Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this release
- Chapter 3: Network design fundamentals
- Chapter 4: Hardware fundamentals and guidelines
- Chapter 5: Optical routing design
- Chapter 6: Platform redundancy
- Chapter 7: Link redundancy
- Chapter 8: Layer 2 loop prevention
- Chapter 9: Spanning tree
- Chapter 10: Layer 3 network design
- Chapter 11: SPBM design guidelines
- Chapter 12: IP multicast network design
- Multicast and VRF-lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 13: System and network stability and security
- Chapter 14: QoS design guidelines
- Chapter 15: Layer 1, 2, and 3 design examples
- Chapter 16: Software scaling capabilities
- Chapter 17: Supported standards, RFCs, and MIBs
- Glossary
Figure 55: RADIUS server as proxy for stronger authentication
You must configure each RADIUS client to contact the RADIUS server. When you configure
a client to work with a RADIUS server, complete the following configurations:
• Enable RADIUS.
• Provide the IP address of the RADIUS server.
• Ensure the shared secret matches what is defined in the RADIUS server.
• Provide the attribute value.
• Provide the use by value.
The use by value can be CLI, SNMP, IGAP, or EAPoL.
• Indicate the order of priority in which the RADIUS server is used. (Order is essential when
more than one RADIUS server exists in the network.)
• Specify the User Datagram Protocol (UDP) port that the client and server use during the
authentication process. The UDP port between the client and the server must have the
same or equal value. For example, if you configure the server with UDP 1812, the client
must use the same UDP port value.
Other customizable RADIUS parameters require careful planning and consideration, for
example, switch timeout and retry. Use the switch timeout to define the number of seconds
before the authentication request expires. Use the retry parameter to indicate the number of
retries the server accepts before sending an authentication request failure.
Avaya recommends that you use the default value in the attribute-identifier field. If you change
the default value, you must alter the dictionary on the RADIUS server with the new value. To
configure the RADIUS feature, you require Read-Write-All access to the switch.
For more information about RADIUS, see Avaya Virtual Services Platform 4000 Security,
NN46251-601.
Encryption of control plane traffic
Control plane traffic encryption involves SSHv1/v2, SCP, and SNMPv3.
Use SSH to conduct secure communications over a network between a server and a client.
The switch supports only the server mode (supply an external client to establish
communication). The server mode supports SSHv1 and SSHv2.
The SSH protocol offers
• Authentication
System and network stability and security
126 Network Design Reference for Avaya VSP 4000 February 2014
Comments? infodev@avaya.com