes the following parameters: age-timer — how long, until the local tunnel endpoint returns the tunnel MTU to its ● default. The default value of this parameter is 10 minutes. 416 Administration for the Avaya G250 and Avaya G350 Media Gateways...
The Avaya G250/G350 Media Gateway does not check whether the configured Note: tunnel source IP address is an existing IP address registered with the G250/G350 router. 4. In most cases, it is recommended to configure keepalive in the tunnel so that the tunnel’s source interface can determine and inform the host if the tunnel is down.
Page 418
For a list of optional GRE tunnel features, refer to Optional GRE tunnel features on page 415. For a list of additional GRE tunnel CLI commands, refer to Additional GRE tunnel parameters on page 419. 418 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Additional GRE tunnel parameters Use the following commands to configure additional GRE tunnel parameters. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the tunnel checksum command in the context of the GRE tunnel interface to add a ●...
(11.0.0.10) as the source IP address. When the packet arrives at Router 2, which is the end point of the GRE tunnel, Router 2 removes the outer IP header and the GRE header and sends the packet to its original destination at IP address (8.0.0.2). 420 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 421
Configuring GRE tunneling You can use the following commands to configure GRE tunneling (with OSPF) in this example: Router 1 Configuration G350-001(super)# interface FastEthernet 10/2 G350-001(super-if:FastEthernet 10/2)# ip address 11.0.0.10 255.255.255.0 G350-001(super-if:FastEthernet 10/2)# exit G350-001(super)# interface tunnel 1 G350-001(super-if:Tunnel 1)# keepalive 10 3 Done! G350-001(super-if:Tunnel 1)# tunnel source 11.0.0.10 Done!
DHCP and BOOTP packets. The router also relays replies from the server back to the client. The G250/G350 can alternatively function as a DHCP server, providing DHCP service to local devices. For information about configuring DHCP server on the G250/G350, see...
Note: protocols. When there is more than one IP interface on a VLAN, the G250/G350 chooses the lowest IP address on this VLAN when relaying DHCP/BOOTP requests. The DHCP/BOOTP server then uses this address to decide the network from which to allocate the address. When there are multiple networks configured, the G250/G350 performs a round-robin selection process.
IP addresses and other parameters for each device on the network individually. Since a DHCP server can be configured on the G250/G350, local branch devices are not dependant on receiving configuration parameters over the WAN from a remote DHCP server and therefore can be assigned IP configuration parameters in case of WAN failure.
Configuring DHCP server The Avaya G250/G350 Media Gateway can function as a DHCP server or as a DHCP relay or both simultaneously, with each interface configured in either DHCP server mode or DHCP relay mode. For example, you can configure the G250/G350 to provide DHCP service to voice devices while DHCP requests by data devices are routed to a central remote DHCP server using DHCP relay.
10. Use the ip dhcp-server command to activate DHCP server. DHCP server is now active. If you change the pool configuration, it is recommended to do so while the pool is active. 426 Administration for the Avaya G250 and Avaya G350 Media Gateways...
IP addresses. Configuring Options DHCP options are various types of network configuration information that the DHCP client can receive from the DHCP server. The G250/G350 supports all DHCP options. The most common options used for IP phones are listed in Table 59.
Done! G350-001(super-DHCP 1/option 176)# value ascii "MCIPADD=10.10.2.140, MCPORT=1719, TFTPSRVR=10.10.5.188" Done! 350-001(super-DHCP 1/option 176)# exit G350-001(super-DHCP 1)# exit G350-001(super)# ip dhcp activate pool 1 Done! G350-001(super)# ip dhcp-server Done! G350-001(super)# 428 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 429
Done! G350-001(super)# The following example configures a vendor-specific option for DHCP pool 5: G350-001(super-DHCP 5)# vendor-specific-option 1 G350-001(super-DHCP 5/vendor specific 1)# class-identifier "ccp.avaya.com" Done! G350-001(super-DHCP 5/vendor specific 1)# value raw ascii "gfdgfd" Done! G350-001(super-DHCP 5/vendor specific 1)# exit G350-001(super-DHCP 5)#...
For each interface on the Avaya G250/G350 Media Gateway, you can configure whether the G250/G350 forwards directed broadcast packets to the network address or subnet mask address of the interface.
Network Basic Input Output System (NetBIOS) is a protocol for sharing resources among desktop computers on a LAN. You can configure the Avaya G250/G350 Media Gateway to relay NetBIOS UDP broadcast packets. This feature is used for applications such as WINS that use broadcast but might need to communicate with stations on other subnetworks or VLANs.
Static ARP table entries do not expire. You add static ARP table entries manually with the arp command. For example, to add a static ARP table entry for station 192.168.7.8 with MAC address 00:40:0d:8c:2a:01, use the following command: G350-001# arp 192.168.7.8 00:40:0d:8c:2a:01 432 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 433
Configuring the ARP table Dynamic ARP table entries are mappings between IP addresses and MAC addresses that the switch used recently. Dynamic ARP table entries expire after an amount of time that you can configure. The following figure shows how a switch adds dynamic ARP table entries: You can remove static and dynamic entries from the ARP table.
MAC address. Enabling proxy ARP The G250/G350 supports proxy ARP. Proxy ARP is a technique by which a router provides a false identity when answering ARP requests intended for another device. By falsifying its identify, the router accepts responsibility for routing packets to their true destination.
439. You can configure route redistribution between OSPF, RIP, and static routes. With route redistribution, you can configure the G250/G350 to redistribute routes learned from one protocol into the domain of the other routing protocol. For more information, see Route redistribution page 441.
Configuring RIP Up to 99 RIP distribution access lists can be configured on the Avaya G250/G350 Media Gateway. For example: To configure RIP distribution access list number 10 permitting distribution and learning of network 10.10.0.0: 1. Enter the command: ip distribution access-list 10 1 permit 10.10.0.0 0.0.255.255...
Use the no form of this command to restore the default value, disabling RIP. Use the timers basic command to set RIP timers. Use the no form of this command to ● set the RIP timers to their default values. 438 Administration for the Avaya G250 and Avaya G350 Media Gateways...
441. OSPF dynamic cost An OSPF interface on the G250/G350 can dynamically set a Cost. The Cost represents the price assigned to each interface for purposes of determining the shortest path. By default the OSPF interface Cost is calculated based on the interface bandwidth, according to...
The G250/G350 can be installed in the OSPF backbone area (area 0.0.0.0) or in any OSPF area that is part of a multiple areas network. However, the G250/G350 cannot be configured to be an OSPF area border router itself.
Route redistribution is the interaction of multiple routing protocols. OSPF and RIP can be operated concurrently in the G250/G350. In this case, you can configure the G250/G350 to redistribute routes learned from one protocol into the domain of the other routing protocol.
Static routes are, by default, redistributed to RIP and OSPF. The G250/G350 allows the user to globally disable redistribution of static routes to RIP, and separately to globally disable redistribution of static routes to OSPF. In addition you can configure, on a per static route basis, whether the route is to be redistributed to RIP and OSPF, and what metric to use (in the range of 1-15).
Configuring VRRP The concept underlying VRRP is that a router can backup other routers, in addition to performing its primary routing functions. This redundancy is achieved by introducing the concept of a virtual router. A virtual router is a routing entity associated with multiple physical routers.
There is one main router on IP subnet 20.20.20.0, such as a G350, C363T, C364T, or any router that supports VRRP, and a backup router. You can configure more backup routers. The G250/G350 itself must have an interface on the IP subnetwork, for example, ●...
● Configuring fragmentation The G250/G350 supports IP fragmentation and reassembly. The G250/G350 router can fragment and reassemble IP packets according to RFC 791. This feature allows the router to send and receive large IP packets where the underlying data link protocol constrains the Maximum Transport Unit (MTU).
Fragmentation commands Use the following commands to configure fragmentation and reassembly. For more information about these commands, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the clear fragment command to clear the fragment database and restore its ●...
IPSec SAs secure the actual traffic between the protected networks behind the peers, while the IKE SA only secures the key exchanges that generate the IPSec SAs between the peers. The G250/G350 IPSec VPN feature is designed to support site-to-site topologies, in which the two peers are gateways.
Dynamic local peer IP address support through IKE aggressive mode and self-identity ● FQDN Note: The G250/G350 can acquire a dynamic IP address through PPPoE or DHCP Note: Enhanced remote peer failover support- ● - Specifying a hostname rather than IP address for the remote peer, thus allowing for a DNS server to perform a resiliency scheme when providing the IP address mapping.
G250/G350 R3.1 VPN capabilities R3.1 VPN supports the following, in addition to the R3.0 capabilities: Support for configurations in which the G250/G350 acts as a regional VPN hub for ● dynamically addressed peers. This is achieved by supporting Aggressive Mode as a responder in an IKE Phase-1 negotiation.
The basic IPSec VPN building blocks define how to secure packets, as follows: ISAKMP policies – define parameters for IKE phase 1 negotiation ● Transform-sets – define parameters for IKE phase 2 negotiation ● 450 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 451
Once the building blocks are defined, IPSec VPN is implemented using a crypto-list. The crypto-list defines, for the interface to which it applies, which packets should be secured and how, as follows: Each rule in the crypto-list points to a crypto-map. A crypto-map points to a transform-set, and to a peer or peer-group.
5. Reset using the reset command. Configuring IPSec VPN Prerequisites As a prerequisite to configuring IPSec VPN, a valid VPN license must be installed on the G250/ G350. For details, see Installing the VPN license file on page 454.
Configuring a site-to-site IPSec VPN IPSec VPN configuration overview To configure a site-to-site IPSec VPN, two devices (the G250/G350 and a peer Gateway) must be configured symmetrically. In some cases, you may wish to configure global VPN parameters (see Configuring global parameters on page 468).
G350-001(config-isakmp:1)# encryption des Done! G350-001(config-isakmp:1)# hash md5 Done! G350-001(config-isakmp:1)# group 1 Done! G350-001(config-isakmp:1)# lifetime 60000 Done! 3. Exit the ISAKMP policy context using the exit command. G350-001(config-isakmp:1)# exit G350-001# 456 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring a site-to-site IPSec VPN Configuring transform-sets A transform-set defines the IKE phase 2 parameters. It specifies the encryption and authentication algorithms to be used for, sets a security association lifetime, and specifies whether PFS is enabled and which DH group it uses. In addition, it specifies the IPSec VPN mode (tunnel or transport).
If you wish to specify the ISAKMP peer by its FQDN name, you must configure Note: the G250/G350 as a DNS client (see DNS Resolver on page 77), and make sure that the peer’s name is listed in a DNS server. 458 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 459
GNpi1odGNBrB5z4GJL G350-001(config-peer:149.49.70.1)# pre-shared-key Done! Alternatively, you can obtain a cryptographic-grade random key from the G250/G350 using the suggest-key command, and then enter it using the pre-shared-key command. The suggested key-length can vary from 8-127 alphanumeric characters, or from 8-64 bytes represented in hexadecimal notation. The default length is 32 characters.
Page 460
(for more explanations on continuous-channel see Enabling continuous channel page 483). 7. Specify the branch device (G250/G350) by its address or by the FQDN name that identifies the G250/G350 in the remote peer, using the self-identity command. G350-001(config-peer:149.49.70.1)# self-identity address Done! G350-001(config-peer:149.49.70.1)# self-identity fqdn vpn.avaya.com...
Configuring a site-to-site IPSec VPN 9. Bind peer status to an object tracker, which can monitor hosts inside the remote peer’s protected network. To do so, use the keepalive-track command. For more information on object trackers, see Object tracking on page 256. G350-001(config-peer:149.49.70.1)# keepalive-track 5 Done! Note:...
The transform-set and ISAKMP policy define how to secure the traffic that matches the ip-rule that points to this crypto map. Important: It is mandatory to create at least one crypto map. Important: Note: You can configure up to 100 crypto maps. Note: 462 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 463
Configuring a site-to-site IPSec VPN 1. Use the crypto map command, followed by an index number between 1 and 50, to enter the context of a crypto map (and to create the crypto map if it does not exist). G350-001# crypto map 1 G350-001(config-crypto:1)# 2.
A crypto-list is an ordered list of ip-rules that control which traffic requires IPSec protection and which does not, based on IP groups (source and destination IP addresses and wildcard). A crypto-list is activated on an interface. The G250/G350 can have multiple crypto-lists activated on different interfaces.
Page 465
Configuring a site-to-site IPSec VPN Note: Specifying the interface as a name is one of the prerequisites for working with Note: dynamic local peer IP addresses. For more information about working with dynamic local peer IP addresses, see Using dynamic local peer IP on page 480.
Page 466
● match this rule by using the following commands. For a full description of the commands see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Note that this fine-tuning is not applicable for rules whose action is protect crypto map.
Configuring a site-to-site IPSec VPN Deactivating crypto lists to modify IPSec VPN parameters Most IPSec VPN parameters cannot be modified if they are linked to an active crypto list. To modify a parameter linked to an active crypto list, you must first deactivate the list using the no ip crypto-group command in the context of the interface on which the crypto list is activated.
4500; to find out the port number, use the show crypto ipsec sa command. The G250/G350 IPSec VPN feature supports NAT Traversal. If your installation includes one or more NAT devices between the local and remote VPN peers, NAT Traversal should be enabled, although in some rare cases it may not be required.
NAT translation alive in the NAT device, and not let it age-out due to periods of inactivity. Set the NAT Traversal keepalive interval on the G250/G350 to be less than the NAT translation aging time on the NAT device. G350-001# crypto isakmp nat keepalive 60...
Page 470
The crypto ipsec minimal pmtu command is intended for advanced users only. ● It sets the minimal PMTU value which can be applied to an SA when the G250/G350 participates in Path MTU Discovery (PMTUD) for the tunnel pertaining to that SA.
Displaying IPSec VPN configuration You can use the following show commands to display IPSec VPN configuration. For a full description of the commands and their output fields see Avaya G250 and Avaya G350 CLI Reference, 03-300437. Use the show crypto ipsec transform-set command to display configuration for a ●...
Configuring logging Note: page 187. 1. Use the set logging session enable command to enable session logging. G350-001# set logging session enable Done! CLI-Notification: write: set logging session enable 472 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 473
IPSec VPN maintenance 2. Use the set logging session condition ISAKMP command to view all ISAKMP messages of Info level and above. G350-001# set logging session condition ISAKMP Info Done! CLI-Notification: write: set logging session condition ISAKMP Info 3. Use the set logging session condition IPSEC command to view all IPSec messages of Info level and above.
There is a VPN tunnel from each Spoke to the VPN hub over the Internet. ● Only VPN traffic is allowed via the Internet connection. ● Figure 43: Simple VPN topology: VPN hub and spokes 474 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Typical installations Configuring the simple VPN topology 1. Configure each branch as follows: The default gateway is the Internet interface. ● VPN policy is configured on the Internet interface egress as follows: ● Traffic from the local subnets to any IP address is encrypted, using tunnel mode IPSec.
Page 476
PMTUD application to work. Egress All allowed Permit This traffic is services from tunnelled using VPN. any IP address to any local subnet Egress Default Deny 2 of 2 476 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 exit crypto isakmp peer address <Main Office Public Internet Static IP Address> pre-shared-key <secret key> isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac set pfs 2 exit crypto map 1 set peer <Main OfficeMain Office Public Internet Static IP...
Page 478
11 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t-vsu composite-operation permit exit 478 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 479
Typical installations ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 desintation-ip any source-ip host <Branch Subnet1> <Branch Subnet1 Mask> composite-operation Permit exit ip-rule 50 destination-ip any source-ip host <Branch Subnet2>...
G250/G350 to learn the IP address dynamically using either PPPoE or DHCP Client. Note: When working with dynamic local peer IP, you must make sure that it is the G250/ Note: G350 that initiates the VPN connection. The VPN peer cannot initiate the connection since it does not know the G250/G350’s IP address.
Page 481
PPP over Ethernet (PPPoE) is a client-server protocol used for carrying Note: PPP-encapsulated data over Ethernet frames. You can configure PPPoE on the G250/G350’s ETH WAN Fast Ethernet port. For more information about PPPoE on the G250/G350, see Configuring PPPoE on page 225.
Page 482
! Activate the Ingress and Egress ACLs on the Fast Ethernet interface G350-001(config)# interface FastEthernet 10/2 G350-001(config-if:FastEthernet 10/2)# ip access-group 301 in Done! G350-001(config-if:FastEthernet 10/2)# ip access-group 302 out Done! 482 Administration for the Avaya G250 and Avaya G350 Media Gateways...
However, there are advantages to keeping the connection continuously alive, such as eliminating the waiting time necessary to construct a new IPSec VPN connection. The G250/G350 IPSec VPN feature supports continuous channel, which maintains a continuous IPSec VPN connection. That means that when you activate the ip crypto-group command on the defined interface, the IPSec VPN tunnel is immediately started, even if no traffic is traversing the interface and the timeouts have expired.
● There is a VPN tunnel from one spoke to another spoke. ● Only VPN traffic is allowed via the Internet connection. ● Figure 44: Full or partial mesh 484 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 485
Typical installations Configuring the mesh VPN topology 1. Configure branch office 1 as follows: The default gateway is the Internet interface. ● VPN policy is configured on the Internet interface egress as follows: ● - Traffic from the local subnets to the second spoke subnets -> encrypt, using tunnel mode IPSec, with the remote peer being the second spoke.
Page 486
Traffic ACL parameter Description Direction value Ingress IKE from Main Office IP to Permit Branch IP Ingress ESP from Main Office IP to Permit Branch IP 1 of 2 486 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 487
Typical installations Table 63: Configuring the mesh VPN topology - branch 2 (continued) Traffic ACL parameter Description Direction value Ingress IKE from First Branch IP to Permit Branch IP Ingress ESP from First Branch IP to Permit Branch IP Ingress ICMP from any IP address to Permit This allows PMTUD application...
Figure 45: Full solution: hub-and-spoke with VPN for data and VoIP control backup Configuring hub-and-spoke with VPN for data and VoIP control backup 1. Configure the Branch Office as follows: The default gateway is the Internet interface. ● 496 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 497
Typical installations VPN policy is configured on the Internet interface egress as follows: ● Traffic from the local GRE tunnel endpoint to the remote GRE tunnel endpoint -> encrypt, using IPSec tunnel mode, with the remote peer being the Main Office. An access control list (ACL) is configured on the Internet interface to allow only the ●...
Page 498
- Destination IP = branch VoIP subnet(s) or GW address (PMI), DSCP = control -> Route: 1. WAN 2. DBR ACM is configured to route voice calls through PSTN when the main VoIP trunk is ● down. 498 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 499
Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp peer address <Main Office Internet public Static IP Address> pre-shared-key <key1> isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit crypto map 1 set peer <Main Office Internet public Static IP Address>...
Page 500
<Branch voice Subnet> <Branch voice Subnet Mask> composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit 500 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 501
Typical installations ip-rule 11 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any...
Page 502
! The following command specifies the Voice bearer dscp 46 next-hop list 1 exit ip-rule 20 ! The following command specifies the Voice Control dscp 34 next-hop list 2 exit ip-rule default next-hop PBR exit exit 502 Administration for the Avaya G250 and Avaya G350 Media Gateways...
IP address before establishing an IKE connection. Your DNS server should be able to provide an IP address of a living host. The G250/G350 will perform a new DNS query and try to re-establish the VPN connection to the newly provided IP address whenever it senses that the currently active remote peer stopped responding.
When configuring a crypto map, point to the peer-group instead of to a single peer. Failover using GRE A branch with a G250/G350 can connect to two or more VPN hub sites, in a way that will provide either redundancy or load sharing.
Page 505
Typical installations Figure 46: Hub-and-spoke with hub redundancy/load sharing using GRE Configuring VPN hub redundancy and load sharing topologies using GRE 1. Configure the Branch Office as follows: VPN policy is configured on the Internet interface egress as follows: ● GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 1 ->...
Page 506
● modifications. The GRE tunnel interface is configured for the branch. ● Dynamic routing (OSPF or RIP) is configured to run over the GRE interface to the ● branch. 506 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 507
Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp peer address <Primary Main Office Internet public Static IP Address> pre-shared-key <key1> isakmp-policy 1 exit crypto isakmp peer address <Backup Main Office Internet public Static IP Address>...
Page 508
Permit exit ip-rule 50 source-ip any destination-ip host <Branch Office Public Internet Static IP Address> ip-protocol icmp composite-operation Permit exit ip-rule 60 source-ip any destination-ip any composite-operation Permit exit 508 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 509
Typical installations ip-rule 70 source-ip host <Backup Main Office GRE Tunnel end point IP Address> destination-ip host <Branch GRE Tunnel end point IP Address> composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 30 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike...
Page 510
Tunnel 2 keepalive 10 3 tunnel source <Branch GRE Tunnel end point IP Address> tunnel destination <Backup Main Office GRE Tunnel end point IP Address> ip address 20.20.20.1 255.255.255.252 exit 510 Administration for the Avaya G250 and Avaya G350 Media Gateways...
VPN peers. On the G250/G350 configure that hostname as your remote peer. The G250/G350 will perform a DNS query in order to resolve the hostname to an IP address before establishing an IKE connection. Your DNS server should be able to provide an IP address of a living host.
Page 512
Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE). ● Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC). ● Permit ICMP traffic, to support PMTU application support, for a better fragmentation ● process. 512 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 513
Typical installations For each private subnet, add a permit rule, with the destination being the private ● subnet, and the source being any. This traffic will be allowed only if it tunnels under the VPN, because of the crypto-list. Define all other traffic (default rule) as deny in order to protect the device from ●...
Page 514
! that is accessible without VPN. ip domain name-server-list 1 name-server 1 123.124.125.126 exit ! Define the IKE Entity crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit 514 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 515
Typical installations ! Define the remote peer as FQDN (DNS Name) crypto isakmp peer fqdn main-vpn.avaya.com pre-shared-key <key1> isakmp-policy 1 exit ! Define the IPSEC Entity crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit ! Define the VPN Tunnel crypto map 1 set peer main-vpn.avaya.com...
Page 517
Typical installations ip-rule default composite-operation deny exit exit ! Define the Egress access control list for the public interface ip access-control-list 302 ip-rule 5 source-ip destination-ip ip-protocol udp destination-port eq dns composite-operation Permit exit ip-rule 10 source-ip destination-ip ip-protocol udp destination-port eq Ike composite-operation Permit exit...
Page 518
! Activate the crypto-list and the access control list on the public interface interface FastEthernet 10/2 ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit 518 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Typical installations Failover using a peer-group The failover VPN topology utilizes a peer-group which lists a group of redundant peers. At any point in time, only one peer is active and acting as the remote peer. An object tracker monitors the state of the active peer.
Page 520
Define a track list that will monitor (by ICMP) 5 hosts behind the specific peer. If two or more hosts are not working then the object tracker is down. The G250/G350 will then pass on to the next peer in the peer group list.
Page 521
Typical installations Permit ICMP traffic, to support PMTU application support, for a better fragmentation ● process. For each private subnet, add a permit rule, with the destination being the private ● subnet, and the source being any. This traffic will be allowed only if it tunnels under the VPN, because of the crypto-list.
Page 522
10.0.20.1 255.255.255.0 exit ! Define the Public Subnet interface FastEthernet 10/2 ip address 100.0.0.2 255.255.255.0 exit ! Define the default gateway the public interfce ip default-gateway 100.0.0.1 522 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 523
Typical installations ! We wish to check 5 hosts in the Corporate intranet behind the current VPN ! remote peer, and if 2 or more hosts don’t work then keepalive-track will fail , ! and we will move to the next peer in the peer-group rtr 1 type echo protocol ipIcmpEcho <host1 IP>...
Page 524
"Fast Ethernet 10/2.0" ip-rule 10 source-ip 10.0.10.0 0.0.0.255 destination-ip any protect crypto map 1 exit ip-rule 20 source-ip 10.0.20.0 0.0.0.255 destination-ip any protect crypto map 1 exit exit 524 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 525
Typical installations ! Define the Ingress access control list for the public interface ip access-control-list 301 ip-rule 10 source-ip destination-ip ip-protocol udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any...
Page 526
Permit exit ip-rule 40 source-ip 10.0.10.0 0.0.0.255 destination-ip composite-operation Permit exit ip-rule 50 source-ip 10.0.20.0 0.0.0.255 destination-ip composite-operation Permit exit ip-rule default composite-operation deny exit exit 526 Administration for the Avaya G250 and Avaya G350 Media Gateways...
301 in ip access-group 302 out exit Check-List for Configuring site-to-site IPSec VPN Use the following table to gather the information for simple G250 and G350 site-to-site IPSec VPN. Table 66: Checklist for configuring site-to-site IPSec VPN Parameter...
Page 528
● ● ● - Lifetime seconds 120 - 86,400 ● default: 3,600 (1 hour) - Lifetime kilobytes 2,560 - 536,870,912 ● default: 4,608,000 kb disable ● 2 of 3 528 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 529
Check-List for Configuring site-to-site IPSec VPN Table 66: Checklist for configuring site-to-site IPSec VPN (continued) Parameter Possible values Actual value 6. Which packets should be secured a. Protect rules matching IP source address ● options IP destination address ● b. Bypass rules matching IP source address ●...
Page 530
Configuring IPSec VPN 530 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Global rules — a set of rules that are executed before the list is evaluated ● Rule list — a list of filtering rules and actions for the G250/G350 to take when a packet ● matches the rule. Match actions on this list are pointers to the composite operation table.
Unwanted Inbound Traffic Unwanted Inbound Traffic Blocked by Access Control List Foreign Foreign Foreign Network Host Network Host Network Host Unwanted Outbound Traffic Unwanted Outbound Traffic Blocked by Access Control List 532 Administration for the Avaya G250 and Avaya G350 Media Gateways...
DSCP values or CoS values, and can be based on specific values or groups of IP addresses, protocols, ports, IP fragments, or DSCP values. When a packet matches a rule on the QoS list, the G250/G350 sets one or both of the QoS fields in the packet. The following table shows these QoS fields:...
Configuring policy Managing policy lists You can manage policy lists on the Avaya G250/G350 Media Gateway with CLI commands. You can also manage policy lists throughout your network with Avaya QoS Manager. Avaya QoS Manager is part of Avaya Integrated Management.
● Defining list identification attributes The policy list attributes including name, owner, and cookie, are used by Avaya QoS Manager software to identify policy lists. 1. Enter the context of the policy list in which you want to define the attribute.
Configuring policy Default actions When no rule matches a packet, the G250/G350 applies the default action for the list. The following table shows the default action for each type of policy list: List Default action Access control list Accept all packets...
Access Control List and the Egress Access Control List from among the access control lists that are configured on the G250/G350. You can choose the Ingress QoS List and the Egress QoS List from among the QoS lists that are configured on the G250/G350.
Device-wide policy lists You can attach a policy list (other than a policy-based routing list) to every interface on the G250/G350 using one command. To do this, attach a list to the Loopback 1 interface. For more information, see Attaching policy lists to an interface on page 536.
Defining rules on page 539. The G250/G350 applies global rules before applying individual rules. 1. Enter the context of the access control list in which you want to define the rule. 2. Enter one of the following commands, followed by the name of a composite command: - ip-fragments-in —...
Rules work in the following ways, depending on the type of list and the type of information in the packet: Layer 4 rules in an access control list with a Permit operation are applied to non-initial ● fragments 540 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Defining rules Layer 4 rules in an access control list with a Deny operation are not applied to non-initial ● fragments, and the device continues checking the next IP rule. This is to prevent cases in which fragments that belong to other L4 sessions may be blocked by the other L4 session which is blocked.
— type eq, followed by a port name or number, to set a port name or port number to ● which the rule applies 542 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Defining rules greater than — type gt, followed by a port name or port number, to apply the rule to all ● ports with a name or number greater than the specified name or number less than — type lt, followed by a port name or port number, to apply the rule to all ports ●...
Operation Use the operation command, followed by the name of a composite operation, to specify an operation for the G250/G350 to perform on a packet when the packet matches the rule. For an explanation of composite operations, see Composite operations on page 545.
Composite operations The following command specifies that rule 4 in access control list 302 drops packets that match the rule, and causes the G250/G350 to send a trap and reset the connection when the packet is dropped: G350-001(ACL 304/ip rule 4)# operation Deny-Notify-Rst Note: Composite operation names are case-sensitive.
Configuring policy Notify — determines whether the operation causes the G250/G350 to send a trap when it ● drops a packet Reset Connection — determines whether the operation causes the G250/G350 to reset ● the connection when it drops a packet...
Composite operations Trust — determines how to treat packets that have been tagged by the originator or other ● network devices. If the composite operation is set to Trust-DSCP, the packet’s CoS tag is set to 0 before the QoS list rules and DSCP map are executed. If the composite operation is set to CoSX, the DSCP map is ignored, but the QoS list rules are executed on the Ethernet IEEE 802.1p CoS field.
The following commands create a new composite operation called dscp5 and assign the new composite operation to rule 3 in QoS list 402. If the packet matches a rule, the G250/G350 changes the value of the DSCP field in the packet to 5.
QoS rules on the list take precedence over the DSCP table. If a QoS rule other than the default matches the packet, the G350 does not apply the DSCP table to the packet. The G250/G350 applies only the operation specified in the QoS rule.
- show dscp-table — displays the current list’s DSCP table - show ip-rule — displays a list of all rules configured for the list - show list — displays the parameters of the current list, including its rules 550 Administration for the Avaya G250 and Avaya G350 Media Gateways...
(in or out), and a source and destination IP address. You may also specify other parameters. For a full list of parameters, see Avaya G250 and Avaya G350 CLI Reference, 03-300437. The following command simulates the effect of applying QoS list number 401 to a packet entering the G350 through interface VLAN 2: G350-001(if:Vlan 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1...
Page 552
Configuring policy When you run the ip simulate command, the G250/G350 displays the effect of the policy rules on the simulated packet. For example: G350-001(super-if:Vlan 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1 10.2.2.2 tcp 1182 20 Rule match for simulated packet is the default rule...
Each PBR list includes a set of rules, and each rule includes a next hop list. Each next hop list contains up to 20 next hop destinations to which the G250/G350 sends packets that match the rule. A destination can be either an IP address or an interface.
Internet. This saves bandwidth on the more expensive serial interface. Figure 52: Policy-based routing — Voice/Data Division By DSCP G350 Voice - DSCP=34, 41,43,44,46 Router Data - Default xDSL1 Headquarters Small Branch 554 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Configuring policy-based routing Backup You can utilize policy-based routing to define backup routes for defined classes of traffic. If the first route on the next hop list fails, the packets are routed to a subsequent hop. When necessary, you can use the NULL interface to drop packets when the primary next hop fails. For example, voice packets are usually sent over a WAN line, and not the Internet.
Page 556
Use the next-hop-ip command, followed by the index number of the entry in the ● next hop list, to define an IP address as a next hop. You can optionally apply tracking to monitor the route. 556 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 557
180. A next hop list can include the value NULL0. When the next hop is NULL0, the G250/G350 drops the packet. However, you cannot apply tracking to NULL0. The following example creates next hop list 1, named “Data to HQ”, with three entries: The first entry is IP address 172.16.1.221.
Source TCP or UDP port or a range of ports ● Destination TCP or UDP port or a range of ports ● ICMP type and code ● Fragments ● DSCP field ● 558 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Use the next-hop list command, followed by the list number of a next hop list, to specify a next hop list for the G250/G350 to apply to packets that match the rule. You can specify Destination Based Routing instead of a next hop list, in which case the G250/G350 applies destination-based routing to a packet when the packet matches the rule.
Configuring policy-based routing Next hop lists PBR rules include a next hop list. When the rule matches a packet, the G250/G350 routes the packet according to the specified next hop list. Each next hop list can include up to 20 entries. An entry in a next hop list can be either an IP address or an interface.
Editing and Deleting PBR lists - To delete an interface, use the no next-hop-interface command, followed by the index number of the entry you want to delete. For example, the command no next-hop-interface 3 deletes the third entry from the next hop list. Canceling tracking and keeping the next hop 1.
- show ip pbr-list list number detailed — displays all the parameters of the specified PBR list - show ip active-lists — displays a list of each G250/G350 interface to which a PBR list is attached, along with the number and name of the PBR list - show ip active-lists list number —...
Page 563
This example includes a voice VLAN (6) and a data VLAN (5). The PMI is on VLAN 6. The G250/G350 is managed by a remote Media Gateway Controller (MGC) with the IP address 149.49.43.210. The G250/G350 also includes a local S8300 in LSP mode.
G350-001(super-PBR 801/ip rule 40)# next-hop list 1 Done! G350-001(super-PBR 801/ip rule 40)# destination-ip 149.49.123.0 0.0.0.255 Done! G350-001(super-PBR 801/ip rule 40)# dscp 46 Done! G350-001(super-PBR 801/ip rule 40)# exit G350-001(super-PBR 801)# exit G350-001(super)# 564 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 565
The next set of commands applies the PBR list to the Loopback interface. This is necessary to ensure that voice packets generated by the G250/G350 itself are routed via the E1/T1 line. The Loopback interface is a logical interface that is always up. Packets sent from the G250/G350, such as signaling packets, are sent via the Loopback interface.
Page 566
(for more information on object tracking, refer to Object tracking on page 256). Note that the GRE tunnel itself has keepalive and can detect the status of the interface and therefore modify the next hop status. 566 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Application example Simulating packets Policy-based routing supports the IP simulate command for testing policies. Refer to Simulating packets on page 551. Issue 3 February 2007...
Page 568
Configuring policy-based routing 568 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Chapter 22: Setting synchronization If the Avaya G350 Media Gateway contains an MM710 T1/E1 media module, it is advisable to define the MM710 as the primary synchronization source for the G350. In so doing, clock synchronization signals from the Central Office (CO) are used by the MM710 to synchronize all operations of the G350.
Setting synchronization If the Avaya G250 or G350 Media Gateway includes a second MM710 media module, enter the following additional command: set sync interface secondary v3 set sync source secondary If, for any reason, the primary MM710 media module cannot function as the clock synchronization source, the system uses the MM710 media module located in slot 3 of the Avaya G350 Media Gateway chassis as the clock synchronization source.
Chapter 23: FIPS The G250, G250-BRI, and G350 are multi-chip stand-alone cryptographic modules in commercial grade metal cases. The modules provide: VPN, Voice over Internet Protocol (VoIP) media-gateway services, Ethernet switching, IP ● routing, and data security for IP traffic Status output via LEDs and logs available through the module’s management interface...
Page 572
Table Table 69 Table 70 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250 front panel. Table 68: Physical and logical interfaces on the G250-Analog front panel Physical Quantity Description FIPS 140-2 logical...
Page 573
Table 68: Physical and logical interfaces on the G250-Analog front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface CONSOLE Console port for direct Control inputs Supports cryptographic ● connection of CLI module administration Status output ● console.
Page 574
Link state and activity ● indication on the associated data interface ETH LAN LAN status LEDs Status output Link state and activity ● indication on the associated data interface 574 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Table Table 72 Table 73 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250-BRI front panel. Table 71: Physical and logical interfaces on the G250-BRI front panel Physical Quantity Description FIPS 140-2 logical...
Page 576
FIPS Table 71: Physical and logical interfaces on the G250-BRI front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface RJ-45 port for ACS Power output Contact Closure Adjunct. ● (308) contact closure Powers two contact- adjunct box closure relays.
Page 577
Table 71: Physical and logical interfaces on the G250-BRI front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Control inputs ● Multitech Status output ● ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ●...
Page 578
Link state and activity ● indication on the associated data interface ETH LAN LAN status LEDs Status output Link state and activity ● indication on the associated data interface 578 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Table Table 69 Table 70 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250-DCP front panel. Table 74: Physical and logical interfaces on the G250-DCP front panel Physical Quantity Description FIPS 140-2 logical...
Page 580
FIPS Table 74: Physical and logical interfaces on the G250-DCP front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface ETH WAN RJ-45 Ethernet LAN Data input Supports wide area ● switch port network connectivity Data output ●...
Page 581
Table 74: Physical and logical interfaces on the G250-DCP front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Control inputs ● Multitech Status output ● ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ●...
Page 582
Test in progress ● Call activity ● System System status LEDs Status output Indicate: ● Modem connection ● through the Console interface Alarm state ● CPU activity ● Power ● 582 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Table Table 69 Table 70 describe the functions of the physical and logical fixed ports, buttons, and LEDs on the G250-DS1 front panel. Table 77: Physical and logical interfaces on the G250-DS1 front panel Physical Quantity Description FIPS 140-2 logical...
Page 584
FIPS Table 77: Physical and logical interfaces on the G250-DS1 front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface T1/E1 T1/E1 and a PRI trunk Data input ● port Data output ● Status output ● Control input ●...
Page 585
Table 77: Physical and logical interfaces on the G250-DS1 front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Control inputs ● Multitech Status output ● ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ●...
Page 586
Console interface Alarm state ● CPU activity ● Power ● ETH WAN T1/E1/PRI trunk Status output Link state and activity ● interface LEDs indication on the associated data interface 586 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G350 Image and interfaces Figure 58: Image of the G350 cryptographic module 16 17 10 11 12 Figure notes: 1. V6 — high-density media module slot 9. Analog line ports 2. V2 — standard media module slot 10. CCA (Contact Closure) port 3.
Page 588
Status output ● Control input ● CONSOLE Console port for direct Control inputs Supports cryptographic ● connection of CLI module administration Status output ● console. RJ-45 connector. 1 of 2 588 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 589
Table 80: Physical and logical interfaces on the G350 front panel (continued) Physical Quantity Description FIPS 140-2 logical Comments interface interface USB port. Supports: Multitech ● MultiModemUSB MT5634ZBA-USB- V92 USB modem USB flash (for ● backup and restore) Externally powered ●...
DES CBC for encryption of IPSec, and IKE (only supported for communication with legacy ● VPN systems) TDES CBC Encryption of the serial number date for Voice feature activation controlled by ● the ICC CM server/external blade server 590 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Non-Approved Algorithms in FIPS mode Diffie-Hellman for IKE key exchanges - groups 2, 5, and 14 ● MD5 for Radius Client role and peer OSPF router authentication ● HMAC-MD5-96 for SNMPv3 authentication ● The cryptographic module relies on the implemented deterministic random number generator (DRNG) that is compliant with X9.31 with 128-bit Key, 64-bit Seed for generation of all cryptographic keys.
Cryptographic Module Specification Module Port and Interfaces Roles, Services, and Authentication Finite State Model Physical Security Operational Environment Cryptographic Key Management EMI/EMC Self-Tests Design Assurance Mitigation of Other Attacks 592 Administration for the Avaya G250 and Avaya G350 Media Gateways...
The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the device does not support the loading and execution of un-trusted code. Avaya digitally signs firmware images of the crypto module using RSA SHA1 digital signature. Through this signature, the crypto module verifies the authenticity of any update to its firmware image.
Page 594
An entity that facilitates authentication IPSec VPNs Serial Number Role-based verification TDES encrypted Gateway exchanges its Peer challenge serial number with a Server to enable feature activation 2 of 2 594 Administration for the Avaya G250 and Avaya G350 Media Gateways...
● three) Device managed locally via direct link to Console port, and remotely via IPSec tunnel only. ● Commands are documented in the Avaya G250 and Avaya G350 Media Gateways CLI ● Reference, 03-300437. Critical security parameters and private keys Table 86 describes the CSPs (Critical Security Parameters) defined in the module.
Page 596
Used for authentication of default CLI user during first setup Radius Secret Used for hashing password with MD5. One secret common to both Primary and Secondary Radius server. 2 of 3 596 Administration for the Avaya G250 and Avaya G350 Media Gateways...
(Avaya root CA RSA public key) The Avaya Root certificate is hard-coded in the Gateway image and is used directly for authentication of the chain of trust of the Avaya Signing Authority that is downloaded together with the software. License download public key Used for authentication of license file validity.
Read all status indications: obtain all statuses securely via IPSEC, console port, and LEDs on the Gateway’s front panel 1 of 2 598 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 599
Table 88: CSP access rights within roles and services (continued) Service Role Read subset of status indications: obtain subset of statuses securely via IPSEC, console port and LEDs on the Gateway’s front panel Module configuration backup: backup non-CSP related configuration data via IPSEC Module configuration restore: restore...
Page 600
IKE Session phase-1 secret (SKEYID_d) IKE phase-1 HMAC Key (SKEYID_a) IKE Session phase-1 key (SKEYID_e) IKE Session phase-1 TDES IKE Session phase-1 DES IKE Session phase-1 AES 1 of 3 600 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 601
Table 89: Role and service access to CSPs (continued) IKE phase-1 TDES key (SKEYID-e) Nonce IPSEC SA phase-2 TDES IPSEC SA phase-2 AES IPSEC SA phase-2 HMAC keys IPSEC SA phase-2 keys per protocol Ephemeral DH phase-2 private key DH phase-2 shared secret User password Root password...
3. When the module has not been placed in a valid role, the operator does not have access to any cryptographic services. 4. Use DES to encrypt message traffic only for communications with legacy products that do not support AES or TDES. 602 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 603
8. Data output is inhibited during key generation, self-tests, zeroization, and error states. 9. The module supports concurrent operators and maintains separation of roles and services. 10. Users can plug-in and use any Avaya Media Module that does not support cryptographic functionality without restriction.
FIPS-approved mode of operation. Also note that execution of the NVRAM Init or zeroize commands clear the above defined FIPS-approved mode configuration and returns the box to factory defaults. 604 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Administration Procedures Prerequisites Avaya Communication Manager 2.2 or higher ● FIPS-ready gateway ● - Check the Material Code in Table 90. The material code is on the product label on the rear panel of the gateway. Table 90: Material codes of FIPS-compliant media gateways...
● enhanced security ● ● show self-test-status For a full description see Avaya G250 and Avaya G350 CLI Reference, 03-300437 Prerequisites for entering FIPS mode User type – crypto officer ● FIPS-approved hardware. Version 3.0.x or higher. ● FIPS-approved Media Gateway firmware. Refer to the “Validation Lists for cryptographic ●...
Administration Procedures Entering FIPS mode 1. Log in to the device through the local console port. - User name: root - Password: root Note: Use the password “root” when the Media Gateway is running with the factory Note: default configuration. Login: root Password: **** Password accepted...
Page 608
: 00:04:0d:6d:30:e1 WAN MAC address : 00:04:0d:6d:30:e1 Serial No : 03IS07639510 Model No : G250-BRI HW Vintage HW Suffix FW Vintage : 24.11.0 HW ready for FIPS : Yes 608 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 609
Phone Image 10 phone-ImageB Phone Image 10 phone-ImageC Phone Image 10 phone-ImageD Phone Image 10 dhcp-binding DHCP Binding Nv-Ram Ip Address Binding For the G250: ● G250-N(super)# dir M# file ver num file type file location file description -- ---- --------...
Page 610
9. If a more recent FIPS-approved G250/G350 image is available, download it using the image download procedures. - Use the copy tftp image command. 10. If it has not yet been installed, download the Avaya License file with the VPN feature activated. - Use the copy tftp license-file command.
Page 611
Note: Otherwise you cannot establish a signaling link after disabling encryption in the Media Gateway. 15. Disable Avaya Media Encryption (SRTP, AEA, RTP/AES). - Use the disable media encryption command and confirm the operation. G350-N(super)# disable media encryption Warning: The following command will disable the media encryption functionality and it cannot be rolled back.
Page 612
------ ---------- root admin local password b. If there are redundant CLI users, use the no username command to delete them. Note that you cannot delete the root user. 612 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 613
Administration Procedures c. Use the show snmp user command to list SNMPv3 users. G350-N(super)# show snmp user EngineId: 80:00:1a:e9:03:00:04:0d:29:ca:61 (local) User Name: initial Authentication Protocol: none Privacy Protocol: none Storage Type: nonVolatile Row Status: active d. If there are redundant local SNMP users, use the no snmp-server user command to delete them.
Page 614
33. Configure primary and secondary RADIUS servers. G350-N(super)# Set radius authentication enable Done! G350-N(super)# set radius authentication server 200.200.200.20 primary Done! G350-N(super)# set radius authentication secret fips_test1 Done! 614 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 615
Inhibits output data traffic during powerup/error states. ● Inhibits modification of the active IPSEC transform-set parameters. ● In the G250 only: the G250 switches from performing symmetric encryption with a ● hardware accelerator, to software-based encryption. - Use the enhanced security command.
Page 616
FIPS 37. Define an Access Control list that blocks packets with an IP destination address of any of the G250/G350 interfaces for the following protocols, and activate the ACL on the inbound direction of all clear-text interfaces. TELNET ● ●...
Page 618
42 composite-operation "Deny" ip-protocol udp destination-ip host 10.20.0.1 udp destination-port eq Snmp exit ip-rule 43 composite-operation "Deny" ip-protocol udp destination-ip host 100.100.100.1 udp destination-port eq Snmp exit 618 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 619
----------- ----------------- ----------------- ---- --- -- ----- ----- --- San Jose 111.110.110.112 IPv4 Address MM none New Jersey 149.49.70.1 vpn.ca.avaya.com AM on-de b. Use the no crypto isakmp peer address command to delete redundant VPN peers. G350-001(super)# no crypto isakmp peer address 149.49.70.1 Done! Issue 3 February 2007...
Page 620
G350-N# crypto ipsec transform-set ts1 esp-3des esp-sha-hmac comp-lzs G350-N(config-transform:ts1)# exit 43. Configure Crypto Maps using the crypto map command. G350-N# crypto map 1 G350-N(super-crypto:1)# set transform-set ts1 Done! G350-N(super-crypto:1)# set peer 20.0.0.2 Done! G350-N(crypto-map)# exit 620 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 621
Administration Procedures 44. Define one or more IPSec Crypto lists that provide encryption rules for traffic that needs protection. Use the ip crypto-list command. G350-N(super)# ip crypto-list 901 G350-N(super-Crypto 901)# local-address “FastEthernet 10/2.0” Done! G350-N(super-Crypto 901)# ip-rule 10 G350-N(super-Crypto 901/ip rule 10)# protect crypto map 1 Done! G350-N(super-Crypto 901/ip rule 10)# source-ip any Donw!
48. Physically re-connect the network interfaces. Failure scenarios and repair actions The G250/G350 initiates power up tests automatically, without the need for operator intervention, and executes tests in the order defined below. The power-up self-tests are executed during the early boot sequence and before the G350’s data output interfaces are enabled and begin transmitting packets.
"PRNG integrity power-up self test" "Passed" "Crypto integrity power-up self test" "Passed" "EEPROM integrity power-up self test" "Passed" If the G250/G350 fails a conditional or power-up self-test, the module enters the error state. All data output interfaces are immediately blocked. Error states...
If the G350 does not recover from Error State 3, the secrets and other definitions SECURITY ALERT: are retained. If this information is highly sensitive, you should not send the G250/ G350 for repair. 624 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 625
Administration Procedures Figure 59: Recovering from an error state Power down Gatew ay Power up Gateway Gateway operates correctly? D elete setup Perform N VR AM initialization R econfigure Gateway Gateway operates correctly? C ontact Avaya representative Issue 3 February 2007...
Page 626
FIPS 626 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Appendix A: Traps and MIBs This appendix contains a list of all G250/G350 traps and all MIBs. G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic coldStart Boot Warning coldStart Agent Up with A coldStart trap indicates...
Page 628
Redundancy $1 manager of the deletion Trap Status definition deleted of the specified redundant link, which is identified by the softRedundancyId. It is enabled/disabled by chLntAgConfigChangeTr aps. 2 of 9 628 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 629
G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic createSW soft P330 SWITCH Info createSWRedu Software The trap is generated on Redundancy Redundancy FABRIC ndancyTrap Redundancy $1 the creation of the Trap Status definition created redundant links for the specified ports.
Page 630
Module $2 Inline This trap reports the FaultMask, FltOK Power Supply correction of a failure on genGroupId, failure was cleared an inline power supply. genGroup BUPSActivity Status 4 of 9 630 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 631
G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic WanPhysical ifIndex, Critical Cable Problem on An E1/T1/Serial cable AlarmOn ifAdminStatus, Physical port $4 was disconnected. ifOperStatus, AlarmOn ifName, ifAlias, dsx1Line Status wanPhysical ifIndex, Notification wan...
Page 632
This trap reports a PwrFlt Index, NTITY PwrFlt power supply Fault problem with a 3.3V entPhysical power supply. Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos 6 of 9 632 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 633
G250/G350 traps Name Parameters Class Severity Trap Name/ Format Description (MIB variables) Facility Mnemonic avEnt2500mv entPhysical AVAYA-E SUPPLY avEnt2500mv 2.5V (2500mv) This trap reports a PwrFlt Index, NTITY PwrFlt power supply Fault problem with a 2.5V entPhysical power supply. Descr,...
Page 634
Fault correction of a problem entPhysical Cleared with a 1.8V power supply. Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos 8 of 9 634 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB File MIB Module Supported by G250/G350 SNMPv2-MIB.my SNMPv2-MIB USM-MIB.my USM-MIB VACM-MIB.my VACM-MIB OSPF-MIB.my OSPF-MIB Tunnel-MIB.my TUNNEL-MIB 3 of 3 MIB files in the Load.MIB file The following table provides a list of the MIBs in the Load.MIB file that are supported by the...
The following table provides a list of the MIBs in the RFC1315-MIB.my file that are supported by the G250/G350 and their OIDs: Object frDlcmiIfIndex 1.3.6.1.2.1.10.32.1.1.1 frDlcmiState 1.3.6.1.2.1.10.32.1.1.2 1 of 3 638 Administration for the Avaya G250 and Avaya G350 Media Gateways...
1.3.6.1.2.1.17.7.1.4.5.1.4 dot1qPortGvrpFailedRegistrations 1.3.6.1.2.1.17.7.1.4.5.1.5 dot1qPortGvrpLastPduOrigin 1.3.6.1.2.1.17.7.1.4.5.1.6 MIB files in the ENTITY-MIB.my file The following table provides a list of the MIBs in the ENTITY-MIB.my file that are supported by the G250/G350 and their OIDs: Object entPhysicalIndex 1.3.6.1.2.1.47.1.1.1.1.1 entPhysicalDescr 1.3.6.1.2.1.47.1.1.1.1.2 entPhysicalVendorType 1.3.6.1.2.1.47.1.1.1.1.3 entPhysicalContainedIn 1.3.6.1.2.1.47.1.1.1.1.4...
G250/G350 MIB files MIB files in the VRRP-MIB.my file The following table provides a list of the MIBs in theVRRP-MIB.my file that are supported by the G250/G350 and their OIDs: Object vrrpNodeVersion 1.3.6.1.2.1.68.1.1.1 vrrpOperVrId 1.3.6.1.2.1.68.1.1.3.1.1 vrrpOperVirtualMacAddr 1.3.6.1.2.1.68.1.1.3.1.2 vrrpOperState 1.3.6.1.2.1.68.1.1.3.1.3 vrrpOperAdminState 1.3.6.1.2.1.68.1.1.3.1.4...
G250/G350 MIB files MIB files in the ENTITY-SENSOR-MIB.my file The following table provides a list of the MIBs in the ENTITY-SENSOR-MIB.my file that are supported by the G250/G350 and their OIDs: Object entPhySensorType 1.3.6.1.2.1.99.1.1.1.1 entPhySensorScale 1.3.6.1.2.1.99.1.1.1.2 entPhySensorPrecision 1.3.6.1.2.1.99.1.1.1.3 entPhySensorValue 1.3.6.1.2.1.99.1.1.1.4 entPhySensorOperStatus 1.3.6.1.2.1.99.1.1.1.5...
The following table provides a list of the MIBs in the DS1-MIB.my file that are supported by the G250/G350 and their OIDs: Object dsx1LineIndex 1.3.6.1.2.1.10.18.6.1.1 dsx1IfIndex 1.3.6.1.2.1.10.18.6.1.2 dsx1TimeElapsed 1.3.6.1.2.1.10.18.6.1.3 dsx1ValidIntervals 1.3.6.1.2.1.10.18.6.1.4 1 of 3 646 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB files in the PPP-IP-NCP-MIB.my file The following table provides a list of the MIBs in the PPP-IP-NCP-MIB.my file that are supported by the G250/G350 and their OIDs: Object pppIpOperStatus 1.3.6.1.2.1.10.23.3.1.1.1 pppIpLocalToRemoteCompressionProtocol 1.3.6.1.2.1.10.23.3.1.1.2 pppIpRemoteToLocalCompressionProtocol 1.3.6.1.2.1.10.23.3.1.1.3 pppIpRemoteMaxSlotId 1.3.6.1.2.1.10.23.3.1.1.4 pppIpLocalMaxSlotId 1.3.6.1.2.1.10.23.3.1.1.5...
Traps and MIBs MIB files in the AVAYA-ENTITY-MIB.my file The following table provides a list of the MIBs in the AVAYA-ENTITY-MIB.my file that are supported by the G250/G350 and their OIDs: Object avEntPhySensorHiShutdown 1.3.6.1.4.1.6889.2.1.99.1.1.1 avEntPhySensorHiWarning 1.3.6.1.4.1.6889.2.1.99.1.1.2 avEntPhySensorHiWarningClear 1.3.6.1.4.1.6889.2.1.99.1.1.3 avEntPhySensorLoWarningClear 1.3.6.1.4.1.6889.2.1.99.1.1.4 avEntPhySensorLoWarning 1.3.6.1.4.1.6889.2.1.99.1.1.5...
G250/G350 MIB files MIB files in the XSWITCH-MIB.my file The following table provides a list of the MIBs in the XSWITCH-MIB.my file that are supported by the G250/G350 and their OIDs: Object scGenPortGroupId 1.3.6.1.4.1.81.28.1.4.1.1.1 scGenPortId 1.3.6.1.4.1.81.28.1.4.1.1.2 scGenPortVLAN 1.3.6.1.4.1.81.28.1.4.1.1.3 scGenPortPriority 1.3.6.1.4.1.81.28.1.4.1.1.4 scGenPortSetDefaults 1.3.6.1.4.1.81.28.1.4.1.1.5...
1.3.6.1.4.1.81.31.3.1.1.2 vlConfStatus 1.3.6.1.4.1.81.31.3.1.1.3 4 of 4 MIB files in the RS-232-MIB.my file The following table provides a list of the MIBs in the RS-232-MIB.my file that are supported by the G250/G350 and their OIDs: Object rs232Number 1.3.6.1.2.1.10.33.1 rs232PortIndex 1.3.6.1.2.1.10.33.2.1.1 rs232PortType 1.3.6.1.2.1.10.33.2.1.2...
Page 660
1.3.6.1.2.1.10.33.4.1.10 rs232SyncPortRTSCTSDelay 1.3.6.1.2.1.10.33.4.1.11 rs232SyncPortMode 1.3.6.1.2.1.10.33.4.1.12 rs232SyncPortIdlePattern 1.3.6.1.2.1.10.33.4.1.13 rs232SyncPortMinFlags 1.3.6.1.2.1.10.33.4.1.14 rs232InSigPortIndex 1.3.6.1.2.1.10.33.5.1.1 rs232InSigName 1.3.6.1.2.1.10.33.5.1.2 rs232InSigState 1.3.6.1.2.1.10.33.5.1.3 rs232InSigChanges 1.3.6.1.2.1.10.33.5.1.4 rs232OutSigPortIndex 1.3.6.1.2.1.10.33.6.1.1 rs232OutSigName 1.3.6.1.2.1.10.33.6.1.2 rs232OutSigState 1.3.6.1.2.1.10.33.6.1.3 rs232OutSigChanges 1.3.6.1.2.1.10.33.6.1.4 2 of 2 660 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB files in the RIPv2-MIB.my file The following table provides a list of the MIBs in the RIPv2-MIB.my file that are supported by the G250/G350 and their OIDs: Object rip2GlobalRouteChanges 1.3.6.1.2.1.23.1.1 rip2GlobalQueries 1.3.6.1.2.1.23.1.2 rip2IfStatAddress 1.3.6.1.2.1.23.2.1.1 rip2IfStatRcvBadPackets 1.3.6.1.2.1.23.2.1.2 rip2IfStatRcvBadRoutes 1.3.6.1.2.1.23.2.1.3...
The following table provides a list of the MIBs in the DS0-MIB.my file that are supported by the G250/G350 and their OIDs: Object dsx0Ds0ChannelNumber 1.3.6.1.2.1.10.81.1.1.1 dsx0RobbedBitSignalling 1.3.6.1.2.1.10.81.1.1.2 dsx0CircuitIdentifier 1.3.6.1.2.1.10.81.1.1.3 dsx0IdleCode 1.3.6.1.2.1.10.81.1.1.4 dsx0SeizedCode 1.3.6.1.2.1.10.81.1.1.5 dsx0ReceivedCode 1.3.6.1.2.1.10.81.1.1.6 dsx0TransmitCodesEnable 1.3.6.1.2.1.10.81.1.1.7 dsx0Ds0BundleMappedIfIndex 1.3.6.1.2.1.10.81.1.1.8 dsx0ChanMappedIfIndex 1.3.6.1.2.1.10.81.3.1.1 666 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB files in the POLICY-MIB.my file The following table provides a list of the MIBs in the POLICY-MIB.MY file that are supported by the G250/G350 and their OIDs: Object ipPolicyListSlot 1.3.6.1.4.1.81.36.1.1.1 ipPolicyListID 1.3.6.1.4.1.81.36.1.1.2 ipPolicyListName 1.3.6.1.4.1.81.36.1.1.3 ipPolicyListValidityStatus 1.3.6.1.4.1.81.36.1.1.4 ipPolicyListChecksum 1.3.6.1.4.1.81.36.1.1.5...
Page 668
1.3.6.1.4.1.81.36.2.1.19 ipPolicyRuleDSCPOperation 1.3.6.1.4.1.81.36.2.1.20 ipPolicyRuleDSCPFilter 1.3.6.1.4.1.81.36.2.1.21 ipPolicyRuleDSCPFilterWild 1.3.6.1.4.1.81.36.2.1.22 ipPolicyRuleIcmpTypeCode 1.3.6.1.4.1.81.36.2.1.23 ipPolicyRuleSrcAddrNot 1.3.6.1.4.1.81.36.2.1.24 ipPolicyRuleDstAddrNot 1.3.6.1.4.1.81.36.2.1.25 ipPolicyRuleProtocolNot 1.3.6.1.4.1.81.36.2.1.26 ipPolicyRuleL4SrcPortNot 1.3.6.1.4.1.81.36.2.1.27 ipPolicyRuleL4DestPortNot 1.3.6.1.4.1.81.36.2.1.28 ipPolicyRuleIcmpTypeCodeNot 1.3.6.1.4.1.81.36.2.1.29 ipPolicyRuleSrcPolicyUserGroupName 1.3.6.1.4.1.81.36.2.1.30 ipPolicyRuleDstPolicyUserGroupName 1.3.6.1.4.1.81.36.2.1.31 2 of 7 668 Administration for the Avaya G250 and Avaya G350 Media Gateways...
1.3.6.1.4.1.81.36.11.3.1.7 ipPolicyValidDSCPErrMsg 1.3.6.1.4.1.81.36.11.3.1.8 7 of 7 MIB files in the BRIDGE-MIB.my file The following table provides a list of the MIBs in the BRIDGE-MIB.my file that are supported by the G250/G350 and their OIDs: Object dot1dBaseBridgeAddress 1.3.6.1.2.1.17.1.1 dot1dBaseNumPorts 1.3.6.1.2.1.17.1.2 dot1dBaseType 1.3.6.1.2.1.17.1.3...
Page 674
1.3.6.1.2.1.17.2.15.1.2 dot1dStpPortState 1.3.6.1.2.1.17.2.15.1.3 dot1dStpPortEnable 1.3.6.1.2.1.17.2.15.1.4 dot1dStpPortPathCost 1.3.6.1.2.1.17.2.15.1.5 dot1dStpPortDesignatedRoot 1.3.6.1.2.1.17.2.15.1.6 dot1dStpPortDesignatedCost 1.3.6.1.2.1.17.2.15.1.7 dot1dStpPortDesignatedBridge 1.3.6.1.2.1.17.2.15.1.8 dot1dStpPortDesignatedPort 1.3.6.1.2.1.17.2.15.1.9 dot1dStpPortForwardTransitions 1.3.6.1.2.1.17.2.15.1.10 dot1dTpAgingTime 1.3.6.1.2.1.17.4.2 dot1dTpFdbAddress 1.3.6.1.2.1.17.4.3.1.1 dot1dTpFdbPort 1.3.6.1.2.1.17.4.3.1.2 dot1dTpFdbStatus 1.3.6.1.2.1.17.4.3.1.3 2 of 2 674 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB files in the CONFIG-MIB.my file The following table provides a list of the MIBs in the CONFIG-MIB.MY file that are supported by the G250/G350 and their OIDs: Object chHWType 1.3.6.1.4.1.81.7.1 chNumberOfSlots 1.3.6.1.4.1.81.7.2 chReset 1.3.6.1.4.1.81.7.7 chLntAgMaxNmbOfMngrs 1.3.6.1.4.1.81.7.9.3.1 chLntAgPermMngrId 1.3.6.1.4.1.81.7.9.3.2.1.1...
Page 676
1.3.6.1.4.1.81.8.1.1.19 genGroupSpecificOID 1.3.6.1.4.1.81.8.1.1.20 genGroupConfigurationSymbol 1.3.6.1.4.1.81.8.1.1.21 genGroupLastChange 1.3.6.1.4.1.81.8.1.1.22 genGroupRedunRecovery 1.3.6.1.4.1.81.8.1.1.23 genGroupHWVersion 1.3.6.1.4.1.81.8.1.1.24 genGroupHeight 1.3.6.1.4.1.81.8.1.1.25 genGroupWidth 1.3.6.1.4.1.81.8.1.1.26 genGroupIntrusionControl 1.3.6.1.4.1.81.8.1.1.27 genGroupThresholdStatus 1.3.6.1.4.1.81.8.1.1.28 genGroupEavesdropping 1.3.6.1.4.1.81.8.1.1.29 genGroupMainSWVersion 1.3.6.1.4.1.81.8.1.1.30 genGroupMPSActivityStatus 1.3.6.1.4.1.81.8.1.1.31 2 of 4 676 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB files in the G700-MG-MIB.my file The following table provides a list of the MIBs in the G700-MG-MIB.MY file that are supported by the G250/G350 and their OIDs: Object cmgHWType 1.3.6.1.4.1.6889.2.9.1.1.1 cmgModelNumber 1.3.6.1.4.1.6889.2.9.1.1.2 cmgDescription 1.3.6.1.4.1.6889.2.9.1.1.3 cmgSerialNumber 1.3.6.1.4.1.6889.2.9.1.1.4 cmgHWVintage 1.3.6.1.4.1.6889.2.9.1.1.5...
Page 680
1.3.6.1.4.1.6889.2.9.1.2.3.2 cmgActiveClockSource 1.3.6.1.4.1.6889.2.9.1.2.3.3 cmgRegistrationState 1.3.6.1.4.1.6889.2.9.1.3.1 cmgActiveControllerAddress 1.3.6.1.4.1.6889.2.9.1.3.2 cmgH248LinkStatus 1.3.6.1.4.1.6889.2.9.1.3.3 cmgH248LinkErrorCode 1.3.6.1.4.1.6889.2.9.1.3.4 cmgUseDhcpForMgcList 1.3.6.1.4.1.6889.2.9.1.3.5 cmgStaticControllerHosts 1.3.6.1.4.1.6889.2.9.1.3.6 cmgDhcpControllerHosts 1.3.6.1.4.1.6889.2.9.1.3.7 cmgPrimarySearchTime cmgTotalSearchTime cmgTransitionPoint cmgVoipEngineUseDhcp 1.3.6.1.4.1.6889.2.9.1.4.1 cmgVoipQosControl 1.3.6.1.4.1.6889.2.9.1.4.2 cmgVoipRemoteBbeDscp 1.3.6.1.4.1.6889.2.9.1.4.3.1.1 2 of 5 680 Administration for the Avaya G250 and Avaya G350 Media Gateways...
1.3.6.1.4.1.6889.2.9.1.8.2 cmgDynCacLastUpdate 1.3.6.1.4.1.6889.2.9.1.8.3 5 of 5 MIB files in the FRAME-RELAY-DTE-MIB.my file The following table provides a list of the MIBs in the FRAME-RELAY-DTE-MIB.my file that are supported by the G250/G350 and their OIDs: Object frDlcmiIfIndex 1.3.6.1.2.1.10.32.1.1.1 frDlcmiState 1.3.6.1.2.1.10.32.1.1.2 frDlcmiAddress 1.3.6.1.2.1.10.32.1.1.3...
Page 684
1.3.6.1.2.1.10.32.2.1.17 frCircuitReceivedDEs 1.3.6.1.2.1.10.32.2.1.18 frCircuitSentDEs 1.3.6.1.2.1.10.32.2.1.19 frCircuitLogicalIfIndex 1.3.6.1.2.1.10.32.2.1.20 frCircuitRowStatus 1.3.6.1.2.1.10.32.2.1.21 frErrIfIndex 1.3.6.1.2.1.10.32.3.1.1 frErrType 1.3.6.1.2.1.10.32.3.1.2 frErrData 1.3.6.1.2.1.10.32.3.1.3 frErrTime 1.3.6.1.2.1.10.32.3.1.4 frErrFaults 1.3.6.1.2.1.10.32.3.1.5 frErrFaultTime 1.3.6.1.2.1.10.32.3.1.6 frTrapState 1.3.6.1.2.1.10.32.4.1 frTrapMaxRate 1.3.6.1.2.1.10.32.4.2 2 of 2 684 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB files in the IP-MIB.my file The following table provides a list of the MIBs in the IP-MIB.my file that are supported by the G250/G350 and their OIDs: Object ipForwarding 1.3.6.1.2.1.4.1 ipDefaultTTL 1.3.6.1.2.1.4.2 ipInReceives 1.3.6.1.2.1.4.3 ipInHdrErrors 1.3.6.1.2.1.4.4 ipInAddrErrors 1.3.6.1.2.1.4.5...
G250/G350 MIB files MIB files in the WAN-MIB.my file The following table provides a list of the MIBs in the WAN-MIB.my file that are supported by the G250/G350 and their OIDs: Object ds0BundleMemmbersList 1.3.6.1.4.1.6889.2.1.6.1.1.2.1.1 ds0BundleSpeedFactor 1.3.6.1.4.1.6889.2.1.6.1.1.2.1.2 ds1DeviceMode 1.3.6.1.4.1.6889.2.1.6.2.1.1 ifTableXtndIndex 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.1 ifTableXtndPeerAddress 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.2...
Page 690
1.3.6.1.4.1.6889.2.1.6.2.2.1.1.31 ifTableXtndCacPriority 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.32 ifTableXtndCacifStatus 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.33 frDlcmiXtndIndex 1.3.6.1.4.1.6889.2.1.6.2.4.1.1.1 frDlcmiXtndLMIAutoSense 1.3.6.1.4.1.6889.2.1.6.2.4.1.1.2 frStaticCircuitSubIfIndex 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.1 frStaticCircuitDLCI 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.2 frStaticCircuitDLCIrole 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.3 frStaticCircuitStatus 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.4 frSubIfDlcmiIndex 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.1 frSubIfSubIndex 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.2 frSubIfType 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.3 frSubIfStatus 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.4 2 of 2 690 Administration for the Avaya G250 and Avaya G350 Media Gateways...
G250/G350 MIB files MIB files in the SNMPv2-MIB.my file The following table provides a list of the MIBs in the SNMPv2-MIB.my file that are supported by the G250/G350 and their OIDs: Object sysDescr 1.3.6.1.2.1.1.1 sysObjectID 1.3.6.1.2.1.1.2 sysUpTime 1.3.6.1.2.1.1.3 sysContact 1.3.6.1.2.1.1.4 sysName 1.3.6.1.2.1.1.5...
The following table provides a list of the MIBs in the OSPF-MIB.my file that are supported by the G250/G350 and their OIDs: Object ospfRouterId 1.3.6.1.2.1.14.1.1 ospfAdminStat 1.3.6.1.2.1.14.1.2 ospfVersionNumber 1.3.6.1.2.1.14.1.3 ospfAreaBdrRtrStatus 1.3.6.1.2.1.14.1.4 ospfASBdrRtrStatus 1.3.6.1.2.1.14.1.5 ospfExternLsaCount 1.3.6.1.2.1.14.1.6 1 of 4 692 Administration for the Avaya G250 and Avaya G350 Media Gateways...
1.3.6.1.2.1.14.12.1.6 ospfExtLsdbAdvertisement 1.3.6.1.2.1.14.12.1.7 4 of 4 MIB files in the TUNNEL-MIB.my file The following table provides a list of the MIBs in the TUNNEL-MIB.my file that are supported by the G250/G350 and their OIDs: Object tunnelIfLocalAddress 1.3.6.1.2.1.10.131.1.1.1.1.1 tunnelIfRemoteAddress 1.3.6.1.2.1.10.131.1.1.1.1.2 1 of 2...
Page 696
1.3.6.1.2.1.10.131.1.1.2.1.2 tunnelConfigEncapsMethod 1.3.6.1.2.1.10.131.1.1.2.1.3 tunnelConfigID 1.3.6.1.2.1.10.131.1.1.2.1.4 tunnelConfigStatus 1.3.6.1.2.1.10.131.1.1.2.1.5 ipTunnelIfIndex 1.3.6.1.4.1.81.31.8.1.1.1 ipTunnelIfChecksum 1.3.6.1.4.1.81.31.8.1.1.2 ipTunnelIfKey 1.3.6.1.4.1.81.31.8.1.1.3 ipTunnelIfkeyMode 1.3.6.1.4.1.81.31.8.1.1.4 ipTunnelIfAgingTimer 1.3.6.1.4.1.81.31.8.1.1.5 ipTunnelIfMTUDiscovery 1.3.6.1.4.1.81.31.8.1.1.6 ipTunnelIfMTU 1.3.6.1.4.1.81.31.8.1.1.7 ipTunnelIfKeepaliveRate 1.3.6.1.4.1.81.31.8.1.1.8 ipTunnelIfKeepaliveRetries 1.3.6.1.4.1.81.31.8.1.1.9 2 of 2 696 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 698
....capture buffer-mode ....copy ftp SW_imageA 698 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 699
Index Commands, (continued) Commands, (continued) ......copy ftp sw_imageB disable link encryption ....
Page 700
... . ip ssh no snmp trap link-status ....ip tcp compression-connections no snmp-server community 700 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 714
....sample network ..setting QoS event thresholds 714 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 715
....setup ..Avaya phones supported in SLS ....teardown .
Page 716
....overview strategies employed Standard Local Survivability, see SLS SYN flood attack protection, see SYN cookies 716 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 717
....description ... . accessing G250/G350 via ..disconnecting USB sessions .
Page 718
... . . configuration example ....description 718 Administration for the Avaya G250 and Avaya G350 Media Gateways...
Page 719
Index ....backup interfaces ... . checking interface status ....default encapsulation .
Page 720
Index 720 Administration for the Avaya G250 and Avaya G350 Media Gateways...