Avaya 1004, 1002, 1001, 1001s Configuration Manual
Avaya Secure Router 1000 Series
Configuration Guide
NN47262-501, 02.01
9.4
December 2010
©
2010 Avaya Inc.
All Rights Reserved.
Notice
While reasonable efforts have been made to ensure that the
information in this document is complete and accurate at the time of
printing, Avaya assumes no liability for any errors. Avaya reserves the
right to make changes and corrections to the information in this
document without the obligation to notify any person or organization of
such changes.
Documentation disclaimer
“Documentation” means information published by Avaya in varying
mediums which may include product information, operating instructions
and performance specifications that Avaya generally makes available
to users of its products. Documentation does not include marketing
materials. Avaya shall not be responsible for any modifications,
additions, or deletions to the original published version of
documentation unless such modifications, additions, or deletions were
performed by Avaya. End User agrees to indemnify and hold harmless
Avaya, Avaya's agents, servants and employees against all claims,
lawsuits, demands and judgments arising out of, or in connection with,
subsequent modifications, additions or deletions to this documentation,
to the extent made by End User.
Link disclaimer
Avaya is not responsible for the contents or reliability of any linked Web
sites referenced within this site or documentation provided by Avaya.
Avaya is not responsible for the accuracy of any information, statement
or content provided on these sites and does not necessarily endorse
the products, services, or information described or offered within them.
Avaya does not guarantee that these links will work all the time and has
no control over the availability of the linked pages.
Warranty
Avaya provides a limited warranty on its Hardware and Software
(“Product(s)”). Refer to your sales agreement to establish the terms of
the limited warranty. In addition, Avaya’s standard warranty language,
as well as information regarding support for this Product while under
warranty is available to Avaya customers and other parties through the
Avaya Support Web site:
you acquired the Product(s) from an authorized Avaya reseller outside
of the United States and Canada, the warranty is provided to you by
said Avaya reseller and not by Avaya.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA
WEBSITE,
APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR
INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC.,
ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER
(AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH
AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS
OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES
NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED
FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN
AVAYA AUTHORIZED RESELLER; AVAYA RESERVES THE RIGHT
TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE
USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY
INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR
AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF
YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING,
DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER
REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”),
AGREE TO THESE TERMS AND CONDITIONS AND CREATE A
BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE (“AVAYA”).
HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE
http://support.avaya.com. Please note that if
Copyright
Except where expressly stated otherwise, no use should be made of
materials on this site, the Documentation, Software, or Hardware
provided by Avaya. All content on this site, the documentation and the
Product provided by Avaya including the selection, arrangement and
design of the content is owned either by Avaya or its licensors and is
protected by copyright and other intellectual property laws including the
sui generis rights relating to the protection of databases. You may not
modify, copy, reproduce, republish, upload, post, transmit or distribute
in any way any content, in whole or in part, including any code and
software unless expressly authorized by Avaya. Unauthorized
reproduction, transmission, dissemination, storage, and or use without
the express written consent of Avaya can be a criminal, as well as a
civil offense under the applicable law.
Third-party components
Certain software programs or portions thereof included in the Product
may contain software distributed under third party agreements (“Third
Party Components”), which may contain terms that expand or limit
rights to use certain portions of the Product (“Third Party Terms”).
Information regarding distributed Linux OS source code (for those
Products that have distributed the Linux OS source code), and
identifying the copyright holders of the Third Party Components and the
Third Party Terms that apply to them is available on the Avaya Support
Web site:
Trademarks
The trademarks, logos and service marks (“Marks”) displayed in this
site, the Documentation and Product(s) provided by Avaya are the
registered or unregistered Marks of Avaya, its affiliates, or other third
parties. Users are not permitted to use such Marks without prior written
consent from Avaya or such third party which may own the Mark.
Nothing contained in this site, the Documentation and Product(s)
should be construed as granting, by implication, estoppel, or otherwise,
any license or right in and to the Marks without the express written
permission of Avaya or the applicable third party.
Avaya is a registered trademark of Avaya Inc.
All non-Avaya trademarks are the property of their respective owners,
and “Linux” is a registered trademark of Linus Torvalds.
Downloading Documentation
For the most current versions of Documentation, see the Avaya
Support Web site:
Contact Avaya Support
Avaya provides a telephone number for you to use to report problems
or to ask questions about your Product. The support telephone number
is 1-800-242-2121 in the United States. For additional support
telephone numbers, see the Avaya Web site:
http://support.avaya.com/Copyright.
http://support.avaya.com.
http://support.avaya.com.
2 Avaya Secure Router 1000 Series Configuration Guide December 2010
Contents
Chapter 1: New in this release...............................................................................................15
Chapter 2: Preface...................................................................................................................17
Organization....................................................................................................................................................17
Documentation................................................................................................................................................17
About the Avaya Secure Router Documentation CD......................................................................................17
Navigation.......................................................................................................................................................18
Printing Documents.........................................................................................................................................18
Customer service............................................................................................................................................19
Getting technical documentation............................................................................................................19
Getting product training..........................................................................................................................19
Getting help from a distributor or reseller...............................................................................................20
Getting technical support from the Avaya Web site................................................................................20
Chapter 3: Secure Router Basics...........................................................................................21
Default Login Parameters...............................................................................................................................21
Default settings...............................................................................................................................................21
Enable Telnet Server.......................................................................................................................................21
Enable Web User Interface.............................................................................................................................22
Applying licenses............................................................................................................................................22
Daylight Saving Time support.........................................................................................................................23
Multiple SNTP Server support.........................................................................................................................23
Multiple Syslog Server support.......................................................................................................................25
Top command..................................................................................................................................................26
Reading system.cfg from an alternate drive at startup....................................................................................26
banner.txt file...................................................................................................................................................26
Chapter 4: Source IP Enhancements.....................................................................................27
Chapter 5: Multiple IP Helper Addresses on VLAN..............................................................31
Chapter 6: TCP MSS Clamping..............................................................................................33
Chapter 7: IP MULTIPLEXING.................................................................................................37
IP Unnumbered Auto-Configuration................................................................................................................37
Configure the Secure Router 1000 Series at Site A...............................................................................39
Configure the Secure Router 1000 Series at Site B...............................................................................39
Chapter 8: DHCP Relay...........................................................................................................41
Feature Overview............................................................................................................................................41
Functionality....................................................................................................................................................41
BOOTP Requests...................................................................................................................................41
BOOTP Replies......................................................................................................................................42
Using DHCP Relay with NAT..........................................................................................................................42
Command Line Interface.................................................................................................................................43
Enabling DHCP Relay............................................................................................................................43
Disabling DHCP Relay...........................................................................................................................43
Configuring the Gateway Address field when NAT is enabled...............................................................44
Displaying DHCP Configuration.............................................................................................................44
Avaya Secure Router 1000 Series Configuration Guide December 2010 3
DHCP Limitations............................................................................................................................................46
Chapter 9: DHCP Client on Ethernet interfaces....................................................................47
Chapter 10: DHCP Server Configuration...............................................................................49
Configuring the DHCP Server.........................................................................................................................51
IP Phone Support for Full mode with DHCP Server........................................................................................51
Chapter 11: Proxy DNS...........................................................................................................55
Chapter 12: CONFIGURING AUTHENTICATION....................................................................57
Configuring Authentication..............................................................................................................................57
Configure Secure Router 1000 Series authentication.....................................................................................58
Support for Vendor Specific Attribute (VSA) on RADIUS clients.....................................................................61
Chapter 13: Accounting under TACACS support.................................................................63
Chapter 14: Compressed RTP................................................................................................65
Configuring cRTP on the Secure Router 100x................................................................................................65
Configuring cRTP timeout...............................................................................................................................66
Troubleshooting cRTP Common Problems.....................................................................................................66
Configuring interoperability with the Cisco 2800.............................................................................................67
Chapter 15: DTE-to-DTE Multilink Frame Relay....................................................................69
Chapter 16: IGMP CONFIGURATION GUIDE.........................................................................71
Internet Group Management Protocol (IGMP)................................................................................................71
IGMP Commands...................................................................................................................................72
IGMP Configuration Examples...............................................................................................................73
IGMP Snooping...............................................................................................................................................74
Chapter 17: IP MULTIPLEXING OVERVIEW...........................................................................81
Theory and Application...................................................................................................................................81
Packet Forwarding Modes......................................................................................................................81
Proxy ARP and Packet Forwarding........................................................................................................82
Addressing in IP Multiplexing Networks.................................................................................................83
Single Subnet.........................................................................................................................................83
Split Subnet............................................................................................................................................84
Secondary Addressing: POP Only.........................................................................................................84
Secondary Addressing: 30 Bit................................................................................................................85
Secondary Addressing: 29 Bit................................................................................................................85
Pros and Cons of Different IP Addressing Schemes..............................................................................86
Routing Considerations for IP Multiplexing.............................................................................................86
Chapter 18: PPP, MLPPP, and HDLC......................................................................................87
Layer Two Configurations:..............................................................................................................................87
MLPPP Configuration......................................................................................................................................88
Configure the SR1004 at Site 1..............................................................................................................88
PPP and MLPPP Configuration......................................................................................................................88
Configure the SR3120 at the Main Site..................................................................................................88
HDLC Configuration........................................................................................................................................88
Configure the SR3120 at the Main Site..................................................................................................89
HDLC Errors....................................................................................................................................................89
4 Avaya Secure Router 1000 Series Configuration Guide December 2010
Chapter 19: Dial Backup via External Modem......................................................................93
Chapter 20: IP Packet Filter List.............................................................................................97
Configurations.................................................................................................................................................97
Example 1...............................................................................................................................................97
Example 2...............................................................................................................................................98
Example 3...............................................................................................................................................98
IP Packet Filtering on VLAN subinterfaces.............................................................................................99
Chapter 21: Multilink Frame Relay Configuration..............................................................103
Layer Two Configurations.............................................................................................................................103
MFR Configuration........................................................................................................................................104
Configure the Secure Router 1004 Series at Site 1......................................................................................104
Configure the Secure Router 3120...............................................................................................................105
Configure the Secure Router 1004 Series at Site 2......................................................................................105
Configure the SR3120...................................................................................................................................106
Chapter 22: Network Address Translation..........................................................................107
Dynamic NAT................................................................................................................................................107
Static NAT.....................................................................................................................................................107
Configuration for Dynamic and Static NAT....................................................................................................108
Configuration for Mapping Ports...................................................................................................................109
Reverse NAT.................................................................................................................................................110
Configuration for Reverse NAT......................................................................................................................110
NAT-Failover for firewalls...............................................................................................................................111
Configuration for NAT Failover for Firewalls..................................................................................................111
Chapter 23: NAT Configurations..........................................................................................113
NAT Configuration Examples........................................................................................................................114
Dynamic NAT (many to many)..............................................................................................................114
Static NAT (one to one).........................................................................................................................115
Port Address Translation (many to one)...............................................................................................115
Cone NAT......................................................................................................................................................116
Full Cone..............................................................................................................................................117
Restricted Cone....................................................................................................................................117
Port Restricted Cone............................................................................................................................118
Troubleshooting Cone NAT Common Problems...................................................................................118
NAT hairpinning.............................................................................................................................................119
Troubleshooting Hairpinning Common Problems.................................................................................120
SIP ALG Interoperability with Avaya Call Servers.........................................................................................120
Ability to Enable/Disable Firewall ALGs........................................................................................................120
NAT ACL enhancements...............................................................................................................................125
Firewall behavior with invalid ACKs on TCP connections.............................................................................127
Firewall ALG behavior...................................................................................................................................128
Chapter 24: IPSec EXAMPLES.............................................................................................133
Introduction to Security.................................................................................................................................133
Enabling Security Features..................................................................................................................133
Securing Remote Access Using IPSec VPN.................................................................................................134
Access Methods............................................................................................................................................135
Remote Access: User Group................................................................................................................135
Remote Access: Mode Configuration...................................................................................................135
Avaya Secure Router 1000 Series Configuration Guide December 2010 5
Installing Licenses.........................................................................................................................................136
Example 1: Securely Managing the Secure Router 1000 Series Over an IPSec Tunnel..............................137
Step 1: Configure a WAN bundle of network type untrusted................................................................138
Step 2: Configure the Ethernet interface with trusted network type.....................................................138
Step 3: Display the crypto interfaces....................................................................................................138
Step 4: Add the route to the peer LAN.................................................................................................139
Step 5: Configure IKE to the peer gateway..........................................................................................139
Step 6: Display the IKE policies............................................................................................................139
Step 7: Display the IKE policies in detail..............................................................................................139
Step 8: Configure the IPSec tunnel to the remote host........................................................................140
Step 9: Display the IPSec policies........................................................................................................140
Step 10: Display IPSec policies in detail..............................................................................................140
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface....................141
Step 12: Configure firewall policies to allow desired services through untrusted interface to manage the
router....................................................................................................................................................141
Step 13: Display firewall policies in the Internet map...........................................................................141
Step 14: Display firewall policies in the Internet map in detail..............................................................141
Step 15: Enable SNMP on the Networks1 router.................................................................................142
Step 16: Display SNMP communities...................................................................................................142
Step 17: Repeat steps 1 - 16 with suitable modifications on Networks2 prior to managing Networks1 from
the Networks2 LAN side.......................................................................................................................142
Step 18: Test the IPSec tunnel for managing the Networks1 router from a host on the Networks2 LAN.
..............................................................................................................................................................142
Step 19: When the SNMP manager starts managing Networks1 from the Networks2 LAN, display the IKE
and IPSec SA tables.............................................................................................................................142
Example 2: Joining Two Private Networks with an IP Security Tunnel.........................................................143
Step 1: Configure a WAN bundle of network type untrusted................................................................143
Step 2: Configure the Ethernet interface with trusted network type.....................................................144
Step 3: Display the crypto interfaces....................................................................................................144
Step 4: Add route to peer LAN.............................................................................................................144
Step 5: Configure IKE to the peer gateway..........................................................................................144
Step 6: Display the IKE policies............................................................................................................145
Step 7: Display the IKE policies in detail..............................................................................................145
Step 8: Configure IPSec tunnel to the remote host..............................................................................145
Step 9: Display IPSec policies..............................................................................................................145
Step 10: Display IPSec policies detail..................................................................................................146
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface....................146
Step 12: Display firewall policies in the Internet map...........................................................................146
Step 13: Display firewall policies in the Internet map in detail..............................................................146
Step 14: Configure firewall policies to allow transit traffic from remote LAN to the local LAN..............146
Step 15: Display firewall policies in the corp map................................................................................147
Step 16: Display firewall policies in the corp map in detail...................................................................147
Step 17: Repeat steps 1 -16 with suitable modifications on Networks2 prior to passing traffic............147
Step 18: Test the IPSec tunnel between Networks1 and Networks2 by passing traffic from the 10.0.1.0
to the 10.0.2.0 network.........................................................................................................................147
Step 19: After transit traffic is passed through the tunnel, display the IKE and IPSec SA tables.........147
Example 3: Joining Two Networks with an IPSec Tunnel using Multiple IPSec Proposals...........................148
Step 1: Configure a WAN bundle of network type untrusted................................................................149
Step 2: Configure the Ethernet interface with trusted network type.....................................................149
Step 3: Display the crypto interfaces....................................................................................................149
Step 4: Add the route to the peer LAN.................................................................................................150
Step 5: Configure IKE to the peer gateway..........................................................................................150
6 Avaya Secure Router 1000 Series Configuration Guide December 2010
Step 6: Display the IKE policies............................................................................................................150
Step 7: Display the IKE policies in detail..............................................................................................150
Step 8: Configure IPSec tunnel to the remote host..............................................................................151
Step 9: Display the IPSec policies........................................................................................................151
Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface....................151
Step 11: Display firewall policies in the Internet map...........................................................................152
Step 12: Display firewall policies in the Internet map in detail..............................................................152
Step 13: Configure firewall policies to allow transit traffic from remote LAN to the local LAN..............152
Step 14: Display firewall policies in the corp map................................................................................152
Step 15: Display firewall policies in the corp map in detail...................................................................152
Step 16: Repeat steps 1 -15 with suitable modifications on Networks2 prior to passing bi-directional traffic
..............................................................................................................................................................153
Step 17: Test the IPSec tunnel between Networks1 and Networks2 by passing traffic from the 10.0.1.0
network to the 10.0.2.0 network...........................................................................................................153
Step 18: After traffic is passed through the tunnel, display the IKE and IPSec SA tables....................153
Example 4: Supporting Remote User Access...............................................................................................153
Step 1: Configure a WAN bundle of network type untrusted................................................................154
Step 2: Configure the Ethernet interface with trusted network type.....................................................154
Step 3: Display the crypto interfaces....................................................................................................155
Step 4: Configure dynamic IKE policy for a group of mobile users......................................................155
Step 5: Display dynamic IKE policies...................................................................................................155
Step 6: Display dynamic IKE policies in detail......................................................................................156
Step 7: Configure dynamic IPSec policy for a group of mobile users...................................................156
Step 8: Display dynamic IPSec policies...............................................................................................156
Step 9: Display dynamic IPSec policies in detail..................................................................................156
Step 10: Configure radius server (applicable only if client authentication is configured in dynamic IKE
policy)...................................................................................................................................................157
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface....................157
Step 12: Display firewall policies in the Internet map...........................................................................157
Step 13: Display firewall policies in the Internet map in detail..............................................................157
Step 14: Configure firewall policies for a group of mobile users to allow access to the local LAN.......158
Step 15: Display firewall policies in the corp map................................................................................158
Step 16: Display firewall policies in the corp map in detail...................................................................158
Step 17: Test the IPSec tunnel between the VPN client and the server by passing traffic from the client
to the 10.0.1.0 network.........................................................................................................................158
Step 18: After passing traffic through the tunnel, display the list of clients logged onto the VPN server and
the IKE and IPSec SA tables................................................................................................................158
Example 5: Configuring IPSec Remote Access to Corporate LAN with Mode-Configuration Method..........159
Step 1: Configure a WAN bundle of network type untrusted................................................................160
Step 2: Configure the Ethernet interface with trusted network type.....................................................160
Step 3: Display the crypto interfaces....................................................................................................161
Step 4: Configure dynamic IKE policy for a group of mobile users......................................................161
Step 5: Display dynamic IKE policies...................................................................................................161
Step 6: Display dynamic IKE policies in detail......................................................................................162
Step 7: Configure dynamic IPSec policy for a group of mobile users...................................................162
Step 8: Display dynamic IPSec policies...............................................................................................162
Step 9: Display dynamic IPSec policies in detail..................................................................................162
Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface....................163
Step 11: Display firewall policies in the Internet map...........................................................................163
Step 12: Display firewall policies in the Internet map in detail..............................................................163
Step 13: Configure firewall policies for a group of mobile users to allow access to the local LAN.......163
Step 14: Display firewall policies in the corp map................................................................................164
Avaya Secure Router 1000 Series Configuration Guide December 2010 7
Step 15: Display firewall policies in the corp map in detail...................................................................164
Step 16: Test the IPSec tunnel between the VPN client and the server by passing traffic from the client
to the 10.0.1.0 network.........................................................................................................................164
Step 17: After passing traffic through the tunnel, display the list of clients logged onto the VPN server and
the IKE and IPSec SA tables................................................................................................................164
IKE Dead Peer Detection..............................................................................................................................165
PMTU Support for IPSec tunnels..................................................................................................................165
Disabling the IPSec Anti-replay service........................................................................................................165
VPN-only mode.............................................................................................................................................166
Chapter 25: IPSec APPENDIX...............................................................................................169
IPSec Supported Protocols and Algorithms..................................................................................................169
Avaya IKE and IPSec Defaults......................................................................................................................170
IKE Defaults..................................................................................................................................................170
IPSec Defaults..............................................................................................................................................171
Chapter 26: PKI Certificate Support....................................................................................173
Manual Certificate Enrollment:......................................................................................................................173
Certificate enrollment using SCEP................................................................................................................174
IKE negotiation with DSS..............................................................................................................................175
IKE negotiation with RSA..............................................................................................................................175
OCSP Configuration......................................................................................................................................175
CRL Configuration.........................................................................................................................................176
Chapter 27: Configuring GRE...............................................................................................177
Installing Licenses.........................................................................................................................................177
GRE Configuration Examples.......................................................................................................................178
Configuring Site to Site Tunnel.............................................................................................................178
Bridging across GRE.....................................................................................................................................180
Configuring GRE Site to Site with IPSec.......................................................................................................181
Configuring GRE Site to Site with IPSec and OSPF.....................................................................................182
Multicast over GRE.......................................................................................................................................182
Chapter 28: Multipath Multicast...........................................................................................185
Configuration Guide......................................................................................................................................185
Multipath Commands....................................................................................................................................185
Multipath Examples..............................................................................................................................186
Chapter 29: Multilink Frame Relay.......................................................................................187
Chicago - Secure Router Configuration........................................................................................................188
Configuring bundle lans1......................................................................................................................188
Configuring pvc 101..............................................................................................................................189
Configuring pvc 102..............................................................................................................................189
Configuring pvc 103..............................................................................................................................189
Configuring bundle uplink.....................................................................................................................189
Configuring bundle uplink pvc 100.......................................................................................................189
Configuring bundle uplink pvc 101.......................................................................................................190
Configuring bundle uplink pvc 102.......................................................................................................190
Configuring bundle uplink pvc 103.......................................................................................................190
Configuring interface ethernet 0/1........................................................................................................190
Configuring snmp.................................................................................................................................191
Configuring IP routes............................................................................................................................191
8 Avaya Secure Router 1000 Series Configuration Guide December 2010
Lansing - Secure Router Configuration.........................................................................................................191
Configuring interface bundle wan1.......................................................................................................191
Configuring interface bundle wan1 pvc 101.........................................................................................191
Configuring interface bundle wan1 pvc 102.........................................................................................192
Configuring interface bundle wan1 pvc 103.........................................................................................192
Configuring ethernet 0/1.......................................................................................................................192
Configuring IP routing...........................................................................................................................192
Columbus - Secure Router Configuration.....................................................................................................192
Configuring interface bundle dayt1 pvc 104.........................................................................................193
Configuring interface bundle dayt1 pvc 105.........................................................................................193
Configuring interface bundle uplink......................................................................................................193
Configuring interface bundle uplink pvc 104.........................................................................................193
Configuring interface bundle uplink pvc 105.........................................................................................194
Configuring interface ethernet 0/2........................................................................................................194
Configuring snmp.................................................................................................................................194
Configuring IP routes............................................................................................................................194
Dayton- Secure Router Configuration...........................................................................................................194
Configuring interface bundle wan1.......................................................................................................195
Configuring bundle wan1 pvc 104........................................................................................................195
Configuring bundle wan1 pvc 105........................................................................................................195
Configuring interface ethernet 0/1........................................................................................................195
Configuring FRF.12.......................................................................................................................................196
FRF.12..................................................................................................................................................196
DTE-DCE FRF.12 where DCE terminates the traffic............................................................................196
DTE-DTE FRF.12 with an FR cloud in the middle................................................................................197
Chapter 30: OSPF Routing Protocol - Frame Relay...........................................................199
Configuring the host name............................................................................................................................199
Configuring interface ethernet 0....................................................................................................................199
Configuring interface bundle Dallas..............................................................................................................200
Configuring ospf............................................................................................................................................200
Configuring interface Dallas parameters.......................................................................................................200
Configuring interface ethernet 0 parameters.................................................................................................200
Displaying ospf parameters...........................................................................................................................200
Chapter 31: PIM Quick Configuration..................................................................................201
Protocol Independent Multicast (PIM)...........................................................................................................201
PIM Commands....................................................................................................................................201
PIM Configuration Examples................................................................................................................204
Chapter 32: OSPF Routing Protocol....................................................................................209
Configuring the host name............................................................................................................................209
Configuring interface ethernet 0....................................................................................................................209
Configuring interface bundle Dallas..............................................................................................................210
Configuring ospf............................................................................................................................................210
Configuring ospf interface parameters..........................................................................................................210
Displaying neighbors.....................................................................................................................................210
Displaying ospf routes...................................................................................................................................211
Displaying IP routes.......................................................................................................................................211
OSPF NBMA over Ethernet...........................................................................................................................211
Avaya Secure Router 1000 Series Configuration Guide December 2010 9
Chapter 33: QOS Configuration...........................................................................................215
Overview.......................................................................................................................................................215
Features........................................................................................................................................................215
Definitions.....................................................................................................................................................216
Classification Types......................................................................................................................................216
Configuration for the example in Figure 1.....................................................................................................217
Create bundle AppTest.........................................................................................................................217
Create traffic classes............................................................................................................................218
Assign classification types....................................................................................................................218
VLAN Identifiers....................................................................................................................................218
Configuration for Figure 2.............................................................................................................................219
Create bundle VLANtest.......................................................................................................................219
Create traffic classes and assign classifications..................................................................................219
Historical Statistics........................................................................................................................................220
Configuring bulk statistics.....................................................................................................................220
Traffic Policing versus Traffic Shaping..........................................................................................................220
Need for Traffic Policing.......................................................................................................................221
Traffic Policing Functionality on Secure Routers..................................................................................221
Configuring Traffic Policing...................................................................................................................222
Syntax...................................................................................................................................................222
Verifying Policing Status and Configuration..........................................................................................223
Limitations............................................................................................................................................224
QoS Monitor Mode QoS Configuration.........................................................................................................224
Trusted Core Configuration...........................................................................................................................225
Un-trusted Access Configuration..................................................................................................................226
Traffic Policing Configuration........................................................................................................................227
Burst Tolerance for FR and PPP...................................................................................................................228
QOS Strict Priority Queuing (SPQ)...............................................................................................................229
Capacity of QoS over Ethernet.....................................................................................................................231
Chapter 34: Remote Access VPN.........................................................................................233
Secure Remote Access Using IPSec VPN...................................................................................................233
Access Methods............................................................................................................................................233
Remote Access: User Group........................................................................................................................234
Remote Access: Mode Configuration............................................................................................................234
Configuration Examples................................................................................................................................235
IPSec Remote Access User Group Method: Single Proposal, Pre-shared Key Authentication....................235
IPSec Remote Access Mode Configuration Group Method..........................................................................237
Chapter 35: Routing Information Protocol..........................................................................241
Configuring Routing Information Protocol for Ethernet 0 and WAN 1 Interfaces..........................................241
Displaying RIP Configuration........................................................................................................................241
Displaying All Configured RIP Interfaces......................................................................................................241
Chapter 36: Static Routing...................................................................................................243
Configure the Multilink Router A at Site A.....................................................................................................243
Configure the Multilink Router B at site B.....................................................................................................244
Chapter 37: VRRP enhancements........................................................................................245
Chapter 38: Trunk Group/Failover.......................................................................................249
Configuration Details.....................................................................................................................................249
10 Avaya Secure Router 1000 Series Configuration Guide December 2010
Configure the WAN Router for Failover Operation........................................................................................250
Chapter 39: VLAN Tagging................................................................................................... 251
Reston configuration: Channelized T3 Router.............................................................................................. 252
Configure interface bundle balt1...........................................................................................................252
Configure interface balt1 pvc 100.........................................................................................................252
Configure interface bundle dc1.............................................................................................................253
Configure interface ethernet 0..............................................................................................................253
Configure ip routing..............................................................................................................................253
DC configuration: Multilink T1 Router........................................................................................................... 253
Configure interface ethernet 0..............................................................................................................254
Configure interface bundle mip.............................................................................................................254
Configure ip routing..............................................................................................................................254
VLAN Tagging and Forwarding over Ethernet...............................................................................................254
VLAN Forwarding - Packets are already tagged at the Ethernet interface................................................... 255
VLAN Tagging - Interface will add and remove tags..................................................................................... 255
802.1Q VLAN Routing - Packets are tagged and IP routed per VLAN.........................................................256
Multinetting (IP Subinterfaces) Configuration................................................................................................257
VLAN Tagging and Forwarding over Ethernet Summary.............................................................................. 257
Independent VLAN Learning (IVL) Support.................................................................................................. 258
Queue-in-Queue VLAN support....................................................................................................................258
Chapter 40: Serial Interface..................................................................................................259
High-Speed Serial Interface..........................................................................................................................259
Bundle Configuration............................................................................................................................259
Serial Configuration.......................................................................................................................................259
DCE......................................................................................................................................................259
HDLC....................................................................................................................................................260
Troubleshooting the Serial link......................................................................................................................262
Chapter 41: VLAN Forwarding with QOS............................................................................263
Virtual LAN Domain.......................................................................................................................................264
POP Configuration: Channelized T3 Router................................................................................................. 265
Configure mlppp bundle interface.........................................................................................................265
Configure interface ethernet 0..............................................................................................................265
Configure in-band vlan forwarding table...............................................................................................265
Configure rate limiting for vlans............................................................................................................265
Bldg1 configuration: Multilink T1 Router....................................................................................................... 266
Configure interface bundle uplink.........................................................................................................266
Configure inband VLAN forwarding table.............................................................................................266
Configure rate limiting for vlans............................................................................................................267
Configure SNMP...................................................................................................................................267
Chapter 42: WAN Interfaces................................................................................................. 269
T1/E1.............................................................................................................................................................269
Module Configuration....................................................................................................................................269
T1......................................................................................................................................................... 269
Bundle Configuration.....................................................................................................................................270
Fractional T1.........................................................................................................................................270
T1..................................................................................................................................................................270
Configure a T1 PPP Bundle................................................................................................................. 270
NxT1..............................................................................................................................................................271
Avaya Secure Router 1000 Series Configuration Guide December 2010 11
Configure an N x T1 MLPPP Bundle....................................................................................................271
Chapter 43: Backup Interface-ISDN.....................................................................................273
ISDN as Primary Interface............................................................................................................................273
Configuring ISDN as a 128Kbps Primary Interface..............................................................................273
ISDN as backup Interface.............................................................................................................................276
Configuring ISDN as a 64Kbps Backup Interface.................................................................................276
ISDN enhancements.....................................................................................................................................279
Multiple BRI bundles.....................................................................................................................................281
Interface-based backup using ISDN.............................................................................................................281
Time of day scheduling for ISDN...................................................................................................................282
Filtering idle timeout with ISDN.....................................................................................................................284
Numbering Plan And Type Of Number for ISDN...........................................................................................285
Chapter 44: PPP Over Ethernet Client.................................................................................287
Sample PPPoE Configuration.......................................................................................................................288
Sample Configuration for Transit Traffic........................................................................................................288
IPSec over PPPoE between two Secure Routers.........................................................................................289
PPPoE Client Configuration.................................................................................................................289
Peer VPN Gateway configuration.........................................................................................................290
IPSec over PPPoE between Secure router and Cisco..................................................................................290
Chapter 45: Configuring BGP Features...............................................................................293
Configuring IBGP Sessions...........................................................................................................................293
Configuring an IBGP Session between 2 Avaya Secure Routers........................................................293
Configuring an IBGP Session between an Avaya Router and a 3rd Party Router...............................295
Configuring an IBGP Multi-Hop Session between 2 Avaya Secure Routers........................................297
Configuring an IBGP Multi-Hop Session between an Avaya Router and a 3rd Party Router...............298
Configuring EBGP Sessions.........................................................................................................................299
Configuring an EBGP Session between 2 Avaya Secure Routers.......................................................299
Configuring an EBGP Session between an Avaya Router and a 3rd Party Router..............................300
Configuring an EBGP Multi-Hop Session between an Avaya Router and a 3rd Party Router.............302
Configuring an EBGP Multi-Hop Session between 2 Avaya Secure Routers......................................304
Clearing BGP Sessions........................................................................................................................306
Configuring Advertising Routes to BGP........................................................................................................307
Announcing Static routes to BGP.........................................................................................................307
Announcing Connected routes to BGP.................................................................................................308
Announcing OSPF routes to BGP........................................................................................................309
Announcing RIP routes to BGP............................................................................................................311
Configuring BGP Policies..............................................................................................................................312
Route Aggregation................................................................................................................................314
Suppress Map......................................................................................................................................315
Attribute Map........................................................................................................................................317
Route Map............................................................................................................................................319
Community List Filters..........................................................................................................................323
Distribute Lists......................................................................................................................................326
Filter Lists.............................................................................................................................................329
Configuring Peer Groups..............................................................................................................................330
12 Avaya Secure Router 1000 Series Configuration Guide December 2010
Chapter 46: Route tags for route redistribution.................................................................333
Chapter 47: Configuring Packet Capture............................................................................335
Statistics for dropped packets support..........................................................................................................337
Packet Capture of VLAN Packet with Filter Rules........................................................................................338
Chapter 48: Secure Router Configuration for Dynamic Route Exchange over IPSec Tunnel
interoperability with VPN Router.........................................................................................341
Capabilities....................................................................................................................................................341
Secure router configuration for BGP.............................................................................................................341
Secure router configuration for OSPF...........................................................................................................342
Secure router configuration for RIPv2...........................................................................................................343
Chapter 49: Management Configuration Guide..................................................................345
Simple Network Management Protocol.........................................................................................................345
Enterprise MIBs....................................................................................................................................345
Standard MIBs......................................................................................................................................349
SNMP Applications Supported......................................................................................................................350
Avaya Secure Router 1000 Series Configuration Guide December 2010 13
14 Avaya Secure Router 1000 Series Configuration Guide December 2010
Chapter 1: New in this release
Feature content from existing Release Notes and Readmes from release 9.2 to 9.4 is now incorporated
into this document. For more information, see:
• Default settings on page 21
Daylight Saving Time support on page 23
•
• Multiple SNTP Server support on page 23
• Multiple Syslog Server support on page 25
Top command on page 26
•
• Reading system.cfg from an alternate drive at startup on page 26
• banner.txt file on page 26
Source IP Enhancements on page 27
•
• Multiple IP Helper Addresses on VLAN on page 31
TCP MSS Clamping on page 33
•
• DHCP request display on page 46
DHCP Client on Ethernet interfaces on page 47
•
• IP Phone Support for Full mode with DHCP Server on page 51
• Proxy DNS on page 55
Support for Vendor Specific Attribute (VSA) on RADIUS clients on page 61
•
• Accounting under TACACS support on page 63
IGMP Snooping on page 74
•
• IP Packet Filtering on VLAN subinterfaces on page 99
Firewall behavior with invalid ACKs on TCP connections on page 127
•
• Firewall ALG behavior on page 128
VPN-only mode on page 166
•
• Multicast over GRE on page 182
• OSPF NBMA over Ethernet on page 211
Burst Tolerance for FR and PPP on page 228
•
• QOS Strict Priority Queuing (SPQ) on page 229
Capacity of QoS over Ethernet on page 231
•
• VRRP enhancements on page 245
Independent VLAN Learning (IVL) Support on page 258
•
Avaya Secure Router 1000 Series Configuration Guide December 2010 15
New in this release
• Queue-in-Queue VLAN support on page 258
• ISDN enhancements on page 279
• Multiple BRI bundles on page 281
• Interface-based backup using ISDN on page 281
Time of day scheduling for ISDN on page 282
•
• Filtering idle timeout with ISDN on page 284
Numbering Plan And Type Of Number for ISDN on page 285
•
•
Route tags for route redistribution on page 333
Packet Capture of VLAN Packet with Filter Rules on page 338
•
16 Avaya Secure Router 1000 Series Configuration Guide December 2010
Chapter 2: Preface
This guide describes Avaya Secure Router 1000 Series Secure Router's implementation and command
usage of BGP4, OSPF, RIP, and other routing protocols by providing typical configurations for key
protocols, as well as Security, VLANs, VPN, WAN, and other key topics relevant to the configuration and
operation of the Secure Router 1000 Series products.
The Avaya Secure Router 1000 series includes the Secure Router 1004, Secure Router 1002, Secure
Router 1001, and Secure Router 1001s models. In certain areas of this Configuration Guide when
discussing features, the term SR1000 is utilized to refer to any of these models. Please refer to the SR1000
Series Installation Guide for complete details on each model and interface support.
Organization
Each chapter describes how to configure a specific feature of the Secure Router. There is no
inherent order in the chapter arrangement although related topics are grouped together to
make it easier to use.
Documentation
Avaya user guides, which are provided in portable document format (PDF), are included on
the Avaya Secure Router Documentation CD-ROM that ships with the Secure Router 1000
Series. The PDF files are also available on the Avaya website: http://www.avaya.com
To view PDF files, Adobe Acrobat® Reader® 4.0, or newer, must be installed on your
workstation. If you do not have the Adobe Acrobat Reader installed on your system, you can
obtain it free from the Adobe website:
http://www.adobe.com
About the Avaya Secure Router Documentation CD
This product ships with a CD that includes the following documentation:
• Avaya Secure Router 1000 Series Quick Start Guide
• Avaya Secure Router 1000 Series Installation Guide
Avaya Secure Router 1000 Series Configuration Guide December 2010 17
Preface
• Avaya Secure Router 1000 Series Command Reference Guide
• Avaya Secure Router 1000 Series Routing Guide
• Avaya Secure Router 1000 Series Configuration Guide
• Avaya Secure Router 1000 Series Web UI User Guide
• Supported standard and enterprise MIBs
• Feature summaries
• SNMP trap descriptions with default configurations
Navigation
Upon inserting the Avaya Secure Router Documentation CD into your CD-ROM drive. Click a
link to open a PDF version of the target document. If you do not have Adobe Acrobat (version
4.0, or later) or Acrobat Reader installed on your PC, click the Adobe button on the navigation
screen to go to the Adobe website, where you can download a free copy of the Acrobat Reader
application.
If a browser session is not opened, click "Start\Run," enter the drive letter of your CD-ROM
drive in the "Open" entry box, and click "OK."
Printing Documents
To print any PDF document on the CD, follow this procedure.
1. Open the desired document by clicking the document link in the CD navigation
window.
2. Click the "Printer" icon on the Adobe Acrobat tool bar.
3. In the "Windows Print" dialog box, select a local default printer in the "Printers" drop
down selection box.
4. Click "OK."
The following list includes other available and related documentation.
• Release Notes
Printed release notes provide the latest information. Follow the instructions contained
within the release notes provided with your product instead of those provided in other
documentation.
• Secure Router 1000 Series Quick Start Guide
18 Avaya Secure Router 1000 Series Configuration Guide December 2010
Customer service
This guide is designed for advanced users who need minimal installation, configuration,
and operation information.
• Secure Router 1000 Series Installation Guide
This detailed guide is designed for network managers and technicians who are
responsible for the installation of networking equipment in Telco and service provider
network environments.
• Secure Router 1000 Series Command Line Reference
This detailed guide provides a complete listing of all commands including descriptions,
syntax, examples, and applicable systems.
• Secure Router 1000 Series Routing User Guide
This guide explains how each feature is used.
• Secure Router 1000 Series WebUI User Guide
This guide explains how to configure the Secure Router 1000 Series using the WebUI.
To view PDF files, Adobe Acrobat® Reader® 4.0 (or later) must be installed on your PC. If you
do not have the Adobe Acrobat Reader installed on your system, you can obtain it free from
the Adobe website:
http://www.adobe.com.
Customer service
Visit the Avaya Web site to access the complete range of services and support that Avaya
provides. Go to
Navigation
Getting technical documentation on page 19
•
• Getting product training on page 19
• Getting help from a distributor or reseller on page 20
Getting technical support from the Avaya Web site on page 20
•
Getting technical documentation
To download and print selected technical publications and release notes directly from the
Internet, go to
Getting product training
www.avaya.com or go to one of the pages listed in the following sections.
www.avaya.com/support.
Avaya Secure Router 1000 Series Configuration Guide December 2010 19
Preface
Ongoing product training is available. For more information or to register, you can access the
Web site at www.avaya.com/support. From this Web site, you can locate the Training contacts
link on the left-hand navigation pane.
Getting help from a distributor or reseller
If you purchased a service contract for your Avaya product from a distributor or authorized
reseller, contact the technical support staff for that distributor or reseller for assistance.
Getting technical support from the Avaya Web site
The easiest and most effective way to get technical support for Avaya products is from the
Avaya Technical Support Web site at www.avaya.com/support.
20 Avaya Secure Router 1000 Series Configuration Guide December 2010
Chapter 3: Secure Router Basics
Default Login Parameters
By default, the Secure Router ships with the following login parameters for all management
methods:
Username: admin
Password: setup
Note:
Login information is case sensitive.
Default settings
The default settings are as follows:
• WebUI is disabled
• SNMP is disabled
• Telnet server is disabled
• Telnet client is enabled
• TFTP server is disabled
• FTP server is disabled
Use the CLI to change the default settings.
Enable Telnet Server
After upgrading the Secure Router, telnet server is disabled by default. To enable the telnet
server, use the following command:
SR/config> telnet_server
Avaya Secure Router 1000 Series Configuration Guide December 2010 21
Secure Router Basics
Enable Web User Interface
To enable the Web User Interface, use the following command:
SR/config> gui enable
Applying licenses
While the Secure Router can be purchased with up to 4 ports activated, the Secure Router
1002 and 1004 base models each ship with one active WAN port. Activating additional ports
requires only a simple change to the router configuration with a software key that may be
purchased to activate up to three additional WAN ports. This key is different than the software
upgrade key.
To obtain a port upgrade key, contact your reseller or Avaya. You will be asked to provide the
serial number, model number, and the number of ports that are currently active on your router.
The following procedure describes how to activate additional WAN ports in the SR1002 and
SR1004.
1. From the command line interface, issue the following command:
Avaya>configure terminal
2. Issue the following command:
Avaya>system licenses < option >
The option parameters are:
• enable_1_port
• enable_2_ports
• enable_3_ports
• enable_4_ports
Note:
The total number of active ports is equal to the sum of existing active ports and
the type of license purchased (1, 2, or 3 port) to a maximum of 2 ports on the
Secure Router 1002 and 4 ports on the Secure Router 1004
You will be prompted for the port upgrade license key.
3. Enter the license key provided.
22 Avaya Secure Router 1000 Series Configuration Guide December 2010
The license key is case sensitive.
Note:
It is important that you do not enter any extra spaces at the end of the license
key, as this may produce an error.
4. Reboot the router.
Daylight Saving Time support
Daylight Saving Time is now supported on the Secure Router for time zones for in US, Canada,
and Australia.
To enable Daylight Saving Time, use the following procedure.
1. To enter the configuration mode, enter:
configure terminal
Daylight Saving Time support
2. To enable daylight saving time, enter:
dst enable
3. To display the daylight savings time configuration, enter:
show dst
Multiple SNTP Server support
The Secure Router 1000 Series and 3120 provide support for the Multiple Simple Network
Time Protocol (SNTP) Server feature. SNTP is a simple form of the Network Time Protocol
(NTP), which is an internet protocol used for synchronization of computer clocks.
The Multiple SNTP Server feature provides support for up to 10 SNTP servers. Multiple servers
provide redundant backup for synchronizing time on the Secure Router. During configuration,
servers can be specified by hostname or IP address, and a timeout value must be set for the
query. The Multiple SNTP Server features operates by having the SNTP service query
configured SNTP servers on a round robin basis. If any SNTP server is queried and fails to
respond, the router will send a request to the next configured SNTP server. The sntp server
support is not active until the service is enabled. While the service is enabled the configuration
can not be changed.
The show sntp command has been modified to display the current state of SNTP, the server it
is contacting to receive the current time, as well as all configured servers. When specifying a
Avaya Secure Router 1000 Series Configuration Guide December 2010 23
Secure Router Basics
server by domain name, note that DNS entries need to be configured before SNTP will function
properly.
Configuring multiple SNTP servers
Use the following procedure to configure multiple SNTP servers.
Procedure steps
1. To configure multiple SNTP servers, enter Configuration Mode.
configure terminal
2. Since DNS entries must be configured for SNTP to function properly, configure
primary and secondary DNS servers.
ip pname_server <A.B.C.D>
ip name_server <A.B.C.D>
3. To configure an SNTP server, enter the sntp sub-tree.
sntp
4. Configure the source address of the SNTP client.
source-address <A.B.C.D>
5. Configure the number of retries per SNTP server.
retries <count>
6. Configure an NTP server.
server <server> [timeout]
7. To add up to 10 SNTP servers, repeat step 6.
8. Enable the SNTP client.
enable
Table 1: Variable definitions
Variable
<A.B.C.D> An IP address.
<count> The number of retries the NTP server performs, in the range
1 to 5. Default is 3.
<server> The NTP server to use for updates.
<timeout> The maximum response time, in the range 10 to 7200. Default
is 1024.
Value
24 Avaya Secure Router 1000 Series Configuration Guide December 2010
Multiple Syslog Server support
The Secure Router 1000 Series and 3120 provide support for multiple Syslog servers. A Syslog
Server monitors incoming Syslog messages on UDP ports and decodes them for logging
purposes. In addition, several network devices are now able to be configured to generate
Syslog messages. In the past, the Secure Router 1000 Series and 3120 only provided support
for logging on a single Syslog Server, but this enhancement allows for the configuration of up to
5 Syslog Servers. Since they are logged simultaneously, all Syslog servers will contain the
same Syslog records.
To achieve backward compatibility with previous Syslog implementation, the provision of a port
number during configuration of the host IP address remains optional. If a user does not specify
a port during CLI configuration, UDP port 514 is used by default. In addition, the enabling of
message logging remains unchanged.
As a limitation, all enable or disable functions will apply to all configured servers. Configuration
of Syslog message logging on selected servers is not supported.
Multiple Syslog Server support
Note that when viewing Syslog Server information, the SNMP interface can only display
information for one server at a time.
Configuring multiple Syslog servers
Use the following procedure to configure multiple Syslog servers.
Procedure steps
1. To configure multiple Syslog servers, enter Configuration Mode.
configure terminal
2. Enter the system logging sub-tree.
system logging
3. Access the Syslog command tree.
syslog
4. Specify a host IP address and UDP port. If a port number is not specified, port 514
will be used by default.
host_ipaddr <A.B.C.D> [port]
5. To add another Syslog server address, repeat step 4 until up to 5 Syslog servers
are added.
6. Enable Syslog.
enable
Avaya Secure Router 1000 Series Configuration Guide December 2010 25
Secure Router Basics
Table 2: Variable definitions
Variable Value
<A.B.C.D> The host IP address.
[port] Optionally, the UDP port. If not specified, port 514 is used by
Top command
The top command replaces the pop command to exit to the top of the configuration tree. It
now can be executed either interactively or through a configuration file read locally or over the
network.
default.
Reading system.cfg from an alternate drive at startup
When rebooting the router, if you boot the router from an alternate drive (/cf0 or /usb0) and a
system.cfg resides on the same drive, the router executes the system.cfg file.
banner.txt file
Banner.txt file is now supported on all platforms. The banner.txt file is displayed logging into
the router through telnet or SSH.
26 Avaya Secure Router 1000 Series Configuration Guide December 2010
Chapter 4: Source IP Enhancements
The Secure Router 1000 Series and 3120 provide support for adding source address information to
existing services. The services modified to accept a source address are:
• File Transfer
• QoS Historical Statistics
• RADIUS
• SNMP
• SNTP
• Syslog
• TACACS
The source address parameter is configurable on a global basis, where all the above services are
configured with the same source address. The exception to this is when the source address is configured
separately for the service, in which case the service configuration takes precedence. The source address
can be configured using the IP address or the interface name.
To accommodate this feature, all router output displays that contain a source address field will display
the source IP address and the interface name associated with it. If the feature is configured by IP address,
but has no associated interface specified, the interface will show as not configured. Likewise, if the
feature is configured by interface name, with no IP address specified, the IP address will show as not
configured. Global source address information can be found using the show system
configuration command.
The command source-address is available to enable this feature. In the case of Radius and SNMP,
the previous commands (src_address and snmp-source respectively) have been deprecated in lieu
of this command.
Since file transfer commands are not stored in a configuration it will use the global source address if
configured. Each of the file transfer commands accepts a source-address parameter to override the global
source address.
Warning:
When a source address is configured for a service which is valid (IP address and interface associated
with it) and the source-address interface is down the service may fail to work if it is bi-directional. By
using a loopback interface for the source address which is always up it will insure that the above problem
does not occur.
Configuring global source address
Use the following procedure to configure source addresses on services.
Avaya Secure Router 1000 Series Configuration Guide December 2010 27
Source IP Enhancements
Procedure steps
1. To configure source addresses for a service, enter Configuration Mode.
configure terminal
2. Configure the global source address.
system source-address {<A.B.C.D> | <interface-name>}
Table 3: Variable definitions
Variable Value
<A.B.C.D> Specify source address by IP address.
<interface-name> Specify source address by interface name.
Configuring Radius or TACACS source address
Use the following procedure to configure Radius or TACACS server source address for all services.
Procedure steps
1. To configure source addresses for a service, enter Configuration Mode.
configure terminal
2. To configure Radius or TACACS source addresses, enter the aaa command sub-tree.
aaa
3. Configure the source address.
source-address {<A.B.C.D> | <interface-name>}
Table 4: Variable definitions
Variable
<A.B.C.D> Specify source address by IP address.
<interface-name> Specify source address by interface name.
Value
Configuring SNMP source address
Use the following procedure to configure SNMP server source address for all services. Note that the SNMP
server must be disabled prior to setting the source address.
Procedure steps
1. To configure source addresses for a service, enter Configuration Mode.
configure terminal
2. Enter the snmp-server subtree.
snmp-server
3. Disable snmp server.
28 Avaya Secure Router 1000 Series Configuration Guide December 2010
no snmp-enable
4. Configure the source address.
source-address {<A.B.C.D> | <interface-name>}
5. Enable snmp server.
snmp-enable
Table 5: Variable definitions
Variable Value
<A.B.C.D> Specify source address by IP address.
<interface-name> Specify source address by interface name.
Configuring SNTP source address
Use the following procedure to configure SNTP server source address for all services.
Procedure steps
1. To configure source addresses for a service, enter Configuration Mode.
configure terminal
2. Enter the sntp subtree
sntp
3. Configure the source address.
source-address {<A.B.C.D> | <interface-name>}
Table 6: Variable definitions
Variable
<A.B.C.D> Specify source address by IP address.
<interface-name> Specify source address by interface name.
Value
Configuring Syslog source address
Use the following procedure to configure Syslog server source address for all services.
Procedure steps
1. To configure source addresses for a service, enter Configuration Mode.
configure terminal
2. Enter the system logging subtree.
system logging
3. Enter the syslog subtree.
Avaya Secure Router 1000 Series Configuration Guide December 2010 29
Source IP Enhancements
syslog
4. Configure the source address.
source-address {<A.B.C.D> | <interface-name>}
Table 7: Variable definitions
Variable Value
<A.B.C.D> Specify source address by IP address.
<interface-name> Specify source address by interface name.
Configuring QoS Historical Statistics source address
Use the following procedure to configure QoS Historical Stats server source address for all services.
Procedure steps
1. To configure source addresses for a service, enter Configuration Mode.
configure terminal
2. Enter the qos subtree.
qos
3. Enter the historical-stats subtree.
historical-stats
4. Configure the source address.
source-address {<A.B.C.D> | <interface-name>}
Table 8: Variable definitions
Variable
<A.B.C.D> Specify source address by IP address.
<interface-name> Specify source address by interface name.
Value
30 Avaya Secure Router 1000 Series Configuration Guide December 2010
Loading...