Network security
SSHv1/v2
SSH is used to conduct secure communications over a network between a server and a client. The
switch supports only the server mode (supply an external client to establish communication). The
server mode supports SSHv1 and SSHv2.
The SSH protocol offers:
• Authentication
SSH determines identities. During the logon process, the SSH client asks for a digital proof of
the identity of the user.
• Encryption
SSH uses encryption algorithms to scramble data. This data is rendered unintelligible except to
the intended receiver.
• Integrity
SSH guarantees that data is transmitted from the sender to the receiver without any alteration.
If any third party captures and modifies the traffic, SSH detects this alteration.
The Avaya Ethernet Routing Switch 8800/8600 supports:
• SSH version 1, with password and Rivest, Shamir, Adleman (RSA) authentication
• SSH version 2 with password and Digital Signature Algorithm (DSA) authentication
• Triple Digital Encryption Standard (3DES)
SNMP header network address
You can direct an IP header to have the same source address as the management virtual IP
address for self-generated UDP packets. If a management virtual IP address is configured and the
udpsrc-by-vip flag is set, the network address in the SNMP header is always the management
virtual IP address. This is true for all traps routed out on the I/O ports or on the out-of-band
management Ethernet port.
SNMPv3 support
SNMP version 1 and version 2 are not secure because communities are not encrypted.
Avaya recommends that you use SNMP version 3. SNMPv3 provides stronger authentication
services and the encryption of data traffic for network management.
Other security equipment
Avaya offers other devices that increase the security of your network.
June 2016
Planning and Engineering — Network Design
Comments on this document? infodev@avaya.com
286