Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this release
- Chapter 3: Network design fundamentals
- Chapter 4: Hardware fundamentals and guidelines
- Chapter 5: Optical routing design
- Chapter 6: Platform redundancy
- Chapter 7: Link redundancy
- Chapter 8: Layer 2 loop prevention
- Chapter 9: Spanning tree
- Chapter 10: Layer 3 network design
- Chapter 11: SPBM design guidelines
- Chapter 12: IP multicast network design
- Multicast and VRF-lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 13: System and network stability and security
- Chapter 14: QoS design guidelines
- Chapter 15: Layer 1, 2, and 3 design examples
- Chapter 16: Software scaling capabilities
- Chapter 17: Supported standards, RFCs, and MIBs
- Glossary
You can also enable the spoof-detect feature on a port.
For more information about the spoof-detect feature, see Avaya Virtual Services Platform 4000
Configuration — VLANs and Spanning Tree, NN46251-500.
High Secure mode
To ensure that Virtual Services Platform 4000 does not route packets with an illegal source
address of 255.255.255.255 (RFC1812 Section 4.2.2.11 and RFC971 Section 3.2), you can
enable High Secure mode.
By default, this feature is disabled. After you enable this flag, the feature applies to all ports.
For more information about hsecure, see Avaya Virtual Services Platform 4000 Security,
NN46251-601.
Data plane security
Data plane security mechanisms include VLANs, filters, routing policies, and routing protocol
protection.
VLANs and traffic isolation
You can use Virtual Services Platform 4000 to build secure VLANs. If you configure port-based
VLANs, each VLAN is completely separate from the others. Virtual Services Platform 4000
supports the IEEE 802.1Q specification for tagging frames and coordinating VLANs across
multiple switches.
Virtual Services Platform 4000 analyzes each packet independently of preceding packets. This
mode, as opposed to the cache mode that other vendors use, allows complete traffic
isolation.
For more information about VLANs, see Avaya Virtual Services Platform 4000 Configuration
— VLANs and Spanning Tree, NN46251-500.
Management of access policies
At Layer 2, Virtual Services Platform 4000 provides the following security mechanisms:
• access policies
If you enable access policies globally, the system creates a default policy (1) that allows
File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Telnet, and Secure
Shell (SSH). If you enable access policies globally but disable the default policy, the
system denies FTP, HTTP, rlogin, SSH, Simple Network Management Protocol (SNMP),
Telnet, and Trivial FTP (TFTP).
The access-strict parameter ties to the accesslevel parameter. If you enable
access-strict, the access policy looks at the accesslevel parameter, and only
applies to that access level. Use the following configuration as an example:
VSP-9012:1(config)#show access-policy
AccessPolicyEnable: off
System and network stability and security
122 Network Design Reference for Avaya VSP 4000 February 2014
Comments? infodev@avaya.com