Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this release
- Chapter 3: Network design fundamentals
- Chapter 4: Hardware fundamentals and guidelines
- Chapter 5: Optical routing design
- Chapter 6: Platform redundancy
- Chapter 7: Link redundancy
- Chapter 8: Layer 2 loop prevention
- Chapter 9: Spanning tree
- Chapter 10: Layer 3 network design
- Chapter 11: SPBM design guidelines
- Chapter 12: IP multicast network design
- Multicast and VRF-lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 13: System and network stability and security
- Chapter 14: QoS design guidelines
- Chapter 15: Layer 1, 2, and 3 design examples
- Chapter 16: Software scaling capabilities
- Chapter 17: Supported standards, RFCs, and MIBs
- Glossary
Id: 1
Name: default
PolicyEnable: false
Mode: allow
Service: ftp|http|telnet|ssh
Precedence: 128
NetAddrType: any
NetAddr: N/A
NetMask: N/A
TrustedHostAddr: N/A
TrustedHostUserName: none
AccessLevel: readOnly
AccessStrict: false
Usage: 0
If you disable access-strict (false), the policy looks at the value for accesslevel,
and then the system applies the policy to anyone with equivalent rights or higher. In this
example, all levels include readonly so the default policy applies to l1, l2, l3, rw, ro, and
rwa. If you enable access-strict, the system applies the policy only to ro.
For SNMP and access policies, you must apply the service to the access policy - the only
choice is snmpv3 but this parameter applies to all versions of SNMP. The additional
command access-policy <1–65535> snmp-group WORD<1–32> <snmpv1|
snmpv2|usm> applies the policy to the SNMP community or the SNMP group.
• filters
ACL filters are used by individual VLANs to filter out packets based on source MAC,
destination MAC and other criteria.
For more information about these filters, see Avaya Virtual Services Platform 4000
Configuration — QoS and IP Filtering, NN46251-502.
• limited MAC learning
This feature limits the number of FDB-entries learned on a particular port to a user-
specified value. After the number of learned FDB-entries reaches the maximum limit, the
switch drops packets with unknown source MAC addresses.
Note:
The current release of the VSP 4000 allows you to enable limit-learning on a port and
configure the maximum number of MAC entries on this port.
VSP-4850GTS(config-if)#mac-security limit-learning ?
enable Enable limit-learning on this port
max-addrs Set the maximum number of entries on this port
Security at Layer 3: filtering
At Layer 3 and higher, Virtual Services Platform 4000 provides enhanced filtering capabilities
as part of its security strategy to protect the network from different attacks.
Virtual Services Platform 4000 supports advanced filters based on Access Control Lists
(ACL).
Customer Support Bulletins (CSBs) are available on the Avaya Technical Support Web site to
provide information and configuration examples about how to block some attacks.
Data plane security
Network Design Reference for Avaya VSP 4000 February 2014 123