pre-shared-key isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac set pfs 2 exit crypto map 1 set peer

set transform-set ts1 exit ip crypto-list 901 local-address ip-rule 10 source-ip destination-ip any protect crypto map 1 exit ip-rule 20 source-ip destination-ip any protect crypto map 1 exit exit ip access-control-list 301 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit Issue 1 January 2008 533 Configuring IPSec VPN ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip any destination-ip host composite-operation Permit exit ip-rule 50 source-ip any destination-ip host composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit 534 Administration for the Avaya G450 Media Gateway Typical installations ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 desintation-ip any source-ip host composite-operation Permit exit ip-rule 50 destination-ip any source-ip host composite-operation Permit exit ip-rule default composite-operation deny exit exit interface vlan 1.1 ip-address pmi icc-vlan exit interface vlan 1.2 ip-address exit interface FastEthernet 10/2 encapsulation PPPoE traffic-shape rate 256000 ip Address ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit ip default-gateway FastEthernet 10/2 high Issue 1 January 2008 535 Configuring IPSec VPN Using dynamic local peer IP When the number of static IP addresses in an organization is limited, the ISP allocates temporary IP addresses to computers wishing to communicate over IP. These temporary addresses are called dynamic IP addresses. The G450 IPSec VPN feature provides dynamic local peer IP address support. To work with dynamic local peer IP, you must first configure some prerequisites and then instruct the G450 to learn the IP address dynamically using either PPPoE or DHCP client. Note: When working with dynamic local peer IP, you must verify that it is the G450 that initiates the VPN connection. The VPN peer cannot initiate the connection since it does not know the G450’s IP address. To maintain the G450 as the initiator, do one of the following: Note: ● Specify continuous channel in the context of the VPN peer, to maintain the IKE phase 1 connection even when no traffic is sent (see Enabling continuous channel on page 539). ● Maintain a steady transmission of traffic by sending GRE keepalives or employing object tracking. Prerequisites for dynamic local peer IP ● Specify IKE aggressive mode with the initiate mode aggressive command when entering the ISAKMP peer information (see Configuring ISAKMP peer information on page 514). G450-001(config-peer:149.49.70.1)# initiate mode aggressive Done! ● Specify the local device by its FQDN name, using the self-identity command, when entering the ISAKMP peer information (see Configuring ISAKMP peer information on page 514). For example: G450-001(config-peer:149.49.70.1)# self-identity fqdn vpn.avaya.com Done! ● Specify the local address by name in the ip crypto lists, using the local-address command (see Configuring crypto lists on page 520). You must specify the local address by interface name. For example: G450-001(Crypto 901)# local-address FastEthernet 10/2 Done! 536 Administration for the Avaya G450 Media Gateway Typical installations Configuring dynamic local peer IP on a PPPoE interface 1. Enter the context of the FastEthernet interface. For example: G450-001(config)# interface fastethernet 10/2 G450-001(config-if:FastEthernet 10/2)# 2. Enter the following commands in the context of the interface: no ip address, encapsulation pppoe, and ip address negotiated. G450-001(config-if:FastEthernet 10/2)# no ip address Done! G450-001(config-if:FastEthernet 10/2)# encapsulation pppoe Done! G450-001(config-if:FastEthernet 10/2)# ip address negotiated Done! 3. Exit the context of the interface, and set the interface name as the next hop. For example: G450-001(config-if:FastEthernet 10/2)# exit G450-001(config)# ip default-gateway FastEthernet 10/2 Done! Note: Note: PPP over Ethernet (PPPoE) is a client-server protocol used for carrying PPP-encapsulated data over Ethernet frames. You can configure PPPoE on the G450’s ETH WAN Fast Ethernet port. For more information about PPPoE on the G450, see Configuring PPPoE on page 259. Configuring dynamic local peer IP for a DHCP Client 1. Permit DHCP packets in the ingress access control list (ACL) and the egress ACL. To do so, perform the following: a. Use the no ip access-group command to deactivate both the ingress ACL and the egress ACL on the FastEthernet interface. b. Add a rule to the ingress ACL and to the egress ACL, permitting DHCP packets to pass (for information on defining ACL policy rules, see Defining rules on page 599). c. Use the ip access-group command to activate the ingress ACL and the egress ACL on the FastEthernet interface. For example: Issue 1 January 2008 537 Configuring IPSec VPN ! Deactivate the Ingress and Egress ACLs on the FastEthernet Interface ! G450-001(config)# interface fastethernet 10/2 G450-001(config-if:FastEthernet 10/2)# no ip access-group in Done! G450-001(config-if:FastEthernet 10/2)# no ip access-group out Done! G450-001(config-if:FastEthernet 10/2)# exit ! ! Add a Permit rule to the Ingress ACL for DHCP ! G450-001(config)# ip access-control-list 301 G450-001(config-ACL 301)# ip-rule 25 G450-001(config-ACL 301/ip rule 25)# source-ip any Done! G450-001(config-ACL 301/ip rule 25)# destination-ip any Done! G450-001(config-ACL 301/ip rule 25)# ip-protocol udp Done! G450-001(config-ACL 301/ip rule 25)# udp source-port eq bootps Done! G450-001(config-ACL 301/ip rule 25)# udp destination-port eq bootpc Done! G450-001(config-ACL 301/ip rule 25)# composite-operation permit Done! G450-001(config-ACL 301/ip rule 25)# exit G450-001(config-ACL 301)# exit ! ! Add a Permit rule to the Egress ACL for DHCP ! G450-001(config)# ip access-control-list 302 G450-001(config-ACL 302)# ip-rule 25 G450-001(config-ACL 302/ip rule 25)# source-ip any Done! G450-001(config-ACL 302/ip rule 25)# destination-ip any Done! G450-001(config-ACL 302/ip rule 25)# ip-protocol udp Done! G450-001(config-ACL 302/ip rule 25)# udp source-port eq bootpc Done! G450-001(config-ACL 302/ip rule 25)# udp destination-port eq bootps Done! G450-001(config-ACL 302/ip rule 25)# composite-operation permit Done! G450-001(config-ACL 302/ip rule 25)# exit G450-001(config-ACL 302)# exit ! ! Activate the Ingress and Egress ACLs on the FastEthernet Interface ! G450-001(config)# interface fastethernet 10/2 G450-001(config-if:FastEthernet 10/2)# ip access-group 301 in Done! G450-001(config-if:FastEthernet 10/2)# ip access-group 302 out Done! 538 Administration for the Avaya G450 Media Gateway Typical installations 2. Specify no ip address and then ip address dhcp in the context of the FastEthernet Interface. For example: G450-001(config-if:FastEthernet 10/2)# no ip address no ip address defined on this interface G450-001(config-if:FastEthernet 10/2)# ip address dhcp Done! 3. Exit the context of the interface, and set the interface name as the next hop. For example: G450-001(config-if:FastEthernet 10/2)#exit G450-001(config)# ip route 5.0.0.0 255.0.0.0 FastEthernet 10/2 Done! Note: For more information on DHCP client in the G450, see Configuring DHCP client on page 199. Note: Enabling continuous channel An IPSec VPN connection exists as long as traffic is traversing the connection, or the timeouts have not expired. However, there are advantages to keeping the connection continuously alive, such as eliminating the waiting time necessary to construct a new IPSec VPN connection. The G450 IPSec VPN feature supports continuous channel, which maintains a continuous IPSec VPN connection. That means that when you activate the ip crypto-group command on the defined interface, the IPSec VPN tunnel is immediately started, even if no traffic is traversing the interface and the timeouts have expired. You can set continuous channel for either or both IKE phase 1 and IKE phase 2, as follows: ● To set continuous channel for IKE phase 1, enter continuous-channel when configuring the crypto ISAKMP peer information (see Configuring ISAKMP peer information on page 514). For example: G450-001# crypto isakmp peer address 149.49.70.1 G450-001(config-peer:149.49.70.1)# continuous-channel Done! ● To set continuous channel for IKE phase 2, enter continuous-channel when configuring the crypto map (see Configuring crypto maps on page 519). For example: G450-001# crypto map 1 G450-001(config-crypto:1)# continuous-channel Done! Issue 1 January 2008 539 Configuring IPSec VPN Full or partial mesh This installation is very similar to the simple hub and spokes installation, but instead of connecting to a single central site, the branch is also connected to several other branch sites by direct IPSec VPN tunnels. The configuration is therefore very similar to the previous one, duplicated several times. In this topology: ● The Broadband Internet connection uses cable or DSL modem, with a static public IP address ● There is a VPN tunnel from each spoke to the VPN hub over the Internet ● There is a VPN tunnel from one spoke to another spoke ● Only VPN traffic is allowed via the Internet connection Figure 46: Full or partial mesh 540 Administration for the Avaya G450 Media Gateway Typical installations Configuring the mesh VPN topology 1. Configure Branch Office 1 as follows: ● The default gateway is the Internet interface ● VPN policy is configured on the Internet interface egress as follows: ● Note: ● Traffic from the local subnets to the second spoke subnets -> encrypt, using tunnel mode IPSec, with the remote peer being the second spoke ● Traffic from the local subnets to any IP address -> encrypt, using tunnel mode IPSec, with the remote peer being the main office (VPN hub) An access control list (ACL) is configured on the Internet interface to allow only the VPN / ICMP traffic. See Table 130 for configuration settings. Note: For information about using access control lists, see Configuring policy on page 591. Table 130: Configuring the mesh VPN topology – Branch Office 1 Traffic direction ACL parameter ACL value Description Ingress IKE from Main Office IP to Branch IP Permit - Ingress ESP from Main Office IP to Branch IP Permit - Ingress IKE from Second Branch IP to Branch IP Permit - Ingress ESP from Second Branch IP to Branch IP Permit - Ingress ICMP from any IP address to local tunnel endpoint Permit This enables the PMTUD application to work Ingress All allowed services from any IP address to any local subnet Permit Due to the definition of the VPN Policy, this will be allowed only if traffic comes over ESP Ingress Default Deny - Egress IKE from Branch IP to Main Office IP Permit - Egress ESP from Branch IP to Main Office IP Permit 1 of 2 Issue 1 January 2008 541 Configuring IPSec VPN Table 130: Configuring the mesh VPN topology – Branch Office 1 (continued) Traffic direction ACL parameter ACL value Description Egress IKE from Branch IP to Second Branch IP Permit This enables the PMTUD application to work Egress ESP from Branch IP to Second Branch IP Permit This traffic is tunnelled using VPN Egress ICMP from local tunnel endpoint to any IP address Permit This enables the PMTUD application to work Egress All allowed services from any local subnet to any IP address Permit This traffic is tunnelled using VPN Egress Default Deny 2 of 2 2. Configure Branch Office 2 as follows: ● The default gateway is the Internet interface ● VPN policy is configured on the Internet interface egress as follows: ● Note: ● Traffic from the local subnets to the First Spoke subnets -> encrypt, using tunnel mode IPSec, with the remote peer being the First Spoke ● Traffic from the local subnets to any IP address -> encrypt, using tunnel mode IPSec, with the remote peer being the Main Office (VPN hub) An ACL is configured on the Internet interface to allow only the VPN / ICMP traffic. See Table 131 for configuration settings. Note: For information about using access control lists, see Configuring policy on page 591. Table 131: Configuring the mesh VPN topology – Branch Office 2 Traffic direction ACL parameter ACL value Description Ingress IKE from Main Office IP to Branch IP Permit - Ingress ESP from Main Office IP to Branch IP Permit 1 of 2 542 Administration for the Avaya G450 Media Gateway Typical installations Table 131: Configuring the mesh VPN topology – Branch Office 2 (continued) Traffic direction ACL parameter ACL value Description Ingress IKE from First Branch IP to Branch IP Permit - Ingress ESP from First Branch IP to Branch IP Permit - Ingress ICMP from any IP address to local tunnel endpoint Permit This enables the PMTUD application to work Ingress All allowed services from any IP address to any local subnet Permit Due to the definition of the VPN Policy, this will be allowed only if traffic comes over ESP Ingress Default Deny - Egress IKE from Branch IP to Main Office IP Permit - Egress ESP from Branch IP to Main Office IP Permit - Egress IKE from Branch IP to First Branch IP Permit This enables the PMTUD application to work Egress ESP from Branch IP to First Branch IP Permit This traffic is tunnelled using VPN Egress ICMP from local tunnel endpoint to any IP address Permit This enables the PMTUD application to work Egress All allowed services from any local subnet to any IP address Permit This traffic is tunnelled using VPN Egress Default Deny 2 of 2 3. Configure the VPN Hub (Main Office) as follows: ● Static routing: Branch subnets -> Internet interface ● The VPN policy portion for the branch is configured as a mirror image of the branch, as follows: ● Traffic from any IP address to branch local subnets -> encrypt, using tunnel mode IPSec ● The remote peer is the VPN Spoke (Branch Internet address) Issue 1 January 2008 543 Configuring IPSec VPN Configuration example 1. Configure Branch Office 1: crypto isakmp policy 1 encryption aes hash sha group 2 exit crypto isakmp peer address

pre-shared-key isakmp-policy 1 exit crypto isakmp peer address pre-shared-key isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac set pfs 2 exit crypto map 1 set peer

set transform-set ts1 exit crypto map 2 set peer set transform-set ts1 exit ip crypto-list 901 local-address ip-rule 1 source-ip destination-ip protect crypto map 2 exit ip-rule 2 source-ip destination-ip protect crypto map 2 exit ip-rule 3 source-ip destination-ip protect crypto map 2 exit 544 Administration for the Avaya G450 Media Gateway Typical installations ip-rule 4 source-ip destination-ip protect crypto map 2 exit ip-rule 10 source-ip destination-ip any protect crypto map 1 exit ip-rule 20 source-ip destination-ip any protect crypto map 1 exit exit ip access-control-list 301 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit Issue 1 January 2008 545 Configuring IPSec VPN ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation exit ip-rule 40 source-ip any destination-ip host composite-operation exit ip-rule 50 source-ip any destination-ip host composite-operation exit ip-rule default composite-operation exit exit Permit Permit Permit deny ip access-control-list 302 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit 546 Administration for the Avaya G450 Media Gateway Typical installations ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 desintation-ip any source-ip host composite-operation Permit exit ip-rule 50 destination-ip any source-ip host composite-operation Permit exit ip-rule default composite-operation deny exit exit interface vlan 1.1 ip-address pmi icc-vlan exit interface vlan 1.2 ip-address exit interface fastethernet 10/2 encapsulation PPPoE traffic-shape rate 256000 ip Address ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit ip default-gateway Note: FastEthernet 10/2 high Note: The commands appearing in bold are the CLI commands that add the mesh capabilities to the simple hub and spokes configuration. Issue 1 January 2008 547 Configuring IPSec VPN 2. Configure Branch Office 2: crypto isakmp policy 1 encryption aes hash sha group 2 exit crypto isakmp peer address

pre-shared-key isakmp-policy 1 exit crypto isakmp peer address pre-shared-key isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac set pfs 2 exit crypto map 1 set peer

set transform-set ts1 exit crypto map 2 set peer set transform-set ts1 exit ip crypto-list 901 local-address ip-rule 1 source-ip destination-ip protect crypto map 2 exit ip-rule 2 source-ip destination-ip protect crypto map 2 exit ip-rule 3 source-ip destination-ip protect crypto map 2 exit 548 Administration for the Avaya G450 Media Gateway Typical installations ip-rule 4 source-ip destination-ip protect crypto map 2 exit ip-rule 10 source-ip destination-ip any protect crypto map 1 exit ip-rule 20 source-ip destination-ip any protect crypto map 1 exit exit ip access-control-list 301 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit Issue 1 January 2008 549 Configuring IPSec VPN ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip any destination-ip host composite-operation Permit exit ip-rule 50 source-ip any destination-ip host composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit 550 Administration for the Avaya G450 Media Gateway Typical installations ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 desintation-ip any source-ip host composite-operation Permit exit ip-rule 50 destination-ip any source-ip host composite-operation Permit exit ip-rule default composite-operation deny exit exit interface vlan 1.1 ip-address pmi icc-vlan exit interface vlan 1.2 ip-address exit interface fastethernet 10/2 encapsulation PPPoE traffic-shape rate 256000 ip Address ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit ip default-gateway Note: FastEthernet 10/2 high Note: The commands appearing in bold are the CLI commands that add the mesh capabilities to the simple hub and spokes configuration. Issue 1 January 2008 551 Configuring IPSec VPN Full solution: hub and spoke with VPN The full solution consists of a hub-and-spoke with VPN for data and VoIP control backup. In this topology: ● There is a direct WAN connection to the Main Office for VoIP bearer and as primary VoIP control connection ● The Broadband Internet connection uses cable or DSL modem, with a static public IP address ● There is a VPN tunnel to the hub over the Internet for intranet data, and as backup connection for VoIP control ● The local hosts access the Internet directly through the local broadband connection ● The PSTN connection backs up the voice bearer Figure 47: Full solution: hub-and-spoke with VPN for data and VoIP control backup 552 Administration for the Avaya G450 Media Gateway Typical installations Configuring hub-and-spoke with VPN for data and VoIP control backup 1. Configure the Branch Office as follows: Note: ● The default gateway is the Internet interface ● VPN policy is configured on the Internet interface egress as follows: Traffic from the local GRE tunnel endpoint to the remote GRE tunnel endpoint -> encrypt, using IPSec tunnel mode, with the remote peer being the Main Office. ● An access control list (ACL) is configured on the Internet interface to allow only the VPN tunnel and ICMP traffic. See Table 132 for configuration settings. Note: For information about using access control lists, see Configuring policy on page 591. Table 132: Configuring hub-and-spoke with VPN Traffic direction ACL parameter ACL value Ingress IKE (UDP/500) from remote tunnel endpoint to local tunnel endpoint Permit Ingress ESP/AH from remote tunnel endpoint to local tunnel endpoint Permit Ingress Remote GRE tunnel endpoint to local GRE tunnel endpoint Permit Ingress Allowed ICMP from any IP address to local tunnel endpoint Permit Ingress Default Deny Egress IKE (UDP/500) from local tunnel endpoint to remote tunnel endpoint Permit Egress Local GRE tunnel endpoint to remote GRE tunnel endpoint Permit Egress All allowed services from any local subnet to any IP address Permit Egress Allowed ICMP from local tunnel endpoint to any IP address Permit Egress Default Deny ● Policy Based Routing (PBR) is configured as follows on VoIP VLAN and loopback interfaces: ● Destination IP = local subnets -> Route: DBR ● DSCP = bearer -> Route: WAN ● DSCP = control -> Route: 1. WAN 2. DBR Issue 1 January 2008 553 Configuring IPSec VPN Note: Note: For information about PBR, see Configuring policy-based routing on page 619. 2. Configure the VPN Hub (Main Office) as follows: ● The VPN policy portion for the branch is configured as a mirror image of the branch ● The ACL portion for the branch is a mirror image of the branch, with some minor modifications ● Static routing is configured as follows: - Branch subnets -> Internet interface ● The PBR portion for the branch is configured as follows, on most interfaces: - Destination IP = branch VoIP subnet(s) or GW address (PMI), DSCP = bearer -> Route: WAN - Destination IP = branch VoIP subnet(s) or GW address (PMI), DSCP = control -> Route: 1. WAN 2. DBR ● ACM is configured to route voice calls through PSTN when the main VoIP trunk is down 554 Administration for the Avaya G450 Media Gateway Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp peer address

pre-shared-key isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit crypto map 1 set peer

set transform-set ts1 exit ip crypto-list 901 local-address ip-rule 10 source-ip destination-ip any protect crypto map 1 exit ip-rule 20 source-ip destination-ip any protect crypto map 1 exit exit ip access-control-list 301 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit Issue 1 January 2008 555 Configuring IPSec VPN ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip any destination-ip composite-operation Permit exit ip-rule 50 source-ip any destination-ip composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit 556 Administration for the Avaya G450 Media Gateway Typical installations ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp exit ip-rule 40 source-ip destination-ip any composite-operation Permit exit ip-rule 50 source-ip destination-ip any composite-operation Permit exit ip-rule default composite-operation deny exit exit interface vlan 1 description "VoIP_VLAN" ip address icc-vlan pmi exit interface vlan 2 description "DATA_VLAN" ip address exit Issue 1 January 2008 557 Configuring IPSec VPN interface fastethernet 10/2 encapsulation pppoe traffic-shape rate 256000 ip address ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit interface serial 3/1 ip address exit ip next-hop-list 1 next-hop-interface 1 serial 3/1 exit ip next-hop-list 2 next-hop-interface 1 serial 3/1 next-hop-interface 2 FastEthernet 10/2 exit ip pbr-list 801 ip-rule 10 ! ! The following command specifies the Voice bearer ! dscp 46 next-hop list 1 exit ip-rule 20 ! ! The following command specifies the Voice Control ! dscp 34 next-hop list 2 exit ip-rule default next-hop PBR exit exit 558 Administration for the Avaya G450 Media Gateway Typical installations Typical failover applications Introduction to the failover mechanism The failover mechanism provides switchover to backup peers in case of remote peer failure. To enable the failover mechanism, you must: ● Configure VPN keepalives, which check the remote peer periodically and announce when the remote peer is dead ● Provide backup peers and a mechanism for switching to a backup in case of remote peer failure In addition to the GRE failover mechanism (see Failover using GRE on page 560), the G450 supports several additional failover mechanisms, as described below. Configuring VPN keepalives VPN keepalives can dramatically improve the speed with which the G450 detects loss of connectivity with the remote VPN peer. Two types of VPN keepalives are available. You can use either or both methods: ● Enable DPD keepalives, a standard VPN keepalive, that check whether the remote peer is up. This type of detection can be used only if it is supported also by the remote peer. ● Bind peer status to an object tracker. Object trackers track the state (up/down) of remote devices using keepalive probes, and notify registered applications such as VPN when the state changes. Object tracking allows monitoring of hosts inside the remote peer’s protected network, not just of the remote peer itself as in DPD. Backup peer mechanism You can use any one of these alternate backup peer mechanisms: ● DNS server (see Failover using DNS on page 567). This method utilizes the G450’s DNS resolver capability for dynamically resolving a remote peer’s IP address via a DNS query. Use this feature when your DNS server supports failover through health-checking of redundant hosts. On your DNS server, configure a hostname to translate to two or more redundant hosts, which act as redundant VPN peers. On the G450, configure that hostname as your remote peer. The G450 will perform a DNS query in order to resolve the hostname to an IP address before establishing an IKE connection. Your DNS server should be able to provide an IP address of a living host. The G450 will perform a new DNS query and try to re-establish the VPN connection to the newly provided IP address whenever it senses that the currently active remote peer stops responding. The G450 can sense that a peer is dead when IKE negotiation times-out, through DPD keepalives, and through object tracking. Issue 1 January 2008 559 Configuring IPSec VPN ● Using the G450’s peer-group entity (see Failover using a peer-group on page 575): ● Define a peer-group. A peer-group is an ordered list of redundant remote peers, only one of which is active at any time. When the active peer is considered dead, the next peer in the list becomes the active remote peer. ● When configuring a crypto map, point to the peer-group instead of to a single peer Failover using GRE A branch with a G450 can connect to two or more VPN hub sites, in a way that will provide either redundancy or load sharing. In this topology, the G450 is connected through its 10/100 WAN Ethernet port to a DSL modem. ● ● ● Define two GRE Tunnel interfaces: ● GRE1 that leads to a Primary Main Office GRE End Point behind the VPN Hub Gateway ● GRE2 that leads to a Backup Main Office GRE End Point behind the VPN Hub Gateway Define two VPNs Connectivity to the networks in Primary/Backup Main Office is determined through GRE keepalives. If network connectivity is lost due to failures in the WAN, in the Primary Main Office, the GRE keep-alive will fail and the GRE interface will transition to a “down” state. Redundancy and load sharing modes The two GRE tunnels can then be used for branch to Primary/Backup Main Office in either Redundancy or Load sharing mode: ● Redundancy. GRE2 is configured as a backup interface for GRE1, and is activated only when GRE1 is down ● Load sharing. Both Tunnel interfaces are active. Routing protocols (RIP or OSPF) route traffic to destinations based on route cost and availability, as follows: For two routes of equal cost to the same destination, one through the Primary Main Office and one through the Backup Main Office, OSPF will automatically distribute traffic through both routes, effectively sharing the load between routes. 560 Administration for the Avaya G450 Media Gateway Typical installations Figure 48: Hub and spoke with hub redundancy/load sharing using GRE Configuring VPN hub redundancy and load sharing topologies using GRE 1. Configure the Branch Office as follows: ● ● Note: VPN policy is configured on the Internet interface egress as follows: ● GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 1 -> encrypt, using IPSec tunnel mode, with the remote peer being tunnel endpoint 1 ● GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 2 -> encrypt, using IPSec tunnel mode, with the remote peer being tunnel endpoint 2 An access control list (ACL) is configured on the Internet interface to allow only the VPN / ICMP traffic. See Table 133 for configuration settings. Note: For information about using access control lists, see Configuring policy on page 591. Issue 1 January 2008 561 Configuring IPSec VPN Table 133: Configuring VPN hub redundancy and load sharing topologies Traffic direction ACL parameter ACL value Ingress IKE (UDP/500) from remote tunnel endpoint to local tunnel endpoint Permit Ingress ESP/AH from remote tunnel endpoint to local tunnel endpoint Permit Ingress Allowed ICMP from any IP address to local tunnel endpoint Permit Ingress Default Deny Egress IKE (UDP/500) from local tunnel endpoint to remote tunnel endpoint Permit Egress All allowed services from any local subnet to any IP address Permit Egress Allowed ICMP from local tunnel endpoint to any IP address Permit Egress Default Deny ● Configure dynamic routing (OSPF or RIP) to run over local data interfaces (data VLANs) and on the GRE interfaces 2. Configure the VPN Hubs (Main Offices) as follows: ● The VPN policy portion for the branch is configured as a mirror image of the branch ● The ACL portion for the branch is a mirror image of the branch, with some minor modifications ● The GRE Tunnel interface is configured for the branch ● Dynamic routing (OSPF or RIP) is configured to run over the GRE interface to the branch 562 Administration for the Avaya G450 Media Gateway Typical installations Configuration example crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp peer address pre-shared-key isakmp-policy 1 exit crypto isakmp peer address pre-shared-key isakmp-policy 1 exit crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit crypto map 1 set peer set transform-set ts1 exit crypto map 2 set peer set transform-set ts1 exit ip crypto-list 901 local-address ip-rule 1 source-ip host destination-ip host protect crypto map 1 exit ip-rule 2 source-ip host destination-ip host protect crypto map 2 exit exit Issue 1 January 2008 563 Configuring IPSec VPN ip access-control-list 301 ip-rule 30 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 31 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 32 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 40 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 50 source-ip any destination-ip host ip-protocol icmp composite-operation Permit exit ip-rule 60 source-ip any destination-ip any composite-operation Permit exit 564 Administration for the Avaya G450 Media Gateway Typical installations ip-rule 70 source-ip host destination-ip host composite-operation Permit exit ip-rule default composite-operation deny exit exit ip access-control-list 302 ip-rule 30 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 31 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 32 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 40 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 50 source-ip any destination-ip any ip-protocol icmp exit ip-rule 60 source-ip host destination-ip host composite-operation Permit exit Issue 1 January 2008 565 Configuring IPSec VPN ip-rule 70 source-ip host destination-ip host composite-operation Permit exit ip-rule default composite-operation deny exit exit interface vlan 1 description "VoIP_VLAN" ip address icc-vlan pmi exit interface vlan 2 description "DATA_VLAN" ip address exit interface fastethernet 10/2 encapsulation pppoe traffic-shape rate 256000 ip address ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit interface Tunnel 1 ! ! The following two backup commands specify redundant mode. ! To specify load-sharing mode, omit them. ! backup interface tunnel 2 backup delay 20 15 keepalive 10 3 tunnel source tunnel destination ip address 10.10.10.1 255.255.255.252 exit interface Tunnel 2 keepalive 10 3 tunnel source tunnel destination ip address 20.20.20.1 255.255.255.252 exit 566 Administration for the Avaya G450 Media Gateway Typical installations ip route 255.255.255.255 FastEthernet 10/2 high ip route 255.255.255.255 FastEthernet 10/2 high router ospf network 10.10.10.0 0.0.0.3 area 0.0.0.0 network 20.20.20.0 0.0.0.3 area 0.0.0.0 exit Failover using DNS The VPN DNS topology provides failover by utilizing the DNS resolver feature. Use this feature when your DNS server supports failover through health-checking of redundant hosts. On your DNS server configure a hostname to translate to two or more redundant hosts, which act as redundant VPN peers. On the G450 configure that hostname as your remote peer. The G450 will perform a DNS query in order to resolve the hostname to an IP address before establishing an IKE connection. Your DNS server should be able to provide an IP address of a living host. The G450 will perform a new DNS query and try to re-establish the VPN connection to the newly provided IP address whenever it senses that the currently active remote peer stops responding. The G450 can sense that a peer is dead when IKE negotiation times-out through DPD keepalives and through object tracking. Figure 49: VPN DNS topology Issue 1 January 2008 567 Configuring IPSec VPN Note: Note: For an explanation of DNS resolver, see DNS resolver on page 88. Configuring the VPN DNS topology 1. Define the private VLAN1 and VLAN2 interfaces (IP address and mask), and define one of them as the PMI and ICC-VLAN. 2. Define the public FastEthernet10/2 interface (IP address and mask). 3. Define the default gateway (the IP of the next router). 4. Define the DNS name-server-list and the IP address of the DNS server. Note: Note: Alternatively, you can use DHCP Client or PPPoE to dynamically learn the DNS server’s IP address. Use the ip dhcp client request command when using DHCP client, or use the ppp ipcp dns request command when using PPPoE. 5. Define the ISAKMP policy, using the crypto isakmp policy command. 6. Define the remote peer with FQDN, using the crypto isakmp peer address command, including: ● the pre-shared key ● the ISAKMP policy 7. Define the IPSEC transform-set, using the crypto ipsec transform-set command. 8. Define the crypto map, using the crypto map command. 9. Define the crypto list as follows: ● Set the local address to the public interface name (for example, FastEthernet 10/2.0) ● For each private interface, define an ip-rule using the following format: ● source-ip . For example, 10.10.10.0 0.0.0.255 ● destination-ip any ● protect crypto map 1 10. Define the ingress access control list (ACL) to protect the device from Incoming traffic from the public interface, as follows: ● Permit DNS traffic to allow clear (unencrypted) DNS traffic ● Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE) ● Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC) ● Permit ICMP traffic, to support PMTU application support, for a better fragmentation process 568 Administration for the Avaya G450 Media Gateway Typical installations ● For each private subnet, add a permit rule, with the destination being the private subnet and the source being any. This traffic will be allowed only if it tunnels under the VPN, because of the crypto list. ● Define all other traffic (default rule) as deny in order to protect the device from non-secure traffic 11. Define the egress access control list to protect the device from sending traffic that is not allowed to the public interface (optional): ● Permit DNS traffic to allow clear (unencrypted) DNS traffic ● Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE) ● Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC) ● Permit ICMP traffic, to support PMTU application support, for a better fragmentation process ● For each private subnet, add a permit rule, with the source being the private subnet, and the destination being any ● Define all other traffic (default rule) as deny in order to protect the device from sending non-secure traffic 12. Activate the crypto list, the ingress access control list, and the egress access control list, on the public interface. Issue 1 January 2008 569 Configuring IPSec VPN Configuration example ! ! Define the Private Subnet1 ! interface vlan 1 description "Branch Subnet1" ip address 10.0.10.1 255.255.255.0 icc-vlan pmi exit ! ! Define the Private Subnet2 ! interface vlan 2 description "Branch Subnet2" ip address 10.0.20.1 255.255.255.0 exit ! ! Define the Public Subnet ! interface fastethernet 10/2 ip address 100.0.0.2 255.255.255.0 exit ! ! Define the default gateway to be on the public subnet ! ip default-gateway 100.0.0.1 ! ! Define the DNS name server ! that is accessible without VPN. ! ip domain name-server-list 1 name-server 1 123.124.125.126 exit ! ! Define the IKE Entity ! crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit 570 Administration for the Avaya G450 Media Gateway Typical installations ! ! Define the remote peer as FQDN (DNS Name) ! crypto isakmp peer fqdn main-vpn.avaya.com pre-shared-key isakmp-policy 1 exit ! ! Define the IPSEC Entity ! crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit ! ! Define the VPN Tunnel ! crypto map 1 set peer main-vpn.avaya.com set transform-set ts1 exit ! ! Define the crypto list for the public interface ! ip crypto-list 901 local-address "Fast Ethernet 10/2.0" ! ! ip-rule 5 allows un-encrypted traffic for DNS ! ip-rule 5 source-ip any destination-ip 123.124.125.126 no protect exit ip-rule 10 source-ip 10.0.10.0 0.0.0.255 destination-ip any protect crypto map 1 exit ip-rule 20 source-ip 10.0.20.0 0.0.0.255 destination-ip any protect crypto map 1 exit exit Issue 1 January 2008 571 Configuring IPSec VPN ! ! Define the Ingress access control list for the public interface ! ip access-control-list 301 ip-rule 5 source-ip any destination-ip any ip-protocol udp udp destination-port eq Dns composite-operation Permit exit ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip any destination-ip 10.0.10.0 0.0.0.255 composite-operation Permit exit ip-rule 50 source-ip any destination-ip 10.0.20.0 0.0.0.255 composite-operation Permit exit 572 Administration for the Avaya G450 Media Gateway Typical installations ip-rule default composite-operation deny exit exit ! ! Define the Egress access control list for the public interface ! ip access-control-list 302 ip-rule 5 source-ip any destination-ip any ip-protocol udp udp destination-port eq dns composite-operation Permit exit ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip 10.0.10.0 0.0.0.255 destination-ip any composite-operation Permit exit Issue 1 January 2008 573 Configuring IPSec VPN ip-rule 50 source-ip 10.0.20.0 0.0.0.255 destination-ip any composite-operation Permit exit ip-rule default composite-operation deny exit exit ! ! Activate the crypto list and the access control list on the public interface ! interface fastethernet 10/2 ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit 574 Administration for the Avaya G450 Media Gateway Typical installations Failover using a peer-group The failover VPN topology utilizes a peer-group which lists a group of redundant peers. At any point in time, only one peer is active and acting as the remote peer. An object tracker monitors the state of the active peer. If the active peer is presumed dead, the next peer in the peer-group becomes the active remote peer. For more information on object trackers, see Object tracking on page 298. Figure 50: Failover VPN topology using a peer-group Issue 1 January 2008 575 Configuring IPSec VPN Configuring the failover VPN topology using a peer-group 1. Define the private VLAN1 and VLAN2 interfaces (IP address and mask), and define one of them as the PMI and ICC-VLAN. 2. Define the public FastEthernet 10/2 interface (IP address and mask). 3. Define the default gateway (the IP address of the next router). 4. Define the object tracking configuration, and define when an object tracker is considered down, as follows: Define a track list that will monitor (by ICMP) five hosts behind the specific peer. If two or more hosts are not working then the object tracker is down. The G450 will then pass on to the next peer in the peer group list. 5. Define the ISAKMP policy, using the crypto isakmp policy command. 6. Define the 3 remote peers, using the crypto isakmp peer address command, and specify for each one: ● the pre-shared key ● the ISAKMP policy ● keepalive track. This track is the object tracker that checks if the peer is still alive. If an active peer is considered dead, the next peer in the peer group becomes the active peer. 7. Define a peer group that include all three remote peers, using the crypto isakmp peer-group command. 8. Define the IPSEC transform-set, using the crypto ipsec transform-set command. 9. Define the Crypto map entity, using the crypto map command. 10. Define the crypto list as follows: ● Set the local address to the public interface name (for example, FastEthernet 10/2.0). ● For each private interface, define an ip-rule using the following format: ● source-ip . For example, 10.10.10.0 0.0.0.255 ● destination-ip any ● protect crypto map 1 11. Define the ingress access control list to protect the device from incoming traffic from the public interface, as follows: ● Note: Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE) Note: If you are using NAT Traversal, you must also open UDP port 4500 and 2070. ● Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC) 576 Administration for the Avaya G450 Media Gateway Typical installations ● Permit ICMP traffic, to support PMTU application support, for a better fragmentation process ● For each private subnet, add a permit rule, with the destination being the private subnet, and the source being any. This traffic will be allowed only if it tunnels under the VPN, because of the crypto list. ● Define all other traffic (default rule) as deny in order to protect the device from non-secure traffic 12. Optionally, define the egress access control list to protect the device from sending traffic that is not allowed to the public interface: ● Note: Permit IKE Traffic (UDP port 500) for VPN control traffic (IKE) Note: If you are using NAT Traversal, you also need to open UDP port 4500 and 2070. ● Permit ESP traffic (IP Protocol ESP) for VPN data traffic (IPSEC) ● Permit ICMP traffic, to support the PMTU application, for a better fragmentation process ● For each private subnet add a permit rule, with the source being the private subnet, and the destination being any ● Define all other traffic (default rule) as deny in order to protect the device from sending non-secure traffic 13. Activate the crypto list, the ingress access control list, and the egress access control list, on the public interface. Issue 1 January 2008 577 Configuring IPSec VPN Configuration example ! ! Define the Private Subnet1 ! interface vlan 1 description "Branch Subnet1" ip address 10.0.10.1 255.255.255.0 icc-vlan pmi exit ! ! Define the Private Subnet2 ! interface vlan 2 description "Branch Subnet2" ip address 10.0.20.1 255.255.255.0 exit ! ! Define the Public Subnet ! interface fastethernet 10/2 ip address 100.0.0.2 255.255.255.0 exit ! ! Define the default gateway the public interfce ! ip default-gateway 100.0.0.1 578 Administration for the Avaya G450 Media Gateway Typical installations ! ! We wish to check 5 hosts in the Corporate intranet behind the current VPN ! remote peer, and if 2 or more hosts don’t work then keepalive-track will fail , ! and we will move to the next peer in the peer-group ! rtr 1 type echo protocol ipIcmpEcho exit rtr-schedule 1 start-time now life forever rtr 2 type echo protocol ipIcmpEcho exit rtr-schedule 2 start-time now life forever rtr 3 type echo protocol ipIcmpEcho exit rtr-schedule 3 start-time now life forever rtr 4 type echo protocol ipIcmpEcho exit rtr-schedule 4 start-time now life forever rtr 5 type echo protocol ipIcmpEcho exit rtr-schedule 5 start-time now life forever track 11 rtr 1 exit track 12 rtr 2 exit track 13 rtr 3 exit track 14 rtr 4 exit track 15 rtr 5 exit track 1 list threshold count threshold count up 5 down 3 object 11 object 12 object 13 object 14 object 15 exit ! ! Define the IKE Entity ! crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit Issue 1 January 2008 579 Configuring IPSec VPN ! Define the remote peers (3 main offices) ! crypto isakmp peer address pre-shared-key isakmp-policy 1 keepalive-track 1 exit crypto isakmp peer address pre-shared-key isakmp-policy 1 keepalive-track 1 exit crypto isakmp peer address pre-shared-key isakmp-policy 1 keepalive-track 1 exit crypto isakmp peer-group main-hubs set peer set peer set peer exit ! ! Define the IPSEC Entity ! crypto ipsec transform-set ts1 esp-3des esp-sha-hmac exit ! ! Define the VPN Tunnel ! crypto map 1 set peer-group main-hubs set transform-set ts1 exit ! Define the crypto list for the public interface ! ip crypto-list 901 local-address "Fast Ethernet 10/2.0" ip-rule 10 source-ip 10.0.10.0 0.0.0.255 destination-ip any protect crypto map 1 exit ip-rule 20 source-ip 10.0.20.0 0.0.0.255 destination-ip any protect crypto map 1 exit exit 580 Administration for the Avaya G450 Media Gateway Typical installations ! ! Define the Ingress access control list for the public interface ! ip access-control-list 301 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip any destination-ip 10.0.10.0 0.0.0.255 composite-operation Permit exit ip-rule 50 source-ip any destination-ip 10.0.20.0 0.0.0.255 composite-operation Permit exit ip-rule default composite-operation deny exit exit Issue 1 January 2008 581 Configuring IPSec VPN ! Define the Egress access control list for the public interface ! ip access-control-list 302 ip-rule 10 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike composite-operation Permit exit ip-rule 11 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t composite-operation permit exit ip-rule 12 source-ip any destination-ip any ip-protocol udp udp destination-port eq Ike-nat-t-vsu composite-operation permit exit ip-rule 20 source-ip any destination-ip any ip-protocol esp composite-operation Permit exit ip-rule 30 source-ip any destination-ip any ip-protocol icmp composite-operation Permit exit ip-rule 40 source-ip 10.0.10.0 0.0.0.255 destination-ip any composite-operation Permit exit ip-rule 50 source-ip 10.0.20.0 0.0.0.255 destination-ip any composite-operation Permit exit ip-rule default composite-operation deny exit exit 582 Administration for the Avaya G450 Media Gateway Checklist for configuring site-to-site IPSec VPN ! ! Activate the crypto list and the access control list on the public interface ! interface fastethernet 10/2 ip crypto-group 901 ip access-group 301 in ip access-group 302 out exit Checklist for configuring site-to-site IPSec VPN Use Table 134 to gather the information for simple G450 site-to-site IPSec VPN. Table 134: Checklist for configuring site-to-site IPSec VPN Parameter Possible values 1. VPN License You require the serial number to obtain the VPN license 2. Type of connection to the ISP ● ● 3. VPN Interface ● ● Actual value ADSL Cable Modem FastEthernet10/2 Serial port X/Y 4. VPN Local IP Address ● Type ● ● Static - If static, provide: IP Address Mask Next-hop Router Dynamic (DHCP/PPPoE) 5. Coordinating with the VPN Remote peer a.) VPN IKE (Control) Phase 1 Parameters - Encryption ● ● ● ● ● des 3des aes aes-192 aes-256 1 of 3 Issue 1 January 2008 583 Configuring IPSec VPN Table 134: Checklist for configuring site-to-site IPSec VPN (continued) Parameter - Authentication Hash Possible values ● ● - DH Group ● ● ● ● - Lifetime seconds ● Actual value sha md5 1 2 5 14 60 to 86,400 default: 86,400 (1 day) b.) VPN IPSEC (Data) Phase 2 Parameters - Encryption ● ● ● ● ● - Authentication Hash ● ● - IP compression ● ● - PFS Group ● ● ● ● ● esp-des esp-3des esp-aes esp-aes-192 esp-aes-256 esp-sha-hmac esp-md5-hmac enable (comp-lzs) disable no pfs (default) 1 2 5 14 - Lifetime seconds ● 120 to 86,400 default: 3,600 (1 hour) - Lifetime kilobytes ● 2,560 to 536,870,912 default: 4,608,000 kb disable ● 6. Which packets should be secured a. Protect rules matching options ● ● IP source address IP destination address 2 of 3 584 Administration for the Avaya G450 Media Gateway Checklist for configuring site-to-site IPSec VPN Table 134: Checklist for configuring site-to-site IPSec VPN (continued) Parameter b. Bypass rules matching options Possible values ● ● ● ● ● ● ● ● Actual value IP source address IP destination address udp tcp dscp fragment icmp IP protocol 7. The remote peer (crypto isakmp peer) parameters a. Remote peer ● ● b. Pre-shared key IP address FQDN (dns name) ● 1 to 127 alphanumerical characters. 1 to 64 bytes in hexadecimal notation ● If the branch IP is an initiator, set initiate mode to none (device is a responder) If the branch IP is a responder, set initiate mode to aggressive (device is an initiator) Set self identity to identify the device in the remote peer 8. If the branch IP is dynamic ● ● 3 of 3 Issue 1 January 2008 585 Configuring IPSec VPN Summary of VPN commands For more information about these commands, see Avaya G450 CLI Reference, 03-300437. Table 135: VPN CLI commands Root level command First level command Second level command Description clear crypto isakmp Flush a specific ISAKMP SA or all the ISAKMP SAs clear crypto sa Clear all or specific IPSec SAs clear crypto sa counters Clear the crypto SA counters crypto ipsec nat-transparency udp-encapsulation Re-enable NAT Traversal if it was disabled crypto ipsec transform-set Enter the IKE phase 2 (IPSec) transform-set context and create or edit IPSec parameters for the VPN tunnel mode Set security-association lifetime set pfs Specify whether each IKE phase 2 negotiation will employ PFS and, if yes, which Diffie-Hellman group to employ set securityassociation lifetime Set the IKE phase 2 (IPSec) SA lifetime crypto isakmp invalid-spirecovery Enable invalid SPI recovery (default setting) crypto isakmp nat keepalive Re-enable NAT Traversal keepalive if it was disabled, and configure the keepalive interval. This command keeps the NAT devices tables updated. crypto isakmp peer Enter the crypto ISAKMP peer context and create or edit an ISAKMP peer 1 of 5 586 Administration for the Avaya G450 Media Gateway Summary of VPN commands Table 135: VPN CLI commands (continued) Root level command First level command Second level command Description continuouschannel Enable continuous-channel IKE, which keeps the IKE phase1 session always up and running, even if there is no traffic description Enter a description for the ISAKMP peer initiate mode Specify which IKE Phase-1 mode to use when communicating with the peer: aggressive or none isakmppolicy Set the ISAKMP policy for the ISAKMP peer keepalive Enable DPD keepalives that check whether the remote peer is up keepalivetrack Bind an object tracker to a remote VPN peer or to an interface, to check whether the remote peer or the interface is up pre-sharedkey Configure the IKE pre-shared key selfidentity Set the identity of this device suggest-key Generate a random string which you can use as a pre-shared key for IKE. You must use the same key on both peers. Enter the crypto ISAKMP peer-group context and create or edit an ISAKMP peer group crypto isakmp peer-group description Enter a description for the ISAKMP peer group set peer Add a peer to the peer-group Enter the crypto ISAKMP policy context and create or edit IKE Phase 1 parameters crypto isakmp policy authentication Set the authentication of ISAKMP policy to pre-shared secret 2 of 5 Issue 1 January 2008 587 Configuring IPSec VPN Table 135: VPN CLI commands (continued) Root level command First level command Second level command Description description Enter a description for the ISAKMP policy encryption Set the encryption algorithm for an ISAKMP policy group Set the Diffie-Hellman group for an ISAKMP policy hash Set the hash method for an ISAKMP policy lifetime Set the lifetime of the ISAKMP SA in seconds crypto isakmp suggest-key Generate a random string which you can use as a pre-shared key for IKE. You must use the same key on both peers. crypto map Enter crypto map context and create or edit a crypto map continuouschannel In a crypto ISAKMP peer context, enable continuous-channel IKE, which keeps the IKE phase1 session always up and running, even if there is no traffic description Enter a description for the crypto map set dscp Set the DSCP value in the tunneled packet set peer Attach a peer to a crypto map set peer-group Attach a peer-group to a crypto map set transform-set Configure the transform-set interface (fastethernet| dialer|serial| vlan) Enter the FastEthernet, Dialer, Serial, or VLAN interface context 3 of 5 588 Administration for the Avaya G450 Media Gateway Summary of VPN commands Table 135: VPN CLI commands (continued) Root level command First level command Second level command Description crypto ipsec df-bit Set the Don’t-Fragment bit to clear mode or copy mode crypto ipsec minimal-pmtu Set the minimal PMTU value that can be applied to an SA when the G450 participates in PMTUD for the tunnel pertaining to that SA ip crypto-group Activate a crypto list in the context of the interface on which the crypto list is activated Enter crypto list context and create or edit a crypto list ip crypto-list Enter ip-rule context and create or modify a specific rule ip-rule local-address description Enter a description for the ip-rule in the ip crypto list destinationip Specify the destination IP address of packets to which the current rule applies protect crypto map Protect traffic that matches this rule by applying the IPSec processing configured by the specific crypto map source-ip Indicate that the current rule applies to packets from the specified source IP address Set the local IP address for the IPSec tunnels derived from this crypto list show crypto ipsec sa Display the IPSec SA database and related runtime, statistical, and configuration information show crypto ipsec transform-set Display the configuration for the specified transform-set or all transform-sets show crypto isakmp peer Display crypto ISAKMP peer configuration 4 of 5 Issue 1 January 2008 589 Configuring IPSec VPN Table 135: VPN CLI commands (continued) Root level command First level command Second level command Description show crypto isakmp peer-group Display crypto ISAKMP peer-group configuration show crypto isakmp policy Display ISAKMP policy configuration show crypto isakmp sa Display the ISAKMP SA database status show crypto map Display all or specific crypto map configurations show ip active-lists Display information about a specific policy list or all lists show ip crypto-list Display all or specific crypto list configurations 5 of 5 590 Administration for the Avaya G450 Media Gateway Chapter 20: Configuring policy Policy lists enable you to control the ingress and egress of traffic to a router or port. You can use policies to manage security, determine packet priority through an interface, implement quality of service, or determine routing for a specific application or user. Each policy list consists of a set of rules determining the behavior of a packet entering or leaving the interface on which the list is applied. Types of policy lists There are various policy lists on the G450, including access control lists, QoS lists, and Policy based routing. Access control lists Access lists have the following parts: ● Global rules. A set of rules that are executed before the list is evaluated ● Rule list. A list of filtering rules and actions for the G450 to take when a packet matches the rule. Match actions on this list are pointers to the composite operation table. ● Actions (composite operation table). A table that describes actions to be performed when a packet matches a rule. The table includes pre-defined actions, such as permit and deny. You can configure more complex rules. See Composite operations on page 605. Access control list rule specifications You can use access control lists to control which packets are authorized to pass through an interface. When a packet matches a rule on the access control list, the rule specifies whether the G450: ● Accepts the packet or drops the packet ● Sends an ICMP error reply if it drops the packet ● Sends an SNMP trap if it drops the packet Issue 1 January 2008 591 Configuring policy Network security using access control lists The primary use of access control lists is to act as a component of network security. You can use access control lists to determine which applications, networks, and users can access hosts on your network. Also, you can restrict internal users from accessing specific sites or applications outside the network. Access control lists can be based on permitting or denying specific values or groups of IP addresses, protocols, ports, IP fragments, or DSCP values. Figure 51 illustrates how access control lists are used to control traffic into and out of your network. Figure 51: Network security using access control lists 592 Administration for the Avaya G450 Media Gateway Types of policy lists QoS lists You can use QoS lists to change the DSCP and Ethernet IEEE 802.1p CoS fields in packets. Changing these fields adjusts the priority of packets meeting the criteria of the QoS list. DSCP values are mapped to a CoS value. Rules can be created determining the priority behavior of either individual DSCP values or CoS values, and can be based on specific values or groups of IP addresses, protocols, ports, IP fragments, or DSCP values. When a packet matches a rule on the QoS list, the G450 sets one or both of the QoS fields in the packet. The following table shows these QoS fields: Table 136: QoS fields Layer QoS field Allowed values 2 802.1p 0–7 3 DSCP 0–63 Each QoS list also includes a DSCP table. The DSCP table enables you to set one or both of the QoS fields in a packet, based on the previous value of the DSCP field in the packet. QoS lists have the following parts: ● Rule list. A list of filtering rules and actions for the G450 to take when a packet matches the rule. Match actions on this list are pointers to the composite operation table. ● Actions (composite operation table). A table that describes actions to be performed when a packet matches a rule. The table includes pre-defined actions, such as permit and deny. You can configure more complex rules. Refer to Composite operations on page 605. ● DSCP map. A table that contains DSCP code points and match action pairs. Match actions are pointers to the composite operation table. Refer to DSCP table on page 608. Policy-based routing You can use policy-based routing to determine the routing path a packet takes based on the type of packet, or the packet’s source or destination IP addresses, or its DSCP field. This enables you to route different types of traffic over different routes or interfaces. For example, you use policy-based routing to route voice traffic over a WAN interface and data traffic over the Internet. Policy-based routing is implemented by means of policy-based routing (PBR) lists. PBR lists are similar in many respects to access control lists and QoS lists. However, since there are also some key differences, policy-based routing is explained in a separate chapter. Refer to Configuring policy-based routing on page 619. Issue 1 January 2008 593 Configuring policy Managing policy lists You can manage policy lists on the Avaya G450 Media Gateway with CLI commands. You can also manage policy lists throughout your network with Avaya QoS Manager. Avaya QoS Manager is part of Avaya Integrated Management. Figure 52 illustrates the operation of policy lists on the Avaya G450 Media Gateway: Figure 52: Policy lists Defining policy lists You can create and edit policy lists, and define the list identification attributes. You can also delete an unnecessary policy list. Creating and editing a policy list To create or edit a policy list, you must enter the context of the list. If the list already exists, you can edit the list from the list context. If the list does not exist, entering the list context creates the list. To create or edit an access control list, enter ip access-control-list followed by a list number in the range 300-399. The G450 includes one pre-configured access control list. The pre-configured access control list is list number 300. For example, to create access control list 301, enter the following command: ip access-control-list 301 594 Administration for the Avaya G450 Media Gateway Defining policy lists To create or edit a QoS list, enter ip qos-list followed by a list number in the range 400-499. The G450 includes one pre-configured QoS list. The pre-configured QoS list is list number 400. For example, to create a new QoS list 401, enter the following command: ip qos-list 401 You can create a new policy list based on an existing list by using the ip policy-list-copy command, followed by the name of the list from which you want to copy. The source and destination lists must be of the same type. For example, you cannot copy an access control list to a QoS list. The following example creates a new access control list, number 340, based on access control list 330. You can then enter the context of access control list 340 to modify it. G450-001(super)# ip policy-list-copy 330 340 Done! Once you have entered the list context, you can perform the following actions: ● Configure rules. See Defining rules on page 599 ● Configure composite operations. See Composite operations on page 605 ● Configure DSCP mapping (QoS lists only). See DSCP table on page 608 Defining list identification attributes The policy list attributes including name, owner, and cookie, are used by Avaya QoS Manager software to identify policy lists. 1. Enter the context of the policy list in which you want to define the attribute. 2. Enter one of the following commands, followed by a text string or integer: - name. Defines a list name (text string). The default value is owner. - owner. Defines a list owner (text string). The default value is list#. - cookie. Defines a list cookie (integer). The Avaya QoS Manager uses the cookie attribute internally. Normally, you should not change this attribute. To set a policy list attribute to its default setting, use the no form of the appropriate command. For example, to set a list to its default name, use the command no name. To view the attributes, use the show list command in the context of the list. Issue 1 January 2008 595 Configuring policy Default actions When no rule matches a packet, the G450 applies the default action for the list. The following table shows the default action for each type of policy list: List Default action Access control list Accept all packets QoS list No change to the priority or DSCP Deleting a policy list To delete an access control list, enter no ip access-control-list followed by the number of the list you want to delete. To delete a QoS list, enter no ip qos-list followed by the number of the list you want to delete. Attaching policy lists to an interface Attached to each interface on the Avaya G450 Media Gateway are policy lists, including the ingress access control list, ingress QoS list, egress access control list, and egress QoS list. Note: Note: You can also attach PBR lists to certain interfaces, but PBR lists are not attached to any interface by default. Packets entering the interface When a packet enters the G450 through an interface, the G450 applies the policy lists in the following order: 1. Apply the ingress access control list. 2. If the ingress access control list does not drop the packet: a. Apply the ingress QoS list. b. Apply the PBR list (if any). The packet enters the G450 through the interface. 596 Administration for the Avaya G450 Media Gateway Attaching policy lists to an interface Packets exiting the interface When a packet exits the G450 through an interface, the G450 applies the policy lists in the following order: 1. Apply the egress access control list. 2. If the egress access control list does not drop the packet, apply the egress QoS list. The packet exits the G450 through the interface. Figure 53 illustrates the order in which the G450 applies policy lists to packets. Figure 53: Applying Policy Lists to Packets You can configure which policy lists are attached to each interface. You can choose the ingress access control list and the egress access control list from among the access control lists that are configured on the G450. You can choose the ingress QoS list and the egress QoS list from among the QoS lists that are configured on the G450. To attach an access control list to an interface as its ingress access control list, enter the interface context and enter ip access-group list number in. To attach an access control list to an interface as its egress access control list, enter the interface context and enter ip access-group list number out. To attach a QoS list to an interface as its ingress QoS list, enter the interface context and enter ip qos-group list number in. To attach an access control list to an interface as its egress QoS list, enter the interface context and enter ip qos-group list number out. For example, the following sequence of commands attach policy lists to the VLAN 2 interface. Access control list 301 becomes the ingress access control list for VLAN 2. QoS list 401 becomes the egress QoS list for VLAN 2. G450-001# interface vlan 2 G450-001(if:VLAN 2)# ip access-group 301 in Done! G450-001(if:VLAN 2)# ip qos-group 401 out Done! Issue 1 January 2008 597 Configuring policy To remove a list from an interface, use the no form of the appropriate command. For example, if the ingress access control list for the VLAN 1 interface is list number 302, you can remove the list from the interface by entering the following commands: G450-001(super)# interface vlan 1 G450-001(super-if:VLAN 1)# no ip access-group in Done! Note: You cannot change or delete a default list. You cannot change or delete any list when it is attached to an interface. In order to change or delete a list that is attached to an interface, you must first remove the list from the interface. You can then change or delete the list. After changing the list, you can reattach the list to the interface. Note: Device-wide policy lists You can attach a policy list (other than a policy-based routing list) to every interface on the G450 using one command. To do this, attach a list to the Loopback 1 interface. For more information, see Attaching policy lists to an interface on page 596. Note: If you attach a policy list to a Loopback interface other than Loopback 1, the policy list has no effect. Note: When you attach a policy list to the Loopback 1 interface, thereby creating a device-wide policy list, and you also attach policy lists to specific interfaces, the G450 applies the lists in the following order: ● Incoming packets: a. Apply the ingress policy lists that are attached to the interface b. Apply the device-wide ingress policy lists ● Outgoing packets: a. Apply the device-wide egress policy lists b. Apply the egress policy lists that are attached to the interface 598 Administration for the Avaya G450 Media Gateway Defining global rules Defining global rules In an access control list, you can define global rules for packets that contain IP fragments and IP options. These rules apply to all packets. This is in contrast to individual rules, which apply to packets that match certain defined criteria. See Defining rules on page 599. The G450 applies global rules before applying individual rules. 1. Enter the context of the access control list in which you want to define the rule. 2. Enter one of the following commands, followed by the name of a composite command: - ip-fragments-in. Applies to incoming packets that contain IP fragments - ip-option-in. Applies to incoming packets that contain IP options The composite command can be any command defined in the composite operation list. These commands are case-sensitive. To view the composite operation list for the access control list you are working with, use the command show composite-operation in the context of the access control list. The following example defines a rule in access control list 301 that denies access to all incoming packets that contain IP fragments: G450-001(super)# ip access-control-list 301 G450-001(super/ACL 301)# ip-fragments-in Deny Done! Defining rules You can configure policy rules to match packets based on one or more of the following criteria: ● Source IP address, or a range of addresses ● Destination IP address, or a range of addresses ● IP protocol, such as TCP, UDP, ICMP, or IGMP ● Source TCP or UDP port or a range of ports ● Destination TCP or UDP port or a range of ports ● ICMP type and code ● Fragment ● DSCP Issue 1 January 2008 599 Configuring policy Use IP wildcards to specify a range of source or destination IP addresses. The zero bits in the wildcard correspond to bits in the IP address that remain fixed. The one bits in the wildcard correspond to bits in the IP address that can vary. Note that this is the opposite of how bits are used in a subnet mask. For access control lists, you can require the packet to be part of an established TCP session. If the packet is a request for a new TCP session, the packet does not match the rule. You can also specify whether an access control list accepts packets that have an IP option field. Editing and creating rules To create or edit a policy rule, you must enter the context of the rule. If the rule already exists, you can edit the rule from the rule context. If the rule does not exist, entering the rule context creates the rule. 1. Enter the context of the list in which you want to create or edit a rule. 2. Enter ip-rule followed by the number of the rule you want to create or edit. For example, to create rule 1, enter ip-rule 1. You can use the description command in the rule context to add a description of the rule. This description is used in the AccessViolation Policy trap to identify and describe the IP rule in which the trap was caused. To view the existing rules in a list, enter the list’s context and then enter ip show-rule. Each list starts with a default rule. Each new rule has the same default parameters as the default rule. The default rule appears as follows: G450-001(super-ACL 301)# show ip-rule Index Protocol IP Wildcard Port DSCP ----- -------- --- ---------------- --------------- -----------Deflt Any Src Any Any Any Dst Any Any Operation Fragment rule -------------Permit No This rule permits all packets. Policy lists rule criteria Rules work in the following ways, depending on the type of list and the type of information in the packet: ● Layer 4 rules in an access control list with a Permit operation are applied to non-initial fragments 600 Administration for the Avaya G450 Media Gateway Defining rules ● Layer 4 rules in an access control list with a Deny operation are not applied to non-initial fragments, and the device continues checking the next IP rule. This is to prevent cases in which fragments that belong to other L4 sessions may be blocked by the other L4 session which is blocked. ● Layer 3 rules apply to non-initial fragments ● Layer 3 rules that include the fragment criteria do not apply to initial fragments or non-fragment packets ● Layer 3 rules that do not include the fragment criteria apply to initial fragments and non-fragment packets ● Layer 4 rules apply to initial fragments and non-fragment packets ● Layer 3 and Layer 4 rules in QoS and policy-based routing lists apply to non-initial fragments IP protocol To specify the IP protocol to which the rule applies, enter ip-protocol followed by the name of an IP protocol. If you want the rule to apply to all protocols, use any with the command. If you want the rule to apply to all protocols except for one, use the no form of the command, followed by the name of the protocol to which you do not want the rule to apply. For example, the following command specifies the UDP protocol for rule 1 in QoS list 401: G450-001(QoS 401/rule 1)# ip-protocol udp The following command specifies any IP protocol except IGMP for rule 3 in access control list 302: G450-001(ACL 302/ip rule 3)# no ip-protocol igmp Source and destination IP address To specify a range of source and destination IP addresses to which the rule applies, use the commands source-ip and destination-ip, followed by the IP range criteria. The IP range criteria can be one of the following: ● A range. Type two IP addresses to set a range of IP addresses to which the rule applies ● A single address. Type host, followed by an IP address, to set a single IP address to which the rule applies ● A wildcard. Type host, followed by an IP address using wildcards, to set a range of IP addresses to which the rule applies ● All addresses. Type any to apply the rule to all IP addresses Use the no form of the appropriate command to specify that the rule does not apply to the IP address or addresses defined by the command. Issue 1 January 2008 601 Configuring policy For example, the following command specifies a source IP address of 10.10.10.20 for rule 1 in access control list 301: G450-001(ACL 301/ip rule 1)# source-ip host 10.10.10.20 The following command allows any destination IP address for rule 3 in QoS list 404: G450-001(QoS 404/rule 3)# destination-ip any The following command specifies a source IP address in the range 10.10.0.0 through 10.10.255.255 for rule 1 in access control list 301: G450-001(ACL 301/ip rule 1)# source-ip 10.10.0.0 0.0.255.255 The following command specifies a source IP address outside the range 64.236.24.0 through 64.236.24.255 for rule 7 in access control list 308: G450-001(ACL 308/ip rule 7)# no source-ip 64.236.24.0 0.0.0.255 The following command specifies a source IP address in the range 64..24. for rule 6 in access control list 350: G450-001(ACL 350/ip rule 6)# source-ip 64.*.24.* Source and destination port range To specify a range of source and destination ports to which the rule applies, use the following commands, followed by either port name or port number range criteria: ● tcp source-port. The rule applies to TCP packets from ports that match the defined criteria ● tcp destination-port. The rule applies to TCP packets to ports that match the defined criteria ● udp source-port. The rule applies to UDP packets from ports that match the defined criteria ● udp destination-port. The rule applies to UDP packets to ports that match the defined criteria This command also sets the IP protocol parameter to TCP or UDP. Port name or number range criteria ● A range. Type range, followed by two port numbers, to set a range of port numbers to which the rule applies ● Equal. Type eq, followed by a port name or number, to set a port name or port number to which the rule applies 602 Administration for the Avaya G450 Media Gateway Defining rules ● Greater than. Type gt, followed by a port name or port number, to apply the rule to all ports with a name or number greater than the specified name or number ● Less than. Type lt, followed by a port name or port number, to apply the rule to all ports with a name or number less than the specified name or number ● All. Type any to apply the rule to all port names and port numbers Use the no form of the appropriate command to specify that the rule does not apply to the ports defined by the command. For example, the following command specifies a source TCP port named telnet for rule 1 in access control list 301: G450-001(ACL 301/ip rule 1)# tcp source-port eq telnet The following command specifies any destination UDP port less than 1024 for rule 3 in QoS list 404: G450-001(QoS 404/rule 3)# udp destination-port lt 1024 The following command specifies any destination TCP port in the range 5000 through 5010 for rule 1 in access control list 301: G450-001(ACL 301/ip rule 1)# tcp destination-port range 5000 5010 The following command specifies any source TCP port except a port named http for rule 7 in access control list 304: G450-001(ACL 304/ip rule 7)# no tcp source-port eq http ICMP type and code To apply the rule to a specific type of ICMP packet, use the icmp command. This command sets the IP protocol parameter to ICMP, and specifies an ICMP type and code to which the rule applies. You can specify the ICMP type and code by integer or text string, as shown in the examples below. To apply the rule to all ICMP packets except the specified type and code, use the no form of this command. For example, the following command specifies an ICMP echo reply packet for rule 1 in QoS list 401: G450-001(QoS 401/rule 1)# icmp Echo-Reply The following command specifies any ICMP packet except type 1 code 2 for rule 5 in access control list 321: G450-001(ACL 321/ip rule 5)# no icmp 1 2 Issue 1 January 2008 603 Configuring policy TCP establish bit (access control lists only) In access control lists, you can use the tcp established command to specify that the rule only applies to packets that are part of an established TCP session (a session in with the TCP ACK or RST flag is set). Use the no form of this command to specify that the rule applies to all TCP packets. In either case, the command also sets the IP protocol parameter to TCP. For example, the following command specifies that rule 6 in access control list 301 only matches packets that are part of an established TCP session: G450-001(ACL 301/ip rule 6)# tcp established Fragments Enter fragment to apply the rule to non-initial fragments. You cannot use the fragment command in a rule that includes UDP or TCP source or destination ports. G450-001(super-ACL 301/ip rule 5)# fragment Done! G450-001(super-ACL 301/ip rule 5)# DSCP Enter dscp, followed by a DSCP value (from 0 to 63), to apply the rule to all packets with the specified DSCP value. Use the no form of the command to remove the rule from the list. For example, the following command specifies that rule 5 in access control list 301 only matches packets in which the DSCP value is set to 56: G450-001(ACL 301/ip rule 5)# dscp 56 Composite Operation For instructions on assigning a composite operation to an ip rule, see Adding composite operation to an ip rule on page 607. 604 Administration for the Avaya G450 Media Gateway Composite operations Composite operations A composite operation is a set of operations that the G450 can perform when a rule matches a packet. Every rule in a policy list has an operation field that specifies a composite operation. The operation field determines how the G450 handles a packet when the rule matches the packet. There are different composite operations for access control list rules and QoS list rules. For each type of list, the G450 includes a pre-configured list of composite operations. You cannot change or delete pre-configured composite operations. You can define additional composite operations. Pre-configured composite operations for access control lists Table 137 lists the pre-configured entries in the composite operation table for rules in an access control list: Table 137: Pre-configured access control list composite operations No Name Access Notify Reset Connection 0 Permit forward no trap no reset 1 Deny deny no trap no reset 2 Deny-Notify deny trap all no reset 3 Deny-Rst deny no trap reset 4 Deny-Notify-Rst deny trap all reset Each column represents the following: ● No. A number identifying the operation ● Name. A name identifying the operation. Use this name to attach the operation to a rule. ● Access. Determines whether the operation forwards (forward) or drops (deny) the packet ● Notify. Determines whether the operation causes the G450 to send a trap when it drops a packet ● Reset Connection. Determines whether the operation causes the G450 to reset the connection when it drops a packet Issue 1 January 2008 605 Configuring policy Pre-configured composite operations for QoS lists Table 138 lists the pre-configured entries in the composite operation table for rules in a QoS list: Table 138: Pre-configured QoS list composite operations No Name CoS DSCP Trust 0 CoS0 cos0 no change No 1 CoS1 cos1 no change No 2 CoS2 cos2 no change No 3 CoS3 cos3 no change No 4 CoS4 cos4 no change No 5 CoS5 cos5 no change No 6 CoS6 cos6 no change No 7 CoS7 cos7 no change No 9 No-Change no change no change No 10 Trust-DSCP - - DSCP 11 Trust-DSCP-CoS - - DSCP and CoS Each column represents the following: ● No. A number identifying the operation ● Name. A name identifying the operation. Use this name to attach the operation to a rule. ● CoS. The operation sets the Ethernet IEEE 802.1p CoS field in the packet to the value listed in this column ● DSCP. The operation sets the DSCP field in the packet to the value listed in this column ● Trust. Determines how to treat packets that have been tagged by the originator or other network devices. If the composite operation is set to Trust-DSCP, the packet’s CoS tag is set to 0 before the QoS list rules and DSCP map are executed. If the composite operation is set to CoSX, the DSCP map is ignored, but the QoS list rules are executed on the Ethernet IEEE 802.1p CoS field. (For example, the composite operation CoS3 changes the CoS field to 3.) If the composite operation is set to Trust-DSCP-CoS, the operation uses the greater of the CoS or the DSCP value. If the composite operation is set to No Change, the operation makes no change to the packet’s QoS tags. 606 Administration for the Avaya G450 Media Gateway Composite operations Configuring composite operations You can configure additional composite operations for QoS lists. You can also edit composite operations that you configured. You cannot edit pre-configured composite operations. Note: Note: You cannot configure additional composite operations for access control lists, since all possible composite operations are pre-configured. 1. Enter the context of a QoS list. 2. Enter composite-operation followed by an index number. The number must be 12 or higher, since numbers 1 through 11 are assigned to pre-configured lists. 3. Use one or more of the following commands to set the parameters of the composite operation: - dscp. Determines the value to which the rule resets the packet’s DSCP field. To ignore the DSCP field, use the argument no change, or enter no dscp. - cos. Determines the value to which the rule resets the packet’s CoS field. To ignore the CoS field, use the argument no change, or enter no cos. 4. Enter name, followed by a text string, to assign a name to the composite operation. You must assign a name to the composite operation, because when you attach the composite operation to a rule, you use the name, not the index number, to identify the composite operation. Adding composite operation to an ip rule You can add or delete composite operations to or from an IP rule by using the [no] composite-operation command, followed by the name of the composite operation you want to add or delete, in the context of the rule. See Composite operation example on page 608 for an example. Issue 1 January 2008 607 Configuring policy Composite operation example The following commands create a new composite operation called dscp5 and assign the new composite operation to rule 3 in QoS list 402. If the packet matches a rule, the G450 changes the value of the DSCP field in the packet to 5. G450-001# ip G450-001(QoS G450-001(QoS Done! G450-001(QoS Done! G450-001(QoS Done! G450-001(QoS G450-001(QoS G450-001(QoS Done! qos-list 402 402)# composite-operation 12 402/cot 12)# name dscp5 402/cot 12)# dscp 5 402/cot 12)# cos no-change 402/cot 12)# exit 402)# ip-rule 3 402/rule 3)# composite-operation dscp5 DSCP table DSCP is a standards-defined method for determining packet priority through an interface, either into or out of a router. There are three ways you can use the DSCP field: ● Classifier. Select a packet based on the contents of some portions of the packet header and apply behavioral policies based on service characteristic defined by the DSCP value ● Marker. Set the DSCP field based on the traffic profile, as determined by the defined rules ● Metering. Check compliance to traffic profile using filtering functions A DSCP value can be mapped to a Class of Service (CoS). Then, for a CoS, rules can be applied to determine priority behavior for packets meeting the criteria for the entire CoS. Multiple DSCP values can be mapped to a single CoS. Rules can also be applied to individual DSCP values. The default value of DSCP in a packet is 0, which is defined as “best-effort.” You can determine a higher priority for a traffic type by changing the DSCP value of the packet using a QoS rule or composite operation. Each QoS list includes a DSCP table. A DSCP lists each possible DSCP value, from 0 to 63. For each value, the list specifies a composite operation. See Pre-configured composite operations for QoS lists on page 606. 608 Administration for the Avaya G450 Media Gateway DSCP table QoS rules on the list take precedence over the DSCP table. If a QoS rule other than the default matches the packet, the G450 does not apply the DSCP table to the packet. The G450 applies only the operation specified in the QoS rule. Changing an entry in the DSCP table 1. Enter the context of a QoS list. 2. Enter dscp-table followed by the number of the DSCP value for which you want to change its composite operation. 3. Enter composite-operation followed by the name of the composite operation you want to execute for packets with the specified DSCP value. The following commands specify the pre-configured composite operation CoS5 for DSCP table entry 33 in QoS list 401. Every packet with DSCP equal to 33 is assigned CoS priority 5. G450-001# ip qos-list 401 G450-001(QoS 401)# dscp-table 33 G450-001(QoS 401/dscp 33)# composite-operation CoS5 Done! The following commands create a new composite operation called dscp5 and assign the new composite operation to DSCP table entry 7 in QoS list 402. Every packet with DSCP equal to 7 is assigned a new DSCP value of 5. G450-001(super)# ip qos-list 402 G450-001(super/QoS 402)# composite-operation 12 G450-001(super/QoS 402/CompOp 12)# name dscp5 Done! G450-001(super/QoS 402/CompOp 12)# dscp 5 Done! G450-001(super/QoS 402/CompOp 12)# cos No-Change Done! G450-001(super/QoS 402/CompOp 12)# exit G450-001(super/QoS 402)# dscp-table 7 G450-001(super/QoS 402/dscp 7)# composite-operation dscp5 Done! Composite operation dscp5 changes the mapping of packets entering the router with a DSCP values of 7. DSCP value 5 is most likely to be mapped to a different CoS, making these packets subject to a different set of behavioral rules. Issue 1 January 2008 609 Configuring policy Displaying and testing policy lists To verify access control lists, QoS lists, and policy-based routing (PBR) lists, you can view the configuration of the lists. You can also test the effect of the lists on simulated IP packets. Displaying policy lists To view information about policy lists and their components, use the following commands. Many of these commands produce different results in different contexts. ● In general context: - show ip access-control-list. Displays a list of all configured access control lists, with their list numbers and owners - show ip access-control-list list number detailed. Displays all the parameters of the specified access control list - show ip qos-list. Displays a list of all configured QoS lists, with their list numbers and owners - show ip qos-list detailed. Displays all the parameters of the specified QoS list ● In ip access-control-list context: - show composite-operation. Displays a list of all composite operations configured for the list - show ip-rule. Displays a list of all rules configured for the list - show list. displays the parameters of the current list, including its rules ● In ip access-control-list/ip-rule context: - show composite-operation. Displays the parameters of the composite operation assigned to the current rule - show ip-rule. Displays the parameters of the current rule ● In ip qos-list context: - show composite-operation. Displays a list of all composite operations configured for the list - show dscp-table. Displays the current list’s DSCP table - show ip-rule. Displays a list of all rules configured for the list - show list. Displays the parameters of the current list, including its rules 610 Administration for the Avaya G450 Media Gateway Displaying and testing policy lists ● In ip qos-list/ip-rule context: - show composite-operation. Displays the parameters of the composite operation assigned to the current rule - show dscp-table. Displays the current list’s DSCP table - show ip-rule. Displays the parameters of the current rule ● In ip qos-list/dscp-table context: - show dscp-table. Displays the parameters of the current DSCP table entry ● In ip qos-list/composite-operation context: - show composite-operation. Displays the parameters of the current composite operation Simulating packets Use the ip simulate command in the context of an interface to test a policy list. The command tests the effect of the policy list on a simulated IP packet in the interface. You must specify the number of a policy list, the direction of the packet (in or out), and a source and destination IP address. You may also specify other parameters. For a full list of parameters, see Avaya G450 CLI Reference, 03-602056. For example, the following command simulates the effect of applying QoS list number 401 to a packet entering the G450 through interface VLAN 2: G450-001(if:VLAN 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1 10.2.2.2 tcp 1182 20 The simulated packet has the following properties: ● CoS priority is 1 ● DSCP is 46 ● source IP address is 10.1.1.1 ● destination IP address is 10.2.2.2 ● IP protocol is TCP ● source TCP port is 1182 ● destination TCP port is 20 Issue 1 January 2008 611 Configuring policy When you use the ip simulate command, the G450 displays the effect of the policy rules on the simulated packet. For example: G450-001(super-if:VLAN 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1 10.2.2.2 tcp 1182 20 Rule match for simulated packet is the default rule Composite action for simulated packet is CoS6 New priority value is fwd6 Dscp value is not changed Summary of access control list commands For more information about these commands, see Avaya G450 CLI Reference, 03-300437. Table 139: Access control list CLI commands Root level command Command Command Description Enter the Dialer, Serial, Loopback, FastEthernet, Tunnel or VLAN interface configuration context interface {dialer| serial| loopback| fastethernet| tunnel|vlan} ip access-group Activate a specific Access Control list, for a specific direction, on the current interface ip simulate Test the action of a policy on a simulated packet show ip access-controllist Display the attributes of a specific access control list or of all access control lists on the current interface Enter configuration mode for the specified policy access control list, and create the list if it does not exist ip access-control -list cookie Set the cookie for the current list 1 of 3 612 Administration for the Avaya G450 Media Gateway Summary of access control list commands Table 139: Access control list CLI commands (continued) Root level command Command Command Description ip-fragments-in Specify the action taken on incoming IP fragmentation packets for the current access control list ip-option-in Specify the action taken on incoming packets carrying an IP option for the current access control list ip-rule Enter configuration mode for a specified policy rule or, if the rule doesn’t exist, create it and enter its configuration mode compositeoperation Assign the specified composite operation to the current rule destination-ip Apply the current rule to packets with the specified destination IP address dscp Apply the current rule to packets with the specified DSCP value fragment Apply the current rule for non-initial fragments only icmp Apply the current rule to a specific type of ICMP packet ip-protocol Apply the current rule to packets with the specified IP protocol show compositeoperation Display the parameters of the composite operation assigned to the current rule show ip-rule Display the attributes of the current rule source-ip Apply the current rule to packets from the specified source IP address tcp destination-port Apply the current rule to TCP packets with the specified destination port 2 of 3 Issue 1 January 2008 613 Configuring policy Table 139: Access control list CLI commands (continued) Root level command Command Command Description tcp established Apply the current rule only to packets that are part of an established TCP session tcp source-port Apply the current rule to TCP packets from ports with specified source port udp destination-port Apply the rule to UDP packets with the specified destination port udp source-port Apply the rule to UDP packets from the specified source port name Assign a name to the current list owner Specify the owner of the current list show compositeoperation Display the composite operations configured for the list show ip-rule Display the rules configured for the current list attributes of a specific rule show list Display the attributes of the current list, including its rules ip policy-listcopy Copy an existing policy list to a new list show ip access-control -list Display the attributes of a specific access control list or of all access control lists 3 of 3 614 Administration for the Avaya G450 Media Gateway Summary of QoS list commands Summary of QoS list commands For more information about these commands, see Avaya G450 CLI Reference, 03-300437. Table 140: QoS list CLI commands Root level command Command Command Description Enter the Dialer, Serial, Loopback, FastEthernet, Tunnel, or VLAN interface configuration context interface {dialer| serial| loopback| fastethernet |tunnel| vlan} ip qos-group Activate a specific QoS list, for a specific direction, on the current interface ip simulate Test the action of a policy on a simulated packet show ip qos-list Display the attributes of a specific QoS list or all QoS lists for the current interface ip policy-listcopy Copy an existing policy list to a new list ip qos-list Enter configuration mode for the specified QoS list, and create the list if it does not exist Enter the configuration mode for one of the current list’s composite operations composite-operation cos Set the CoS priority value for the current composite operation dscp Set the DSCP value for the current composite operation name Assign a name to the current composite operation 1 of 3 Issue 1 January 2008 615 Configuring policy Table 140: QoS list CLI commands (continued) Root level command Command Command Description show compositeoperation Display the attributes of the current composite operation cookie Set the cookie for the current list dscp-table Enter the DSCP table entry context for a particular DSCP value for the current QoS list compositeoperation Specify the composite operation to execute for packets with the specified DSCP value name Assign a name to the current DSCP table entry show dscp-table Display the parameters of the current DSCP table entry Enter configuration mode for a specified policy rule or, if the rule does not exist, create it and enter its configuration mode ip-rule compositeoperation Assign the specified composite operation to the current rule destinationip Apply the current rule to packets with the specified destination IP address dscp Apply the current rule to packets with the specified DSCP value fragment Apply the current rule for non-initial fragments only icmp Apply the current rule to a specific type of ICMP packet ip-protocol Apply the current rule to packets with the specified IP protocol show compositeoperation Display the parameters of the composite operation assigned to the current rule 2 of 3 616 Administration for the Avaya G450 Media Gateway Summary of QoS list commands Table 140: QoS list CLI commands (continued) Root level command show ip qos-list Command Command Description show dscp-table Display the current list’s DSCP table show ip-rule Display the attributes of the current rule source-ip Apply the current rule to packets from the specified source IP address tcp destinationport Apply the current rule to TCP packets with the specified destination port tcp source-port Apply the current rule to TCP packets from ports with specified source port udp destinationport Apply the rule to UDP packets with the specified destination port udp source-port Apply the rule to UDP packets from the specified source port name Assign a name to the current list owner Specify the owner of the current list pre-classification Specify which priority tag the current QoS list uses for data flows show composite-operation Display all composite operations configured for the list show dscp-table Display the current list’s DSCP table show ip-rule Display the rules configured for the current list attributes of a specific rule show list Display the attributes of the current list, including its rules Display the attributes of a specific QoS list or all QoS lists 3 of 3 Issue 1 January 2008 617 Configuring policy 618 Administration for the Avaya G450 Media Gateway Chapter 21: Configuring policy-based routing Policy-based routing enables you to configure a routing scheme based on traffic’s source IP address, destination IP address, IP protocol, and other characteristics. You can use policy-based routing (PBR) lists to determine the routing of packets that match the rules defined in the list. Each PBR list includes a set of rules, and each rule includes a next hop list. Each next hop list contains up to 20 next hop destinations to which the G450 sends packets that match the rule. A destination can be either an IP address or an interface. Policy-based routing takes place only when the packet enters the interface, not when it leaves. Policy-based routing takes place after the packet is processed by the Ingress Access Control List and the Ingress QoS list. Thus, the PBR list evaluates the packet after the packet’s DSCP field has been modified by the Ingress QoS List. See Figure 53. Note: Note: Note: The Loopback 1 interface is an exception to this rule. On the Loopback 1 interface, PBR lists are applied when the packet leaves the interface. This enables the PBR list to handle packets sent by the G450 device itself, as explained below. Note: ICMP keepalive provides the interface with the ability to determine whether a next hop is or is not available. See ICMP keepalive on page 292. Policy-based routing only operates on routed packets. Packets traveling within the same subnet are not routed, and are, therefore, not affected by policy-based routing. The Loopback interface is a logical interface which handles traffic that is sent to and from the G450 itself. This includes ping packets to or from the G450, as well as telnet, FTP, DHCP Relay, TFTP, HTTP, NTP, SNMP, H.248, and other types of traffic. The Loopback interface is also used for traffic to and from analog and DCP phones connected to the device via IP phone entities. The Loopback interface is always up. You should attach a PBR list to the Loopback interface if you want to route specific packets generated by the G450 to a specific next-hop. Unlike the case with other interfaces, PBR lists on the Loopback interface are applied to packets when they leave the G450, rather than when they enter. Certain types of packets are not considered router packets (on the Loopback interface only), and are, therefore, not affected by policy-based routing. These include RIP, OSPF, VRRP, GRE, and keepalive packets. On the other hand, packets using SNMP, Telnet, Bootp, ICMP, FTP, SCP, TFTP, HTTP, NTP, and H.248 protocols are considered routed packets, and are, therefore, affected by policy-based routing on the Loopback interface. Issue 1 January 2008 619 Configuring policy-based routing Applications The most common application for policy-based routing is to provide for separate routing of voice and data traffic. It can also be used as a means to provide backup routes for defined traffic types. Separate routing of voice and data traffic Although there are many possible applications for policy-based routing, the most common application is to create separate routing for voice and data traffic. For example, the application shown in Figure 54 uses the DSCP field to identify VoIP control packets (DSCP = 34, 41), VoIP Bearer RESV packets (DSCP = 43, 44), and VoIP Bearer packets (DSCP = 46). Policy-based routing sends these packets over the T1 WAN line, and sends other packets over the Internet. This saves bandwidth on the more expensive Serial interface. Figure 54: Policy-based routing – Voice/Data division by DSCP Backup You can utilize policy-based routing to define backup routes for defined classes of traffic. If the first route on the next hop list fails, the packets are routed to a subsequent hop. When necessary, you can use the NULL interface to drop packets when the primary next hop fails. For example, voice packets are usually sent over a WAN line, and not the Internet. You can configure a PBR list to drop voice packets when the WAN line is down. 620 Administration for the Avaya G450 Media Gateway Configuring policy-based routing Configuring policy-based routing For a full example of a policy-based routing configuration, see Application example on page 628. 1. Define PBR lists. ● In general context, enter ip pbr-list followed by a list number in the range 800-899. For example: G450-001(super)# ip pbr-list 802 G450-001(super-PBR 802)# ● To assign a name to the list, use the name command, followed by a text string, in the PBR list context. The default name is list #. For example: G450-001(super-PBR 802)# name "voice" Done! G450-001(super-PBR 802)# ● To assign an owner to the list, use the owner command, followed by a text string, in the PBR list context. The default owner is other. For example: G450-001(super-PBR 802)# owner "tom" Done! G450-001(super-PBR 802)# 2. Define PBR rules. In the PBR list context, enter ip-rule, followed by the number of the rule, to define a rule for the PBR list. Repeat this command to define additional rules. A rule contains: (i) criteria that is matched against the packet, and (ii) a next hop list. When a packet matches the criteria specified in the rule, the rule’s next hop list determines how the packet is routed. Each PBR list can have up to 1,500 rules. The first rule that matches the packet determines the packet’s routing. It is important to include a destination address, or range of addresses, in PBR rules to better classify the traffic to be routed. For an illustration, see Application example on page 628. Note: Note: It is recommended to leave a gap between rule numbers, in order to leave room for inserting additional rules at a later time. For example, ip-rule 10, ip-rule 20, ip-rule 30. Issue 1 January 2008 621 Configuring policy-based routing The following example creates rule 1, which routes packets going to IP address 149.49.43.210 with a DSCP value of 34 according to next hop list 1. The next step explains how to define a next hop list. For additional details about PBR rules, see PBR rules on page 624. G450-001(super-PBR G450-001(super-PBR Done! G450-001(super-PBR Done! G450-001(super-PBR Done! G450-001(super-PBR Note: 802)# ip-rule 1 802/ip rule 1)# next-hop list 1 802/ip rule 1)# destination-ip host 149.49.43.210 802/ip rule 1)# dscp 43 802/ip rule 1)# Note: Rules do not include a default next hop list. Thus, if you do not include a next hop list in the rule, the packet is routed according to destination-based routing, that is, the ordinary routing that would apply without policy-based routing. 3. Define next hop lists. Enter exit twice to return to general context. In general context, define all the next hop lists that you have used in PBR rules. Note: Note: You can also perform this step before defining PBR lists and rules. Enter ip next-hop-list, followed by the number of the list, to define a next hop list. In the next hop list context, use the following commands to define the next hops in the list: ● Enter next-hop-ip, followed by the index number of the entry in the next hop list, to define an IP address as a next hop. You can optionally apply tracking to monitor the route. ● Enter next-hop-interface, followed by the index number of the entry in the next hop list, to define an interface as a next hop. You can optionally apply tracking to monitor the route. You can also use the name command to assign a name to the next hop list. Note: Note: You cannot use a FastEthernet Interface as an entry on a next hop list unless the interface was previously configured to use PPPoE encapsulation, or a GRE tunnel, or was configured as a DHCP client. See Configuring PPPoE on page 259, Configuring GRE tunneling on page 456, and Configuring DHCP client on page 199. A next hop list can include the value NULL0. When the next hop is NULL0, the G450 drops the packet. However, you cannot apply tracking to NULL0. 622 Administration for the Avaya G450 Media Gateway Configuring policy-based routing The following example creates next hop list 1, named “Data to HQ”, with three entries: ● The first entry is IP address 172.16.1.221. Object tracker 3 is applied to monitor the route. For details about configuring the object tracker see Object tracking configuration on page 299. ● The second entry is Serial interface 3/1:1 ● The third entry is NULL, which means the packet is dropped G450-001(super)# ip G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next next-hop-list 1 hop list 1)#name "Data_to_HQ" hop list 1)#next-hop-ip 1 172.16.1.221 track 3 hop list 1)#next-hop-interface 2 Serial 3/1:1 hop list 1)#next-hop-interface 3 Null0 hop list 1)# For additional details about next hop lists, see Next hop lists on page 625. This example demonstrates a case where the data traffic is sent over a WAN FastEthernet Interface through the Internet. When the track detects that this next hop is not valid, traffic is routed over the Serial interface. 4. Apply the PBR list to an interface. Enter exit to return to general context. From general context, enter the interface to which you want to apply the PBR list. In the interface context, enter ip pbr-group, followed by the number of the PBR list, to attach the list to the interface. The list will be applied to packets entering the interface. The following example applies PBR list 802 to VLAN 2. G450-001(super)# interface vlan 2 G450-001(super-if:VLAN 2)# ip pbr-group 802 Done! G450-001(super-if:VLAN 2)# 5. Apply the PBR list to the Loopback interface. The following example applies PBR list 802 to the Loopback interface. G450-001(super)# interface Loopback 1 G450-001(super-if:Loopback 1)# ip pbr-group 802 Done! G450-001(super-if:Loopback 1)# exit G450-001(super)# 6. Enter copy running-config startup-config. This saves the new policy-based routing configuration in the startup configuration file. Issue 1 January 2008 623 Configuring policy-based routing PBR rules Each PBR list can have up to 1,500 rules. The first rule that matches the packet specifies the next hop list for the packet. If no rule matches the packet, the packet is routed according to the default rule. You can configure policy rules to match packets based on one or more of the following criteria: Note: ● Source IP address, or a range of addresses ● Destination IP address or a range of addresses ● IP protocol, such as TCP, UDP, ICMP, IGMP ● Source TCP or UDP port or a range of ports ● Destination TCP or UDP port or a range of ports ● ICMP type and code ● Fragments ● DSCP field Note: The fragment criteria is used for non-initial fragments only. You cannot specify TCP/UDP ports or ICMP code/type for a rule when using the fragment command. Use IP wildcards to specify a range of source or destination IP addresses. The zero bits in the wildcard correspond to bits in the IP address that remain fixed. The one bits in the wildcard correspond to bits in the IP address that can vary. Note that this is the opposite of how bits are used in a subnet mask. Note: Note: Note: When you use destination and source ports in a PBR rule, policy-based routing does not catch fragments. Note: It is recommended to leave a gap between rule numbers, in order to leave room for inserting additional rules at a later time. For example, ip-rule 10, ip-rule 20, ip-rule 30. 624 Administration for the Avaya G450 Media Gateway Next hop lists Modifying rules To modify a policy-based routing rule, you must enter the context of the rule and redefine the rule criteria. 1. Enter the context of the PBR list to which the rule belongs. 2. Enter ip-rule followed by the number of the rule you want to modify. For example, to create rule 1, enter ip-rule 1. To view the rules that belong to a PBR list, enter the list’s context and then enter show ip-rule. PBR rule criteria The rule criteria for PBR rules are largely the same as the rule criteria for other policy list rules. Refer to Policy lists rule criteria on page 600 for an explanation of the rule criteria, including explanations and examples of the commands used to set the criteria. Unlike other policy lists, PBR lists do not use composite operations. Thus, there is no composite-operation command in the context of a PBR rule. Instead, PBR lists use next hop lists. For an explanation of next hop lists, see Next hop lists on page 625. Enter next-hop list, followed by the list number of a next hop list, to specify a next hop list for the G450 to apply to packets that match the rule. You can specify Destination Based Routing instead of a next hop list, in which case the G450 applies destination-based routing to a packet when the packet matches the rule. If the next hop list specified in the rule does not exist, the G450 applies destination-based routing to packets that match the rule. Next hop lists PBR rules include a next hop list. When the rule matches a packet, the G450 routes the packet according to the specified next hop list. Each next hop list can include up to 20 entries. An entry in a next hop list can be either an IP address or an interface. The G450 attempts to route the packet to the first available destination on the next hop list. If every destination on the list is unavailable, the G450 routes the packet according to destination-based routing. Issue 1 January 2008 625 Configuring policy-based routing Modifying next hop lists To modify a next hop list, you must enter the context of the next hop list. To enter a next hop list context, enter ip next-hop-list followed by the number of the list you want to edit. For example, to modify next hop list 1, enter ip next-hop-list 1. To show the next hops in an existing list, enter the context of the next hop list and enter show next-hop. Adding entries to a next hop list 1. Enter the context of the next hop list. 2. Use one of the following commands: - To enter an IP address as a next hop, enter next-hop-ip, followed by the index number of the entry and the IP address. You can optionally apply tracking to monitor the route. For example, the command next-hop-ip 2 149.49.200.2 track 3 sets the IP address 149.49.200.2 as the second entry on the next hop list and applies object tracker 3 to monitor the route. - To enter an interface as a next hop, enter next-hop-interface, followed by the index number of the entry and the name of the interface. You can optionally apply tracking to monitor the route, except for the NULL0. For example, the command next-hop-interface 3 serial 4/1:1.1 sets Serial 4/1:1.1 as the third entry on the next hop list. Deleting an entry from a next hop list 1. Enter the context of the next hop list. 2. Use one of the following commands: - To delete an IP address, enter no next-hop-ip, followed by the index number of the entry you want to delete. For example, the command no next-hop-ip 2 deletes the second entry from the next hop list. - To delete an interface, enter no next-hop-interface, followed by the index number of the entry you want to delete. For example, the command no next-hop-interface 3 deletes the third entry from the next hop list. Canceling tracking and keeping the next hop 1. Enter the context of the next hop list. 2. Use the next-hop-ip or next-hop-interface command again, without the track keyword. 626 Administration for the Avaya G450 Media Gateway Editing and deleting PBR lists Changing the object tracker and keeping the next hop 1. Enter the context of the next hop list. 2. Use the next-hop-ip or next-hop-interface command again, with the track keyword followed by the new track index. Editing and deleting PBR lists You cannot delete or modify a PBR list when it is attached to an interface. In order to delete or modify a PBR list, you must first remove the list from the interface. You can then delete or modify the list. After modifying the list, you can reattach the list to the interface. To remove a list from an interface, use the no form of the ip pbr-group command in the interface context. The following example removes the PBR list from the VLAN 2 interface. G450-001(super)# interface vlan 1 G450-001(super-if:VLAN 1)# no ip pbr-group Done! G450-001(super-if:VLAN 1)# To modify a PBR list, enter ip pbr-list, followed by the number of the list you want to modify, to enter the list context. Redefine the parameters of the list. To delete a PBR list, enter exit to return to general context and enter no ip pbr-list followed by the number of the list you want to delete. Displaying PBR lists To view information about PBR lists and their components, use the following commands. Many of these commands produce different results in different contexts. ● In general context: - show ip active-pbr-lists. Displays details about a specified PBR list, or about all active PBR lists, according to the interfaces on which the lists are active - show ip pbr-list. Displays a list of all configured PBR lists, with their list numbers and names and their owners - show ip pbr-list list number. Displays the list number and name of the specified PBR list - show ip pbr-list all detailed. Displays all the parameters of all configured PBR lists Issue 1 January 2008 627 Configuring policy-based routing - show ip pbr-list list number detailed. Displays all the parameters of the specified PBR list - show ip active-lists. Displays a list of each G450 interface to which a PBR list is attached, along with the number and name of the PBR list - show ip active-lists list number. Displays a list of each G450 interface to which the specified PBR list is attached, along with the number and name of the PBR list - show ip next-hop-list all. Displays the number and name of all next hop lists - show ip next-hop-list list number. Displays the number and name of the specified next hop list ● In PBR list context: - show list. Displays all the parameters of the current PBR list - show ip-rule. Displays the parameters of all rules configured for the current list - show ip-rule rule number. Displays the parameters of the specified rule ● In next hop list context: - show next-hop. Displays the next hop entries in the current next hop list and their current status Application example The following example creates a policy-based routing scheme in which: ● Voice traffic is routed over a Serial interface. If the interface is down, the traffic is dropped. ● Data traffic is routed over a GRE tunnel. If the tunnel is down, the traffic is routed over the Serial interface. If both interfaces are down, the traffic is dropped. Figure 55 illustrates the sample application described below. 628 Administration for the Avaya G450 Media Gateway Application example Figure 55: Sample policy-based routing application This example includes a voice VLAN (6) and a data VLAN (5). The PMI is on VLAN 6. The G450 is managed by a remote Media Gateway Controller (MGC) with the IP address 149.49.43.210. The G450 also includes a local S8300 in LSP mode. IP phones are located on the same subnet as the PMI. Therefore, there is no routing between the PMI and the IP phones. In this example, the object of policy-based routing is to route all voice traffic over the E1/T1 line, which is more expensive but provides the superior QoS necessary for voice traffic. Remaining traffic is to be routed over the more inexpensive Internet connection. It is assumed that the IP phones on VLAN 6 establish connections with other IP phones on the same subnet, sending signalling packets to the MGC, and bearer packets directly to other IP phones or to the G450. The policy-based routing configuring starts with PBR list 801. This list requires all voice packets addressed to the MGC (149.49.43.210) with DSCP values that indicate voice transmission (34, 41, 43, 44, and 46) to be routed according to next hop list 1. This list directs packets to the T1/E1 interface (Serial 4/1). If that interface is down, the packets are dropped. In this example, it is important to include the destination IP address in each rule. This is because without the destination address, calls from IP phones on VLAN 6 to a Softphone on VLAN 5 will be routed by the PBR list to the E1/T1 line, rather than being sent directly to VLAN 5 via the G450. Issue 1 January 2008 629 Configuring policy-based routing Configuration for the sample policy-based routing application G450-001(super)# ip pbr-list 801 G450-001(super-PBR 801)# name "Voice" Done! G450-001(super-PBR 801)# ip-rule 1 G450-001(super-PBR 801/ip rule 1)# next-hop list 1 Done! G450-001(super-PBR 801/ip rule 1)# destination-ip 149.49.123.0 0.0.0.255 Done! G450-001(super-PBR 801/ip rule 1)# dscp 34 Done! G450-001(super-PBR 801/ip rule 1)# exit G450-001(super-PBR 801)# ip-rule 10 G450-001(super-PBR 801/ip rule 10)# next-hop list 1 Done! G450-001(super-PBR 801/ip rule 10)# destination-ip 149.49.123.0 0.0.0.255 Done! G450-001(super-PBR 801/ip rule 10)# dscp 41 Done! G450-001(super-PBR 801/ip rule 10)# exit Done! G450-001(super-PBR 801/ip rule 20)# destination-ip 149.49.123.0 0.0.0.255 Done! G450-001(super-PBR 801/ip rule 20)# dscp 43 Done! G450-001(super-PBR 801/ip rule 20)# exit G450-001(super-PBR 801)# ip-rule 30 G450-001(super-PBR 801/ip rule 30)# next-hop list 1 Done! G450-001(super-PBR 801/ip rule 30)# destination-ip 149.49.123.0 0.0.0.255 Done! G450-001(super-PBR 801/ip rule 30)# dscp 44 Done! G450-001(super-PBR 801/ip rule 30)# exit G450-001(super-PBR 801)# ip-rule 40 G450-001(super-PBR 801/ip rule 40)# next-hop list 1 Done! G450-001(super-PBR 801/ip rule 40)# destination-ip 149.49.123.0 0.0.0.255 Done! G450-001(super-PBR 801/ip rule 40)# dscp 46 Done! G450-001(super-PBR 801/ip rule 40)# exit G450-001(super-PBR 801)# exit G450-001(super)# 630 Administration for the Avaya G450 Media Gateway Application example The next group of commands configures next hop list 1, which was included in the rules configured above. Next hop list 1 sends packets that match the rule in which it is included to the E1/T1 line (Serial interface 4/1). If that interface is not available, the next hop list requires the packet to be dropped (Null0). This is because the QoS on the Internet interface is not adequate for voice packets. It would also be possible to include one or more backup interfaces in this next hop list. G450-001(super)# ip G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next G450-001(super)# next-hop-list 1 hop list 1)#name "Voice-To_HQ" hop list 1)#next-hop-interface 1 Serial 4/1 hop list 1)#next-hop-interface 2 Null0 hop list 1)#exit The next set of commands applies the PBR list to the voice VLAN (6). G450-001(super)# interface vlan 6 G450-001(super-if:VLAN 6)# ip pbr-group 801 Done! G450-001(super-if:VLAN 6)# exit G450-001(super)# The next set of commands applies the PBR list to the Loopback interface. This is necessary to ensure that voice packets generated by the G450 itself are routed via the E1/T1 line. The Loopback interface is a logical interface that is always up. Packets sent from the G450, such as signaling packets, are sent via the Loopback interface. In this example, applying PBR list 801 to the Loopback interface ensures that signaling packets originating from voice traffic are sent via the T1/E1 line. G450-001(super)# interface Loopback 1 G450-001(super-if:Loopback 1)# ip pbr-group 801 Done! G450-001(super-if:Loopback 1)# exit G450-001(super)# Issue 1 January 2008 631 Configuring policy-based routing The next set of commands defines a new PBR list (802). This list will be applied to the data interface (VLAN 5). The purpose of this is to route data traffic through interfaces other than the E1/T1 interface, so that this traffic will not interface with voice traffic. G450-001(super)# ip pbr-list 802 G450-001(super-PBR 802)# name "Data_To_HQ" Done! G450-001(super-PBR 802)# ip-rule 1 G450-001(super-PBR 802/ip rule 1)# next-hop list 2 Done! G450-001(super-PBR 802/ip rule 1)# ip-protocol tcp Done! G450-001(super-PBR 802/ip rule 1)# destination-ip host 149.49.43.189 Done! G450-001(super-PBR 802/ip rule 1)# exit G450-001(super-PBR 802)# exit The next set of commands creates next hop list 2. This next hop list routes traffic to the GRE tunnel (Tunnel 1). If the GRE tunnel is not available, then the next hop list checks the next entry on the list and routes the traffic to the E1/T1 interface (Serial 4/1). If neither interface is available, the traffic is dropped. This allows data traffic to use the E1/T1 interface, but only when the GRE tunnel is not available. Alternatively, the list can be configured without the E1/T1 interface, preventing data traffic from using the E1/T1 interface at all. G450-001(super)# ip G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next Done! G450-001(super-next G450-001(super)# next-hop-list 2 hop list 2)#name "Data-To_HQ" hop list 2)#next-hop-interface 1 Tunnel 1 hop list 2)#next-hop-interface 2 Serial 4/1 hop list 2)#next-hop-interface 3 Null0 hop list 2)#exit Finally, the next set of commands applies the PBR list to the data VLAN (5). G450-001(super)# interface vlan 5 G450-001(super-if:VLAN 6)# ip pbr-group 802 Done! G450-001(super-if:VLAN 6)# exit G450-001(super)# In this example you can add a track on GRE Tunnel 1 in order to detect whether this next hop is valid or not (for more information on object tracking, refer to Object tracking on page 298). Note that the GRE tunnel itself has keepalive and can detect the status of the interface and, therefore, modify the next hop status. 632 Administration for the Avaya G450 Media Gateway Summary of policy-based routing commands Simulating packets in PBR Policy-based routing supports the ip simulate command for testing policies. Refer to Simulating packets on page 611. Summary of policy-based routing commands For more information about these commands, see Avaya G450 CLI Reference, 03-300437. Table 141: Policy-based routing CLI commands Root level command First level command Second level command Description Enter the context of the specified next hop list. If the list does not exist, it is created. ip next-hop-list next-hopinterface Add the specified interface to the next hop path for this next-hop list next-hop-ip Add the specified ip address to the next hop path for this next-hop list show next-hop Display the next-hop entries in the current list Enter the interface configuration mode for a Dialer, Serial, Loopback, Fast Ethernet, Tunnel or VLAN interface interface ip pbr-group Apply the specified PBR list to the current interface. The PBR list is applied to ingress packets only. Enter the context of the specified PBR list. If the list does not exist, it is created. ip pbr-list cookie Set the cookie for the current list ip-rule Enter configuration mode for the specified rule. If the specified rule does not exist, the system creates it and enters its configuration mode. 1 of 3 Issue 1 January 2008 633 Configuring policy-based routing Table 141: Policy-based routing CLI commands (continued) Root level command First level command Second level command Description destination-ip Specify the destination IP address of packets to which the current rule applies dscp Specify the DSCP value that is set by the current policy operation fragment Apply the current rule for non-initial fragments only icmp Apply the current rule to a specific type of ICMP packet ip-protocol Apply the current rule to packets with the specified IP protocol next-hop Specify the next-hop policy to use when the current rule is applied show ip next-hop-list Display the details of the next-hop list or of all next-hop lists show ip-rule Display the attributes of a specific rule or all rules source-ip Apply the current rule to packets from the specified source IP address tcp destinationport Apply the current rule to TCP packets with the specified destination port tcp source-port Apply the current rule to TCP packets from ports with specified source port udp destinationport Apply the rule to UDP packets with the specified destination port udp source-port Apply the rule to UDP packets from the specified source port name Assign a name to the specified list or operation owner Specify the owner of the current list show ip-rule Display the attributes of a specific rule or all rules 2 of 3 634 Administration for the Avaya G450 Media Gateway Summary of policy-based routing commands Table 141: Policy-based routing CLI commands (continued) Root level command First level command show list Second level command Description Display information about the specified list show ip active-lists Display information about a specific policy list or all lists show ip active-pbrlists Display details about a specific PBR list or all PBR lists show ip pbr-list Display information about the specified PBR list 3 of 3 Issue 1 January 2008 635 Configuring policy-based routing 636 Administration for the Avaya G450 Media Gateway Chapter 22: Setting synchronization If the Avaya G450 Media Gateway contains an MM710 T1/E1 media module, it is advisable to define the MM710 as the primary synchronization source for the G450. In so doing, clock synchronization signals from the Central Office (CO) are used by the MM710 to synchronize all operations of the G450. If no MM710 is present, it is not necessary to set synchronization. Enter set sync interface primary|secondary mmID [portID] to define a potential stratum clock source (T1/E1 Media Module, ISDN-BRI), where: Note: ● mmID is the Media Module ID of an MM stratum clock source of the form vn, where n is the MM slot number ● portID is the port number for an ISDN clock source candidate. The port ID consists of the slot number of the media module and the number of the port. You can set more than one port. For example, v2 1, 3, 5-8. Note: The port ID parameter only applies if the source is a BRI module. By setting the clock source to primary, normal failover will occur. The identity of the current synchronization source is not stored in persistent storage. Persistent storage is used to preserve the parameters set by this command. Note: Note: Setting the source to secondary overrides normal failover, generates a trap, and asserts a fault. Thus, it is only recommended to set the clock source to secondary for testing purposes. To determine which reference source is the active source, use the set sync source primary|secondary command. If you choose secondary, the secondary source becomes active, and the primary source goes on standby. In addition, fallback to the primary source does not occur even when the primary source becomes available. If neither primary nor secondary sources are identified, the local clock becomes the active source. The following example sets the MM710 media module located in slot 2 of the G450 chassis as the primary clock synchronization source for the Avaya G450 Media Gateway. set sync interface primary v2 set sync source primary Issue 1 January 2008 637 Setting synchronization If the Avaya G450 Media Gateway includes a second MM710 media module, enter the following additional command: set sync interface secondary v3 set sync source secondary If, for any reason, the primary MM710 media module cannot function as the clock synchronization source, the system uses the MM710 media module located in slot 3 of the Avaya G450 Media Gateway chassis as the clock synchronization source. If neither MM710 media module can function as the clock synchronization source, the system defaults to the local clock running on the S8300 Server. To disassociate an interface previously specified as the primary or secondary clock synchronization source, enter clear sync interface primary or clear sync interface secondary. To enable or disable automatic failover and failback between designated primary and secondary synchronization sources, enter set sync switching enable or set sync switching disable. Synchronization status The yellow ACT LED on the front of the MM710 media module displays the synchronization status of that module. ● If the yellow ACT LED is solidly on or off, it has not been defined as a synchronization source. If it is on, one or more channels is active. If it is an ISDN facility, the D-channel counts as an active channel and causes the yellow ACT LED to be on. ● When the MM710 is operating as a clock synchronization source, the yellow ACT LED indicates that the MM710 is the clock synchronization source by flashing at three second intervals, as follows: ● The yellow ACT LED is on for 2.8 seconds and off for 200 milliseconds if the MM710 media module has been specified as a clock synchronization source and is receiving a signal that meets the minimum requirements for the interface ● The yellow ACT LED is on for 200 milliseconds and off for 2.8 seconds if the MM710 media module has been specified as a synchronization source and is not receiving a signal, or is receiving a signal that does not meet the minimum requirements for the interface 638 Administration for the Avaya G450 Media Gateway Synchronization status Displaying synchronization status Enter show sync timing to display the status of the primary, secondary, and local clock sources. The status can be Active, Standby, or Not Configured. The status is Not Configured when a source has not been defined, for example, when there are no T1 cards installed. Summary of synchronization commands For more information about these commands, see Avaya G450 CLI Reference, 03-300437. Table 142: Synchronization CLI commands Command Description clear sync interface Disassociate a previously specified interface as the primary or secondary clock synchronization source set sync interface Define the specified module and port as a potential source for clock synchronization for the media gateway set sync source Specify which clock source is the active clock source. The identity of the current synchronization source is not stored in persistent storage. set sync switching Toggle automatic sync source switching show sync timing Display the status of the primary, secondary, and local clock sources Issue 1 January 2008 639 Setting synchronization 640 Administration for the Avaya G450 Media Gateway Appendix A: Traps and MIBs This appendix contains a list of all G450 traps and all MIBs. G450 traps Name Class Msg Facility Severity Trap Name/ Mnemonic Format Description coldStart STD Boot Warning coldStart Agent Up with Possible Changes (coldStart Trap) enterprise:$E ($e) args($#):$* A coldStart trap indicates that the entity sending the protocol is reinitializing itself in such a way as to potentially cause the alteration of either the agent's configuration or the entity's implementation. warmStart STD Boot Warning warmStart Agent Up with No Changes (warmStart Trap) enterprise:$E ($e) args($#):$* A warmStart trap indicates that the entity sending the protocol is reinitializing itself in such a way as to keep both the agent configuration and the entity's implementation intact. STD System Warning LinkUp Agent Interface Up (linkUp Trap) enterprise:$E ($e) on interface $1 A linkUp trap indicates that the entity sending the protocol recognizes that one of the communication links represented in the agent's configuration has come up. The data passed with the event is 1) The name and value of the ifIndex instance for the affected interface. The name of the interface can be retrieved via an snmpget of.1.3.6.1.2.1.2.2.1.2.INS T, where INST is the instance returned with the trap. LinkUp Parameters (MIB variables) ifIndex, ifAdminStatus, ifOperStatus 1 of 9 Issue 1 January 2008 641 Traps and MIBs Name Parameters (MIB variables) Class Msg Facility Severity Trap Name/ Mnemonic Format Description linkDown ifIndex, ifAdminStatus, ifOperStatus STD System Warning linkDown Agent Interface Down (linkDown Trap) enterprise:$E ($e) on interface $1 A linkDown trap indicates that the entity that is sending the protocol recognizes a failure in one of the communication links represented in the agent's configuration. The data passed with the event is 1) The name and value of the ifIndex instance for the affected interface. The name of the interface can be retrieved via an snmpget of.1.3.6.1.2.1.2.2.1.2.INS T, where INST is the instance returned with the trap. P330 SECURITY Notification authentic Failure Incorrect Community Name (authentication Failure Trap) enterprise:$E ($e) args($#):$* An authentication failure trap indicates that the protocol is not properly authenticated. SNMP_Authen_ Failure risingAlarm alarmIndex, alarmVariable, alarmSample Type, alarmValue, alarmRising Threshold RMON THRES HOLD Warning rising Alarm Rising Alarm: $2 exceeded threshold $5; value = $4. (Sample type = $3; alarm index = $1) The SNMP trap that is generated when an alarm entry crosses its rising threshold and generates an event that is configured for sending SNMP traps fallingAlarm alarmIndex, alarmVariable, alarmSample Type, alarmValue, alarmRising Threshold, alarmFalling Threshold RMON THRES HOLD Warning falling Alarm Falling Alarm: $2 fell below threshold $5; value = $4. (Sample type = $3; alarm index = $1) The SNMP trap that is generated when an alarm entry crosses its falling threshold and generates an event that is configured for sending SNMP traps deleteSW Redundancy Trap soft Redundancy Status P330 SWITCH FABRIC Info deleteSWRedu ndancyTrap Software Redundancy $1 definition deleted The trap notifies the manager of the deletion of the specified redundant link, which is identified by the softRedundancyId. It is enabled/disabled by chLntAgConfigChangeTr aps. 2 of 9 642 Administration for the Avaya G450 Media Gateway G450 traps Name Parameters (MIB variables) Class Msg Facility Severity Trap Name/ Mnemonic Format Description createSW Redundancy Trap soft Redundancy Status P330 SWITCH FABRIC Info createSWRedu ndancyTrap Software Redundancy $1 definition created The trap is generated on the creation of the redundant links for the specified ports. It gives the logical name of the redundant link the identification of the main and secondary ports and the status of the link. The softRedundancyId defines the instances of the above- mentioned variables. The trap is enabled/disabled by chLntAgConfigChangeTr aps. lseIntPortCAMLa stChange Trap lseIntPortCAML astChange P330 SWITCH FABRIC Info lseIntPort CAMLast Change Trap CAM Change at $1 This trap reports of the occurred configuration changes. It is enabled/disabled by chLntAgCAMChangeTra ps. duplicateIP Trap ipNetToMediaPh P330 ysAddress, ipNetToMediaNe tAddress ROUTER Warning duplicateIPTrap Duplicate IP address $2 detected; MAC address $1 lntPolicy ChangeEvent ipPolicy Activation EntID, ipPolicy ActivationList, ipPolicy Activationif Index, ipPolicy ActivationSub Context POLICY Info lntPolicyChang eEvent P330 This trap reports to the Management station on Duplicate IP identification. CRP identify the new IP on the network. If it similar to one of its IP interfaces, the CRP will issue a SNMP trap, containing the MAC of the intruder. Module $1 - Active The trap reports a change policy list changed in the active list specific to $2 for a policy-enabled box or module. 3 of 9 Issue 1 January 2008 643 Traps and MIBs Name Parameters (MIB variables) lntPolicy AccessControlVi olationFlt Class Msg Facility Severity Trap Name/ Mnemonic Format Description P330 ipPolicy AccessControl ViolationEnt ID, ipPolicy AccessControlVi olationSrc Addr, ipPolicy AccessControl ViolationDst Addr, ipPolicy AccessControl Violation Protocol, ipPolicy AccessControl Violation L4SrcPort, ipPolicy AccessControl ViolationL4DstP ort, ipPolicy AccessControlVi olation Established, ipPolicyRuleID, ipPolicyRule ListID, ipPolicy AccessControlVi olationIf Index, ipPolicy AccessControl ViolationSub Ctxt, ipPolicy AccessControl ViolationTime POLICY Warning lntPolicy Access Control ViolationFlt IP PolicyAccess Control violation, if-index$9 ip-protocol=$4 src-ip=$2 dst-ip=$3 src-port=$5 dst-port=$6 rule-id=$8 rule-list=$$9 This trap reports to the Management station on IP PolicyAccess Control violation. The trap includes in its varbind information about the slot where the event occurred. The id of the rule that was violated in the current rules table, and the quintuplet that identifies the faulty packet. A management application would display this trap and the relevant information in a log entry. This trap will not be sent at intervals smaller than one minute for identical information in the varbinds list variables. DormantPort Fault genPortSWRdF ault, genPortGroup Id, genPortId P330 SWITCH FABRIC Warning Dormant PortFault Dormant Port Connection Lost on Module $2 Port $3; This trap reports the loss of connection on a dormant port. DormantPort Ok genPortSWRdF ault, genPortGroup Id, genPortId P330 SWITCH FABRIC Notification Dormant PortOk Dormant Port Connection Returned to Normal on Module $2 Port $3; This trap reports the return of connection on a dormant port. InlinePwrFlt genGroup FaultMask, genGroupId, genGroup BUPSActivity Status P330 POE Error Module $2 Inline Power Supply failure This trap reports the failure of an inline power supply. InlinePwrFltOK genGroup FaultMask, genGroupId, genGroup BUPSActivity Status P330 POE Notification InlinePwr FltOK InlinePwr Flt Module $2 Inline This trap reports the Power Supply correction of a failure on failure was cleared an inline power supply. 4 of 9 644 Administration for the Avaya G450 Media Gateway G450 traps Name Parameters (MIB variables) Class Msg Facility Severity Trap Name/ Mnemonic Format Description WanPhysical AlarmOn ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Critical Wan Physical AlarmOn Cable Problem on port $4 An E1/T1/serial cable was disconnected. wanPhysical AlarmOff ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Notification wan Physical AlarmOff Cable Problem on port $4 was cleared An E1/T1/serial cable was reconnected. wanLocal AlarmOn ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Error Local Alarm on interface $4 Local alarms, such as LOS. wanLocal AlarmOff ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Notification wanLocal AlarmOff Local Alarm on interface $4 was cleared Local alarms, such as LOS, was cleared. wanRemote AlarmOn ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Error wan Remote AlarmOn Remote Alarm on interface $4 Remote alarms, such as AIS. wanRemote AlarmOff ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Notification wan Remote AlarmOff Remote Alarm on interface $4 was cleared Remote alarms, such as AIS, was cleared. wanMinor AlarmOn ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Warning Minor Alarm on interface $4 Low BER. wanMinorAlarm Off ifIndex, ifAdminStatus, ifOperStatus, ifName, ifAlias, dsx1Line Status WAN WAN Notification wanMinor AlarmOff Minor Alarm on interface $4 was cleared Normal BER. wanLocal AlarmOn wanMinor AlarmOn 5 of 9 Issue 1 January 2008 645 Traps and MIBs Name Parameters (MIB variables) Class Msg Facility AvEntFanFlt entPhysical AVAYA-E TEMP Index, NTITY entPhysical Descr, entPhySensorVa lue, avEntPhy SensorLo Warning AvEntFanOk AVAYA-E TEMP entPhysical NTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorLo Warning avEnt48vPwr Flt entPhysical AVAYA-E SUPPLY Index, NTITY entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos avEnt5vPwrFlt avEnt3300mv PwrFlt Severity Trap Name/ Mnemonic Format Description AvEntFan Flt Fan $2 is Faulty This trap reports a faulty fan. Fan $2 is OK This trap reports the return to function of a faulty fan. avEnt48v PwrFlt 48V power supply Fault This trap reports a problem with a 48V power supply. AVAYA-E SUPPLY entPhysical NTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos avEnt5v PwrFlt 5V power supply Fault This trap reports a problem with a 5V power supply. entPhysical AVAYA-E SUPPLY Index, NTITY entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos avEnt3300mv PwrFlt 3.3V (3300mv) This trap reports a power supply Fault problem with a 3.3V power supply. Notification AvEntFanOk 6 of 9 646 Administration for the Avaya G450 Media Gateway G450 traps Name Parameters (MIB variables) avEnt2500mv PwrFlt Class Msg Facility Severity Trap Name/ Mnemonic Format AVAYA-E SUPPLY entPhysical NTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos avEnt2500mv PwrFlt 2.5V (2500mv) This trap reports a power supply Fault problem with a 2.5V power supply. avEnt1800mv PwrFlt entPhysical AVAYA-E SUPPLY Index, NTITY entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos avEnt1800mv PwrFlt 1.8V (1800mv) This trap reports a power supply Fault problem with a 1.8V power supply. avEnt1600mv PwrFlt AVAYA-E SUPPLY entPhysical NTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos avEnt1600mv PwrFlt 1.6V (1600mv) This trap reports a power supply Fault problem with a 1.6V power supply. avEnt48vPwr FltOk entPhysical AVAYA-E SUPPLY Index, NTITY entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos Notification avEnt48v PwrFltOk Description 48V power supply Fault Cleared This trap reports the correction of a problem with a 48V power supply. 7 of 9 Issue 1 January 2008 647 Traps and MIBs Name Parameters (MIB variables) Class Msg Facility Severity Trap Name/ Mnemonic Format Description This trap reports the correction of a problem with a 5V power supply. AVAYA-E SUPPLY avEnt5vPwrFltOk entPhysical NTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos Notification avEnt5v PwrFltOk 5V power supply Fault Cleared avEnt3300mv PwrFltOk entPhysical AVAYA-E SUPPLY Index, NTITY entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos Notification avEnt3300mv PwrFlt Ok 3.3V (3300mv) This trap reports the power supply Fault correction of a problem Cleared with a 3.3V power supply. avEnt2500mv PwrFltOk AVAYA-E SUPPLY entPhysical NTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos Notification avEnt2500mvP 2.5V (2500mv) This trap reports the wrFlt power supply Fault correction of a problem Ok Cleared with a 2.5V power supply. avEnt1800mv PwrFltOk entPhysical AVAYA-E SUPPLY Index, NTITY entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos Notification avEnt1800mvP wrFlt Ok 1.8V (1800mv) This trap reports the power supply Fault correction of a problem Cleared with a 1.8V power supply. 8 of 9 648 Administration for the Avaya G450 Media Gateway G450 MIB files Name Parameters (MIB variables) Class Msg Facility avEnt1600mv PwrFltOk AVAYA-E SUPPLY entPhysical NTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, avEntPhy SensorLo Warningent Physical ParentRelPos avEntAmbient TempFlt entPhysical AVAYA-E TEMP Index, NTITY entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, entPhysical ParentRelPos avEntAmbient TempOk AVAYAentPhysical ENTITY Index, entPhysical Descr, entPhySensor Value, avEntPhy SensorHi Warning, entPhysical ParentRelPos TEMP Severity Trap Name/ Mnemonic Notification avEnt1600mv PwrFlt Ok Format Description 1.6V (1600mv) This trap reports the power supply Fault correction of a problem Cleared with a 1.6V power supply. avEnt Ambient TempFlt Ambient Temperature fault ($3) This trap reports that the ambient temperature in the device is not within the acceptable temperature range for the device. Notification avEnt Ambient TempOk Ambient Temperature fault ($3) cleared This trap reports that the ambient temperature in the device has returned to the acceptable range for the device. 9 of 9 G450 MIB files MIB File MIB Module Supported by G450 Load.MIB LOAD-MIB RFC1315-MIB.my RFC1315-MIB Q-BRIDGE-MIB.my Q-BRIDGE-MIB ENTITY-MIB.my ENTITY-MIB IP-FORWARD-MIB.my IP-FORWARD-MIB VRRP-MIB.my VRRP-MIB 1 of 3 Issue 1 January 2008 649 Traps and MIBs MIB File MIB Module Supported by G450 UTILIZATION-MANAGEMENT-MIB.my UTILIZATION-MANAGEMENT-MIB ENTITY-SENSOR-MIB.my ENTITY-SENSOR-MIB RSTP-MIB.my RSTP-MIB APPLIC-MIB.MY APPLIC-MIB DS1-MIB.my DS1-MIB PPP-IP-NCP-MIB.my PPP-IP-NCP-MIB RFC1213-MIB.my RFC1213-MIB AVAYA-ENTITY-MIB.MY AVAYA-ENTITY-MIB Rnd.MIB RND-MIB XSWITCH-MIB.MY XSWITCH-MIB CROUTE-MIB.MY CROUTE-MIB RS-232-MIB.my RS-232-MIB RIPv2-MIB.my RIPv2-MIB IF-MIB.my IF-MIB DS0BUNDLE-MIB.my DS0BUNDLE-MIB RFC1406-MIB.my RFC1406-MIB DS0-MIB.my DS0-MIB POLICY-MIB.MY POLICY-MIB BRIDGE-MIB.my BRIDGE-MIB CONFIG-MIB.MY CONFIG-MIB G700-MG-MIB.MY G700-MG-MIB FRAME-RELAY-DTE-MIB.my FRAME-RELAY-DTE-MIB IP-MIB.my IP-MIB Load12.MIB LOAD-MIB PPP-LCP-MIB.my PPP-LCP-MIB WAN-MIB.MY WAN-MIB 2 of 3 650 Administration for the Avaya G450 Media Gateway G450 MIB files MIB File MIB Module Supported by G450 SNMPv2-MIB.my SNMPv2-MIB USM-MIB.my USM-MIB VACM-MIB.my VACM-MIB OSPF-MIB.my OSPF-MIB Tunnel-MIB.my TUNNEL-MIB 3 of 3 MIB files in the Load.MIB file The following table provides a list of the MIBs in the Load.MIB file that are supported by the G450 and their OIDs: Object OID genOpModuleId 1.3.6.1.4.1.1751.2.53.1.2.1.1 genOpIndex 1.3.6.1.4.1.1751.2.53.1.2.1.2 genOpRunningState 1.3.6.1.4.1.1751.2.53.1.2.1.3 genOpSourceIndex 1.3.6.1.4.1.1751.2.53.1.2.1.4 genOpDestIndex 1.3.6.1.4.1.1751.2.53.1.2.1.5 genOpServerIP 1.3.6.1.4.1.1751.2.53.1.2.1.6 genOpUserName 1.3.6.1.4.1.1751.2.53.1.2.1.7 genOpPassword 1.3.6.1.4.1.1751.2.53.1.2.1.8 genOpProtocolType 1.3.6.1.4.1.1751.2.53.1.2.1.9 genOpFileName 1.3.6.1.4.1.1751.2.53.1.2.1.10 genOpRunningStateDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.11 genOpLastFailureIndex 1.3.6.1.4.1.1751.2.53.1.2.1.12 genOpLastFailureDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.13 genOpLastWarningDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.14 1 of 2 Issue 1 January 2008 651 Traps and MIBs Object OID genOpErrorLogIndex 1.3.6.1.4.1.1751.2.53.1.2.1.15 genOpResetSupported 1.3.6.1.4.1.1751.2.53.1.2.1.16 genOpEnableReset 1.3.6.1.4.1.1751.2.53.1.2.1.17 genOpNextBootImageIndex 1.3.6.1.4.1.1751.2.53.1.2.1.18 genOpLastBootImageIndex 1.3.6.1.4.1.1751.2.53.1.2.1.19 genOpFileSystemType 1.3.6.1.4.1.1751.2.53.1.2.1.20 genOpReportSpecificFlags 1.3.6.1.4.1.1751.2.53.1.2.1.21 genOpOctetsReceived 1.3.6.1.4.1.1751.2.53.1.2.1.22 genAppFileId 1.3.6.1.4.1.1751.2.53.2.1.1.1 genAppFileName 1.3.6.1.4.1.1751.2.53.2.1.1.2 genAppFileType 1.3.6.‘1.4.1.1751.2.53.2.1.1.3 genAppFileDescription 1.3.6.1.4.1.1751.2.53.2.1.1.4 genAppFileSize 1.3.6.1.4.1.1751.2.53.2.1.1.5 genAppFileVersionNumber 1.3.6.1.4.1.1751.2.53.2.1.1.6 genAppFileLocation 1.3.6.1.4.1.1751.2.53.2.1.1.7 genAppFileDateStamp 1.3.6.1.4.1.1751.2.53.2.1.1.8 genAppFileRowStatus 1.3.6.1.4.1.1751.2.53.2.1.1.9 2 of 2 MIB files in the RFC1315-MIB.my file The following table provides a list of the MIBs in the RFC1315-MIB.my file that are supported by the G450 and their OIDs: Object OID frDlcmiIfIndex 1.3.6.1.2.1.10.32.1.1.1 frDlcmiState 1.3.6.1.2.1.10.32.1.1.2 1 of 3 652 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID frDlcmiAddress 1.3.6.1.2.1.10.32.1.1.3 frDlcmiAddressLen 1.3.6.1.2.1.10.32.1.1.4 frDlcmiPollingInterval 1.3.6.1.2.1.10.32.1.1.5 frDlcmiFullEnquiryInterval 1.3.6.1.2.1.10.32.1.1.6 frDlcmiErrorThreshold 1.3.6.1.2.1.10.32.1.1.7 frDlcmiMonitoredEvents 1.3.6.1.2.1.10.32.1.1.8 frDlcmiMaxSupportedVCs 1.3.6.1.2.1.10.32.1.1.9 frDlcmiMulticast 1.3.6.1.2.1.10.32.1.1.10 frCircuitIfIndex 1.3.6.1.2.1.10.32.2.1.1 frCircuitDlci 1.3.6.1.2.1.10.32.2.1.2 frCircuitState 1.3.6.1.2.1.10.32.2.1.3 frCircuitReceivedFECNs 1.3.6.1.2.1.10.32.2.1.4 frCircuitReceivedBECNs 1.3.6.1.2.1.10.32.2.1.5 frCircuitSentFrames 1.3.6.1.2.1.10.32.2.1.6 frCircuitSentOctets 1.3.6.1.2.1.10.32.2.1.7 frCircuitReceivedFrames 1.3.6.1.2.1.10.32.2.1.8 frCircuitReceivedOctets 1.3.6.1.2.1.10.32.2.1.9 frCircuitCreationTime 1.3.6.1.2.1.10.32.2.1.10 frCircuitLastTimeChange 1.3.6.1.2.1.10.32.2.1.11 frCircuitCommittedBurst 1.3.6.1.2.1.10.32.2.1.12 frCircuitExcessBurst 1.3.6.1.2.1.10.32.2.1.13 frCircuitThroughput 1.3.6.1.2.1.10.32.2.1.14 frErrIfIndex 1.3.6.1.2.1.10.32.3.1.1 frErrType 1.3.6.1.2.1.10.32.3.1.2 frErrData 1.3.6.1.2.1.10.32.3.1.3 2 of 3 Issue 1 January 2008 653 Traps and MIBs Object OID frErrTime 1.3.6.1.2.1.10.32.3.1.4 frTrapState 1.3.6.1.2.1.10.32.4.1 3 of 3 MIB files in the Q-BRIDGE-MIB.my file The following table provides a list of the MIBs in the Q-BRIDGE-MIB.my file that are supported by the G450 and their OIDs: Object OID dot1qVlanVersionNumber 1.3.6.1.2.1.17.7.1.1.1 dot1qMaxVlanId 1.3.6.1.2.1.17.7.1.1.2 dot1qMaxSupportedVlans 1.3.6.1.2.1.17.7.1.1.3 dot1qNumVlans 1.3.6.1.2.1.17.7.1.1.4 dot1qGvrpStatus 1.3.6.1.2.1.17.7.1.1.5 dot1qVlanTimeMark 1.3.6.1.2.1.17.7.1.4.2.1.1 dot1qVlanIndex 1.3.6.1.2.1.17.7.1.4.2.1.2 dot1qVlanFdbId 1.3.6.1.2.1.17.7.1.4.2.1.3 dot1qVlanCurrentEgressPorts 1.3.6.1.2.1.17.7.1.4.2.1.4 dot1qVlanCurrentUntaggedPorts 1.3.6.1.2.1.17.7.1.4.2.1.5 dot1qVlanStatus 1.3.6.1.2.1.17.7.1.4.2.1.6 dot1qVlanCreationTime 1.3.6.1.2.1.17.7.1.4.2.1.7 dot1qVlanStaticName 1.3.6.1.2.1.17.7.1.4.3.1.1 dot1qVlanStaticEgressPorts 1.3.6.1.2.1.17.7.1.4.3.1.2 dot1qVlanForbiddenEgressPorts 1.3.6.1.2.1.17.7.1.4.3.1.3 dot1qVlanStaticUntaggedPorts 1.3.6.1.2.1.17.7.1.4.3.1.4 dot1qVlanStaticRowStatus 1.3.6.1.2.1.17.7.1.4.3.1.5 dot1qNextFreeLocalVlanIndex 1.3.6.1.2.1.17.7.1.4.4 654 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID dot1qPvid 1.3.6.1.2.1.17.7.1.4.5.1.1 dot1qPortAcceptableFrameTypes 1.3.6.1.2.1.17.7.1.4.5.1.2 dot1qPortIngressFiltering 1.3.6.1.2.1.17.7.1.4.5.1.3 dot1qPortGvrpStatus 1.3.6.1.2.1.17.7.1.4.5.1.4 dot1qPortGvrpFailedRegistrations 1.3.6.1.2.1.17.7.1.4.5.1.5 dot1qPortGvrpLastPduOrigin 1.3.6.1.2.1.17.7.1.4.5.1.6 MIB files in the ENTITY-MIB.my file The following table provides a list of the MIBs in the ENTITY-MIB.my file that are supported by the G450 and their OIDs: Object OID entPhysicalIndex 1.3.6.1.2.1.47.1.1.1.1.1 entPhysicalDescr 1.3.6.1.2.1.47.1.1.1.1.2 entPhysicalVendorType 1.3.6.1.2.1.47.1.1.1.1.3 entPhysicalContainedIn 1.3.6.1.2.1.47.1.1.1.1.4 entPhysicalClass 1.3.6.1.2.1.47.1.1.1.1.5 entPhysicalParentRelPos 1.3.6.1.2.1.47.1.1.1.1.6 entPhysicalName 1.3.6.1.2.1.47.1.1.1.1.7 entPhysicalHardwareRev 1.3.6.1.2.1.47.1.1.1.1.8 entPhysicalFirmwareRev 1.3.6.1.2.1.47.1.1.1.1.9 entPhysicalSoftwareRev 1.3.6.1.2.1.47.1.1.1.1.10 entPhysicalSerialNum 1.3.6.1.2.1.47.1.1.1.1.11 entPhysicalMfgName 1.3.6.1.2.1.47.1.1.1.1.12 entPhysicalModelName 1.3.6.1.2.1.47.1.1.1.1.13 entPhysicalAlias 1.3.6.1.2.1.47.1.1.1.1.14 1 of 2 Issue 1 January 2008 655 Traps and MIBs Object OID entPhysicalAssetID 1.3.6.1.2.1.47.1.1.1.1.15 entPhysicalIsFRU 1.3.6.1.2.1.47.1.1.1.1.16 2 of 2 MIB files in the IP-FORWARD-MIB.my file The following table provides a list of the MIBs in the IP-FORWARD-MIB.my file that are supported by the G450 and their OIDs: Object OID ipCidrRouteNumber 1.3.6.1.2.1.4.24.3 ipCidrRouteDest 1.3.6.1.2.1.4.24.4.1.1 ipCidrRouteMask 1.3.6.1.2.1.4.24.4.1.2 ipCidrRouteTos 1.3.6.1.2.1.4.24.4.1.3 ipCidrRouteNextHop 1.3.6.1.2.1.4.24.4.1.4 ipCidrRouteIfIndex 1.3.6.1.2.1.4.24.4.1.5 ipCidrRouteType 1.3.6.1.2.1.4.24.4.1.6 ipCidrRouteProto 1.3.6.1.2.1.4.24.4.1.7 ipCidrRouteAge 1.3.6.1.2.1.4.24.4.1.8 ipCidrRouteInfo 1.3.6.1.2.1.4.24.4.1.9 ipCidrRouteNextHopAS 1.3.6.1.2.1.4.24.4.1.10 ipCidrRouteMetric1 1.3.6.1.2.1.4.24.4.1.11 ipCidrRouteMetric2 1.3.6.1.2.1.4.24.4.1.12 ipCidrRouteMetric3 1.3.6.1.2.1.4.24.4.1.13 ipCidrRouteMetric4 1.3.6.1.2.1.4.24.4.1.14 ipCidrRouteMetric5 1.3.6.1.2.1.4.24.4.1.15 ipCidrRouteStatus 1.3.6.1.2.1.4.24.4.1.16 656 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the VRRP-MIB.my file The following table provides a list of the MIBs in the VRRP-MIB.my file that are supported by the G450 and their OIDs: Object OID vrrpNodeVersion 1.3.6.1.2.1.68.1.1.1 vrrpOperVrId 1.3.6.1.2.1.68.1.1.3.1.1 vrrpOperVirtualMacAddr 1.3.6.1.2.1.68.1.1.3.1.2 vrrpOperState 1.3.6.1.2.1.68.1.1.3.1.3 vrrpOperAdminState 1.3.6.1.2.1.68.1.1.3.1.4 vrrpOperPriority 1.3.6.1.2.1.68.1.1.3.1.5 vrrpOperIpAddrCount 1.3.6.1.2.1.68.1.1.3.1.6 vrrpOperMasterIpAddr 1.3.6.1.2.1.68.1.1.3.1.7 vrrpOperPrimaryIpAddr 1.3.6.1.2.1.68.1.1.3.1.8 vrrpOperAuthType 1.3.6.1.2.1.68.1.1.3.1.9 vrrpOperAuthKey 1.3.6.1.2.1.68.1.1.3.1.10 vrrpOperAdvertisementInterval 1.3.6.1.2.1.68.1.1.3.1.11 vrrpOperPreemptMode 1.3.6.1.2.1.68.1.1.3.1.12 vrrpOperVirtualRouterUpTime 1.3.6.1.2.1.68.1.1.3.1.13 vrrpOperProtocol 1.3.6.1.2.1.68.1.1.3.1.14 vrrpOperRowStatus 1.3.6.1.2.1.68.1.1.3.1.15 vrrpAssoIpAddr 1.3.6.1.2.1.68.1.1.4.1.1 vrrpAssoIpAddrRowStatus 1.3.6.1.2.1.68.1.1.4.1.2 Issue 1 January 2008 657 Traps and MIBs MIB files in the UTILIZATION-MANAGEMENT-MIB.my file The following table provides a list of the MIBs in the UTILIZATION-MANAGEMENT-MIB.my file that are supported by the G450 and their OIDs: Object OID genCpuIndex 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.1 genCpuUtilizationEnableMonitoring 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.2 genCpuUtilizationEnableEventGeneration 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.3 genCpuUtilizationHighThreshold 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.4 genCpuAverageUtilization 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.5 genCpuCurrentUtilization 1.3.6.1.4.1.6889.2.1.11.1.1.1.1.6 genCpuUtilizationHistorySampleIndex 1.3.6.1.4.1.6889.2.1.11.1.1.2.1.1 genCpuHistoryUtilization 1.3.6.1.4.1.6889.2.1.11.1.1.2.1.2 genMemUtilizationTotalRAM 1.3.6.1.4.1.6889.2.1.11.1.2.1 genMemUtilizationOperationalImage 1.3.6.1.4.1.6889.2.1.11.1.2.2 genMemUtilizationDynAllocMemUsed 1.3.6.1.4.1.6889.2.1.11.1.2.3.1 genMemUtilizationDynAllocMemMaxUsed 1.3.6.1.4.1.6889.2.1.11.1.2.3.2 genMemUtilizationDynAllocMemAvailable 1.3.6.1.4.1.6889.2.1.11.1.2.3.3 genMemUtilizationAllocationFailures 1.3.6.1.4.1.6889.2.1.11.1.2.4 genMemUtilizationID 1.3.6.1.4.1.6889.2.1.11.1.2.6.1.1 genMemUtilizationPhyRam 1.3.6.1.4.1.6889.2.1.11.1.2.6.1.2 genMemUtilizationPercentUsed 1.3.6.1.4.1.6889.2.1.11.1.2.6.1.3 658 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the ENTITY-SENSOR-MIB.my file The following table provides a list of the MIBs in the ENTITY-SENSOR-MIB.my file that are supported by the G450 and their OIDs: Object OID entPhySensorType 1.3.6.1.2.1.99.1.1.1.1 entPhySensorScale 1.3.6.1.2.1.99.1.1.1.2 entPhySensorPrecision 1.3.6.1.2.1.99.1.1.1.3 entPhySensorValue 1.3.6.1.2.1.99.1.1.1.4 entPhySensorOperStatus 1.3.6.1.2.1.99.1.1.1.5 entPhySensorUnitsDisplay 1.3.6.1.2.1.99.1.1.1.6 entPhySensorValueTimeStamp 1.3.6.1.2.1.99.1.1.1.7 entPhySensorValueUpdateRate 1.3.6.1.2.1.99.1.1.1.8 MIB files in the RSTP-MIB.my file The following table provides a list of the MIBs in the RSTP-MIB.my file that are supported by the G450 and their OIDs: Object OID dot1dStpVersion 1.3.6.1.2.1.17.2.16 dot1dStpTxHoldCount 1.3.6.1.2.1.17.2.17 dot1dStpPathCostDefault 1.3.6.1.2.1.17.2.18 dot1dStpPortProtocolMigration 1.3.6.1.2.1.17.2.19.1.1 dot1dStpPortAdminEdgePort 1.3.6.1.2.1.17.2.19.1.2 dot1dStpPortOperEdgePort 1.3.6.1.2.1.17.2.19.1.3 dot1dStpPortAdminPointToPoint 1.3.6.1.2.1.17.2.19.1.4 1 of 2 Issue 1 January 2008 659 Traps and MIBs Object OID dot1dStpPortOperPointToPoint 1.3.6.1.2.1.17.2.19.1.5 dot1dStpPortAdminPathCost 1.3.6.1.2.1.17.2.19.1.6 2 of 2 MIB files in the APPLIC-MIB.my file The following table provides a list of the MIBs in the APPLIC-MIB.my file that are supported by the G450 and their OIDs: Object OID lseIntPortGroupId 1.3.6.1.4.1.81.19.1.2.1.1.1 lseIntPortId 1.3.6.1.4.1.81.19.1.2.1.1.2 lseIntPortCAMLastChange 1.3.6.1.4.1.81.19.1.2.1.1.39 lseIntPortMACAddGroupId 1.3.6.1.4.1.81.19.1.2.2.1.1.1 lseIntPortMACAddPortId 1.3.6.1.4.1.81.19.1.2.2.1.1.2 lseIntPortMACAddLAId 1.3.6.1.4.1.81.19.1.2.2.1.1.3 lseIntPortMACAddList 1.3.6.1.4.1.81.19.1.2.2.1.1.4 MIB files in the DS1-MIB.my file The following table provides a list of the MIBs in the DS1-MIB.my file that are supported by the G450 and their OIDs: Object OID dsx1LineIndex 1.3.6.1.2.1.10.18.6.1.1 dsx1IfIndex 1.3.6.1.2.1.10.18.6.1.2 dsx1TimeElapsed 1.3.6.1.2.1.10.18.6.1.3 dsx1ValidIntervals 1.3.6.1.2.1.10.18.6.1.4 1 of 3 660 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID dsx1LineType 1.3.6.1.2.1.10.18.6.1.5 dsx1LineCoding 1.3.6.1.2.1.10.18.6.1.6 dsx1SendCode 1.3.6.1.2.1.10.18.6.1.7 dsx1CircuitIdentifier 1.3.6.1.2.1.10.18.6.1.8 dsx1LoopbackConfig 1.3.6.1.2.1.10.18.6.1.9 dsx1LineStatus 1.3.6.1.2.1.10.18.6.1.10 dsx1SignalMode 1.3.6.1.2.1.10.18.6.1.11 dsx1TransmitClockSource 1.3.6.1.2.1.10.18.6.1.12 dsx1Fdl 1.3.6.1.2.1.10.18.6.1.13 dsx1InvalidIntervals 1.3.6.1.2.1.10.18.6.1.14 dsx1LineLength 1.3.6.1.2.1.10.18.6.1.15 dsx1LineStatusLastChange 1.3.6.1.2.1.10.18.6.1.16 dsx1LineStatusChangeTrapEnable 1.3.6.1.2.1.10.18.6.1.17 dsx1LoopbackStatus 1.3.6.1.2.1.10.18.6.1.18 dsx1Ds1ChannelNumber 1.3.6.1.2.1.10.18.6.1.19 dsx1Channelization 1.3.6.1.2.1.10.18.6.1.20 dsx1CurrentIndex 1.3.6.1.2.1.10.18.7.1.1 dsx1CurrentESs 1.3.6.1.2.1.10.18.7.1.2 dsx1CurrentSESs 1.3.6.1.2.1.10.18.7.1.3 dsx1CurrentSEFSs 1.3.6.1.2.1.10.18.7.1.4 dsx1CurrentUASs 1.3.6.1.2.1.10.18.7.1.5 dsx1CurrentCSSs 1.3.6.1.2.1.10.18.7.1.6 dsx1CurrentPCVs 1.3.6.1.2.1.10.18.7.1.7 dsx1CurrentLESs 1.3.6.1.2.1.10.18.7.1.8 dsx1CurrentBESs 1.3.6.1.2.1.10.18.7.1.9 dsx1CurrentDMs 1.3.6.1.2.1.10.18.7.1.10 2 of 3 Issue 1 January 2008 661 Traps and MIBs Object OID dsx1CurrentLCVs 1.3.6.1.2.1.10.18.7.1.11 dsx1IntervalIndex 1.3.6.1.2.1.10.18.8.1.1 dsx1IntervalNumber 1.3.6.1.2.1.10.18.8.1.2 dsx1IntervalESs 1.3.6.1.2.1.10.18.8.1.3 dsx1IntervalSESs 1.3.6.1.2.1.10.18.8.1.4 dsx1IntervalSEFSs 1.3.6.1.2.1.10.18.8.1.5 dsx1IntervalUASs 1.3.6.1.2.1.10.18.8.1.6 dsx1IntervalCSSs 1.3.6.1.2.1.10.18.8.1.7 dsx1IntervalPCVs 1.3.6.1.2.1.10.18.8.1.8 dsx1IntervalLESs 1.3.6.1.2.1.10.18.8.1.9 dsx1IntervalBESs 1.3.6.1.2.1.10.18.8.1.10 dsx1IntervalDMs 1.3.6.1.2.1.10.18.8.1.11 dsx1IntervalLCVs 1.3.6.1.2.1.10.18.8.1.12 dsx1IntervalValidData 1.3.6.1.2.1.10.18.8.1.13 dsx1TotalIndex 1.3.6.1.2.1.10.18.9.1.1 dsx1TotalESs 1.3.6.1.2.1.10.18.9.1.2 dsx1TotalSESs 1.3.6.1.2.1.10.18.9.1.3 dsx1TotalSEFSs 1.3.6.1.2.1.10.18.9.1.4 dsx1TotalUASs 1.3.6.1.2.1.10.18.9.1.5 dsx1TotalCSSs 1.3.6.1.2.1.10.18.9.1.6 dsx1TotalPCVs 1.3.6.1.2.1.10.18.9.1.7 dsx1TotalLESs 1.3.6.1.2.1.10.18.9.1.8 dsx1TotalBESs 1.3.6.1.2.1.10.18.9.1.9 dsx1TotalDMs 1.3.6.1.2.1.10.18.9.1.10 dsx1TotalLCVs 1.3.6.1.2.1.10.18.9.1.11 3 of 3 662 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the PPP-IP-NCP-MIB.my file The following table provides a list of the MIBs in the PPP-IP-NCP-MIB.my file that are supported by the G450 and their OIDs: Object OID pppIpOperStatus 1.3.6.1.2.1.10.23.3.1.1.1 pppIpLocalToRemoteCompressionProtocol 1.3.6.1.2.1.10.23.3.1.1.2 pppIpRemoteToLocalCompressionProtocol 1.3.6.1.2.1.10.23.3.1.1.3 pppIpRemoteMaxSlotId 1.3.6.1.2.1.10.23.3.1.1.4 pppIpLocalMaxSlotId 1.3.6.1.2.1.10.23.3.1.1.5 pppIpConfigAdminStatus 1.3.6.1.2.1.10.23.3.2.1.1 pppIpConfigCompression 1.3.6.1.2.1.10.23.3.2.1.2 Issue 1 January 2008 663 Traps and MIBs MIB files in the RFC1213-MIB.my file The following table provides a list of the MIBs in the RFC1213-MIB.my file that are supported by the G450 and their OIDs: Object OID sysDescr 1.3.6.1.2.1.1.1 sysObjectID 1.3.6.1.2.1.1.2 sysUpTime 1.3.6.1.2.1.1.3 sysContact 1.3.6.1.2.1.1.4 sysName 1.3.6.1.2.1.1.5 sysLocation 1.3.6.1.2.1.1.6 sysServices 1.3.6.1.2.1.1.7 ifNumber 1.3.6.1.2.1.2.1 ifIndex 1.3.6.1.2.1.2.2.1.1 ifDescr 1.3.6.1.2.1.2.2.1.2 ifType 1.3.6.1.2.1.2.2.1.3 ifMtu 1.3.6.1.2.1.2.2.1.4 ifSpeed 1.3.6.1.2.1.2.2.1.5 ifPhysAddress 1.3.6.1.2.1.2.2.1.6 ifAdminStatus 1.3.6.1.2.1.2.2.1.7 ifOperStatus 1.3.6.1.2.1.2.2.1.8 ifLastChange 1.3.6.1.2.1.2.2.1.9 ifInOctets 1.3.6.1.2.1.2.2.1.10 ifInUcastPkts 1.3.6.1.2.1.2.2.1.11 ifInNUcastPkts 1.3.6.1.2.1.2.2.1.12 ifInDiscards 1.3.6.1.2.1.2.2.1.13 ifInErrors 1.3.6.1.2.1.2.2.1.14 1 of 4 664 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ifInUnknownProtos 1.3.6.1.2.1.2.2.1.15 ifOutOctets 1.3.6.1.2.1.2.2.1.16 ifOutUcastPkts 1.3.6.1.2.1.2.2.1.17 ifOutNUcastPkts 1.3.6.1.2.1.2.2.1.18 ifOutDiscards 1.3.6.1.2.1.2.2.1.19 ifOutErrors 1.3.6.1.2.1.2.2.1.20 ifOutQLen 1.3.6.1.2.1.2.2.1.21 ifSpecific 1.3.6.1.2.1.2.2.1.22 ipForwarding 1.3.6.1.2.1.4.1 ipDefaultTTL 1.3.6.1.2.1.4.2 ipInReceives 1.3.6.1.2.1.4.3 ipInHdrErrors 1.3.6.1.2.1.4.4 ipInAddrErrors 1.3.6.1.2.1.4.5 ipForwDatagrams 1.3.6.1.2.1.4.6 ipInUnknownProtos 1.3.6.1.2.1.4.7 ipInDiscards 1.3.6.1.2.1.4.8 ipInDelivers 1.3.6.1.2.1.4.9 ipOutRequests 1.3.6.1.2.1.4.10 ipOutDiscards 1.3.6.1.2.1.4.11 ipOutNoRoutes 1.3.6.1.2.1.4.12 ipReasmTimeout 1.3.6.1.2.1.4.13 ipReasmReqds 1.3.6.1.2.1.4.14 ipReasmOKs 1.3.6.1.2.1.4.15 ipReasmFails 1.3.6.1.2.1.4.16 ipFragOKs 1.3.6.1.2.1.4.17 ipFragFails 1.3.6.1.2.1.4.18 2 of 4 Issue 1 January 2008 665 Traps and MIBs Object OID ipFragCreates 1.3.6.1.2.1.4.19 ipAdEntAddr 1.3.6.1.2.1.4.20.1.1 ipAdEntIfIndex 1.3.6.1.2.1.4.20.1.2 ipAdEntNetMask 1.3.6.1.2.1.4.20.1.3 ipAdEntBcastAddr 1.3.6.1.2.1.4.20.1.4 ipAdEntReasmMaxSize 1.3.6.1.2.1.4.20.1.5 ipRouteDest 1.3.6.1.2.1.4.21.1.1 ipRouteIfIndex 1.3.6.1.2.1.4.21.1.2 ipRouteMetric1 1.3.6.1.2.1.4.21.1.3 ipRouteMetric2 1.3.6.1.2.1.4.21.1.4 ipRouteMetric3 1.3.6.1.2.1.4.21.1.5 ipRouteMetric4 1.3.6.1.2.1.4.21.1.6 ipRouteNextHop 1.3.6.1.2.1.4.21.1.7 ipRouteType 1.3.6.1.2.1.4.21.1.8 ipRouteProto 1.3.6.1.2.1.4.21.1.9 ipRouteAge 1.3.6.1.2.1.4.21.1.10 ipRouteMask 1.3.6.1.2.1.4.21.1.11 ipRouteMetric5 1.3.6.1.2.1.4.21.1.12 ipRouteInfo 1.3.6.1.2.1.4.21.1.13 ipNetToMediaIfIndex 1.3.6.1.2.1.4.22.1.1 ipNetToMediaPhysAddress 1.3.6.1.2.1.4.22.1.2 ipNetToMediaNetAddress 1.3.6.1.2.1.4.22.1.3 ipNetToMediaType 1.3.6.1.2.1.4.22.1.4 ipRoutingDiscards 1.3.6.1.2.1.4.23 snmpInPkts 1.3.6.1.2.1.11.1 snmpOutPkts 1.3.6.1.2.1.11.2 3 of 4 666 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID snmpInBadVersions 1.3.6.1.2.1.11.3 snmpInBadCommunityNames 1.3.6.1.2.1.11.4 snmpInBadCommunityUses 1.3.6.1.2.1.11.5 snmpInASNParseErrs 1.3.6.1.2.1.11.6 snmpInTooBigs 1.3.6.1.2.1.11.8 snmpInNoSuchNames 1.3.6.1.2.1.11.9 snmpInBadValues 1.3.6.1.2.1.11.10 snmpInReadOnlys 1.3.6.1.2.1.11.11 snmpInGenErrs 1.3.6.1.2.1.11.12 snmpInTotalReqVars 1.3.6.1.2.1.11.13 snmpInTotalSetVars 1.3.6.1.2.1.11.14 snmpInGetRequests 1.3.6.1.2.1.11.15 snmpInGetNexts 1.3.6.1.2.1.11.16 snmpInSetRequests 1.3.6.1.2.1.11.17 snmpInGetResponses 1.3.6.1.2.1.11.18 snmpInTraps 1.3.6.1.2.1.11.19 snmpOutTooBigs 1.3.6.1.2.1.11.20 snmpOutNoSuchNames 1.3.6.1.2.1.11.21 snmpOutBadValues 1.3.6.1.2.1.11.22 snmpOutGenErrs 1.3.6.1.2.1.11.24 snmpOutGetRequests 1.3.6.1.2.1.11.25 snmpOutGetNexts 1.3.6.1.2.1.11.26 snmpOutSetRequests 1.3.6.1.2.1.11.27 snmpOutGetResponses 1.3.6.1.2.1.11.28 snmpOutTraps 1.3.6.1.2.1.11.29 snmpEnableAuthenTraps 1.3.6.1.2.1.11.30 4 of 4 Issue 1 January 2008 667 Traps and MIBs MIB files in the AVAYA-ENTITY-MIB.my file The following table provides a list of the MIBs in the AVAYA-ENTITY-MIB.my file that are supported by the G450 and their OIDs: Object OID avEntPhySensorHiShutdown 1.3.6.1.4.1.6889.2.1.99.1.1.1 avEntPhySensorHiWarning 1.3.6.1.4.1.6889.2.1.99.1.1.2 avEntPhySensorHiWarningClear 1.3.6.1.4.1.6889.2.1.99.1.1.3 avEntPhySensorLoWarningClear 1.3.6.1.4.1.6889.2.1.99.1.1.4 avEntPhySensorLoWarning 1.3.6.1.4.1.6889.2.1.99.1.1.5 avEntPhySensorLoShutdown 1.3.6.1.4.1.6889.2.1.99.1.1.6 avEntPhySensorEventSupportMask 1.3.6.1.4.1.6889.2.1.99.1.1.7 MIB files in the Rnd-MIB.my file The following table provides a list of the MIBs in the Rnd.MIB file that are supported by the G450 and their OIDs: Object OID genGroupHWVersion 1.3.6.1.4.1.81.8.1.1.24 genGroupConfigurationSymbol 1.3.6.1.4.1.81.8.1.1.21 genGroupHWStatus 1.3.6.1.4.1.81.8.1.1.17 668 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the XSWITCH-MIB.my file The following table provides a list of the MIBs in the XSWITCH-MIB.my file that are supported by the G450 and their OIDs: Object OID scGenPortGroupId 1.3.6.1.4.1.81.28.1.4.1.1.1 scGenPortId 1.3.6.1.4.1.81.28.1.4.1.1.2 scGenPortVLAN 1.3.6.1.4.1.81.28.1.4.1.1.3 scGenPortPriority 1.3.6.1.4.1.81.28.1.4.1.1.4 scGenPortSetDefaults 1.3.6.1.4.1.81.28.1.4.1.1.5 scGenPortLinkAggregationNumber 1.3.6.1.4.1.81.28.1.4.1.1.9 scGenPortGenericTrap 1.3.6.1.4.1.81.28.1.4.1.1.15 scGenPortLagCapability 1.3.6.1.4.1.81.28.1.4.1.1.20 scGenPortCapability 1.3.6.1.4.1.81.28.1.4.1.1.21 scGenSwitchId 1.3.6.1.4.1.81.28.1.5.1.1.1 scGenSwitchSTA 1.3.6.1.4.1.81.28.1.5.1.1.13 scEthPortGroupId 1.3.6.1.4.1.81.28.2.1.1.1.1 scEthPortId 1.3.6.1.4.1.81.28.2.1.1.1.2 scEthPortFunctionalStatus 1.3.6.1.4.1.81.28.2.1.1.1.27 scEthPortMode 1.3.6.1.4.1.81.28.2.1.1.1.28 scEthPortSpeed 1.3.6.1.4.1.81.28.2.1.1.1.29 scEthPortAutoNegotiation 1.3.6.1.4.1.81.28.2.1.1.1.30 scEthPortAutoNegotiationStatus 1.3.6.1.4.1.81.28.2.1.1.1.31 scEthPortPauseCapabilities 1.3.6.1.4.1.81.28.2.1.1.1.44 scEthPortFlowControl 1.3.6.1.4.1.81.28.2.1.1.1.47 Issue 1 January 2008 669 Traps and MIBs MIB files in the CROUTE-MIB.my file The following table provides a list of the MIBs in the CROUTE-MIB.my file that are supported by the G450 and their OIDs: Object OID ipGlobalsBOOTPRelayStatus 1.3.6.1.4.1.81.31.1.1.1 ipGlobalsICMPErrMsgEnable 1.3.6.1.4.1.81.31.1.1.2 ipGlobalsARPInactiveTimeout 1.3.6.1.4.1.81.31.1.1.3 ipGlobalsPrimaryManagementIPAddress 1.3.6.1.4.1.81.31.1.1.4 ipGlobalsNextPrimaryManagementIPAddress 1.3.6.1.4.1.81.31.1.1.5 ipInterfaceAddr 1.3.6.1.4.1.81.31.1.2.1.1 ipInterfaceNetMask 1.3.6.1.4.1.81.31.1.2.1.2 ipInterfaceLowerIfAlias 1.3.6.1.4.1.81.31.1.2.1.3 ipInterfaceType 1.3.6.1.4.1.81.31.1.2.1.4 ipInterfaceForwardIpBroadcast 1.3.6.1.4.1.81.31.1.2.1.5 ipInterfaceBroadcastAddr 1.3.6.1.4.1.81.31.1.2.1.6 ipInterfaceProxyArp 1.3.6.1.4.1.81.31.1.2.1.7 ipInterfaceStatus 1.3.6.1.4.1.81.31.1.2.1.8 ipInterfaceMainRouterAddr 1.3.6.1.4.1.81.31.1.2.1.9 ipInterfaceARPServerStatus 1.3.6.1.4.1.81.31.1.2.1.10 ipInterfaceName 1.3.6.1.4.1.81.31.1.2.1.11 ipInterfaceNetbiosRebroadcast 1.3.6.1.4.1.81.31.1.2.1.12 ipInterfaceIcmpRedirects 1.3.6.1.4.1.81.31.1.2.1.13 ipInterfaceOperStatus 1.3.6.1.4.1.81.31.1.2.1.14 ipInterfaceDhcpRelay 1.3.6.1.4.1.81.31.1.2.1.15 ripGlobalsRIPEnable 1.3.6.1.4.1.81.31.1.3.1 ripGlobalsLeakOSPFIntoRIP 1.3.6.1.4.1.81.31.1.3.2 1 of 4 670 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ripGlobalsLeakStaticIntoRIP 1.3.6.1.4.1.81.31.1.3.3 ripGlobalsPeriodicUpdateTimer 1.3.6.1.4.1.81.31.1.3.4 ripGlobalsPeriodicInvalidRouteTimer 1.3.6.1.4.1.81.31.1.3.5 ripGlobalsDefaultExportMetric 1.3.6.1.4.1.81.31.1.3.6 ripInterfaceAddr 1.3.6.1.4.1.81.31.1.4.1.1 ripInterfaceMetric 1.3.6.1.4.1.81.31.1.4.1.2 ripInterfaceSplitHorizon 1.3.6.1.4.1.81.31.1.4.1.3 ripInterfaceAcceptDefaultRoute 1.3.6.1.4.1.81.31.1.4.1.4 ripInterfaceSendDefaultRoute 1.3.6.1.4.1.81.31.1.4.1.5 ripInterfaceState 1.3.6.1.4.1.81.31.1.4.1.6 ripInterfaceSendMode 1.3.6.1.4.1.81.31.1.4.1.7 ripInterfaceVersion 1.3.6.1.4.1.81.31.1.4.1.8 ospfGlobalsLeakRIPIntoOSPF 1.3.6.1.4.1.81.31.1.5.1 ospfGlobalsLeakStaticIntoOSPF 1.3.6.1.4.1.81.31.1.5.2 ospfGlobalsLeakDirectIntoOSPF 1.3.6.1.4.1.81.31.1.5.3 ospfGlobalsDefaultExportMetric 1.3.6.1.4.1.81.31.1.5.4 relayVlIndex 1.3.6.1.4.1.81.31.1.6.1.1 relayVlPrimaryServerAddr 1.3.6.1.4.1.81.31.1.6.1.2 relayVlSeconderyServerAddr 1.3.6.1.4.1.81.31.1.6.1.3 relayVlStatus 1.3.6.1.4.1.81.31.1.6.1.4 relayVlRelayAddr 1.3.6.1.4.1.81.31.1.6.1.5 ipRedundancyStatus 1.3.6.1.4.1.81.31.1.9.1 ipRedundancyTimeout 1.3.6.1.4.1.81.31.1.9.2 ipRedundancyPollingInterval 1.3.6.1.4.1.81.31.1.9.3 ipShortcutARPServerStatus 1.3.6.1.4.1.81.31.1.10.1 distributionListRoutingProtocol 1.3.6.1.4.1.81.31.1.12.1.1 2 of 4 Issue 1 January 2008 671 Traps and MIBs Object OID distributionListDirection 1.3.6.1.4.1.81.31.1.12.1.2 distributionListIfIndex 1.3.6.1.4.1.81.31.1.12.1.3 distributionListRouteProtocol 1.3.6.1.4.1.81.31.1.12.1.4 distributionListProtocolSpecific1 1.3.6.1.4.1.81.31.1.12.1.5 distributionListProtocolSpecific2 1.3.6.1.4.1.81.31.1.12.1.6 distributionListProtocolSpecific3 1.3.6.1.4.1.81.31.1.12.1.7 distributionListProtocolSpecific4 1.3.6.1.4.1.81.31.1.12.1.8 distributionListProtocolSpecific5 1.3.6.1.4.1.81.31.1.12.1.9 distributionListAccessListNumber 1.3.6.1.4.1.81.31.1.12.1.10 distributionListEntryStatus 1.3.6.1.4.1.81.31.1.12.1.11 ipVRRPAdminStatus 1.3.6.1.4.1.81.31.1.14.1 iphcIfIndex 1.3.6.1.4.1.81.31.1.15.1.1.1 iphcControlTcpAdminStatus 1.3.6.1.4.1.81.31.1.15.1.1.2 iphcTcpSessions 1.3.6.1.4.1.81.31.1.15.1.1.3 iphcNegotiatedTcpSessions 1.3.6.1.4.1.81.31.1.15.1.1.4 iphcControlRtpAdminStatus 1.3.6.1.4.1.81.31.1.15.1.1.5 iphcRtpSessions 1.3.6.1.4.1.81.31.1.15.1.1.6 iphcNegotiatedRtpSessions 1.3.6.1.4.1.81.31.1.15.1.1.7 iphcControlNonTcpAdminStatus 1.3.6.1.4.1.81.31.1.15.1.1.8 iphcNonTcpSessions 1.3.6.1.4.1.81.31.1.15.1.1.9 iphcNegotiatedNonTcpSessions 1.3.6.1.4.1.81.31.1.15.1.1.10 iphcMaxPeriod 1.3.6.1.4.1.81.31.1.15.1.1.11 iphcMaxTime 1.3.6.1.4.1.81.31.1.15.1.1.12 iphcControRtpMinPortNumber 1.3.6.1.4.1.81.31.1.15.1.1.13 iphcControRtpMaxPortNumber 1.3.6.1.4.1.81.31.1.15.1.1.14 iphcControlRtpCompressionRatio 1.3.6.1.4.1.81.31.1.15.1.1.15 3 of 4 672 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID iphcControlNonTcpMode 1.3.6.1.4.1.81.31.1.15.1.1.16 ospfXtndIfIpAddress 1.3.6.1.4.1.81.31.1.16.1.1 ospfXtndIfAddressLessIf 1.3.6.1.4.1.81.31.1.16.1.2 ospfXtndIfPassiveMode 1.3.6.1.4.1.81.31.1.16.1.3 vlConfIndex 1.3.6.1.4.1.81.31.3.1.1.1 vlConfAlias 1.3.6.1.4.1.81.31.3.1.1.2 vlConfStatus 1.3.6.1.4.1.81.31.3.1.1.3 4 of 4 MIB files in the RS-232-MIB.my file The following table provides a list of the MIBs in the RS-232-MIB.my file that are supported by the G450 and their OIDs: Object OID rs232Number 1.3.6.1.2.1.10.33.1 rs232PortIndex 1.3.6.1.2.1.10.33.2.1.1 rs232PortType 1.3.6.1.2.1.10.33.2.1.2 rs232PortInSigNumber 1.3.6.1.2.1.10.33.2.1.3 rs232PortOutSigNumber 1.3.6.1.2.1.10.33.2.1.4 rs232PortInSpeed 1.3.6.1.2.1.10.33.2.1.5 rs232PortOutSpeed 1.3.6.1.2.1.10.33.2.1.6 rs232PortInFlowType 1.3.6.1.2.1.10.33.2.1.7 rs232PortOutFlowType 1.3.6.1.2.1.10.33.2.1.8 rs232SyncPortIndex 1.3.6.1.2.1.10.33.4.1.1 rs232SyncPortClockSource 1.3.6.1.2.1.10.33.4.1.2 rs232SyncPortFrameCheckErrs 1.3.6.1.2.1.10.33.4.1.3 1 of 2 Issue 1 January 2008 673 Traps and MIBs Object OID rs232SyncPortTransmitUnderrunErrs 1.3.6.1.2.1.10.33.4.1.4 rs232SyncPortReceiveOverrunErrs 1.3.6.1.2.1.10.33.4.1.5 rs232SyncPortInterruptedFrames 1.3.6.1.2.1.10.33.4.1.6 rs232SyncPortAbortedFrames 1.3.6.1.2.1.10.33.4.1.7 rs232SyncPortRole 1.3.6.1.2.1.10.33.4.1.8 rs232SyncPortEncoding 1.3.6.1.2.1.10.33.4.1.9 rs232SyncPortRTSControl 1.3.6.1.2.1.10.33.4.1.10 rs232SyncPortRTSCTSDelay 1.3.6.1.2.1.10.33.4.1.11 rs232SyncPortMode 1.3.6.1.2.1.10.33.4.1.12 rs232SyncPortIdlePattern 1.3.6.1.2.1.10.33.4.1.13 rs232SyncPortMinFlags 1.3.6.1.2.1.10.33.4.1.14 rs232InSigPortIndex 1.3.6.1.2.1.10.33.5.1.1 rs232InSigName 1.3.6.1.2.1.10.33.5.1.2 rs232InSigState 1.3.6.1.2.1.10.33.5.1.3 rs232InSigChanges 1.3.6.1.2.1.10.33.5.1.4 rs232OutSigPortIndex 1.3.6.1.2.1.10.33.6.1.1 rs232OutSigName 1.3.6.1.2.1.10.33.6.1.2 rs232OutSigState 1.3.6.1.2.1.10.33.6.1.3 rs232OutSigChanges 1.3.6.1.2.1.10.33.6.1.4 2 of 2 674 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the RIPv2-MIB.my file The following table provides a list of the MIBs in the RIPv2-MIB.my file that are supported by the G450 and their OIDs: Object OID rip2GlobalRouteChanges 1.3.6.1.2.1.23.1.1 rip2GlobalQueries 1.3.6.1.2.1.23.1.2 rip2IfStatAddress 1.3.6.1.2.1.23.2.1.1 rip2IfStatRcvBadPackets 1.3.6.1.2.1.23.2.1.2 rip2IfStatRcvBadRoutes 1.3.6.1.2.1.23.2.1.3 rip2IfStatSentUpdates 1.3.6.1.2.1.23.2.1.4 rip2IfStatStatus 1.3.6.1.2.1.23.2.1.5 rip2IfConfAddress 1.3.6.1.2.1.23.3.1.1 rip2IfConfDomain 1.3.6.1.2.1.23.3.1.2 rip2IfConfAuthType 1.3.6.1.2.1.23.3.1.3 rip2IfConfAuthKey 1.3.6.1.2.1.23.3.1.4 rip2IfConfSend 1.3.6.1.2.1.23.3.1.5 rip2IfConfReceive 1.3.6.1.2.1.23.3.1.6 rip2IfConfDefaultMetric 1.3.6.1.2.1.23.3.1.7 rip2IfConfStatus 1.3.6.1.2.1.23.3.1.8 rip2IfConfSrcAddress 1.3.6.1.2.1.23.3.1.9 Issue 1 January 2008 675 Traps and MIBs MIB files in the IF-MIB.my file The following table provides a list of the MIBs in the IF-MIB.my file that are supported by the G450 and their OIDs: Object OID ifNumber 1.3.6.1.2.1.2.1 ifIndex 1.3.6.1.2.1.2.2.1.1 ifDescr 1.3.6.1.2.1.2.2.1.2 ifType 1.3.6.1.2.1.2.2.1.3 ifMtu 1.3.6.1.2.1.2.2.1.4 ifSpeed 1.3.6.1.2.1.2.2.1.5 ifPhysAddress 1.3.6.1.2.1.2.2.1.6 ifAdminStatus 1.3.6.1.2.1.2.2.1.7 ifOperStatus 1.3.6.1.2.1.2.2.1.8 ifLastChange 1.3.6.1.2.1.2.2.1.9 ifInOctets 1.3.6.1.2.1.2.2.1.10 ifInUcastPkts 1.3.6.1.2.1.2.2.1.11 ifInNUcastPkts 1.3.6.1.2.1.2.2.1.12 ifInDiscards 1.3.6.1.2.1.2.2.1.13 ifInErrors 1.3.6.1.2.1.2.2.1.14 ifInUnknownProtos 1.3.6.1.2.1.2.2.1.15 ifOutOctets 1.3.6.1.2.1.2.2.1.16 ifOutUcastPkts 1.3.6.1.2.1.2.2.1.17 ifOutNUcastPkts 1.3.6.1.2.1.2.2.1.18 ifOutDiscards 1.3.6.1.2.1.2.2.1.19 ifOutErrors 1.3.6.1.2.1.2.2.1.20 ifOutQLen 1.3.6.1.2.1.2.2.1.21 1 of 2 676 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ifSpecific 1.3.6.1.2.1.2.2.1.22 ifName 1.3.6.1.2.1.31.1.1.1.1 ifInMulticastPkts 1.3.6.1.2.1.31.1.1.1.2 ifInBroadcastPkts 1.3.6.1.2.1.31.1.1.1.3 ifOutMulticastPkts 1.3.6.1.2.1.31.1.1.1.4 ifOutBroadcastPkts 1.3.6.1.2.1.31.1.1.1.5 ifHCInOctets 1.3.6.1.2.1.31.1.1.1.6 ifHCInUcastPkts 1.3.6.1.2.1.31.1.1.1.7 ifHCInMulticastPkts 1.3.6.1.2.1.31.1.1.1.8 ifHCInBroadcastPkts 1.3.6.1.2.1.31.1.1.1.9 ifHCOutOctets 1.3.6.1.2.1.31.1.1.1.10 ifHCOutUcastPkts 1.3.6.1.2.1.31.1.1.1.11 ifHCOutMulticastPkts 1.3.6.1.2.1.31.1.1.1.12 ifHCOutBroadcastPkts 1.3.6.1.2.1.31.1.1.1.13 ifLinkUpDownTrapEnable 1.3.6.1.2.1.31.1.1.1.14 ifHighSpeed 1.3.6.1.2.1.31.1.1.1.15 ifPromiscuousMode 1.3.6.1.2.1.31.1.1.1.16 ifConnectorPresent 1.3.6.1.2.1.31.1.1.1.17 ifAlias 1.3.6.1.2.1.31.1.1.1.18 ifCounterDiscontinuityTime 1.3.6.1.2.1.31.1.1.1.19 2 of 2 Issue 1 January 2008 677 Traps and MIBs MIB files in the DS0BUNDLE-MIB.my file The following table provides a list of the MIBs in the DS0BUNDLE-MIB.my file that are supported by the G450 and their OIDs: Object OID dsx0BundleIndex 1.3.6.1.2.1.10.82.3.1.1 dsx0BundleIfIndex 1.3.6.1.2.1.10.82.3.1.2 dsx0BundleCircuitIdentifier 1.3.6.1.2.1.10.82.3.1.3 dsx0BundleRowStatus 1.3.6.1.2.1.10.82.3.1.4 MIB files in the RFC1406-MIB.my file The following table provides a list of the MIBs in the RFC1406-MIB.my file that are supported by the G450 and their OIDs: Object OID dsx1LineIndex 1.3.6.1.2.1.10.18.6.1.1 dsx1IfIndex 1.3.6.1.2.1.10.18.6.1.2 dsx1TimeElapsed 1.3.6.1.2.1.10.18.6.1.3 dsx1ValidIntervals 1.3.6.1.2.1.10.18.6.1.4 dsx1LineType 1.3.6.1.2.1.10.18.6.1.5 dsx1LineCoding 1.3.6.1.2.1.10.18.6.1.6 dsx1SendCode 1.3.6.1.2.1.10.18.6.1.7 dsx1CircuitIdentifier 1.3.6.1.2.1.10.18.6.1.8 dsx1LoopbackConfig 1.3.6.1.2.1.10.18.6.1.9 dsx1LineStatus 1.3.6.1.2.1.10.18.6.1.10 dsx1SignalMode 1.3.6.1.2.1.10.18.6.1.11 dsx1TransmitClockSource 1.3.6.1.2.1.10.18.6.1.12 1 of 3 678 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID dsx1Fdl 1.3.6.1.2.1.10.18.6.1.13 dsx1CurrentIndex 1.3.6.1.2.1.10.18.7.1.1 dsx1CurrentESs 1.3.6.1.2.1.10.18.7.1.2 dsx1CurrentSESs 1.3.6.1.2.1.10.18.7.1.3 dsx1CurrentSEFSs 1.3.6.1.2.1.10.18.7.1.4 dsx1CurrentUASs 1.3.6.1.2.1.10.18.7.1.5 dsx1CurrentCSSs 1.3.6.1.2.1.10.18.7.1.6 dsx1CurrentPCVs 1.3.6.1.2.1.10.18.7.1.7 dsx1CurrentLESs 1.3.6.1.2.1.10.18.7.1.8 dsx1CurrentBESs 1.3.6.1.2.1.10.18.7.1.9 dsx1CurrentDMs 1.3.6.1.2.1.10.18.7.1.10 dsx1CurrentLCVs 1.3.6.1.2.1.10.18.7.1.11 dsx1IntervalIndex 1.3.6.1.2.1.10.18.8.1.1 dsx1IntervalNumber 1.3.6.1.2.1.10.18.8.1.2 dsx1IntervalESs 1.3.6.1.2.1.10.18.8.1.3 dsx1IntervalSESs 1.3.6.1.2.1.10.18.8.1.4 dsx1IntervalSEFSs 1.3.6.1.2.1.10.18.8.1.5 dsx1IntervalUASs 1.3.6.1.2.1.10.18.8.1.6 dsx1IntervalCSSs 1.3.6.1.2.1.10.18.8.1.7 dsx1IntervalPCVs 1.3.6.1.2.1.10.18.8.1.8 dsx1IntervalLESs 1.3.6.1.2.1.10.18.8.1.9 dsx1IntervalBESs 1.3.6.1.2.1.10.18.8.1.10 dsx1IntervalDMs 1.3.6.1.2.1.10.18.8.1.11 dsx1IntervalLCVs 1.3.6.1.2.1.10.18.8.1.12 dsx1TotalIndex 1.3.6.1.2.1.10.18.9.1.1 dsx1TotalESs 1.3.6.1.2.1.10.18.9.1.2 2 of 3 Issue 1 January 2008 679 Traps and MIBs Object OID dsx1TotalSESs 1.3.6.1.2.1.10.18.9.1.3 dsx1TotalSEFSs 1.3.6.1.2.1.10.18.9.1.4 dsx1TotalUASs 1.3.6.1.2.1.10.18.9.1.5 dsx1TotalCSSs 1.3.6.1.2.1.10.18.9.1.6 dsx1TotalPCVs 1.3.6.1.2.1.10.18.9.1.7 dsx1TotalLESs 1.3.6.1.2.1.10.18.9.1.8 dsx1TotalBESs 1.3.6.1.2.1.10.18.9.1.9 dsx1TotalDMs 1.3.6.1.2.1.10.18.9.1.10 dsx1TotalLCVs 1.3.6.1.2.1.10.18.9.1.11 3 of 3 MIB files in the DS0-MIB.my file The following table provides a list of the MIBs in the DS0-MIB.my file that are supported by the G450 and their OIDs: Object OID dsx0Ds0ChannelNumber 1.3.6.1.2.1.10.81.1.1.1 dsx0RobbedBitSignalling 1.3.6.1.2.1.10.81.1.1.2 dsx0CircuitIdentifier 1.3.6.1.2.1.10.81.1.1.3 dsx0IdleCode 1.3.6.1.2.1.10.81.1.1.4 dsx0SeizedCode 1.3.6.1.2.1.10.81.1.1.5 dsx0ReceivedCode 1.3.6.1.2.1.10.81.1.1.6 dsx0TransmitCodesEnable 1.3.6.1.2.1.10.81.1.1.7 dsx0Ds0BundleMappedIfIndex 1.3.6.1.2.1.10.81.1.1.8 dsx0ChanMappedIfIndex 1.3.6.1.2.1.10.81.3.1.1 680 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the POLICY-MIB.my file The following table provides a list of the MIBs in the POLICY-MIB.MY file that are supported by the G450 and their OIDs: Object OID ipPolicyListSlot 1.3.6.1.4.1.81.36.1.1.1 ipPolicyListID 1.3.6.1.4.1.81.36.1.1.2 ipPolicyListName 1.3.6.1.4.1.81.36.1.1.3 ipPolicyListValidityStatus 1.3.6.1.4.1.81.36.1.1.4 ipPolicyListChecksum 1.3.6.1.4.1.81.36.1.1.5 ipPolicyListRowStatus 1.3.6.1.4.1.81.36.1.1.6 ipPolicyListDefaultOperation 1.3.6.1.4.1.81.36.1.1.7 ipPolicyListCookie 1.3.6.1.4.1.81.36.1.1.8 ipPolicyListTrackChanges 1.3.6.1.4.1.81.36.1.1.9 ipPolicyListOwner 1.3.6.1.4.1.81.36.1.1.10 ipPolicyListErrMsg 1.3.6.1.4.1.81.36.1.1.11 ipPolicyListTrustedFields 1.3.6.1.4.1.81.36.1.1.12 ipPolicyListScope 1.3.6.1.4.1.81.36.1.1.13 ipPolicyListIpOptionOperation 1.3.6.1.4.1.81.36.1.1.14 ipPolicyListIpFragmentationOperation 1.3.6.1.4.1.81.36.1.1.15 ipPolicyListType 1.3.6.1.4.1.81.36.1.1.16 ipPolicyListEtherTypeDefaultOperation 1.3.6.1.4.1.81.36.1.1.17 ipPolicyRuleSlot 1.3.6.1.4.1.81.36.2.1.1 ipPolicyRuleListID 1.3.6.1.4.1.81.36.2.1.2 ipPolicyRuleID 1.3.6.1.4.1.81.36.2.1.3 ipPolicyRuleSrcAddr 1.3.6.1.4.1.81.36.2.1.4 ipPolicyRuleSrcAddrWild 1.3.6.1.4.1.81.36.2.1.5 1 of 7 Issue 1 January 2008 681 Traps and MIBs Object OID ipPolicyRuleDstAddr 1.3.6.1.4.1.81.36.2.1.6 ipPolicyRuleDstAddrWild 1.3.6.1.4.1.81.36.2.1.7 ipPolicyRuleProtocol 1.3.6.1.4.1.81.36.2.1.8 ipPolicyRuleL4SrcPortMin 1.3.6.1.4.1.81.36.2.1.9 ipPolicyRuleL4SrcPortMax 1.3.6.1.4.1.81.36.2.1.10 ipPolicyRuleL4DestPortMin 1.3.6.1.4.1.81.36.2.1.11 ipPolicyRuleL4DestPortMax 1.3.6.1.4.1.81.36.2.1.12 ipPolicyRuleEstablished 1.3.6.1.4.1.81.36.2.1.13 ipPolicyRuleOperation 1.3.6.1.4.1.81.36.2.1.14 ipPolicyRuleApplicabilityPrecedence 1.3.6.1.4.1.81.36.2.1.15 ipPolicyRuleApplicabilityStatus 1.3.6.1.4.1.81.36.2.1.16 ipPolicyRuleApplicabilityType 1.3.6.1.4.1.81.36.2.1.17 ipPolicyRuleErrMsg 1.3.6.1.4.1.81.36.2.1.18 ipPolicyRuleStatus 1.3.6.1.4.1.81.36.2.1.19 ipPolicyRuleDSCPOperation 1.3.6.1.4.1.81.36.2.1.20 ipPolicyRuleDSCPFilter 1.3.6.1.4.1.81.36.2.1.21 ipPolicyRuleDSCPFilterWild 1.3.6.1.4.1.81.36.2.1.22 ipPolicyRuleIcmpTypeCode 1.3.6.1.4.1.81.36.2.1.23 ipPolicyRuleSrcAddrNot 1.3.6.1.4.1.81.36.2.1.24 ipPolicyRuleDstAddrNot 1.3.6.1.4.1.81.36.2.1.25 ipPolicyRuleProtocolNot 1.3.6.1.4.1.81.36.2.1.26 ipPolicyRuleL4SrcPortNot 1.3.6.1.4.1.81.36.2.1.27 ipPolicyRuleL4DestPortNot 1.3.6.1.4.1.81.36.2.1.28 ipPolicyRuleIcmpTypeCodeNot 1.3.6.1.4.1.81.36.2.1.29 ipPolicyRuleSrcPolicyUserGroupName 1.3.6.1.4.1.81.36.2.1.30 ipPolicyRuleDstPolicyUserGroupName 1.3.6.1.4.1.81.36.2.1.31 2 of 7 682 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ipPolicyControlSlot 1.3.6.1.4.1.81.36.3.1.1 ipPolicyControlActiveGeneralList 1.3.6.1.4.1.81.36.3.1.2 ipPolicyControlAllowedPolicyManagers 1.3.6.1.4.1.81.36.3.1.3 ipPolicyControlCurrentChecksum 1.3.6.1.4.1.81.36.3.1.4 ipPolicyControlMinimalPolicyManagmentVersion 1.3.6.1.4.1.81.36.3.1.5 ipPolicyControlMaximalPolicyManagmentVersion 1.3.6.1.4.1.81.36.3.1.6 ipPolicyControlMIBversion 1.3.6.1.4.1.81.36.3.1.7 ipPolicyDiffServSlot 1.3.6.1.4.1.81.36.4.1.1 ipPolicyDiffServDSCP 1.3.6.1.4.1.81.36.4.1.2 ipPolicyDiffServOperation 1.3.6.1.4.1.81.36.4.1.3 ipPolicyDiffServName 1.3.6.1.4.1.81.36.4.1.4 ipPolicyDiffServAggIndex 1.3.6.1.4.1.81.36.4.1.5 ipPolicyDiffServApplicabilityPrecedence 1.3.6.1.4.1.81.36.4.1.6 ipPolicyDiffServApplicabilityStatus 1.3.6.1.4.1.81.36.4.1.7 ipPolicyDiffServApplicabilityType 1.3.6.1.4.1.81.36.4.1.8 ipPolicyDiffServErrMsg 1.3.6.1.4.1.81.36.4.1.9 ipPolicyQuerySlot 1.3.6.1.4.1.81.36.5.1.1 ipPolicyQueryListID 1.3.6.1.4.1.81.36.5.1.2 ipPolicyQuerySrcAddr 1.3.6.1.4.1.81.36.5.1.3 ipPolicyQueryDstAddr 1.3.6.1.4.1.81.36.5.1.4 ipPolicyQueryProtocol 1.3.6.1.4.1.81.36.5.1.5 ipPolicyQueryL4SrcPort 1.3.6.1.4.1.81.36.5.1.6 ipPolicyQueryL4DestPort 1.3.6.1.4.1.81.36.5.1.7 ipPolicyQueryEstablished 1.3.6.1.4.1.81.36.5.1.8 ipPolicyQueryDSCP 1.3.6.1.4.1.81.36.5.1.9 ipPolicyQueryOperation 1.3.6.1.4.1.81.36.5.1.10 3 of 7 Issue 1 January 2008 683 Traps and MIBs Object OID ipPolicyQueryRuleID 1.3.6.1.4.1.81.36.5.1.11 ipPolicyQueryDSCPOperation 1.3.6.1.4.1.81.36.5.1.12 ipPolicyQueryPriority 1.3.6.1.4.1.81.36.5.1.13 ipPolicyQueryIfIndex 1.3.6.1.4.1.81.36.5.1.14 ipPolicyQuerySubContext 1.3.6.1.4.1.81.36.5.1.15 ipPolicyQueryEtherTypeType 1.3.6.1.4.1.81.36.5.1.16 ipPolicyQueryEtherTypeTrafficType 1.3.6.1.4.1.81.36.5.1.17 ipPolicyQueryIcmpTypeCode 1.3.6.1.4.1.81.36.5.1.18 ipPolicyDiffServControlSlot 1.3.6.1.4.1.81.36.6.1.1 ipPolicyDiffServControlChecksum 1.3.6.1.4.1.81.36.6.1.2 ipPolicyDiffServControlTrustedFields 1.3.6.1.4.1.81.36.6.1.3 ipPolicyDiffServControlValidityStatus 1.3.6.1.4.1.81.36.6.1.4 ipPolicyDiffServControlErrMsg 1.3.6.1.4.1.81.36.6.1.5 ipPolicyAccessControlViolationEntID 1.3.6.1.4.1.81.36.7.1.1 ipPolicyAccessControlViolationSrcAddr 1.3.6.1.4.1.81.36.7.1.2 ipPolicyAccessControlViolationDstAddr 1.3.6.1.4.1.81.36.7.1.3 ipPolicyAccessControlViolationProtocol 1.3.6.1.4.1.81.36.7.1.4 ipPolicyAccessControlViolationL4SrcPort 1.3.6.1.4.1.81.36.7.1.5 ipPolicyAccessControlViolationL4DstPort 1.3.6.1.4.1.81.36.7.1.6 ipPolicyAccessControlViolationEstablished 1.3.6.1.4.1.81.36.7.1.7 ipPolicyAccessControlViolationDSCP 1.3.6.1.4.1.81.36.7.1.8 ipPolicyAccessControlViolationIfIndex 1.3.6.1.4.1.81.36.7.1.9 ipPolicyAccessControlViolationSubCtxt 1.3.6.1.4.1.81.36.7.1.10 ipPolicyAccessControlViolationTime 1.3.6.1.4.1.81.36.7.1.11 ipPolicyAccessControlViolationRuleType 1.3.6.1.4.1.81.36.7.1.12 ipPolicyCompositeOpEntID 1.3.6.1.4.1.81.36.8.1.1 4 of 7 684 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ipPolicyCompositeOpListID 1.3.6.1.4.1.81.36.8.1.2 ipPolicyCompositeOpID 1.3.6.1.4.1.81.36.8.1.3 ipPolicyCompositeOpName 1.3.6.1.4.1.81.36.8.1.4 ipPolicyCompositeOp802priority 1.3.6.1.4.1.81.36.8.1.5 ipPolicyCompositeOpAccess 1.3.6.1.4.1.81.36.8.1.6 ipPolicyCompositeOpDscp 1.3.6.1.4.1.81.36.8.1.7 ipPolicyCompositeOpRSGQualityClass 1.3.6.1.4.1.81.36.8.1.8 ipPolicyCompositeOpNotify 1.3.6.1.4.1.81.36.8.1.9 ipPolicyCompositeOpRowStatus 1.3.6.1.4.1.81.36.8.1.10 ipPolicyCompositeOpErrorReply 1.3.6.1.4.1.81.36.8.1.11 ipPolicyCompositeOpKeepsState 1.3.6.1.4.1.81.36.8.1.12 ipPolicyDSCPmapEntID 1.3.6.1.4.1.81.36.9.1.1 ipPolicyDSCPmapListID 1.3.6.1.4.1.81.36.9.1.2 ipPolicyDSCPmapDSCP 1.3.6.1.4.1.81.36.9.1.3 ipPolicyDSCPmapOperation 1.3.6.1.4.1.81.36.9.1.4 ipPolicyDSCPmapName 1.3.6.1.4.1.81.36.9.1.5 ipPolicyDSCPmapApplicabilityPrecedence 1.3.6.1.4.1.81.36.9.1.6 ipPolicyDSCPmapApplicabilityStatus 1.3.6.1.4.1.81.36.9.1.7 ipPolicyDSCPmapApplicabilityType 1.3.6.1.4.1.81.36.9.1.8 ipPolicyDSCPmapErrMsg 1.3.6.1.4.1.81.36.9.1.9 ipPolicyActivationEntID 1.3.6.1.4.1.81.36.10.1.1 ipPolicyActivationifIndex 1.3.6.1.4.1.81.36.10.1.2 ipPolicyActivationSubContext 1.3.6.1.4.1.81.36.10.1.3 ipPolicyActivationSubContextName 1.3.6.1.4.1.81.36.10.1.4 ipPolicyActivationList 1.3.6.1.4.1.81.36.10.1.5 ipPolicyActivationAclList 1.3.6.1.4.1.81.36.10.1.6 5 of 7 Issue 1 January 2008 685 Traps and MIBs Object OID ipPolicyActivationQoSList 1.3.6.1.4.1.81.36.10.1.7 ipPolicyActivationSourceNatList 1.3.6.1.4.1.81.36.10.1.8 ipPolicyActivationDestinationNatList 1.3.6.1.4.1.81.36.10.1.9 ipPolicyActivationAntiSpoofignList 1.3.6.1.4.1.81.36.10.1.10 ipPolicyActivationPBRList ipPolicyValidListEntID 1.3.6.1.4.1.81.36.11.1.1.1 ipPolicyValidListIfIndex 1.3.6.1.4.1.81.36.11.1.1.2 ipPolicyValidListSubContext 1.3.6.1.4.1.81.36.11.1.1.3 ipPolicyValidListListID 1.3.6.1.4.1.81.36.11.1.1.4 ipPolicyValidListStatus 1.3.6.1.4.1.81.36.11.1.1.5 ipPolicyValidListErrMsg 1.3.6.1.4.1.81.36.11.1.1.6 ipPolicyValidListIpOption 1.3.6.1.4.1.81.36.11.1.1.7 ipPolicyValidListIpFragmentation 1.3.6.1.4.1.81.36.11.1.1.8 ipPolicyValidRuleEntID 1.3.6.1.4.1.81.36.11.2.1.1 ipPolicyValidRuleIfIndex 1.3.6.1.4.1.81.36.11.2.1.2 ipPolicyValidRuleSubContext 1.3.6.1.4.1.81.36.11.2.1.3 ipPolicyValidRuleListID 1.3.6.1.4.1.81.36.11.2.1.4 ipPolicyValidRuleRuleID 1.3.6.1.4.1.81.36.11.2.1.5 ipPolicyValidRuleStatus 1.3.6.1.4.1.81.36.11.2.1.6 ipPolicyValidRuleApplicabilityType 1.3.6.1.4.1.81.36.11.2.1.7 ipPolicyValidRuleErrMsg 1.3.6.1.4.1.81.36.11.2.1.8 ipPolicyValidDSCPEntID 1.3.6.1.4.1.81.36.11.3.1.1 ipPolicyValidDSCPIfIndex 1.3.6.1.4.1.81.36.11.3.1.2 ipPolicyValidDSCPSubContext 1.3.6.1.4.1.81.36.11.3.1.3 ipPolicyValidDSCPListID 1.3.6.1.4.1.81.36.11.3.1.4 ipPolicyValidDSCPvalue 1.3.6.1.4.1.81.36.11.3.1.5 6 of 7 686 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ipPolicyValidDSCPStatus 1.3.6.1.4.1.81.36.11.3.1.6 ipPolicyValidDSCPApplicabilityType 1.3.6.1.4.1.81.36.11.3.1.7 ipPolicyValidDSCPErrMsg 1.3.6.1.4.1.81.36.11.3.1.8 7 of 7 MIB files in the BRIDGE-MIB.my file The following table provides a list of the MIBs in the BRIDGE-MIB.my file that are supported by the G450 and their OIDs: Object OID dot1dBaseBridgeAddress 1.3.6.1.2.1.17.1.1 dot1dBaseNumPorts 1.3.6.1.2.1.17.1.2 dot1dBaseType 1.3.6.1.2.1.17.1.3 dot1dBasePort 1.3.6.1.2.1.17.1.4.1.1 dot1dBasePortIfIndex 1.3.6.1.2.1.17.1.4.1.2 dot1dBasePortCircuit 1.3.6.1.2.1.17.1.4.1.3 dot1dBasePortDelayExceededDiscards 1.3.6.1.2.1.17.1.4.1.4 dot1dBasePortMtuExceededDiscards 1.3.6.1.2.1.17.1.4.1.5 dot1dStpProtocolSpecification 1.3.6.1.2.1.17.2.1 dot1dStpPriority 1.3.6.1.2.1.17.2.2 dot1dStpTimeSinceTopologyChange 1.3.6.1.2.1.17.2.3 dot1dStpTopChanges 1.3.6.1.2.1.17.2.4 dot1dStpDesignatedRoot 1.3.6.1.2.1.17.2.5 dot1dStpRootCost 1.3.6.1.2.1.17.2.6 dot1dStpRootPort 1.3.6.1.2.1.17.2.7 dot1dStpMaxAge 1.3.6.1.2.1.17.2.8 1 of 2 Issue 1 January 2008 687 Traps and MIBs Object OID dot1dStpHelloTime 1.3.6.1.2.1.17.2.9 dot1dStpHoldTime 1.3.6.1.2.1.17.2.10 dot1dStpForwardDelay 1.3.6.1.2.1.17.2.11 dot1dStpBridgeMaxAge 1.3.6.1.2.1.17.2.12 dot1dStpBridgeHelloTime 1.3.6.1.2.1.17.2.13 dot1dStpBridgeForwardDelay 1.3.6.1.2.1.17.2.14 dot1dStpPort 1.3.6.1.2.1.17.2.15.1.1 dot1dStpPortPriority 1.3.6.1.2.1.17.2.15.1.2 dot1dStpPortState 1.3.6.1.2.1.17.2.15.1.3 dot1dStpPortEnable 1.3.6.1.2.1.17.2.15.1.4 dot1dStpPortPathCost 1.3.6.1.2.1.17.2.15.1.5 dot1dStpPortDesignatedRoot 1.3.6.1.2.1.17.2.15.1.6 dot1dStpPortDesignatedCost 1.3.6.1.2.1.17.2.15.1.7 dot1dStpPortDesignatedBridge 1.3.6.1.2.1.17.2.15.1.8 dot1dStpPortDesignatedPort 1.3.6.1.2.1.17.2.15.1.9 dot1dStpPortForwardTransitions 1.3.6.1.2.1.17.2.15.1.10 dot1dTpAgingTime 1.3.6.1.2.1.17.4.2 dot1dTpFdbAddress 1.3.6.1.2.1.17.4.3.1.1 dot1dTpFdbPort 1.3.6.1.2.1.17.4.3.1.2 dot1dTpFdbStatus 1.3.6.1.2.1.17.4.3.1.3 2 of 2 688 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the CONFIG-MIB.my file The following table provides a list of the MIBs in the CONFIG-MIB.MY file that are supported by the G450 and their OIDs: Object OID chHWType 1.3.6.1.4.1.81.7.1 chNumberOfSlots 1.3.6.1.4.1.81.7.2 chReset 1.3.6.1.4.1.81.7.7 chLntAgMaxNmbOfMngrs 1.3.6.1.4.1.81.7.9.3.1 chLntAgPermMngrId 1.3.6.1.4.1.81.7.9.3.2.1.1 chLntAgPermMngrAddr 1.3.6.1.4.1.81.7.9.3.2.1.2 chLntAgMngrTraps 1.3.6.1.4.1.81.7.9.3.2.1.3 chLntAgTrapsPermMngrId 1.3.6.1.4.1.81.7.9.3.7.1.1 chLntAgTrapsId 1.3.6.1.4.1.81.7.9.3.7.1.2 chLntAgTrapsEnableFlag 1.3.6.1.4.1.81.7.9.3.7.1.3 chLntAgMaxTrapsNumber 1.3.6.1.4.1.81.7.9.3.100 chGroupList 1.3.6.1.4.1.81.7.18 chLogFileGroupId 1.3.6.1.4.1.81.7.22.1.1 chLogFileIndex 1.3.6.1.4.1.81.7.22.1.2 chLogFileName 1.3.6.1.4.1.81.7.22.1.3 chLogFileAbsoluteTime 1.3.6.1.4.1.81.7.22.1.4 chLogFileMessage 1.3.6.1.4.1.81.7.22.1.5 chLogFileEncryptedMessage 1.3.6.1.4.1.81.7.22.1.6 genGroupId 1.3.6.1.4.1.81.8.1.1.1 genGroupSWVersion 1.3.6.1.4.1.81.8.1.1.2 genGroupKernelVersion 1.3.6.1.4.1.81.8.1.1.3 genGroupType 1.3.6.1.4.1.81.8.1.1.4 1 of 4 Issue 1 January 2008 689 Traps and MIBs Object OID genGroupDescr 1.3.6.1.4.1.81.8.1.1.5 genGroupNumberOfPorts 1.3.6.1.4.1.81.8.1.1.6 genGroupNumberOfIntPorts 1.3.6.1.4.1.81.8.1.1.7 genGroupReset 1.3.6.1.4.1.81.8.1.1.8 genGroupAutoMan 1.3.6.1.4.1.81.8.1.1.9 genGroupFullConfig 1.3.6.1.4.1.81.8.1.1.10 genGroupRedun12 1.3.6.1.4.1.81.8.1.1.11 genGroupRedun34 1.3.6.1.4.1.81.8.1.1.12 genGroupStandAloneMode 1.3.6.1.4.1.81.8.1.1.14 genGroupInterProcCommStatus 1.3.6.1.4.1.81.8.1.1.15 genGroupCommStatus 1.3.6.1.4.1.81.8.1.1.16 genGroupHWStatus 1.3.6.1.4.1.81.8.1.1.17 genGroupSupplyVoltageFault 1.3.6.1.4.1.81.8.1.1.18 genGroupIntTemp 1.3.6.1.4.1.81.8.1.1.19 genGroupSpecificOID 1.3.6.1.4.1.81.8.1.1.20 genGroupConfigurationSymbol 1.3.6.1.4.1.81.8.1.1.21 genGroupLastChange 1.3.6.1.4.1.81.8.1.1.22 genGroupRedunRecovery 1.3.6.1.4.1.81.8.1.1.23 genGroupHWVersion 1.3.6.1.4.1.81.8.1.1.24 genGroupHeight 1.3.6.1.4.1.81.8.1.1.25 genGroupWidth 1.3.6.1.4.1.81.8.1.1.26 genGroupIntrusionControl 1.3.6.1.4.1.81.8.1.1.27 genGroupThresholdStatus 1.3.6.1.4.1.81.8.1.1.28 genGroupEavesdropping 1.3.6.1.4.1.81.8.1.1.29 genGroupMainSWVersion 1.3.6.1.4.1.81.8.1.1.30 genGroupMPSActivityStatus 1.3.6.1.4.1.81.8.1.1.31 2 of 4 690 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID genGroupBUPSActivityStatus 1.3.6.1.4.1.81.8.1.1.32 genGroupPrepareCounters 1.3.6.1.4.1.81.8.1.1.33 genGroupPortLastChange 1.3.6.1.4.1.81.8.1.1.34 genGroupIntPortLastChange 1.3.6.1.4.1.81.8.1.1.35 genGroupFaultMask 1.3.6.1.4.1.81.8.1.1.36 genGroupTypeName 1.3.6.1.4.1.81.8.1.1.37 genGroupAgentSlot 1.3.6.1.4.1.81.8.1.1.38 genGroupMngType 1.3.6.1.4.1.81.8.1.1.39 genGroupNumberOfLogicalPorts 1.3.6.1.4.1.81.8.1.1.40 genGroupNumberOfInterfaces 1.3.6.1.4.1.81.8.1.1.41 genGroupCascadUpStatus 1.3.6.1.4.1.81.8.1.1.42 genGroupCascadDownStatus 1.3.6.1.4.1.81.8.1.1.43 genGroupSTARootPortID 1.3.6.1.4.1.81.8.1.1.44 genGroupCopyPortInstruction 1.3.6.1.4.1.81.8.1.1.45 genGroupLicenseKey 1.3.6.1.4.1.81.8.1.1.46 genGroupLogFileClear 1.3.6.1.4.1.81.8.1.1.47 genGroupBootVersion 1.3.6.1.4.1.81.8.1.1.48 genGroupResetLastStamp 1.3.6.1.4.1.81.8.1.1.49 genGroupSerialNumber 1.3.6.1.4.1.81.8.1.1.50 genGroupShowModuleInformation 1.3.6.1.4.1.81.8.1.1.51 genGroupCascadingUpFault 1.3.6.1.4.1.81.8.1.1.52 genGroupCascadingDownFault 1.3.6.1.4.1.81.8.1.1.53 genGroupPortClassificationMask 1.3.6.1.4.1.81.8.1.1.54 genGroupPSUType 1.3.6.1.4.1.81.8.1.1.55 genGroupPolicyType 1.3.6.1.4.1.81.8.1.1.56 genPortGroupId 1.3.6.1.4.1.81.9.1.1.1 3 of 4 Issue 1 January 2008 691 Traps and MIBs Object OID genPortId 1.3.6.1.4.1.81.9.1.1.2 genPortFunctionality 1.3.6.1.4.1.81.9.1.1.3 genPortType 1.3.6.1.4.1.81.9.1.1.4 genPortDescr 1.3.6.1.4.1.81.9.1.1.5 genPortAdminStatus 1.3.6.1.4.1.81.9.1.1.10 genPortFaultMask 1.3.6.1.4.1.81.9.1.1.14 genPortSWRdFault 1.3.6.1.4.1.81.9.1.1.15 genPortVLANMode 1.3.6.1.4.1.81.9.1.1.19 genPortAdminPermission 1.3.6.1.4.1.81.9.1.1.20 genPortName 1.3.6.1.4.1.81.9.1.1.21 genPortClassification 1.3.6.1.4.1.81.9.1.1.22 genPortVLANBindingMode 1.3.6.1.4.1.81.9.1.1.23 softRedundancyId 1.3.6.1.4.1.81.11.1.1.1 softRedundancyName 1.3.6.1.4.1.81.11.1.1.2 softRedundancyGroupId1 1.3.6.1.4.1.81.11.1.1.3 softRedundancyPortId1 1.3.6.1.4.1.81.11.1.1.4 softRedundancyGroupId2 1.3.6.1.4.1.81.11.1.1.5 softRedundancyPortId2 1.3.6.1.4.1.81.11.1.1.6 softRedundancyStatus 1.3.6.1.4.1.81.11.1.1.7 softRedundancyGlobalStatus 1.3.6.1.4.1.81.11.2 softRedundancyMinTimeBetweenSwitchOvers 1.3.6.1.4.1.81.11.4 softRedundancySwitchBackInterval 1.3.6.1.4.1.81.11.5 4 of 4 692 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the G700-MG-MIB.my file The following table provides a list of the MIBs in the G700-MG-MIB.MY file that are supported by the G450 and their OIDs: Object OID cmgHWType 1.3.6.1.4.1.6889.2.9.1.1.1 cmgModelNumber 1.3.6.1.4.1.6889.2.9.1.1.2 cmgDescription 1.3.6.1.4.1.6889.2.9.1.1.3 cmgSerialNumber 1.3.6.1.4.1.6889.2.9.1.1.4 cmgHWVintage 1.3.6.1.4.1.6889.2.9.1.1.5 cmgHWSuffix 1.3.6.1.4.1.6889.2.9.1.1.6 cmgStackPosition 1.3.6.1.4.1.6889.2.9.1.1.7 cmgModuleList 1.3.6.1.4.1.6889.2.9.1.1.8 cmgReset 1.3.6.1.4.1.6889.2.9.1.1.9 cmgHardwareFaultMask 1.3.6.1.4.1.6889.2.9.1.1.10.12 cmgHardwareStatusMask 1.3.6.1.4.1.6889.2.9.1.1.10.13 cmgModuleSlot 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.1 cmgModuleType 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.2 cmgModuleDescription 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.3 cmgModuleName 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.4 cmgModuleSerialNumber 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.5 cmgModuleHWVintage 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.6 cmgModuleHWSuffix 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.7 cmgModuleFWVersion 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.8 cmgModuleNumberOfPorts 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.9 cmgModuleFaultMask 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.10 cmgModuleStatusMask 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.11 cmgModuleReset 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.12 cmgModuleNumberOfChannels 1.3.6.1.4.1.6889.2.9.1.1.11.1.1.13 1 of 5 Issue 1 January 2008 693 Traps and MIBs Object OID cmgGatewayNumber 1.3.6.1.4.1.6889.2.9.1.2.1.1 cmgMACAddress 1.3.6.1.4.1.6889.2.9.1.2.1.2 cmgFWVersion 1.3.6.1.4.1.6889.2.9.1.2.1.3 cmgCurrentIpAddress 1.3.6.1.4.1.6889.2.9.1.2.1.4 cmgMgpFaultMask 1.3.6.1.4.1.6889.2.9.1.2.1.15 cmgQosControl 1.3.6.1.4.1.6889.2.9.1.2.2.1 cmgRemoteSigDscp 1.3.6.1.4.1.6889.2.9.1.2.2.2 cmgRemoteSig802Priority 1.3.6.1.4.1.6889.2.9.1.2.2.3 cmgLocalSigDscp 1.3.6.1.4.1.6889.2.9.1.2.2.4 cmgLocalSig802Priority 1.3.6.1.4.1.6889.2.9.1.2.2.5 cmgStatic802Vlan 1.3.6.1.4.1.6889.2.9.1.2.2.6 cmgCurrent802Vlan 1.3.6.1.4.1.6889.2.9.1.2.2.7 cmgPrimaryClockSource 1.3.6.1.4.1.6889.2.9.1.2.3.1 cmgSecondaryClockSource 1.3.6.1.4.1.6889.2.9.1.2.3.2 cmgActiveClockSource 1.3.6.1.4.1.6889.2.9.1.2.3.3 cmgRegistrationState 1.3.6.1.4.1.6889.2.9.1.3.1 cmgActiveControllerAddress 1.3.6.1.4.1.6889.2.9.1.3.2 cmgH248LinkStatus 1.3.6.1.4.1.6889.2.9.1.3.3 cmgH248LinkErrorCode 1.3.6.1.4.1.6889.2.9.1.3.4 cmgUseDhcpForMgcList 1.3.6.1.4.1.6889.2.9.1.3.5 cmgStaticControllerHosts 1.3.6.1.4.1.6889.2.9.1.3.6 cmgDhcpControllerHosts 1.3.6.1.4.1.6889.2.9.1.3.7 cmgPrimarySearchTime cmgTotalSearchTime cmgTransitionPoint cmgVoipEngineUseDhcp 1.3.6.1.4.1.6889.2.9.1.4.1 cmgVoipQosControl 1.3.6.1.4.1.6889.2.9.1.4.2 cmgVoipRemoteBbeDscp 1.3.6.1.4.1.6889.2.9.1.4.3.1.1 2 of 5 694 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID cmgVoipRemoteEfDscp 1.3.6.1.4.1.6889.2.9.1.4.3.1.2 cmgVoipRemote802Priority 1.3.6.1.4.1.6889.2.9.1.4.3.1.3 cmgVoipRemoteMinRtpPort 1.3.6.1.4.1.6889.2.9.1.4.3.1.4 cmgVoipRemoteMaxRtpPort 1.3.6.1.4.1.6889.2.9.1.4.3.1.5 cmgVoipRemoteRtcpEnabled 1.3.6.1.4.1.6889.2.9.1.4.3.2.1 cmgVoipRemoteRtcpMonitorIpAddress 1.3.6.1.4.1.6889.2.9.1.4.3.2.2 cmgVoipRemoteRtcpMonitorPort 1.3.6.1.4.1.6889.2.9.1.4.3.2.3 cmgVoipRemoteRtcpReportPeriod 1.3.6.1.4.1.6889.2.9.1.4.3.2.4 cmgVoipRemoteRsvpEnabled 1.3.6.1.4.1.6889.2.9.1.4.3.3.1 cmgVoipRemoteRetryOnFailure 1.3.6.1.4.1.6889.2.9.1.4.3.3.2 cmgVoipRemoteRetryDelay 1.3.6.1.4.1.6889.2.9.1.4.3.3.3 cmgVoipRemoteRsvpProfile 1.3.6.1.4.1.6889.2.9.1.4.3.3.4 cmgVoipLocalBbeDscp 1.3.6.1.4.1.6889.2.9.1.4.4.1.1 cmgVoipLocalEfDscp 1.3.6.1.4.1.6889.2.9.1.4.4.1.2 cmgVoipLocal802Priority 1.3.6.1.4.1.6889.2.9.1.4.4.1.3 cmgVoipLocalMinRtpPort 1.3.6.1.4.1.6889.2.9.1.4.4.1.4 cmgVoipLocalMaxRtpPort 1.3.6.1.4.1.6889.2.9.1.4.4.1.5 cmgVoipLocalRtcpEnabled 1.3.6.1.4.1.6889.2.9.1.4.4.2.1 cmgVoipLocalRtcpMonitorIpAddress 1.3.6.1.4.1.6889.2.9.1.4.4.2.2 cmgVoipLocalRtcpMonitorPort 1.3.6.1.4.1.6889.2.9.1.4.4.2.3 cmgVoipLocalRtcpReportPeriod 1.3.6.1.4.1.6889.2.9.1.4.4.2.4 cmgVoipLocalRsvpEnabled 1.3.6.1.4.1.6889.2.9.1.4.4.3.1 cmgVoipLocalRetryOnFailure 1.3.6.1.4.1.6889.2.9.1.4.4.3.2 cmgVoipLocalRetryDelay 1.3.6.1.4.1.6889.2.9.1.4.4.3.3 cmgVoipLocalRsvpProfile 1.3.6.1.4.1.6889.2.9.1.4.4.3.4 cmgVoipSlot 1.3.6.1.4.1.6889.2.9.1.4.5.1.1 cmgVoipMACAddress 1.3.6.1.4.1.6889.2.9.1.4.5.1.2 cmgVoipStaticIpAddress 1.3.6.1.4.1.6889.2.9.1.4.5.1.3 3 of 5 Issue 1 January 2008 695 Traps and MIBs Object OID cmgVoipCurrentIpAddress 1.3.6.1.4.1.6889.2.9.1.4.5.1.4 cmgVoipJitterBufferSize 1.3.6.1.4.1.6889.2.9.1.4.5.1.5 cmgVoipTotalChannels 1.3.6.1.4.1.6889.2.9.1.4.5.1.6 cmgVoipChannelsInUse 1.3.6.1.4.1.6889.2.9.1.4.5.1.7 cmgVoipAverageOccupancy 1.3.6.1.4.1.6889.2.9.1.4.5.1.8 cmgVoipHyperactivity 1.3.6.1.4.1.6889.2.9.1.4.5.1.9 cmgVoipAdminState 1.3.6.1.4.1.6889.2.9.1.4.5.1.10 cmgVoipDspFWVersion 1.3.6.1.4.1.6889.2.9.1.4.5.1.11 cmgVoipDspStatus 1.3.6.1.4.1.6889.2.9.1.4.5.1.12 cmgVoipEngineReset 1.3.6.1.4.1.6889.2.9.1.4.5.1.13 cmgVoipFaultMask 1.3.6.1.4.1.6889.2.9.1.4.5.1.14 cmgCcModule 1.3.6.1.4.1.6889.2.9.1.6.1.1.1 cmgCcPort 1.3.6.1.4.1.6889.2.9.1.6.1.1.2 cmgCcRelay 1.3.6.1.4.1.6889.2.9.1.6.1.1.3 cmgCcAdminState 1.3.6.1.4.1.6889.2.9.1.6.1.1.4 cmgCcPulseDuration 1.3.6.1.4.1.6889.2.9.1.6.1.1.5 cmgCcStatus 1.3.6.1.4.1.6889.2.9.1.6.1.1.6 cmgTrapManagerAddress cmgTrapManagerControl cmgTrapManagerMask cmgTrapManagerRowStatus cmgEtrModule 1.3.6.1.4.1.6889.2.9.1.7.1.1.1 cmgEtrAdminState 1.3.6.1.4.1.6889.2.9.1.7.1.1.2 cmgEtrNumberOfPairs 1.3.6.1.4.1.6889.2.9.1.7.1.1.3 cmgEtrStatus 1.3.6.1.4.1.6889.2.9.1.7.1.1.4 cmgEtrCurrentLoopDetect 1.3.6.1.4.1.6889.2.9.1.7.1.1.5 cmgDynCacStatus 1.3.6.1.4.1.6889.2.9.1.8.1 4 of 5 696 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID cmgDynCacRBBL 1.3.6.1.4.1.6889.2.9.1.8.2 cmgDynCacLastUpdate 1.3.6.1.4.1.6889.2.9.1.8.3 5 of 5 MIB files in the FRAME-RELAY-DTE-MIB.my file The following table provides a list of the MIBs in the FRAME-RELAY-DTE-MIB.my file that are supported by the G450 and their OIDs: Object OID frDlcmiIfIndex 1.3.6.1.2.1.10.32.1.1.1 frDlcmiState 1.3.6.1.2.1.10.32.1.1.2 frDlcmiAddress 1.3.6.1.2.1.10.32.1.1.3 frDlcmiAddressLen 1.3.6.1.2.1.10.32.1.1.4 frDlcmiPollingInterval 1.3.6.1.2.1.10.32.1.1.5 frDlcmiFullEnquiryInterval 1.3.6.1.2.1.10.32.1.1.6 frDlcmiErrorThreshold 1.3.6.1.2.1.10.32.1.1.7 frDlcmiMonitoredEvents 1.3.6.1.2.1.10.32.1.1.8 frDlcmiMaxSupportedVCs 1.3.6.1.2.1.10.32.1.1.9 frDlcmiMulticast 1.3.6.1.2.1.10.32.1.1.10 frDlcmiStatus 1.3.6.1.2.1.10.32.1.1.11 frDlcmiRowStatus 1.3.6.1.2.1.10.32.1.1.12 frCircuitIfIndex 1.3.6.1.2.1.10.32.2.1.1 frCircuitDlci 1.3.6.1.2.1.10.32.2.1.2 frCircuitState 1.3.6.1.2.1.10.32.2.1.3 frCircuitReceivedFECNs 1.3.6.1.2.1.10.32.2.1.4 frCircuitReceivedBECNs 1.3.6.1.2.1.10.32.2.1.5 1 of 2 Issue 1 January 2008 697 Traps and MIBs Object OID frCircuitSentFrames 1.3.6.1.2.1.10.32.2.1.6 frCircuitSentOctets 1.3.6.1.2.1.10.32.2.1.7 frCircuitReceivedFrames 1.3.6.1.2.1.10.32.2.1.8 frCircuitReceivedOctets 1.3.6.1.2.1.10.32.2.1.9 frCircuitCreationTime 1.3.6.1.2.1.10.32.2.1.10 frCircuitLastTimeChange 1.3.6.1.2.1.10.32.2.1.11 frCircuitCommittedBurst 1.3.6.1.2.1.10.32.2.1.12 frCircuitExcessBurst 1.3.6.1.2.1.10.32.2.1.13 frCircuitThroughput 1.3.6.1.2.1.10.32.2.1.14 frCircuitMulticast 1.3.6.1.2.1.10.32.2.1.15 frCircuitType 1.3.6.1.2.1.10.32.2.1.16 frCircuitDiscards 1.3.6.1.2.1.10.32.2.1.17 frCircuitReceivedDEs 1.3.6.1.2.1.10.32.2.1.18 frCircuitSentDEs 1.3.6.1.2.1.10.32.2.1.19 frCircuitLogicalIfIndex 1.3.6.1.2.1.10.32.2.1.20 frCircuitRowStatus 1.3.6.1.2.1.10.32.2.1.21 frErrIfIndex 1.3.6.1.2.1.10.32.3.1.1 frErrType 1.3.6.1.2.1.10.32.3.1.2 frErrData 1.3.6.1.2.1.10.32.3.1.3 frErrTime 1.3.6.1.2.1.10.32.3.1.4 frErrFaults 1.3.6.1.2.1.10.32.3.1.5 frErrFaultTime 1.3.6.1.2.1.10.32.3.1.6 frTrapState 1.3.6.1.2.1.10.32.4.1 frTrapMaxRate 1.3.6.1.2.1.10.32.4.2 2 of 2 698 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the IP-MIB.my file The following table provides a list of the MIBs in the IP-MIB.my file that are supported by the G450 and their OIDs: Object OID ipForwarding 1.3.6.1.2.1.4.1 ipDefaultTTL 1.3.6.1.2.1.4.2 ipInReceives 1.3.6.1.2.1.4.3 ipInHdrErrors 1.3.6.1.2.1.4.4 ipInAddrErrors 1.3.6.1.2.1.4.5 ipForwDatagrams 1.3.6.1.2.1.4.6 ipInUnknownProtos 1.3.6.1.2.1.4.7 ipInDiscards 1.3.6.1.2.1.4.8 ipInDelivers 1.3.6.1.2.1.4.9 ipOutRequests 1.3.6.1.2.1.4.10 ipOutDiscards 1.3.6.1.2.1.4.11 ipOutNoRoutes 1.3.6.1.2.1.4.12 ipReasmTimeout 1.3.6.1.2.1.4.13 ipReasmReqds 1.3.6.1.2.1.4.14 ipReasmOKs 1.3.6.1.2.1.4.15 ipReasmFails 1.3.6.1.2.1.4.16 ipFragOKs 1.3.6.1.2.1.4.17 ipFragFails 1.3.6.1.2.1.4.18 ipFragCreates 1.3.6.1.2.1.4.19 ipAdEntAddr 1.3.6.1.2.1.4.20.1.1 ipAdEntIfIndex 1.3.6.1.2.1.4.20.1.2 ipAdEntNetMask 1.3.6.1.2.1.4.20.1.3 1 of 2 Issue 1 January 2008 699 Traps and MIBs Object OID ipAdEntBcastAddr 1.3.6.1.2.1.4.20.1.4 ipAdEntReasmMaxSize 1.3.6.1.2.1.4.20.1.5 ipNetToMediaIfIndex 1.3.6.1.2.1.4.22.1.1 ipNetToMediaPhysAddress 1.3.6.1.2.1.4.22.1.2 ipNetToMediaNetAddress 1.3.6.1.2.1.4.22.1.3 ipNetToMediaType 1.3.6.1.2.1.4.22.1.4 ipRoutingDiscards 1.3.6.1.2.1.4.23 2 of 2 MIB files in the Load12-MIB.my file The following table provides a list of the MIBs in the Load12-MIB.my file that are supported by the G450 and their OIDs: Object OID genOpModuleId 1.3.6.1.4.1.1751.2.53.1.2.1.1 genOpIndex 1.3.6.1.4.1.1751.2.53.1.2.1.2 genOpRunningState 1.3.6.1.4.1.1751.2.53.1.2.1.3 genOpSourceIndex 1.3.6.1.4.1.1751.2.53.1.2.1.4 genOpDestIndex 1.3.6.1.4.1.1751.2.53.1.2.1.5 genOpServerIP 1.3.6.1.4.1.1751.2.53.1.2.1.6 genOpUserName 1.3.6.1.4.1.1751.2.53.1.2.1.7 genOpPassword 1.3.6.1.4.1.1751.2.53.1.2.1.8 genOpProtocolType 1.3.6.1.4.1.1751.2.53.1.2.1.9 genOpFileName 1.3.6.1.4.1.1751.2.53.1.2.1.10 genOpRunningStateDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.11 genOpLastFailureIndex 1.3.6.1.4.1.1751.2.53.1.2.1.12 1 of 2 700 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID genOpLastFailureDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.13 genOpLastWarningDisplay 1.3.6.1.4.1.1751.2.53.1.2.1.14 genOpErrorLogIndex 1.3.6.1.4.1.1751.2.53.1.2.1.15 genOpResetSupported 1.3.6.1.4.1.1751.2.53.1.2.1.16 genOpEnableReset 1.3.6.1.4.1.1751.2.53.1.2.1.17 genOpNextBootImageIndex 1.3.6.1.4.1.1751.2.53.1.2.1.18 genOpLastBootImageIndex 1.3.6.1.4.1.1751.2.53.1.2.1.19 genOpFileSystemType 1.3.6.1.4.1.1751.2.53.1.2.1.20 genOpReportSpecificFlags 1.3.6.1.4.1.1751.2.53.1.2.1.21 genOpOctetsReceived 1.3.6.1.4.1.1751.2.53.1.2.1.22 genAppFileId 1.3.6.1.4.1.1751.2.53.2.1.1.1 genAppFileName 1.3.6.1.4.1.1751.2.53.2.1.1.2 genAppFileType 1.3.6.1.4.1.1751.2.53.2.1.1.3 genAppFileDescription 1.3.6.1.4.1.1751.2.53.2.1.1.4 genAppFileSize 1.3.6.1.4.1.1751.2.53.2.1.1.5 genAppFileVersionNumber 1.3.6.1.4.1.1751.2.53.2.1.1.6 genAppFileLocation 1.3.6.1.4.1.1751.2.53.2.1.1.7 genAppFileDateStamp 1.3.6.1.4.1.1751.2.53.2.1.1.8 genAppFileRowStatus 1.3.6.1.4.1.1751.2.53.2.1.1.9 2 of 2 Issue 1 January 2008 701 Traps and MIBs MIB files in the PPP-LCP-MIB.my file The following table provides a list of the MIBs in the PPP-LCP-MIB.my file that are supported by the G450 and their OIDs: Object OID pppLinkStatusPhysicalIndex 1.3.6.1.2.1.10.23.1.1.1.1.1 pppLinkStatusBadAddresses 1.3.6.1.2.1.10.23.1.1.1.1.2 pppLinkStatusBadControls 1.3.6.1.2.1.10.23.1.1.1.1.3 pppLinkStatusPacketTooLongs 1.3.6.1.2.1.10.23.1.1.1.1.4 pppLinkStatusBadFCSs 1.3.6.1.2.1.10.23.1.1.1.1.5 pppLinkStatusLocalMRU 1.3.6.1.2.1.10.23.1.1.1.1.6 pppLinkStatusRemoteMRU 1.3.6.1.2.1.10.23.1.1.1.1.7 pppLinkStatusLocalToPeerACCMap 1.3.6.1.2.1.10.23.1.1.1.1.8 pppLinkStatusPeerToLocalACCMap 1.3.6.1.2.1.10.23.1.1.1.1.9 pppLinkStatusLocalToRemoteACCompression 1.3.6.1.2.1.10.23.1.1.1.1.12 pppLinkStatusRemoteToLocalACCompression 1.3.6.1.2.1.10.23.1.1.1.1.13 pppLinkStatusTransmitFcsSize 1.3.6.1.2.1.10.23.1.1.1.1.14 pppLinkStatusReceiveFcsSize 1.3.6.1.2.1.10.23.1.1.1.1.15 pppLinkConfigInitialMRU 1.3.6.1.2.1.10.23.1.1.2.1.1 pppLinkConfigReceiveACCMap 1.3.6.1.2.1.10.23.1.1.2.1.2 pppLinkConfigTransmitACCMap 1.3.6.1.2.1.10.23.1.1.2.1.3 pppLinkConfigMagicNumber 1.3.6.1.2.1.10.23.1.1.2.1.4 pppLinkConfigFcsSize 1.3.6.1.2.1.10.23.1.1.2.1.5 702 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the WAN-MIB.my file The following table provides a list of the MIBs in the WAN-MIB.my file that are supported by the G450 and their OIDs: Object OID ds0BundleMemmbersList 1.3.6.1.4.1.6889.2.1.6.1.1.2.1.1 ds0BundleSpeedFactor 1.3.6.1.4.1.6889.2.1.6.1.1.2.1.2 ds1DeviceMode 1.3.6.1.4.1.6889.2.1.6.2.1.1 ifTableXtndIndex 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.1 ifTableXtndPeerAddress 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.2 ifTableXtndVoIPQueue 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.3 ifTableXtndCableLength 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.4 ifTableXtndGain 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.5 ifTableXtndDescription 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.6 ifTableXtndKeepAlive 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.7 ifTableXtndMtu 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.8 ifTableXtndInvertTxClock 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.9 ifTableXtndDTELoopback 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.10 ifTableXtndIgnoreDCD 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.11 ifTableXtndIdleChars 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.12 ifTableXtndBandwidth 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.13 ifTableXtndEncapsulation 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.14 ifTableXtndOperStatus 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.15 ifTableXtndBackupCapabilities 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.16 ifTableXtndBackupIf 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.17 ifTableXtndBackupEnableDelay 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.18 ifTableXtndBackupDisableDelay 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.19 1 of 2 Issue 1 January 2008 703 Traps and MIBs Object OID ifTableXtndPrimaryIf 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.20 ifTableXtndCarrierDelay 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.21 ifTableXtndDtrRestartDelay 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.22 ifTableXtndDtrPulseTime 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.23 ifTableXtndLoadInterval 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.24 ifTableXtndInputRate 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.25 ifTableXtndOutputRate 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.26 ifTableXtndInputLoad 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.27 ifTableXtndOutputLoad 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.28 ifTableXtndReliability 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.29 ifTableXtndCacBBL 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.31 ifTableXtndCacPriority 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.32 ifTableXtndCacifStatus 1.3.6.1.4.1.6889.2.1.6.2.2.1.1.33 frDlcmiXtndIndex 1.3.6.1.4.1.6889.2.1.6.2.4.1.1.1 frDlcmiXtndLMIAutoSense 1.3.6.1.4.1.6889.2.1.6.2.4.1.1.2 frStaticCircuitSubIfIndex 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.1 frStaticCircuitDLCI 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.2 frStaticCircuitDLCIrole 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.3 frStaticCircuitStatus 1.3.6.1.4.1.6889.2.1.6.2.4.2.1.4 frSubIfDlcmiIndex 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.1 frSubIfSubIndex 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.2 frSubIfType 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.3 frSubIfStatus 1.3.6.1.4.1.6889.2.1.6.2.4.3.1.4 2 of 2 704 Administration for the Avaya G450 Media Gateway G450 MIB files MIB files in the SNMPv2-MIB.my file The following table provides a list of the MIBs in the SNMPv2-MIB.my file that are supported by the G450 and their OIDs: Object OID sysDescr 1.3.6.1.2.1.1.1 sysObjectID 1.3.6.1.2.1.1.2 sysUpTime 1.3.6.1.2.1.1.3 sysContact 1.3.6.1.2.1.1.4 sysName 1.3.6.1.2.1.1.5 sysLocation 1.3.6.1.2.1.1.6 sysServices 1.3.6.1.2.1.1.7 snmpInPkts 1.3.6.1.2.1.11.1 snmpInBadVersions 1.3.6.1.2.1.11.3 snmpInBadCommunityNames 1.3.6.1.2.1.11.4 snmpInBadCommunityUses 1.3.6.1.2.1.11.5 snmpInASNParseErrs 1.3.6.1.2.1.11.6 snmpEnableAuthenTraps 1.3.6.1.2.1.11.30 snmpOutPkts 1.3.6.1.2.1.11.2 snmpInTooBigs 1.3.6.1.2.1.11.8 snmpInNoSuchNames 1.3.6.1.2.1.11.9 snmpInBadValues 1.3.6.1.2.1.11.10 snmpInReadOnlys 1.3.6.1.2.1.11.11 snmpInGenErrs 1.3.6.1.2.1.11.12 snmpInTotalReqVars 1.3.6.1.2.1.11.13 snmpInTotalSetVars 1.3.6.1.2.1.11.14 snmpInGetRequests 1.3.6.1.2.1.11.15 1 of 2 Issue 1 January 2008 705 Traps and MIBs Object OID snmpInGetNexts 1.3.6.1.2.1.11.16 snmpInSetRequests 1.3.6.1.2.1.11.17 snmpInGetResponses 1.3.6.1.2.1.11.18 snmpInTraps 1.3.6.1.2.1.11.19 snmpOutTooBigs 1.3.6.1.2.1.11.20 snmpOutNoSuchNames 1.3.6.1.2.1.11.21 snmpOutBadValues 1.3.6.1.2.1.11.22 snmpOutGenErrs 1.3.6.1.2.1.11.24 snmpOutGetRequests 1.3.6.1.2.1.11.25 snmpOutGetNexts 1.3.6.1.2.1.11.26 snmpOutSetRequests 1.3.6.1.2.1.11.27 snmpOutGetResponses 1.3.6.1.2.1.11.28 snmpOutTraps 1.3.6.1.2.1.11.29 2 of 2 MIB files in the OSPF-MIB.my file The following table provides a list of the MIBs in the OSPF-MIB.my file that are supported by the G450 and their OIDs: Object OID ospfRouterId 1.3.6.1.2.1.14.1.1 ospfAdminStat 1.3.6.1.2.1.14.1.2 ospfVersionNumber 1.3.6.1.2.1.14.1.3 ospfAreaBdrRtrStatus 1.3.6.1.2.1.14.1.4 ospfASBdrRtrStatus 1.3.6.1.2.1.14.1.5 ospfExternLsaCount 1.3.6.1.2.1.14.1.6 1 of 4 706 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ospfExternLsaCksumSum 1.3.6.1.2.1.14.1.7 ospfTOSSupport 1.3.6.1.2.1.14.1.8 ospfOriginateNewLsas 1.3.6.1.2.1.14.1.9 ospfRxNewLsas 1.3.6.1.2.1.14.1.10 ospfExtLsdbLimit 1.3.6.1.2.1.14.1.11 ospfMulticastExtensions 1.3.6.1.2.1.14.1.12 ospfExitOverflowInterval 1.3.6.1.2.1.14.1.13 ospfDemandExtensions 1.3.6.1.2.1.14.1.14 ospfAreaId 1.3.6.1.2.1.14.2.1.1 ospfAuthType 1.3.6.1.2.1.14.2.1.2 ospfImportAsExtern 1.3.6.1.2.1.14.2.1.3 ospfSpfRuns 1.3.6.1.2.1.14.2.1.4 ospfAreaBdrRtrCount 1.3.6.1.2.1.14.2.1.5 ospfAsBdrRtrCount 1.3.6.1.2.1.14.2.1.6 ospfAreaLsaCount 1.3.6.1.2.1.14.2.1.7 ospfAreaLsaCksumSum 1.3.6.1.2.1.14.2.1.8 ospfAreaSummary 1.3.6.1.2.1.14.2.1.9 ospfAreaStatus 1.3.6.1.2.1.14.2.1.10 ospfLsdbAreaId 1.3.6.1.2.1.14.4.1.1 ospfLsdbType 1.3.6.1.2.1.14.4.1.2 ospfLsdbLsid 1.3.6.1.2.1.14.4.1.3 ospfLsdbRouterId 1.3.6.1.2.1.14.4.1.4 ospfLsdbSequence 1.3.6.1.2.1.14.4.1.5 ospfLsdbAge 1.3.6.1.2.1.14.4.1.6 ospfLsdbChecksum 1.3.6.1.2.1.14.4.1.7 ospfLsdbAdvertisement 1.3.6.1.2.1.14.4.1.8 2 of 4 Issue 1 January 2008 707 Traps and MIBs Object OID ospfIfIpAddress 1.3.6.1.2.1.14.7.1.1 ospfAddressLessIf 1.3.6.1.2.1.14.7.1.2 ospfIfAreaId 1.3.6.1.2.1.14.7.1.3 ospfIfType 1.3.6.1.2.1.14.7.1.4 ospfIfAdminStat 1.3.6.1.2.1.14.7.1.5 ospfIfRtrPriority 1.3.6.1.2.1.14.7.1.6 ospfIfTransitDelay 1.3.6.1.2.1.14.7.1.7 ospfIfRetransInterval 1.3.6.1.2.1.14.7.1.8 ospfIfHelloInterval 1.3.6.1.2.1.14.7.1.9 ospfIfRtrDeadInterval 1.3.6.1.2.1.14.7.1.10 ospfIfPollInterval 1.3.6.1.2.1.14.7.1.11 ospfIfState 1.3.6.1.2.1.14.7.1.12 ospfIfDesignatedRouter 1.3.6.1.2.1.14.7.1.13 ospfIfBackupDesignatedRouter 1.3.6.1.2.1.14.7.1.14 ospfIfEvents 1.3.6.1.2.1.14.7.1.15 ospfIfAuthKey 1.3.6.1.2.1.14.7.1.16 ospfIfStatus 1.3.6.1.2.1.14.7.1.17 ospfIfMulticastForwarding 1.3.6.1.2.1.14.7.1.18 ospfIfDemand 1.3.6.1.2.1.14.7.1.19 ospfIfAuthType 1.3.6.1.2.1.14.7.1.20 ospfIfMetricIpAddress 1.3.6.1.2.1.14.8.1.1 ospfIfMetricAddressLessIf 1.3.6.1.2.1.14.8.1.2 ospfIfMetricTOS 1.3.6.1.2.1.14.8.1.3 ospfIfMetricValue 1.3.6.1.2.1.14.8.1.4 ospfIfMetricStatus 1.3.6.1.2.1.14.8.1.5 ospfNbrIpAddr 1.3.6.1.2.1.14.10.1.1 3 of 4 708 Administration for the Avaya G450 Media Gateway G450 MIB files Object OID ospfNbrAddressLessIndex 1.3.6.1.2.1.14.10.1.2 ospfNbrRtrId 1.3.6.1.2.1.14.10.1.3 ospfNbrOptions 1.3.6.1.2.1.14.10.1.4 ospfNbrPriority 1.3.6.1.2.1.14.10.1.5 ospfNbrState 1.3.6.1.2.1.14.10.1.6 ospfNbrEvents 1.3.6.1.2.1.14.10.1.7 ospfNbrLsRetransQLen 1.3.6.1.2.1.14.10.1.8 ospfNbmaNbrStatus 1.3.6.1.2.1.14.10.1.9 ospfNbmaNbrPermanence 1.3.6.1.2.1.14.10.1.10 ospfNbrHelloSuppressed 1.3.6.1.2.1.14.10.1.11 ospfExtLsdbType 1.3.6.1.2.1.14.12.1.1 ospfExtLsdbLsid 1.3.6.1.2.1.14.12.1.2 ospfExtLsdbRouterId 1.3.6.1.2.1.14.12.1.3 ospfExtLsdbSequence 1.3.6.1.2.1.14.12.1.4 ospfExtLsdbAge 1.3.6.1.2.1.14.12.1.5 ospfExtLsdbChecksum 1.3.6.1.2.1.14.12.1.6 ospfExtLsdbAdvertisement 1.3.6.1.2.1.14.12.1.7 4 of 4 MIB files in the TUNNEL-MIB.my file The following table provides a list of the MIBs in the TUNNEL-MIB.my file that are supported by the G450 and their OIDs: Object OID tunnelIfLocalAddress 1.3.6.1.2.1.10.131.1.1.1.1.1 tunnelIfRemoteAddress 1.3.6.1.2.1.10.131.1.1.1.1.2 1 of 2 Issue 1 January 2008 709 Traps and MIBs Object OID tunnelIfEncapsMethod 1.3.6.1.2.1.10.131.1.1.1.1.3 tunnelIfTOS 1.3.6.1.2.1.10.131.1.1.1.1.4 tunnelIfHopLimit 1.3.6.1.2.1.10.131.1.1.1.1.5 tunnelConfigLocalAddress 1.3.6.1.2.1.10.131.1.1.2.1.1 tunnelConfigRemoteAddress 1.3.6.1.2.1.10.131.1.1.2.1.2 tunnelConfigEncapsMethod 1.3.6.1.2.1.10.131.1.1.2.1.3 tunnelConfigID 1.3.6.1.2.1.10.131.1.1.2.1.4 tunnelConfigStatus 1.3.6.1.2.1.10.131.1.1.2.1.5 ipTunnelIfIndex 1.3.6.1.4.1.81.31.8.1.1.1 ipTunnelIfChecksum 1.3.6.1.4.1.81.31.8.1.1.2 ipTunnelIfKey 1.3.6.1.4.1.81.31.8.1.1.3 ipTunnelIfkeyMode 1.3.6.1.4.1.81.31.8.1.1.4 ipTunnelIfAgingTimer 1.3.6.1.4.1.81.31.8.1.1.5 ipTunnelIfMTUDiscovery 1.3.6.1.4.1.81.31.8.1.1.6 ipTunnelIfMTU 1.3.6.1.4.1.81.31.8.1.1.7 ipTunnelIfKeepaliveRate 1.3.6.1.4.1.81.31.8.1.1.8 ipTunnelIfKeepaliveRetries 1.3.6.1.4.1.81.31.8.1.1.9 2 of 2 710 Administration for the Avaya G450 Media Gateway Index Index authenticating logins with ASG . . . . . . . . . . 55 Avaya Site Administration . . . . . . . . . . . . . . 53 Avaya Voice Announcement Manager (VAM) . . . . 347 A Access control list CLI commands . . . . . . . . . . . . . . Access control lists, see Policy . . . . . . . . Access Security Gateway (ASG) authentication Accessing Avaya Communication Manager . . . . . . Avaya IW . . . . . . . . . . . . . . . . GIW . . . . . . . . . . . . . . . . . . . MGC . . . . . . . . . . . . . . . . . . . PIM . . . . . . . . . . . . . . . . . . . via modem . . . . . . . . . . . . . . . . via S8300 . . . . . . . . . . . . . . . . Administrator login, configuring in IW . . . . . Announcement files CLI commands . . . . . . . . . . . . . . managing and transferring using SCP . . . ARP table adding entries . . . . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . configuration . . . . . . . . . . . . . . . deleting dynamic entries . . . . . . . . . description . . . . . . . . . . . . . . . . dynamic entries . . . . . . . . . . . . . . removing entries . . . . . . . . . . . . . static entries . . . . . . . . . . . . . . . ASG authentication . . . . . . . . . . . . . ASG commands . . . . . . . . . . . . . . . Authenticating Service logins . . . . . . . . . . . . . . Auto Fallback in SLS . . . . . . . . . . . . . autoneg . . . . . . . . . . . . . . . . . . . Auto-negotiation Fast Ethernet port . . . . . . . . . . . . flowcontrol advertisement . . . . . . . . . Autonomous System Boundary Router . . . . Avaya Communication Manager accessing . . . . . . . . . . . . . . . . configuring for SLS . . . . . . . . . . . . functions . . . . . . . . . . . . . . . . . Avaya IW accessing . . . . . . . . . . . . . . . . administrator login, configuring . . . . . . configuration using . . . . . . . . . . . . description . . . . . . . . . . . . . . . . laptop configuration for . . . . . . . . . . Avaya Services . . . 612 . . . 591 . . . 55 . . . . . . . . . . . . . . . . . . . . . . . . 53 48 51 53 52 46 48 49 . . . 350 . . . 347 . . . . . . . . . . . . . . . . . . . . . 484 . 484 . 484 . 484 . 482 . 483 . 484 . 482 . 55 . 60 . . . 55 . . . 118 . . . 198 . . . 197 . . . 194 . . . 493 . . . 53 . . . 133 . . . 53 . . . . . . . . . . . . . . . 48 49 48 48 48 B Backing up the gateway via the gateway USB port . . . . . . . . . Backup interfaces CLI commands . . . . . . . . . . . . . . configuring . . . . . . . . . . . . . . . . defining through policy-based routing . . . . dynamic bandwidth reporting . . . . . . . . GRE tunnels as . . . . . . . . . . . . . . limitations . . . . . . . . . . . . . . . . . modem dial backup, see Modem dial backup overview . . . . . . . . . . . . . . . . . Backup service . . . . . . . . . . . . . . . . Bandwidth displaying . . . . . . . . . . . . . . . . . dynamic reporting . . . . . . . . . . . . . manual adjustment . . . . . . . . . . . . reducing via header compression . . . . . . setting maximum . . . . . . . . . . . . . used to calculate Cost . . . . . . . . . . . Basic LAN deployment . . . . . . . . . . . . . BOOTP configuration . . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . BOOTstrap Protocol see BOOTP BPDU . . . . . . . . . . . . . . . . . . . . Bridge Protocol Data Units see BPDU Bridges direct handshaking . . . . . . . . . . . . loops . . . . . . . . . . . . . . . . . . . Broadcast address . . . . . . . . . . . . . . Broadcast relay CLI commands . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . directed broadcast forwarding . . . . . . . NetBIOS rebroadcast . . . . . . . . . . . . . 106 . . . . . . . . . . . . 270 268 620 296 457 269 . . 197 . . 325 . . . . . . . . . . . . 297 296 493 225 297 493 . . . 31 . . 469 . . 467 . . 363 . . 363 . . 362 . . 445 . . . . . . . . 481 480 480 481 C CAC-BL . . . . . . . . . . . . . . . . . . . . . 296 Issue 1 January 2008 711 Index Call admission control, see Dynamic CAC CAM table . . . . . . . . . . . . . . . . . . . . . 354 CDR, SLS information . . . . . . . . . . . . . . . 130 Challenge Handshake Authentication Protocol . 240, 242 Channel Groups creating . . . . . . . . . . . . . . . . . . . . 251 illustration . . . . . . . . . . . . . . . . . . . 246 mapping . . . . . . . . . . . . . . . . . . . . 250 CHAP . . . . . . . . . . . . . . . . . . . . 240, 242 CIR . . . . . . . . . . . . . . . . . . . . . . . . 316 CLI accessing from local network . . . . . . . . . . 45 accessing from remote location . . . . . . . . . 46 accessing with modem . . . . . . . . . . . . . 46 contexts . . . . . . . . . . . . . . . . . . . . 44 listing files . . . . . . . . . . . . . . . . . . . 116 managing configuration files . . . . . . . . . . . 113 managing firmware banks . . . . . . . . . . . . 99 online help . . . . . . . . . . . . . . . . . . . 44 remote access with S8300 Server . . . . . . . . 48 upgrading firmware using FTP/TFTP . . . . . . . 100 using to configure the system . . . . . . . . . . 39 viewing device status . . . . . . . . . . . . . . 95 CNA test plugs CLI commands . . . . . . . . . . . . . . . . . 441 configuration example . . . . . . . . . . . . . . 439 configuring for registration . . . . . . . . . . . . 437 functionality . . . . . . . . . . . . . . . . . . 436 overview . . . . . . . . . . . . . . . . . . . . 436 Codec . . . . . . . . . . . . . . . . . . . . . . . 232 Commands access-control-list . . . . . . . . . . . . . . . 282 add nfas-interface . . . . . . . . . . . . 180, 189 add port . . . . . . . . . . . . . . . . . 174, 190 area . . . . . . . . . . . . . . . . . . . 493, 496 arp . . . . . . . . . . . . . . . . . . . . 482, 484 arp timeout . . . . . . . . . . . . . . . . . . . 484 async mode interactive . . . . . . . . . . 242, 243 async mode terminal . . . . . . . . . . . 242, 243 async modem-init-string . . . . . . . . 239, 242, 243 async reset-modem . . . . . . . . . . 239, 242, 243 async-limit-string . . . . . . . . . . . . . . . . 241 async-reset-modem . . . . . . . . . . . . . . . 241 authentication . . . . . . . . . . . . . . . . . 587 autoneg . . . . . . . . . . . . . . . . . . . . 197 backup config usb . . . . . . . . . . . . 106, 112 backup delay . . . . . . . . . . . . . . . 269, 270 backup interface . . . . . . 270, 277, 278, 283, 292 bandwidth . . . . . . . . . . . 255, 256, 493, 495 bc out . . . . . . . . . . . . . . . . . . . . . 317 be out . . . . . . . . . . . . . . . . . . . . . 317 bootfile . . . . . . . . . . . . . . . . . . 474, 478 bri . . . . . . . . . . . . . . . . . . 159, 171, 184 cable length long . . . . . . . . . . . . . . . . 253 cable length short . . . . . . . . . . . . . . . . 253 712 Administration for the Avaya G450 Media Gateway cablelength long . . . . . . . . . cablelength short . . . . . . . . capture buffer mode . . . . . . . capture buffer-mode . . . . . . . capture buffer-size. . . . . . . . capture filter-group . . . . . . . capture interface . . . . . . . . capture ipsec . . . . . . . . . . capture max-frame-size . . . . . capture start . . . . . . . . . . capture stop . . . . . . . . . . capture-service . . . . . . . . . channel-group . . . . . . . . . . cir out . . . . . . . . . . . . . class-identifier . . . . . . . . . . clear arp-cache . . . . . . . . . clear attendant . . . . . . . . . clear bri . . . . . . . . . . . . . clear capture-buffer . . . . . . . clear counter . . . . . . . . . . clear counters . . . . . . . . . . clear crypto isakmp . . . . . . . clear crypto sa . . . . . . . . . clear crypto sa counters . . . . . clear dial-pattern . . . . . . . . clear ds1 . . . . . . . . . . . . clear dynamic-trap-manager . . . clear extension . . . . . . . . . clear fac . . . . . . . . . . . . clear fragment . . . . . . . . . . clear frame-relay counters . . . . clear incoming-routing . . . . . . clear ip dhcp-client statistics . . . clear ip dhcp-server binding . . . clear ip dhcp-server statistics. . . clear ip domain statistics . . . . . clear ip route . . . . . . . . . . clear ip rtp header-compression . clear ip tcp header-compression . clear logging file . . . . . . . . . clear logging server . . . . . . . clear mgc list . . . . . . . . . . clear port mirror . . . . . . . . . clear port static-vlan . . . . . . . clear radius authentication server . clear rmon statistics . . . . . . . clear sig-group . . . . . . . . . clear slot-config . . . . . . . . . clear ssh-client known-hosts . . . clear station . . . . . . . . . . . clear survivable-config . . . . . . clear sync interface . . . . . . . clear tac . . . . . . . . . . . . clear tcp syn-cookies counters . . clear trunk-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 . . . . . 249 . . . . . 424 . . . . . 432 . . . . . 432 . 423, 425, 432 . 415, 424, 432 . . . . . 432 . . . 424, 432 . . . 425, 432 . . . 426, 432 . . . 415, 432 . . . 250, 253 . . . . . 317 . . . 474, 479 . . . . . 484 . . . . . 185 . . . 171, 185 . . . 424, 432 . . . . . 441 . . . . . 441 . . . 528, 586 . . . 528, 586 . . . 528, 586 . . . 181, 185 . . . 166, 185 . . . . . 339 . . . 163, 185 . . . . . 185 . . . . . 503 . . . . . 265 . . . . . 185 . 203, 204, 205 . . . 474, 478 . . . 474, 478 . . . . . . 94 . . . 455, 456 . . . 228, 231 . . . 228, 231 . . . 213, 222 . . . . . . 211 . . . . 86, 88 . . . 361, 362 . . . 354, 357 . . . . . . 66 . . . 372, 374 . . . 180, 185 . . . . . 185 . . . . . . 64 . . . . . 185 . . . . . 185 . . . 638, 639 . . . . . 190 . . . . . . 71 . . . 173, 185 Index clear vlan . . . . . . . . . . . . . . 353, 354, 357 client identifier . . . . . . . . . . . . . . . . . 472 client identifiers . . . . . . . . . . . . . . . . . 478 clock source . . . . . . . . . . . . . . . 249, 253 cna-testplug . . . . . . . . . . . . . . . 437, 441 cna-testplug-service . . . . . . . . . . . 438, 441 composite-operation access control list . . . . . . . . . . . . . . 613 DSCP table . . . . . . . . . . . . . . 609, 616 IP rule configuration . . . . . . . . . . . . . 607 MSS configuration . . . . . . . . . . . . . 75, 78 packet sniffing . . . . . . . . . . . . . . . . 433 QoS list . . . . . . . . . . . . . . 607, 615, 616 continuous-channel . . . . . 517, 520, 539, 587, 588 controller . . . . . . . . . . . . . . . . . 249, 253 control-port . . . . . . . . . . . . . . . . 438, 441 cookie access control list . . . . . . . . . . . . . . 612 capture list . . . . . . . . . . . . . . 416, 433 policy based routing . . . . . . . . . . . . . 633 policy list . . . . . . . . . . . . . . . . . . 595 QoS list . . . . . . . . . . . . . . . . . . . 616 copy announcement-file ftp . . . . . . 104, 347, 350 copy announcement-file scp . . . . . . 104, 347, 350 copy announcement-file usb . . . 102, 104, 348, 350 copy auth-file ftp . . . . . . . . . . . . 57, 60, 104 copy auth-file scp . . . . . . . . . . . . 57, 60, 104 copy auth-file tftp . . . . . . . . . . . . . . . 57, 60 copy auth-file usb . . . . . . . . . . 57, 60, 102, 104 copy capture-file ftp . . . . . . . . . . 104, 428, 432 copy capture-file scp . . . . . . . . . 104, 428, 432 copy capture-file tftp . . . . . . . . . . . 428, 433 copy capture-file usb . . . . . . 102, 104, 428, 433 copy cdr-file ftp . . . . . . . . . . . . . . . . . 104 copy cdr-file scp . . . . . . . . . . . . . . . . 104 copy cdr-file usb . . . . . . . . . . . . . 102, 104 copy dhcp-binding ftp . . . . . . . . . . . . . . 104 copy dhcp-binding scp . . . . . . . . . . . . . 104 copy dhcp-binding usb . . . . . . . . . . 102, 104 copy file usb . . . . . . . . . . . . . . . . . . 102 copy ftp announcement-file . . . . . . . . 348, 350 copy ftp auth-file . . . . . . . . . . . . . . . 57, 60 copy ftp EW_archive . . . . . . . . . . . 100, 104 copy ftp license-file . . . . . . . . . . . . . . . 510 copy ftp module . . . . . . . . . . . . . 100, 104 copy ftp startup-config . . . . . . . . . . .114, 115 copy ftp SW_imageA . . . . . . . . . . . 100, 104 copy ftp sw_imageA . . . . . . . . . . . 108, 112 copy ftp SW_imageB . . . . . . . . . . . . . . 104 copy ftp sw_imageB . . . . . . . . . . . . . . 100 copy license-file usb . . . . . . . . . . . 102, 104 copy phone-script usb . . . . . . . . . . . 102, 104 copy running-config ftp . . . . . . . . . . .114, 115 copy running-config scp . . . . . . . . . . .114, 115 copy running-config startup-config . . . . . . . 69, 70 copy running-config tftp . . . . . . . . . . .114, 115 copy scp announcement-file . . . . . . . . 347, 350 copy scp auth-file . . . . . . . . . . . . . . 57, 60 copy scp license-file . . . . . . . . . . . . . . 510 copy scp startup-config . . . . . . . . . . 114, 115 copy startup-config ftp . . . . . . . . . . . 114, 115 copy startup-config scp . . . . . . . . . . 114, 115 copy startup-config tftp. . . . . . . . . . . 114, 115 copy startup-config usb . . . . . 102, 104, 114, 115 copy syslog-file usb . . . . . . . . . . . . 102, 104 copy tftp auth-file . . . . . . . . . . . . . . 57, 60 copy tftp EW_archive . . . . . . . . . . . 100, 104 copy tftp license-file . . . . . . . . . . . . . . 510 copy tftp module. . . . . . . . . . . . . . . . 104 copy tftp startup-config. . . . . . . . . . . 114, 115 copy tftp SW_imageA . . . . . . . . . . . 100, 104 copy tftp sw_imageA . . . . . . . . . . . 108, 112 copy tftp SW_imageB . . . . . . . . . . . 100, 104 copy usb . . . . . . . . . . . . . . . . . . . 101 copy usb announcement-file . . . . . . 104, 348, 350 copy usb auth-file . . . . . . . . . . . . 57, 60, 104 copy usb EW_archive . . . . . . . . . . . . . 104 copy usb license-file . . . . . . . . . . . . . . 104 copy usb modules . . . . . . . . . . . . . . . 104 copy usb phone-image. . . . . . . . . . . . . 104 copy usb phone-script . . . . . . . . . . . . . 104 copy usb startup-config . . . . . . . . 105, 114, 115 copy usb SW_image . . . . . . . . . . . . . . 105 cos . . . . . . . . . . . . . . . . . . . . 607, 615 crypto ipsec df-bit . . . . . . . . . . . . . 526, 589 crypto ipsec minimal pmtu . . . . . . . . . . . 526 crypto ipsec minimal-pmtu . . . . . . . . . . . 589 crypto ipsec nat-transparency udp-encapsulation 525 crypto ipsec transform-set . . . . . . . 513, 568, 576 crypto isakmp invalid-spi-recovery . . . . . 524, 586 crypto isakmp nat keepalive . . . . . . . . 525, 586 crypto isakmp peer . . . . . . . 514, 568, 576, 586 crypto isakmp peer-group . . . . . . . 518, 576, 587 crypto isakmp policy . . . . . . . . . . 568, 576, 587 crypto isakmp suggest-key . . . . . . . . . . . 588 crypto ispec nat-transparency udp-encapsulation 586 crypto ispec transform-set . . . . . . . . . . . 586 crypto key generate . . . . . . . . . . . . . 62, 63 crypto map . . . . . . . . . . . 519, 568, 576, 588 crypto-group . . . . . . . . . . . . . . . . . 526 cyrpto isakmp policy . . . . . . . . . . . . . . 512 default-metric . . . . . 489, 491, 493, 496, 497, 498 default-router . . . . . . . . . . . . . . . . . 473 default-routers . . . . . . . . . . . . . . . . 478 description crypto list rule . . . . . . . . . . . . . 521, 589 crypto map. . . . . . . . . . . . . . . 519, 588 DNS servers list . . . . . . . . . . . . . 90, 95 ISAKMP peer . . . . . . . . . . . . . 515, 587 ISAKMP peer-group . . . . . . . . . . 518, 587 ISAKMP policy . . . . . . . . . . . . . 512, 588 object tracker . . . . . . . . . . . . . 302, 315 Issue 1 January 2008 713 Index policy rule . . . . . . . . . track list . . . . . . . . . . destination-ip access control list . . . . . crypto list rule . . . . . . . MSS configuration . . . . . packet sniffing . . . . . . . policy based routing . . . . policy list . . . . . . . . . QoS list . . . . . . . . . . dialer modem-interface . . . . dialer order . . . . . . . . . . dialer persistent . . . . . . . dialer persistent delay . . . . . dialer persistent initial delay . . dialer persistent max-attempts . dialer persistent re-enable . . . dialer string. . . . . . . . . . dialer wait-for-ipcp . . . . . . dial-pattern . . . . . . . . . . dir . . . . . . . . . . . . . . disconnect ssh . . . . . . . . distribution list . . . . . . . . distribution-list . . . . . . . . dns-server . . . . . . . . . . domain-name. . . . . . . . . dos-classification . . . . . . . ds1 . . . . . . . . . . . . . dscp access control list . . . . . object tracking . . . . . . . packet sniffing . . . . . . . policy based routing . . . . policy lists . . . . . . . . . QoS list . . . . . . . . . . dscp-table . . . . . . . . . . ds-mode . . . . . . . . . . . duplex . . . . . . . . . . . . dynamic-cac . . . . . . . . . encapsulation . . . . . . . . encapsulation pppoe . . . . . encryption . . . . . . . . . . end-ip-addr . . . . . . . . . . erase announcement-file . . . erase auth-file . . . . . . . . exit . . . . . . . . . . . . . fail-retries . . . . . . . . . . fair-queue-limit . . . . . . . . fair-voip-queue . . . . . . . . fdl . . . . . . . . . . . . . . fragment access control list . . . . . fragmentation . . . . . . . frame relay . . . . . . . . packet sniffing . . . . . . . . . . . . . . . . 600 . . . . . . . . . 303 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613 . . . 300, 315 . . . 418, 433 . . . . . . 634 . . . . . . 604 . 607, 615, 616 . . . 609, 616 . . . 249, 253 . . . . . . 197 . . . 297, 298 257, 258, 263, 265 . . . . . 259, 262 . . . . . 512, 588 . . . . . 472, 479 . . . . . 348, 350 . . . . . . . 56, 60 . . . . . . . . 80 . . . . . 301, 315 . . . . . 234, 235 . . . . . 234, 235 . . . . . . . . 253 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613 521, 589 . . 75, 78 418, 433 . . . 634 . . . 601 . . . 616 283, 291 275, 291 275, 291 275, 282, 291 275, 282, 291 . . 275, 291 . . 275, 291 274, 283, 291 . . 276, 291 160, 181, 185 105, 112, 116 . . . . 62, 63 . . . . . 488 . . 489, 491 . . 473, 478 . . 473, 478 . . . . 75, 78 . . 159, 186 . . . . . . . . . . . . . . . . . . 604, 613 . . . 503 317, 318 421, 433 714 Administration for the Avaya G450 Media Gateway policy based routing . . . . . . . . . . . . 634 QoS list . . . . . . . . . . . . . . . . . . 616 fragment chain . . . . . . . . . . . . . . . . 503 fragment size . . . . . . . . . . . . . . . . . 503 fragment timeout . . . . . . . . . . . . . . . 503 frame-relay class-dlci . . . . . . . . . . . . . 265 frame-relay interface-dlci . . . . . . . . . . 264, 265 frame-relay lmi-n391dte . . . . . . . . . . 263, 265 frame-relay lmi-n392dte . . . . . . . . . . 263, 265 frame-relay lmi-n393dte . . . . . . . . . . 263, 266 frame-relay lmi-type . . . . . . . . . . . . 263, 266 frame-relay priority-dlci-group . . . . . 264, 266, 318 frame-relay traffic-shaping . . . . 263, 266, 316, 317 framing . . . . . . . . . . . . . . . . . . 249, 253 frequency . . . . . . . . . . . . . . . . . 300, 315 group . . . . . . . . . . . . . . . . . . . 512, 588 hash . . . . . . . . . . . . . . . . . . . 512, 588 help . . . . . . . . . . . . . . . . . . . . . . 44 hostname . . . . . . . . . . . . . . . . . . 62, 63 icc-vlan . . . . . . . . . . . . . . . . . . 353, 357 icmp . . . . . . . . . 421, 433, 603, 613, 616, 634 idle character . . . . . . . . . . . . . . . . . 254 idle-character . . . . . . . . . . . . . . . . . 256 ignore dcd . . . . . . . . . . . . . . . . 255, 256 incoming-routing . . . . . . . . . . . 160, 182, 187 initiate mode . . . . . . . . . . . . . . . 516, 587 interface . . . . . . . . . . . . . . . . 79, 80, 292 interface console . . . . . . . . 242, 243, 283, 446 interface dialer . . . . . . . . . 274, 282, 291, 446 interface fastethernet DHCP and BOOTP relay . . . . . . . . . . 469 DHCP client . . . . . . . . . . . . . . 200, 204 interface configuration . . . . . . . . . . . 447 PPPoE . . . . . . . . . . . . . . . . . . 259 WAN Ethernet port . . . . . . . . . . . 196, 198 interface Loopback . . . . . . . . . . . . . . 282 interface loopback . . . . . . . . . . . . . . . 447 interface Serial . . . . . . . . . . . . . . . . 250 interface serial E1/T1 ports . . . . . . . . . . . . . . . . 253 frame relay . . . . . . . . . . . . 263, 264, 265 frame relay traffic shaping . . . . . . . . . 317 interface configuration . . . . . . . . . . . 447 PPP . . . . . . . . . . . . . . . . . . 257, 258 USP port . . . . . . . . . . . . . . . 254, 256 interface tunnel . . . . . . . . . . . . 447, 462, 466 interface usb-modem . . . . . . . . . 239, 241, 448 interface vlan . . . . . . . . . . 351, 354, 357, 448 invert txclock . . . . . . . . . . . . . . . 255, 256 ip access group . . . . . . . . . . . . . . . . 597 ip access-control-list . . . . . . 75, 78, 524, 594, 612 ip access-group . . . . . . . . . . . . 283, 537, 612 ip address console port . . . . . . . . . . . . . . 242, 243 dialer interface . . . . . . . . . . . . . 274, 291 Index E1/T1 ports . . . . . . . . . . . . frame relay . . . . . . . . . . . . interface configuration . . . . . . . PPP . . . . . . . . . . . . . . . PPPoE . . . . . . . . . . . . . . USB port . . . . . . . . . . . . . USP port . . . . . . . . . . . . . ip address dhcp . . . . . . . . . . . ip address negotiated . . . . 260, 262, ip admin-state . . . . . . . . . . . . ip bootp-dhcp network . . . . . . . . ip bootp-dhcp relay . . . . . . . . . . ip bootp-dhcp server . . . . . . . . . ip broadcast-address . . . . . . . . . ip capture-list . . . . . . . . . . . . . ip crypto list . . . . . . . . . . . . . ip crypto-group . . . . . . . . . . . . ip crypto-list . . . . . . . . . . . . . ip default-gateway . . . . . . . . 82, ip default-gateway dialer . . . . . . . ip dhcp activate pool . . . . . . . . . ip dhcp client client-id . . . . . . . . . ip dhcp client hostname . . . . . . . . ip dhcp client lease . . . . . . . . . . ip dhcp client request . . . . . . . . . ip dhcp client route track . . . . . . . ip dhcp ping packets . . . . . . . . . ip dhcp ping timeout . . . . . . . . . ip dhcp pool . . . . . . . . . . . . . ip dhcp pools . . . . . . . . . . . . . ip dhcp-server . . . . . . . . . . . . ip directed-broadcast . . . . . . . . . ip distribution access-default-action . . ip distribution access-list . . . . . . . ip distribution access-list-cookie . . . . ip distribution access-list-copy . . . . . ip distribution access-list-name . . . . ip distribution access-list-owner . . . . ip domain list . . . . . . . . . . . . . ip domain lookup . . . . . . . . . . . ip domain name-server-list . . . . . . ip domain retry . . . . . . . . . . . . ip domain timeout . . . . . . . . . . . ip icmp-errors. . . . . . . . . . . . . ip max-arp-entries . . . . . . . . . . ip netbios-rebroadcast . . . . . . . . ip netmask-format . . . . . . . . . . ip next-hop-list . . . . . . . . . . . . ip ospf authentication . . . . . . . . . ip ospf authentication-key . . . . . . . ip ospf cost . . . . . . . . . . . . . . ip ospf dead-interval . . . . . . . . . ip ospf hello-interval. . . . . . . . . . ip ospf message-digest-key . . . . . . ip ospf network point-to-multipoint . . . . . . . . . . . . . . . . . 251, 264, . 79, 257, 260, 239, 254 266 445 258 262 241 . . . 256 92, 201, 204 274, 291, 537 445, 447, 448 . . . . . 469 . . . . . 469 . . . . . 469 445, 447, 448 . . 416, 433 . . . . . 520 523, 539, 589 . . . . . 589 292, 455, 456 . . . . . 277 . . 472, 478 . . 200, 204 . . 200, 204 . . 200, 204 200, 204, 568 . . 201, 204 . . 474, 478 . . 474, 478 . . . . . 472 . . . . . 478 . . 472, 480 . . 480, 481 . . 488, 490 . . 488, 490 . . . . . 490 . . . . . 490 . . . . . 490 . . . . . 490 . . . . 91, 95 . . . . 91, 95 . . . . 90, 95 . . . . 91, 95 . . . . . 95 . . . . . 486 . . . . . 484 . . . . . 481 . . 455, 456 622, 626, 633 . . 493, 495 . . 493, 495 493, 494, 495 . . 494, 495 . . 494, 495 . . 494, 495 248, 494, 495 ip ospf priority . . . . . . . . . . ip ospf router-id . . . . . . . . . ip pbr-group . . . . . . . . . . . ip pbr-list . . . . . . . . . . . . IP peer address . . . . . . . . . ip peer address . . . . . . . . . ip policy-list-copy . . . . . . . . ip proxy-arp . . . . . . . . . . . ip qos-group . . . . . . . . . . ip qos-list . . . . . . . . . . . . ip redirects . . . . . . . . . . . ip rip authentication key . . . . . ip rip authentication mode . . . . ip rip authentications key . . . . . ip rip authentications mode . . . . ip rip default-route-mode . . . . . ip rip poison-reverse . . . . . . . ip rip rip-version . . . . . . . . . ip rip send-receive-mode . . . . . ip rip split-horizon . . . . . . . . ip route . . . . . . . . . . . 452, ip routing . . . . . . . . . . . . ip rtp compression-connections. . ip rtp header-compression . . . . ip rtp max-period . . . . . . . . ip rtp max-time . . . . . . . . . ip rtp non-tcp-mode . . . . . . . ip rtp port-range . . . . . . . . . ip rule . . . . . . . . . . . . . ip show rule . . . . . . . . . . . ip simulate . . . . . . . . . . . ip snmp . . . . . . . . . . . . . ip ssh . . . . . . . . . . . . . . ip tcp compression-connections . ip tcp header-compression . . . . ip telnet . . . . . . . . . . . . . ip telnet-client . . . . . . . . . . ip telnet-services . . . . . . . . ip unnumbered . . . . . . . . . ip vrrp . . . . . . . . . . . . . ip vrrp address . . . . . . . . . ip vrrp auth-key . . . . . . . . . ip vrrp override addr owner . . . . ip vrrp preempt . . . . . . . . . ip vrrp primary . . . . . . . . . . ip vrrp priority . . . . . . . . . . ip vrrp timer . . . . . . . . . . . ip-fragments-in . . . . . . . . . ip-option-in . . . . . . . . . . . ip-protocol access control list . . . . . . MSS configuration . . . . . . packet sniffing . . . . . . . . policy based routing . . . . . policy list . . . . . . . . . . . . . . . . . . . . . . . . . 494, 495 . . . 494, 496 . . . 623, 633 . 621, 627, 633 . . . 240, 243 . . . 241, 243 523, 595, 614, 615 . . . . . . . 485 . . . . . 597, 615 . . . . . 594, 615 . . . . . 455, 456 . . . . . . . 489 . . . . . . . 489 . . . . . . . 491 . . . . . . . 491 . . . . . 489, 491 . . . 488, 489, 491 . . . . . 489, 491 . . . . . 489, 491 . . . 487, 489, 491 453, 454, 455, 456 . . . . . 443, 456 . . . . . 227, 229 . . . 228, 229, 230 . . . . . 227, 229 . . . . . 227, 229 . . . . . 227, 229 . . . . . 227, 229 . . . . . . . 600 . . . . . . . 600 . . . 611, 612, 615 . . . . . . . 336 . . . . . . 62, 63 227, 229, 230, 231 . . . 228, 230, 231 . . . . . . 67, 68 . . . . . . 67, 68 . . . . . . . . 68 . . . 274, 283, 449 . . . . . 500, 501 . . . . . 500, 501 . . . . . 500, 501 . . . . . 500, 501 . . . . . 500, 501 . . . . . 501, 502 . . . . . 501, 502 . . . . . 501, 502 . . . . . 599, 613 . . . . . 599, 613 . . . . . . . . . . . . . . . . . . . . . . . . . . . 613 . 75, 78 418, 433 . . 634 . . 601 Issue 1 January 2008 715 Index QoS list . . . . . . . . . . . . . . . . . . . 616 ip-rule access control list . . . . . . . . . . . . . . 613 crypto list . . . . . . . . . . . . . . . . . . 521 MSS configuration . . . . . . . . . . . . . 75, 78 packet sniffing . . . . . . . . . . . . . 416, 433 policy based routing . . . . . . . . 621, 625, 633 QoS list . . . . . . . . . . . . . . . . . . . 616 VPN . . . . . . . . . . . . . . . . . . . . 589 isakmp policy . . . . . . . . . . . . . . . . . . 515 isakmp-policy . . . . . . . . . . . . . . . . . . 587 keepalive . . . . . 257, 258, 460, 462, 466, 517, 587 keepalive-icmp . . . . . . . . . . . . . . 294, 295 keepalive-icmp failure-retries . . . . . . . 294, 295 keepalive-icmp interval . . . . . . . . . . 294, 295 keepalive-icmp source-address . . . . . . 294, 295 keepalive-icmp success-retries . . . . . . 294, 295 keepalive-icmp timeout . . . . . . . . . . 294, 296 keepalive-track . . . . . . . 197, 261, 262, 517, 587 key config-key password-encryption . . . 69, 111, 112 lease. . . . . . . . . . . . . . . . . 472, 473, 479 lifetime . . . . . . . . . . . . . . . . . . 512, 588 linecode . . . . . . . . . . . . . . . . . 249, 253 load-interval . . . . . . . . . . . . . . . . 79, 243 local-address . . . . . . . . . . . . . . . 521, 589 login authentication . . . . . . . . . . . . . . . 58 login authentication local-craft-password . . . . 58, 60 login authentication lockout . . . . . . . . . . 58, 60 login authentication response-time . . . . . . . 58, 60 login authentication services-logins . . . . . . . 61 loopback . . . . . . . . . . . . . . . . . 252, 253 loopback remote . . . . . . . . . . . . . . . . 253 map-class frame-relay . . . . . . . . . . . . . 317 mode . . . . . . . . . . . . . . . . . . 514, 586 mtu . . . . . . . . . . . . . . . . . . . 260, 262 name access control list . . . . . . . . . . . . . . 614 crypto list . . . . . . . . . . . . . . . . . . 521 DHCP option . . . . . . . . . . . . . 473, 479 DHCP server . . . . . . . . . . . . . 472, 479 DHCP vendor specific option . . . . . . 474, 479 packet sniffing . . . . . . . . . . . . . 416, 434 policy based routing . . . . . . . . 621, 622, 634 policy list . . . . . . . . . . . . . . . . . . 595 QoS list . . . . . . . . . . . 607, 615, 616, 617 name server . . . . . . . . . . . . . . . . . . 90 name-server . . . . . . . . . . . . . . . . . . 95 network . . . . . . . . . . . . . . . 490, 494, 496 next-hop . . . . . . . . . . . . . . . 300, 315, 625 next-hop (policy-based routing) . . . . . . . . . 634 next-hop-interface . . . . . . . . . . 622, 626, 633 next-hop-ip . . . . . . . . . . . . . . . . 626, 633 next-hop-list . . . . . . . . . . . . . . . . . . 622 next-server . . . . . . . . . . . . . . . . 474, 479 nrzi-encoding . . . . . . . . . . . . . . . 255, 256 nslookup . . . . . . . . . . . . . . . . . . . 93, 95 716 Administration for the Avaya G450 Media Gateway object . . . . . . . . . . . . . . . . . . . 303, 315 option . . . . . . . . . . . . . . . . . . 473, 479 owner access control list . . . . . . . . . . . . . 614 packet sniffing . . . . . . . . . . . . . 416, 434 policy based routing . . . . . . . . . . 621, 634 policy list . . . . . . . . . . . . . . . . . 595 QoS list . . . . . . . . . . . . . . . . . . 617 passive-interface . . . . . . . . . . . . . . . 494 passive-interfaces . . . . . . . . . . . . . . . 496 ping . . . . . . . . . . . . . . . . . . . . . 267 pmi . . . . . . . . . . . . . . . . . . . . . 80, 81 ppp authentication ASG authentication . . . . . . . . . . . . 58, 61 console port . . . . . . . . . . . . . . 242, 244 USB port . . . . . . . . . . . . . . . 240, 241 ppp chap hostname . . . . . . . 260, 262, 276, 282 ppp chap password . . . . . . . . . . 260, 262, 276 ppp chap refuse . . . . . . . . . . . . . . 260, 262 ppp chap-secret . . . . . . . . . 240, 241, 242, 244 ppp ipcp dns request . . 92, 95, 261, 262, 292, 568 ppp pap refuse . . . . . . . . . . . . . . 261, 262 ppp pap sent username . . . . . . . . . . . . 262 ppp pap sent-username . . . . . . . . . . . . 276 ppp pap-sent username . . . . . . . . . . . . 260 ppp time authentication . . . . . . . . . . 241, 244 ppp timeout authentication . . . . . . . . . 240, 243 ppp timeout ncp . . . . . . . . . . . . . . 257, 258 ppp timeout retry . . . . . . . . . . . . . 257, 258 pppoe-client persistent delay . . . . . . . . 260, 262 pppoe-client persistent max-attempts . . . . 260, 263 pppoe-client service-name . . . . . . . . . 260, 263 pppoe-client wait-for-ipcp . . . . . . . . . 260, 263 pre-shared-key . . . . . . . . . . . . . . 515, 587 priority-queue . . . . . . . . . . 234, 235, 236, 237 protect crypto-map . . . . . . . . . . . . 522, 589 queue-limit . . . . . . . . . . . . . . . . 236, 237 redistribute . . . . . . 490, 491, 494, 496, 497, 498 release dhcp . . . . . . . . . . . . . . . 202, 204 remove nfas-interface . . . . . . . . . . . . . 189 remove port . . . . . . . . . . . . . . . . . . 190 rename announcement-file . . . . . . . . . 348, 350 renew dhcp . . . . . . . . . . . . . . . . 202, 204 reset . . . . . . . . . . . . . . . . . . . . . . 80 restore . . . . . . . . . . . . . . . . . . 111, 112 restore usb . . . . . . . . . . . . . . 102, 108, 113 rmon alarm . . . . . . . . . . . . . . . . 372, 374 rmon event . . . . . . . . . . . . . . . . 372, 374 rmon history. . . . . . . . . . . . . . . . 372, 374 router ospf . . . . . . . . . 283, 292, 494, 496, 498 router rip . . . . . . . . . . . . . . . 490, 491, 498 router vrrp . . . . . . . . . . . . . . . . 501, 502 rtp-echo-port . . . . . . . . . . . . . . . 438, 441 rtp-stat clear . . . . . . . . . . . . . . . 379, 412 rtp-stat event-threshold . . . . . . . . . . 379, 412 rtp-stat fault . . . . . . . . . . . . . . . . 383, 412 Index rtp-stat min-stat-win . . . . . . . . rtp-stat qos-trap . . . . . . . . . rtp-stat qos-trap-rate-limit . . . . . rtp-stat service . . . . . . . . . . rtp-stat thresholds . . . . . . . . rtp-stat-service . . . . . . . . . . rtp-test-port. . . . . . . . . . . . rtr . . . . . . . . . . . . . . . . rtr-schedule . . . . . . . . . . . running-config startup-config . . . safe-removal usb . . . . . . . . . scheduler . . . . . . . . . . . . self-identity . . . . . . . . . . . . server-name . . . . . . . . . . . session . . . . . . . . . . . . . session mgc . . . . . . . . . . . set associated-signaling . . . . . . set attendant . . . . . . . . . . . set bearer-capability (bri) . . . . . set bearer-capability (ds1) . . . . . set bit-rate . . . . . . . . . . . . set boot bank . . . . . . . . . . . set cbc . . . . . . . . . . . . . . set cbc-parameter . . . . . . . . set cbc-service-feature . . . . . . set channel-numbering . . . . . . set channel-preferences . . . . . . set codeset-display . . . . . . . . set codeset-national . . . . . . . set connect . . . . . . . . . . . . set contact-closure admin . . . . . set contact-closure pulse-duration . set cor . . . . . . . . . . . . . . set country-protocol (bri) . . . . . set country-protocol (ds1) . . . . . set date-format . . . . . . . . . . set delete-digits (dial-pattern) . . . set delete-digits (incoming-routing) . set deny . . . . . . . . . . . . . set dial . . . . . . . . . . . . . . set digit-handling . . . . . . . . . set digits . . . . . . . . . . . . . set digit-treatment . . . . . . . . set directory-number-a . . . . . . set directory-number-b . . . . . . set dscp . . . . . . . . . . . . . set endpoint-init . . . . . . . . . set etr . . . . . . . . . . . . . . set expansion-module . . . . . . . set fac . . . . . . . . . . . . . . set icc-monitoring . . . . . . . . . set incoming-destination . . . . . set incoming-dialtone . . . . . . . set insert-digits (dial-pattern) . . . set insert-digits (incoming-routing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382, 412 383, 412 384, 413 . . . 413 379, 413 . . . 379 438, 441 300, 314 302, 315 . . . 40 . . . 113 437, 441 516, 587 474, 479 . . 87, 88 . . . 428 180, 189 161, 187 171, 184 169, 186 166, 186 . 99, 105 . . . 190 . . . 190 . . . 190 . . . 186 177, 190 177, 190 177, 190 167, 186 344, 345 344, 345 . . . 189 171, 184 167, 168, 186 160, 161, 187 . . 182, 186 . . 183, 187 . . 182, 186 . . 174, 190 . . 178, 190 . . 177, 191 . . 177, 191 . . 172, 184 . . 172, 184 . . 520, 588 . . 172, 184 . . 325, 326 . . 165, 189 . . . . . 187 . . . . 87, 88 . . 179, 191 . . 179, 191 . . 182, 186 . . 183, 187 set interface (bri) . . . . . . . . . . . . . 171, 184 set interface (ds1) . . . . . . . . . . . . . 167, 186 set interface-companding (bri) . . . . . . . 171, 184 set interface-companding (ds1) . . . . . . . 170, 186 set ip-codec-set . . . . . . . . . . . . . . 160, 187 set japan-disconnect . . . . . . . . . . . . 178, 191 set layer 1-stable . . . . . . . . . . . . . 172, 184 set length . . . . . . . . . . . . . . . . . 183, 187 set lldp re-init-delay . . . . . . . . . . . . 207, 208 set lldp system-control . . . . . . . . . . . 206, 208 set lldp tx-delay . . . . . . . . . . . . . . 207, 208 set lldp tx-hold-multiplier . . . . . . . . . . 207, 208 set lldp tx-interval . . . . . . . . . . . . . 207, 208 set logging file . . . . . . . . . . . . . . . 217, 222 set logging file condition . . . . . . . . . . . . 217 set logging file disable . . . . . . . . . . . . . 213 set logging file enable . . . . . . . . . . . . . 213 set logging server . . . . . . . . . . . 210, 222, 223 set logging server access level . . . . . . . . . 223 set logging server access-level . . . . . . . . . . 211 set logging server condition . . . . . . . . 217, 223 set logging server disable . . . . . . . . . . . . 211 set logging server enable . . . . . . . . . . . 210 set logging server facility . . . . . . . . . . 210, 223 set logging session . . . . . . . . . . . . . . 223 dialer interface . . . . . . . . . . . . . 284, 292 DNS resolver . . . . . . . . . . . . . . . . 94 object tracking . . . . . . . . . . . . . . . 305 session log . . . . . . . . . . . . . . . . 215 VPN . . . . . . . . . . . . . . . . . . . . 528 set logging session condition . . . . . . . . . . 217 set logging session condition dhcpc . . . . . . 203 set logging session disable . . . . . . . . . . . 215 set logging session enable . . . . . . . . . . . 203 set long-timer . . . . . . . . . . . . . . . 170, 186 set match-pattern . . . . . . . . . . . . . 183, 187 set max-ip-registrations . . . . . . . . . . 160, 188 set max-length . . . . . . . . . . . . . . 182, 186 set mediaserver . . . . . . . . . . . . . . . 87, 88 set mgc list . . . . . . . . . . . . . . . 84, 86, 88 set min-length . . . . . . . . . . . . . . . 182, 186 set mss-notification rate . . . . . . . . . . . 73, 78 set name (bri) . . . . . . . . . . . . . . . 171, 184 set name (ds1) . . . . . . . . . . . . . . 166, 187 set name (station) . . . . . . . . . . . . . 165, 189 set name (trunk-group) . . . . . . . . . . 177, 191 set numbering-format . . . . . . . . . . . 178, 191 set password . . . . . . . . . . . . . . . 165, 189 set peer . . . . . . . . . . . . . 518, 519, 587, 588 set peer group . . . . . . . . . . . . . . . . 519 set peer-group . . . . . . . . . . . . . . . . 588 set pfs . . . . . . . . . . . . . . . . . . 513, 586 set pim-lockout . . . . . . . . . . . . 160, 162, 188 set port . . . . . . . . . . . . . . . . . . 164, 189 set port auto-negotiation-flowcontrol-advertisement194, 195 Issue 1 January 2008 717 Index set port classification . . . . . . . . . . . 369, 370 set port disable . . . . . . . . . . . . . . . . . 194 set port duplex . . . . . . . . . . . . . . 194, 195 set port edge admin state . . . . 194, 195, 364, 368 set port flowcontrol . . . . . . . . . . . . 194, 196 set port level . . . . . . . . . . . . . . . 195, 196 set port lldp. . . . . . . . . . . . . . . . 206, 208 set port lldp tlv . . . . . . . . . . . . . . 207, 208 set port mirror . . . . . . . . . . . . . . 361, 362 set port name. . . . . . . . . . . . . . . 195, 196 set port negotiation . . . . . . . . . . . . 195, 196 set port point-to-point admin status 195, 196, 365, 368 set port redundancy . . . . . . . . . . . . 359, 360 set port redundancy enable|disable . . . . 359, 360 set port redundancy-intervals . . . . . 358, 359, 360 set port spantree . . . . . . . . . . . . . 365, 368 set port spantree cost . . . . . . . . . . . 365, 368 set port spantree force-protocol-migration . 365, 368 set port spantree priority . . . . . . . . . 365, 368 set port speed . . . . . . . . . . . . . . . . . 196 set port static-vlan . . . . . . . . . . . . 354, 357 set port trap . . . . . . . . . . . . . . . 333, 335 set port vlan . . . . . . . . . . . . . . . 354, 357 set port vlan-binding-mode . . . . . . . . 354, 357 set primary-dchannel . . . . . . . . . . . 180, 189 set protocol-version . . . . . . . . . . . . 168, 187 set qos bearer . . . . . . . . . . . . . . 232, 233 set qos control . . . . . . . . . . . . . . 232, 233 set qos rsvp . . . . . . . . . . . . . . . . . . 233 set qos rtcp. . . . . . . . . . . . . . . . 232, 233 set qos signal. . . . . . . . . . . . . . . 232, 233 set radius authentication . . . . . . . . . 64, 65, 66 set radius authentication retry-number . . . . . 65, 66 set radius authentication retry-time . . . . . . . 65, 66 set radius authentication secret . . . . . . . . 64, 66 set radius authentication server . . . . . . . . 65, 66 set radius authentication udp-port . . . . . . . 65, 66 set reset-times . . . . . . . . . . . . . . . . 86, 88 set security-association lifetime . . . . . . . . . 586 set security-association lifetime kilobytes . . . . . 513 set security-association lifetime seconds . . . . . 513 set send-name . . . . . . . . . . . . . . 178, 191 set send-number . . . . . . . . . . . . . 178, 191 set side (bri) . . . . . . . . . . . . . . . 171, 184 set side (ds1) . . . . . . . . . . . . . . . 167, 187 set signaling-mode . . . . . . . . . . . . 166, 187 set slot-config . . . . . . . . . . . . . . 160, 188 set sls . . . . . . . . . . . . . . . . 143, 162, 184 set snmp community . . . . . . . . . . . 336, 337 set snmp retries . . . . . . . . . . . . . 336, 337 set snmp timeout . . . . . . . . . . . . . 336, 337 set snmp trap . . . . . . . . . . . . . . . . . . 335 set snmp trap disable auth . . . . . . . . . . . 333 set snmp trap disable frame-relay . . . . . . . . 333 set snmp trap enable auth . . . . . . . . . . . . 333 718 Administration for the Avaya G450 Media Gateway set snmp trap enable frame-relay . set spantree default-path-cost . . set spantree enable/disable . . . set spantree forward-delay . . . . set spantree hello-time. . . . . . set spantree max-age . . . . . . set spantree priority . . . . . . . set spantree tx-hold-account . . . set spantree tx-hold-count . . . . set spantree version . . . . . . . set spid-a . . . . . . . . . . . . set spid-b . . . . . . . . . . . . set supervision . . . . . . . . . set swhook-flash . . . . . . . . set sync interface . . . . . . . . set sync source . . . . . . . . . set sync switching . . . . . . . . set system contact. . . . . . . . set system location . . . . . . . set system name . . . . . . . . set tac . . . . . . . . . . . . . set tei-assignment . . . . . . . . set terminal recovery password. . set tgnum . . . . . . . . . . . . set transform-set . . . . . . . . set trunk . . . . . . . . . . . . set trunk-destination . . . . . . . set trunk-group-chan-select . . . set trunk-hunt . . . . . . . . . . set type (dial-pattern) . . . . . . set type (station) . . . . . . . . set utilization cpu . . . . . . . . set vlan . . . . . . . . . . . . . setting buffer-size . . . . . . . . show (bri) . . . . . . . . . . . . show (dial-pattern). . . . . . . . show (ds1) . . . . . . . . . . . show (incoming-routing) . . . . . show (sig-group) . . . . . . . . show (station) . . . . . . . . . . show (trunk-group) . . . . . . . show announcement-file . . . . . show announcements-files . . . . show attendant . . . . . . . . . show auth-file info . . . . . . . . show auth-file status . . . . . . . show backup status . . . . . . . show boot bank . . . . . . . . . show bri . . . . . . . . . . . . show cam vlan . . . . . . . . . show capture . . . . . . . . . . show capture-buffer hex . . . . . show capture-dummy-headers . . show cna testplug . . . . . . . . show composite-operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 . . . 365, 368 . . . 365, 368 . . . 365, 368 . . . 366, 368 . . . 366, 368 . . . 366, 368 . . . . . 366 . . . . . 368 . . . 366, 368 . . . 172, 184 . . . 172, 185 . . . 176, 191 . . . 165, 189 . . . . . 639 . . . 637, 639 . . . 638, 639 . . . . . . 81 . . . . . . 81 . . . . . . 81 . . . 174, 191 . . . 171, 185 . . . . . . 67 . . . 182, 186 . . . 519, 588 . . . 354, 357 . . . 165, 189 . . . 180, 189 . . . 179, 191 . . . 181, 186 . . . 163, 190 . . . . 96, 97 . 351, 354, 357 . . . . . 424 . . . 172, 185 . . . 182, 186 . . . 170, 187 . . . 183, 187 . . . 181, 189 . . . 166, 190 . . . 179, 191 . . . . . 350 . . . . . 348 . . . . . 188 . . 56, 59, 61 . . . . . . 61 . . . . . . 113 . . . . 99, 105 . . . . . 188 . . . 354, 357 . . . 426, 434 . . . 426, 434 . . . . . 430 . . . 438, 441 Index access control list . . . . . . . . . 599, 613, 614 policy list . . . . . . . . . . . . . . . . . . 610 QoS list . . . . . . . . . . . . . . . . 616, 617 show contact-closure . . . . . . . . . . . . . . 345 show controller . . . . . . . . . . . . . . . . . 267 show controllers . . . . . . . . . . . 249, 254, 266 show controllers remote . . . . . . . . . . . . . 254 show crypto ipsec sa . . . . . . . . . . . 524, 589 show crypto ipsec transform-set . . . . . . 527, 589 show crypto isakmp peer . . . . . . . . . 527, 589 show crypto isakmp peer-group . . . . . . 527, 590 show crypto isakmp policy . . . . . . . . . 527, 590 show crypto isakmp sa . . . . . . . . . . 527, 590 show crypto ispsec sa . . . . . . . . . . . . . . 527 show crypto map . . . . . . . . . . . . . 527, 590 show date-format . . . . . . . . . . . . . . . . 188 show dial-pattern . . . . . . . . . . . . . . . . 188 show download announcement-file status . 349, 350 show download license-file status . . . . . . . . 510 show download software status . . . . . . 102, 105 show download status . . . . . . . . . . .114, 115 show ds1 . . . . . . . . . . . . . . . . . . . . 188 show dscp-table . . . . . . . . . . . 610, 616, 617 show ds-mode . . . . . . . . . . . . . . . . . 249 show dynamic-cac . . . . . . . . . . . . 297, 298 show etr . . . . . . . . . . . . . . . . . . . . 326 show extension . . . . . . . . . . . . . . . . . 188 show fac . . . . . . . . . . . . . . . . . . . . 188 show faults . . . . . . . . . . . . . . . . . . 95, 97 show fragment . . . . . . . . . . . . . . . . . 503 show frame-relay fragment . . . . . . . . 266, 267 show frame-relay lmi . . . . . . . . . . . 266, 267 show frame-relay map . . . . . . . . . . 266, 268 show frame-relay pvc . . . . . . . . . . . 266, 268 show frame-relay traffic . . . . . . . . . . 266, 268 show icc-monitoring . . . . . . . . . . . . . . 87, 88 show icc-vlan . . . . . . . . . . . . . . . 353, 357 show image version . . . . 95, 97, 99, 105, 108, 113 show incoming-routing . . . . . . . . . . . . . 188 show interface . . . . . . . . . . . . . . . . . 241 show interfaces dialer interface . . . . . . . . . . 274, 276, 292 frame relay . . . . . . . . . . . . 263, 265, 266 GRE tunnel . . . . . . . . . . . . . . 464, 466 interface status . . . . . . . . . . . . . . . 434 PPP . . . . . . . . . . . . . . . . . 257, 258 unnumbered IP interface . . . . . . . . . . . 449 VLANs . . . . . . . . . . . . . . . . 354, 358 WAN configuration . . . . . . . . . . . 266, 268 show interfaces usb-modem . . . . . . . . . . . 240 show ip access-control-list. . . . . . . 610, 612, 614 show ip active-lists . . . . . . . 527, 590, 628, 635 show ip active-pbr-lists . . . . . . . . . . . . . 635 show ip arp . . . . . . . . . . . . . . . . 484, 485 show ip capture-list . . . . . . . . . . . . 423, 434 show ip crypto-list . . . . . . . . . . . . . . . . 527 show ip crypto-lists . . . . . . . . . . . . show ip dhcp-client . . . . . . . 201, 203, show ip dhcp-client statistics . . . . . . . . show ip dhcp-pool . . . . . . . . . . . . . show ip dhcp-server bindings . . . . . . . show ip dhcp-server statistics . . . . . . . show ip distribution access-lists . . . . . . show ip domain . . . . . . . . . . . . . . show ip domain statistics. . . . . . . . . . show ip icmp . . . . . . . . . . . . . . . show ip interface . . . . . . . . . . . . . show ip interface brief . . . . . . . . . . . show ip interfaces . . . . . . . . . . . . . show ip next-hop-list all . . . . . . . . . . show ip ospf . . . . . . . . . . . . . . . show ip ospf database . . . . . . . . . . . show ip ospf interface . . . . . . . . . . . show ip ospf neighbor . . . . . . . . . . . show ip ospf protocols . . . . . . . . . . . show ip pbr-list . . . . . . . . . . . . . . show ip protocols . . . . . . . . . . . . . show ip qos-list . . . . . . . . . . . . . . show ip reverse-arp . . . . . . . . . . . . show ip route . . . . . . . . . . . . . . . show ip route best-match . . . . . . . . . show ip route static . . . . . . . . . . . . show ip route summary . . . . . . . . . . show ip route track-table . . . . . . . . . . show ip rtp header-compression . . . . . . show ip rtp header-compression brief . . . . show ip ssh . . . . . . . . . . . . . . . . show ip tcp header-compression . . . . . . show ip tcp header-compression brief. . . . show ip telnet . . . . . . . . . . . . . . . show ip track-table . . . . . . . . . . . . show ip vrrp . . . . . . . . . . . . . . . . show ip-codec-set . . . . . . . . . . . . . show ip-next-hop-list . . . . . . . . . . . . show ip-qos-list . . . . . . . . . . . . . . show ip-rule access control list . . . . . . . . . . . policy based routing . . . . . . . . 625, policy list . . . . . . . . . . . . . . . QoS list . . . . . . . . . . . . . . . . show keepalive-icmp . . . . . . . . . . . show last-pim-update . . . . . . . . . . . show license status . . . . . . . . . . . . show list . . . . . . . 595, 610, 614, 617, show lldp . . . . . . . . . . . . . . . . . show lldp config . . . . . . . . . . . . . . show logging file condition . . . . . . . . . show logging file content . . . . . . . . 213, show logging server condition . . . . . . . show logging session condition . . . . . . . show login authentication . . . . . . . . . show map-class frame-relay . . . . . . . . . . 590 204, 203, 477, 477, 477, 205 204 479 480 480 . . 492 . 93, 95 . 93, 95 . . 486 . . 267 . . 448 . . 268 . . 628 494, 496 494, 496 494, 496 494, 496 . . 496 627, 635 492, 495 610, 615 484, 485 455, 456 455, 456 455, 456 455, 456 . . 455 229, 231 . . 229 . 62, 63 229, 231 229, 231 . . . 68 . . 456 501, 502 . . 188 . . 634 . . 617 613, 614 628, 634 . . 610 . . 617 294, 296 . . 188 . . 510 628, 635 207, 208 207, 208 214, 223 217, 223 212, 223 216, 223 . 59, 61 266, 268 Issue 1 January 2008 719 Index show max-ip-registration . . . . . . . . . . . . 188 show mediaserver . . . . . . . . . . . . . . . 88 show mg list_config . . . . . . . . . . . . . . 96, 97 show mgc . . . . . . . . . . . . . . 85, 88, 95, 97 show mgc list . . . . . . . . . . . . . . . . . 85, 88 show mm . . . . . . . . . . . . . . . . . . . 95 show module . . . . . . . . . . . . . . . . . 96, 97 show mss-notification rate . . . . . . . . . . . . 78 show next-hop . . . . . . . . . . . . 626, 628, 633 show pim-lockout . . . . . . . . . . . . . . . . 188 show pmi . . . . . . . . . . . . . . . . . . . 80, 81 show point-to-point status . . . . . . . . . . . . 369 show port auto-negotiation-flowcontrol-advertisement . 194, 196 show port classification . . . . . . . . . . 369, 370 show port edge state . . . . . . . . . 194, 364, 368 show port edge status . . . . . . . . . . . . . . 196 show port flowcontrol . . . . . . . . . . . 194, 196 show port lldp config . . . . . . . . . . . 207, 208 show port lldp vlan-name config . . . . . . 207, 208 show port mirror . . . . . . . . . . . . . 361, 362 show port point-to-point status . . . . . . . . . . 365 show port redundancy . . . . . . . . . . 359, 360 show port trap . . . . . . . . . . . . . . 333, 335 show port vlan-binding . . . . . . . . . . . . . 354 show port vlan-binding-mode . . . . . . . . . . 358 show ppp authentication . . . . . . . . . 241, 244 show protocol . . . . . . . . . . . . . . . . 68, 94 show protocols . . . . . . . . . . . . . . . . . 95 show qos-rtcp . . . . . . . . . . . . . . 232, 233 show queue . . . . . . . . . . . . . . . 234, 235 show queueing . . . . . . . . . 234, 235, 236, 237 show radius authentication . . . . . . . . . . 65, 66 show recovery . . . . . . . . . . . . . . . . 86, 88 show restart-log . . . . . . . . . . . . . . . 96, 97 show restore status . . . . . . . . . . . . .102, 111 show rmon alarm . . . . . . . . . . . . . 372, 374 show rmon event . . . . . . . . . . . . . 372, 374 show rmon history . . . . . . . . . . . . 372, 374 show rmon statistics . . . . . . . . . . . 372, 374 show rtp-stat config . . . . . . . . . . . . 380, 413 show rtp-stat detailed . . . . . . . . . . . 386, 413 show rtp-stat sessions . . . . . . . . . . 385, 413 show rtp-stat summary . . . . . . . . . . 384, 413 show rtp-stat thresholds . . . . . . . . . . 377, 413 show rtp-stat traceroute . . . . . . . . . . 398, 413 show rtr configuration . . . . . . . . . . . 304, 315 show rtr operational-state . . . . . . . . . 304, 315 show running-config . . . . . . . . . . . . . . 267 show sig-group . . . . . . . . . . . . . . . . . 188 show slot-config . . . . . . . . . . . . . . . . 188 show sls . . . . . . . . . . . . . . . . . . . . 184 show snmp . . . . . . . . 72, 78, 333, 335, 337, 383 show snmp engineID . . . . . . . . . . . . . . 337 show snmp group . . . . . . . . . . . . . . . . 337 show snmp retries . . . . . . . . . . . . 337, 338 720 Administration for the Avaya G450 Media Gateway show snmp timeout . . . . . . . . . . . . 337, 338 show snmp user . . . . . . . . . . . . . . 337, 338 show snmp userToGroup . . . . . . . . . . . 337 show snmp usertogroup . . . . . . . . . . . . 338 show snmp view. . . . . . . . . . . . . . 336, 338 show spantree . . . . . . . . . . . . . . 366, 369 show startup-config . . . . . . . . . . . . . . 267 show station . . . . . . . . . . . . . . . . . 188 show sync timing . . . . . . . . . . . . . . . 639 show system . . . . . . . . . .82, 96, 97, 105, 113 show tcp syn-cookies . . . . . . . . . . . . . . 71 show temp . . . . . . . . . . . . . . . . . 96, 97 show timeout . . . . . . . . . . . . . . . . 96, 97 show track . . . . . . . . . . . . . . . . 304, 315 show traffic-shape . . . . . . . . . . . . . 267, 268 show trunk . . . . . . . . . . . . . . . . 354, 358 show trunk-group . . . . . . . . . . . . . . . 189 show upload announcement-file status . . . 349, 350 show upload auth-file status . . . . . . . . . 57, 61 show upload status . . . . . . . . . . . . 428, 434 show username . . . . . . . . . . . . . . . . . 59 show utilization . . . . . . . . . . . . . . . 96, 97 show vlan . . . . . . . . . . . . . . . 353, 354, 358 show voltages . . . . . . . . . . . . . . . . 96, 97 shutdown CNA test plug . . . . . . . . . . . . . 438, 441 console port . . . . . . . . . . . . . . 243, 244 PPPoE . . . . . . . . . . . . . . . . 261, 263 USB port . . . . . . . . . . . . . . . 240, 241 WAN port . . . . . . . . . . . . . . . . . 198 sig-group . . . . . . . . . . . . . . . 159, 180, 189 sls . . . . . . . . . . . . . . . . . . 159, 160, 184 snmp trap link-status . . . . . . . . . . . 334, 335 snmp-server community . . . . . . . . . . 336, 338 snmp-server dynamic-trap-manager 72, 78, 338, 339, 383 snmp-server enable notification . . . . . . . . 335 snmp-server enable notifications . . . . . . . . 333 snmp-server engineID . . . . . . . . . . . 336, 338 snmp-server group . . . . . . . . 72, 78, 336, 338 snmp-server host . . . . . . . 72, 78, 333, 336, 382 snmp-server informs . . . . . . . . . . . . 333, 336 snmp-server remote-user . . . . . . . . . 336, 338 snmp-server user . . . . . . . 72, 78, 330, 336, 338 snmp-server view . . . . . . . . . . . 332, 336, 338 source-address . . . . . . . . . . . . . . 301, 315 source-ip access control list . . . . . . . . . . . . . 613 crypto list rule . . . . . . . . . . . . . 521, 589 packet sniffing . . . . . . . . . . . . . 418, 433 policy based routing . . . . . . . . . . . . 634 policy list . . . . . . . . . . . . . . . . . 601 QoS list . . . . . . . . . . . . . . . . . . 617 speed . . . . . . . . . . . . . 198, 240, 242, 244 USB port . . . . . . . . . . . . . . . . . 241 start-ip-addr . . . . . . . . . . . . . . . . 472, 479 Index station . . . . . . . . . . . . . . . . subnet-mask . . . . . . . . . . . . . success-retries . . . . . . . . . . . . suggest-key . . . . . . . . . . . . . tcp destination-port . . 419, 433, 602, tcp established . . . . . . . . . . . . tcp source-port . . . . 419, 433, 602, tcp syn-cookies . . . . . . . . . . . . telnet . . . . . . . . . . . . . . . . test led . . . . . . . . . . . . . . . . test-rate-limit . . . . . . . . . . . . . threshold count . . . . . . . . . . . . timeout absolute . . . . . . . . . . . timers basic . . . . . . . . . . . . . timers spf . . . . . . . . . . . . . . traceroute . . . . . . . . . . . . . . track . . . . . . . . . . . . . . . . . track rtr . . . . . . . . . . . . . . . traffic-shape rate . . . . . . . . . . . transmitter-delay . . . . . . . . . . . trunk-group . . . . . . . . . . . . . . tunnel checksum . . . . . . . . . . . tunnel destination . . . . . . . . . . . tunnel dscp . . . . . . . . . . . . . . tunnel key . . . . . . . . . . . . . . tunnel path-mtu-discovery . . . . . . . tunnel source . . . . . . . . . . . . . tunnel ttl . . . . . . . . . . . . . . . type . . . . . . . . . . . . . . . . . udp destination-port . . 419, 434, 602, udp source-port . . . . 419, 434, 602, username . . . . . . . . . . . . . . value. . . . . . . . . . . . . . . . . vendor-specific-option . . . . . . . . . voip-queue . . . . . . . . . . . 234, voip-queue-delay . . . . . . . . . . . wait-interval . . . . . . . . . . . . . Committed Burst size . . . . . . . . . . Composite operations adding to IP rule . . . . . . . . . . . configuring . . . . . . . . . . . . . . deleting from IP rule . . . . . . . . . example . . . . . . . . . . . . . . . pre-configured for access control lists . Computer, connecting to fixed router port . Configuration defining an interface . . . . . . . . . DHCP client . . . . . . . . . . . . . dynamic trap manager . . . . . . . . ethernet ports . . . . . . . . . . . . header compression . . . . . . . . . LLDP . . . . . . . . . . . . . . . . managing configuration files . . . . . . MGC list . . . . . . . . . . . . . . . modem. . . . . . . . . . . . . . . . 159, 163, 189 472, 473, 479 . . 301, 315 . . 516, 587 613, 617, 634 . . 604, 614 614, 617, 634 . . . . 70, 71 . . . . 48, 68 . . . . 96, 97 . . 438, 441 . . 303, 315 240, 243, 244 . . 490, 491 . . 495, 496 . . 455, 456 . . 303, 315 . . . . . 302 . . . . . 197 . . 254, 256 . . 159, 190 . . 463, 466 . . 462, 466 . . 463, 466 . . 463, 466 . . 461, 466 . . 462, 466 . . 463, 466 . . 300, 314 614, 617, 634 614, 617, 634 . . . . . 54 473, 474, 479 . . 474, 479 235, 236, 237 234, 236, 237 . . 301, 315 . . . . . 316 . . . . . . . . . . . . . . . . . . . . . . . . . 607 . 607 . 607 . 608 . 605 . 193 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 . 200 . 338 . 193 . 225 . 206 . 113 . 84 . 239 primary management interface . . . . RTCP . . . . . . . . . . . . . . . RTP . . . . . . . . . . . . . . . . running configuration . . . . . . . . saving configuration changes . . . . startup . . . . . . . . . . . . . . . startup configuration . . . . . . . . . switching . . . . . . . . . . . . . . using Avaya IW . . . . . . . . . . . using GIW . . . . . . . . . . . . . using the CLI . . . . . . . . . . . . WAN ethernet port. . . . . . . . . . Configuration file CLI commands . . . . . . . . . . . Console device configuring console port for use with . configuring console port to detect . . . Console port assigning IP address . . . . . . . . associating with Dialer interface . . . CLI commands . . . . . . . . . . . configuring for modem use . . . . . . configuring for telnet access . . . . . configuring for use with console device configuring for use with modem . . . configuring to detect console device . configuring to detect modem . . . . . connecting modem . . . . . . . . . default settings . . . . . . . . . . . description . . . . . . . . . . . . . disconnecting sessions . . . . . . . entering interface context . . . . . . GIW configuration via . . . . . . . . resetting connected modems . . . . . setting authentication method . . . . setting load calculation intervals . . . setting PPP timeout disconnects . . . Contact closure activating when access code dialed . . closure modes . . . . . . . . . . . configuring software . . . . . . . . . deactivating manually . . . . . . . . displaying status . . . . . . . . . . overview . . . . . . . . . . . . . . relay control methods . . . . . . . . setting manually . . . . . . . . . . . setting pulse duration . . . . . . . . using in SLS mode . . . . . . . . . Contact closure configuration CLI commands . . . . . . . . . . . Contexts . . . . . . . . . . . . . . . . Continuous channel in VPN . . . . . . . Controller configuring mode . . . . . . . . . . displaying configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 225 225 . 40 . 40 267 . 40 351 . 48 . 51 . 39 196 . . . . . . 115 . . . . . 242 . . . . . 242 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 283 243 . 47 242 242 244 242 242 . 47 244 242 243 242 . 51 242 242 243 243 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 344 344 344 345 343 343 344 344 129 . . . . . 345 . . . . . . 44 . . . . . 539 . . . . . 249 . . . . . 249 Issue 1 January 2008 721 Index entering context Cost . . . . . . . Crypto list configuring . . . deactivating . . crypto list overview . . . . Crypto map configuring . . . overview . . . . . . . . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . . . 493 . . . . . . . . . . . . . . . . 520 . . . . . . . . . . . . . . . . 523 . . . . . . . . . . . . . . . . 506 . . . . . . . . . . . . . . . . 519 . . . . . . . . . . . . . . . . 506 D Data Link Connection Identifier see DLCI Default gateway CLI commands . . . . . . . . . . . defining . . . . . . . . . . . . . . removing . . . . . . . . . . . . . . DeMilitarized Zone see DMZ Denial of Service reporting . . . . . . . Deployments basic . . . . . . . . . . . . . . . . introduction. . . . . . . . . . . . . overview . . . . . . . . . . . . . . port redundancy . . . . . . . . . . STP . . . . . . . . . . . . . . . . STP and switch redundancy . . . . . switch redundancy . . . . . . . . . Device status CLI commands . . . . . . . . . . . viewing. . . . . . . . . . . . . . . DHCP BOOTP relay . . . . . . . . . . . . configuration . . . . . . . . . . . . description . . . . . . . . . . . . . DHCP and BOOTP relay CLI commands . . . . . . . . . . . DHCP client applications . . . . . . . . . . . . CLI commands . . . . . . . . . . . CLI logging enabling . . . . . . . . . . . . setting logging session conditions viewing . . . . . . . . . . . . . configuring . . . . . . . . . . . . . determining DHCP option requests . displaying configuration . . . . . . . displaying parameters . . . . . . . . enabling . . . . . . . . . . . . . . lease releasing . . . . . . . . . . . . renewing . . . . . . . . . . . . maintaining . . . . . . . . . . . . . . . . . . . 82 . . . . 82, 455 . . . . . . 455 . . . . . . 71 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 . . 31 . . 31 . 32, 33 . . 34 . . 35 . . 33 . . . . . . 97 . . . . . . 95 . . . . . . 468 . . . . . . 469 . . . . . . 467 . . . . . . 469 . . . . . . 199 . . . . . . 204 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 . 203 . 203 . 200 . 200 . 203 . 201 . 201 . . . . . . 202 . . . . . . 202 . . . . . . 203 overview . . . . . . . . . . . . . . . . . setting the client identifier . . . . . . . . . setting the client lease . . . . . . . . . . . setting the hostname . . . . . . . . . . . DHCP options . . . . . . . . . . . . . . . . DHCP server CLI commands . . . . . . . . . . . . . . configuration examples . . . . . . . . . . configuring DHCP options . . . . . . . . . configuring vendor-specific options . . . . . overview . . . . . . . . . . . . . . . . . typical application . . . . . . . . . . . . . Diagnosing and monitoring the network . . . . . . . . Dial On Demand Routing (DDR) . . . . . . . . Dialer interface activating with object tracking . . . . . . . as backup for Loopback interface . . . . . . as backup for WAN interface . . . . . . . . assigning access control list to . . . . . . . assigning to Console port . . . . . . . . . authentication method . . . . . . . . . . . CHAP authentication . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . configuring . . . . . . . . . . . . . . . . configuring as backup . . . . . . . . . . . configuring backup routing . . . . . . . . . dynamic IP . . . . . . . . . . . . . . . . dynamic routing . . . . . . . . . . . . . . giving priority to VoIP . . . . . . . . . . . logging . . . . . . . . . . . . . . . . . . setting IP address . . . . . . . . . . . . . static routing . . . . . . . . . . . . . . . unnumbered IP . . . . . . . . . . . . 272, verifying connection . . . . . . . . . . . . Dialer strings . . . . . . . . . . . . . . . . . Directed broadcast forwarding . . . . . . . . . Discard routes . . . . . . . . . . . . . . . . Distribution access lists . . . . . . . . . . . . DLCI configuring for frame relay sub-interface . . OSPF mapping . . . . . . . . . . . . . . Priority see Priority DLCI DMZ . . . . . . . . . . . . . . . . . . . . . DNS resolver clearing counters . . . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . configuration example . . . . . . . . . . . features . . . . . . . . . . . . . . . . . . maintaining . . . . . . . . . . . . . . . . overview . . . . . . . . . . . . . . . . . showing information . . . . . . . . . . . . typical application . . . . . . . . . . . . . when not necessary . . . . . . . . . . . . 722 Administration for the Avaya G450 Media Gateway . . . . . . . . . . 199 200 200 200 473 . . . . . . . . . . . . 478 475 473 474 470 471 . . 371 . . 272 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279, . . . . . . . . . . 279 272 272 283 283 276 276 291 274 277 277 279 272 271 284 274 272 448 276 274 480 454 488 . . 264 . . 318 . . 444 . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 94 93 89 93 88 93 89 91 Index DNS servers requesting list of DNS servers during a PPP/IPCP session . . . . . . . . . . . . . . . . . . . . 261 requesting list of DNS servers from a DHCP server200 DoS reporting . . . . . . . . . . . . . . . . . . . 71 DSA . . . . . . . . . . . . . . . . . . . . . . . 61 DSCP as access control list rule criteria. . . . . . . . . 604 as policy-based routing rule criteria . . . . . . . 604 as QoS list rule criteria . . . . . . . . . . . . . 604 in GRE header . . . . . . . . . . . . . . . . . 463 in RTR probes . . . . . . . . . . . . . . . . . 300 in VPN packets . . . . . . . . . . . . . . . . . 520 routing based on . . . . . . . . . . . . . . . . 620 DSCP table, see Policy . . . . . . . . . . . . . . . 608 duplex. . . . . . . . . . . . . . . . . . . . . . . 198 Duplex, configuring duplex type . . . . . . . . . . . 194 Dynamic CAC and modem dial backup . . . . . . . . . . 271, 278 CLI commands . . . . . . . . . . . . . . . . . 298 configuration . . . . . . . . . . . . . . . . . . 297 description . . . . . . . . . . . . . . . . . . . 296 Dynamic Host Configuration Protocol see DHCP Dynamic IP configuring . . . . . . . . . . . . . . . . . . . 537 Dialer interface . . . . . . . . . . . . . . . . . 279 overview . . . . . . . . . . . . . . . . . . . . 536 Dynamic routes deleting . . . . . . . . . . . . . . . . . . . . 455 redistributing . . . . . . . . . . . . . . . . . . 497 Dynamic trap manager CLI commands . . . . . . . . . . . . . . . . . 339 configuring . . . . . . . . . . . . . . . . . . . 338 E E1/T1 lines CLI commands . . . . . . . . . . connecting to WAN media module . default settings . . . . . . . . . . E1/T1 ports . . . . . . . . . . . . . ECMP . . . . . . . . . . . . . . . . Emergency Transfer Relay see ETR Encrypting gateway secrets. . . . . . Ethernet ports CLI commands . . . . . . . . . . configuration . . . . . . . . . . . configuring duplex type . . . . . . configuring link negotiation protocol configuring switch port . . . . . . connecting devices to . . . . . . . list of . . . . . . . . . . . . . . . port redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 . 245 . 251 . 249 . 493 . . . . . . . 68 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 . 193 . 194 . 195 . 194 . 193 . 193 . 358 setting flowcontrol advertisements WAN Ethernet port see WAN Ethernet port ETR CLI commands . . . . . . . . . description . . . . . . . . . . . displaying status . . . . . . . . LED . . . . . . . . . . . . . . manual activation . . . . . . . . setting state . . . . . . . . . . . Excess Burst size. . . . . . . . . . . . . . . . . 194 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 325 326 325 325 325 316 F Fair VoIP queue . . . . . . . . . . . . . . Fast Ethernet interface configuring PPPoE . . . . . . . . . . . Fast Ethernet port . . . . . . . . . . . . . auto-negotiation . . . . . . . . . . . . . configuring duplex type . . . . . . . . . configuring interface . . . . . . . . . . . configuring port speed . . . . . . . . . . firewall connected . . . . . . . . . . . . VPN connected . . . . . . . . . . . . . FastEthernet Interface described . . . . . . . . . . . . . . . . FastEthernet interface checking status . . . . . . . . . . . . . dynamic bandwidth reporting . . . . . . . ICMP keepalive . . . . . . . . . . . . . Features . . . . . . . . . . . . . . . . . . File transfer, see FTP or TFTP . . . . . . . FIPS adding next hops . . . . . . . . . . . . disabling modem dial backup . . . . . . . next hops static routes . . . . . . . . . . Firewall . . . . . . . . . . . . . . . . . . Firmware CLI commands . . . . . . . . . . . . . firmware bank defaults . . . . . . . . . . firmware banks . . . . . . . . . . . . . load with ASB button . . . . . . . . . . managing firmware banks . . . . . . . . redundancy . . . . . . . . . . . . . . . upgrade overview . . . . . . . . . . . . upgrading using FTP/TFTP . . . . . . . upgrading using USB mass storage device uploading files from the gateway . . . . . version control . . . . . . . . . . . . . Fixed analog trunk port . . . . . . . . . . . Flowcontrol advertisement . . . . . . . . . Fragmentation as map class parameter . . . . . . . . . CLI commands . . . . . . . . . . . . . configuration . . . . . . . . . . . . . . . . . 234 . . . . . . . . . . . . . . . . . . . . . . . . 258 294 197 197 196 197 444 444 . . . 444 . . . . . . . . . . . . . . . 292 296 292 . 28 . 98 . . . . . . . . . . . . 453 279 452 444 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 99 41 99 99 99 98 100 101 102 . 41 325 194 . . . . . . . . . 316 . . . 503 . . . 503 Issue 1 January 2008 723 Index description . . . . . . . . . . GRE tunneling . . . . . . . . reassembly . . . . . . . . . . Frame relay . . . . . . . . . . . displaying configuration . . . . enabling traffic shaping . . . . Frame relay encapsulation CLI commands . . . . . . . . down status . . . . . . . . . encapsulation types . . . . . . establishing Layer 3 interface . IETF . . . . . . . . . . . . . illustration . . . . . . . . . . non-IETF . . . . . . . . . . . supported features . . . . . . supported on Serial interfaces . Frame relay traffic shaping CLI commands . . . . . . . . configuring within map classes description . . . . . . . . . . displaying configuration . . . . enabling . . . . . . . . . . . FRF.12 fragmentation configuring within map classes description . . . . . . . . . . FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 . 461 . 503 . 245 . 266 . 316 routing packets to tunnel . . . . . . . . . . . . 457 Guide downloading from website . . . . . . . . . . . . 23 latest version, downloading . . . . . . . . . . . 23 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 . 269 . 263 . 453 . 263 . 247 . 263 . 316 246, 445 Header compression clearing rtp header compression statistics . . . . 231 clearing tcp header compression statistics . . . 231 decompression . . . . . . . . . . . . . . . . 226 IPCH method - RTP and TCP header compression CLI commands . . . . . . . . . . . . . . . 228 disabling . . . . . . . . . . . . . . . . . . 228 enabling . . . . . . . . . . . . . . . . . . 228 overview . . . . . . . . . . . . . . . . . . 226 IPHC method - RTP and TCP header compression configuring UDP ports range . . . . . . . . 227 methods . . . . . . . . . . . . . . . . . . . 226 overview . . . . . . . . . . . . . . . . . . . 225 showing rtp header compression statistics . . . 231 showing tcp header compression statistics . . . 231 supported methods per interface type . . . . . . 226 transmission rate . . . . . . . . . . . . . . . 226 Van Jacobson Method - TCP header compression CLI commands . . . . . . . . . . . . . . . 231 configuring . . . . . . . . . . . . . . . . . 229 disabling . . . . . . . . . . . . . . . . . . 230 enabling . . . . . . . . . . . . . . . . . . 230 overview . . . . . . . . . . . . . . . . . . 226 Hello packets . . . . . . . . . . . . . . . . . . . 494 Help CLI . . . . . . . . . . . . . . . . . . . . . . . 44 commands . . . . . . . . . . . . . . . . . . . 44 High Preference static routes . . . . . . . . . . . 452 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 . 316 . 316 . 267 . 316 . . . . . . . . . 316 . . . . . . . . . 316 . . . . . . . . . 98 G General context . . . . . . . . . . . . . . . . . . 44 Generic Routing Encapsulation, see GRE tunneling Gigabit Ethernet port location . . . . . . . . . . . . . . . . . . . . 193 port redundancy . . . . . . . . . . . . . . . . 358 GIW accessing . . . . . . . . . . . . . . . . . . . 51 configuration using . . . . . . . . . . . . . . . 51 description . . . . . . . . . . . . . . . . . . . 51 installation on laptop . . . . . . . . . . . . . . 51 GRE tunneling adding checksum . . . . . . . . . . . . . . . . 463 adding ID keys . . . . . . . . . . . . . . . . . 463 applications . . . . . . . . . . . . . . . . . . 457 as next hop. . . . . . . . . . . . . . . . . . . 625 assigning DSCP . . . . . . . . . . . . . . . . 463 assigning TTL . . . . . . . . . . . . . . . . . 463 checking tunnel status . . . . . . . . . . 460, 462 CLI commands . . . . . . . . . . . . . . . . . 466 compared to VPN . . . . . . . . . . . . . . . . 456 displaying tunnel information . . . . . . . . . . 464 dynamic bandwidth reporting . . . . . . . . . . 296 dynamic MTU discovery . . . . . . . . . . . . . 461 optional features . . . . . . . . . . . . . . . . 460 overview . . . . . . . . . . . . . . . . . 444, 456 preventing recursive routing . . . . . . . . . . . 458 H I ICC-VLAN . . . . . . . . . ICMP errors . . . . . . . . CLI commands . . . . . ICMP keepalive . . . . . . and policy-based routing . CLI commands . . . . . IGAR . . . . . . . . . . . IKE phase 1 . . . . . . . . . phase 2 . . . . . . . . . Ingress Access Control List . Ingress QoS List . . . . . . Interface configuration CLI commands . . . . . Interface status CLI commands . . . . . Interfaces 724 Administration for the Avaya G450 Media Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 . . . . . 486 . . . . . 486 . . . . . 292 . . . . . 619 . . . . . 295 . 271, 278, 296 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 505 619 619 . . . . . . . . . . . 446 . . . . . . . . . . . 435 Index adjusting bandwidth . . . . . . . . . . . . . . . 493 administrative status . . . . . . . . . . . . . . 198 applying PBR lists . . . . . . . . . . . . . . . 623 assigning Cost . . . . . . . . . . . . . . . . . 493 assigning IP addresses . . . . . . . . . . . . . 79 authentication . . . . . . . . . . . . . . . . . 489 backup . . . . . . . . . . . . . . . . . . . . . 197 configuration . . . . . . . . . . . . . . . . . . 443 configuration examples . . . . . . . . . . . . . 446 defining . . . . . . . . . . . . . . . . . . . . 79 disabling . . . . . . . . . . . . . . . . . . . . 452 displaying information . . . . . . . . . . . . . . 267 displaying status . . . . . . . . . . . . . . . . 434 duplex type . . . . . . . . . . . . . . . . . . . 197 dynamic bandwidth reporting . . . . . . . . . . 296 fastethernet . . . . . . . . . . . . . . . . . . 444 frame relay . . . . . . . . . . . . . . . . . . . 263 GRE tunnel, see GRE tunneling IP see IP interfaces Layer 2. . . . . . . . . . . . . . . . . . 444, 452 Layer 3. . . . . . . . . . . . . . . . . . . . . 453 logical . . . . . . . . . . . . . . . . . . . . . 445 Loopback . . . . . . . . . . . . . . 444, 619, 623 metrics . . . . . . . . . . . . . . . . . . . . . 494 network type . . . . . . . . . . . . . . . . . . 494 physical . . . . . . . . . . . . . . . . . . . . 444 priority . . . . . . . . . . . . . . . . . . . . . 494 Serial . . . . . . . . . . . . . . . . . . . . . 445 see Serial interfaces setting administrative state . . . . . . . . . . . 445 setting load calculation intervals . . . . . . . . . 79 speed . . . . . . . . . . . . . . . . . . . . . 198 switching . . . . . . . . . . . . . . . . . 444, 445 testing configuration . . . . . . . . . . . . . . 266 updating broadcast address . . . . . . . . . . . 445 USP WAN . . . . . . . . . . . . . . . . . . . 444 virtual . . . . . . . . . . . . . . . . . . 246, 444 WAN . . . . . . . . . . . . . . . . . . . . . . 444 Inter-Gateway Alternate Routing, see IGAR Internet Key Exchange (IKE) . . . . . . . . . . . . 505 IP address assigning to USB port . . . . . . . . . . . . . . 38 defining . . . . . . . . . . . . . . . . . . . . 445 obtaining via DHCP . . . . . . . . . . . . . . . 199 obtaining via PPP/IPCP negotiation . . . . . . . 260 storing in ARP table . . . . . . . . . . . . . . . 482 ip domain timeout . . . . . . . . . . . . . . . . . 91 IP interfaces . . . . . . . . . . . . . . . . . . . . 445 IP Security, see VPN IP unnumbered interface configuration CLI commands . . . . . . . . . . . . . . . . . 450 IPSec VPN, see VPN ISAKMP peer-group configuration . . . . . . . . . . . . 518 policies . . . . . . . . . . . . . . . . . . . . 512 VPN peer configuration . . . . . . . . . . . . 514 K keepalive configuring on PPP WAN line . . keepalive ICMP, see ICMP keepalive Keepalive, GRE tunnel . . . . . . . keepalive-track . . . . . . . . . . . configuring in VPN. . . . . . . . configuring on PPPoE interface . . . . . . . . 257 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 198 517 261 LAN . . . . . . . . . . . . . . . . . . Layer 2 interfaces . . . . . . . . . . . Layer 2 logical interfaces . . . . . . . . Layer 2 virtual interfaces . . . . . . . . Layer 3 interfaces . . . . . . . . . . . LEDs, ETR . . . . . . . . . . . . . . . Link Layer Discovery Protocol, see LLDP Link-state algorithm . . . . . . . . . . . Listing files . . . . . . . . . . . . . . . CLI commands . . . . . . . . . . . LLDP 802.1 TLVs (optional) . . . . . . . . CLI commands . . . . . . . . . . . configuration . . . . . . . . . . . . enabling . . . . . . . . . . . . . . mandatory TLVs. . . . . . . . . . . optional TLVs . . . . . . . . . . . . overview . . . . . . . . . . . . . . setting additional TLVs . . . . . . . . setting port status . . . . . . . . . . supported ports . . . . . . . . . . . supported TLVs . . . . . . . . . . . verify advertisements . . . . . . . . LMI parameters . . . . . . . . . . . . Load balancing ECMP . . . . . . . . . . . . . . . VRRP . . . . . . . . . . . . . . . Local Management Interface see LMI parameters . . . . . . . . . Log file see Logging Logging CLI commands . . . . . . . . . . . configuring log file . . . . . . . . . . configuring session log . . . . . . . configuring Syslog server . . . . . . default severity levels . . . . . . . . defining filters . . . . . . . . . . . . deleting log file . . . . . . . . . . . deleting Syslog server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444 452 445 444 453 325 205 492 . 116 . 116 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 208 206 206 206 206 205 207 206 207 206 207 263 L . . . . . 493 . . . . . 498 . . . . . 263 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Issue 1 January 2008 222 213 215 210 218 217 213 . 211 725 Index Dialer interface . . . . . . . . disabling log file . . . . . . . disabling session log . . . . . disabling Syslog server . . . . displaying log file contents. . . displaying Syslog server status enabling log file . . . . . . . . enabling session log . . . . . enabling Syslog server . . . . filtering by application . . . . . introduction. . . . . . . . . . limiting Syslog access . . . . . log file . . . . . . . . . . . . log file example . . . . . . . . log file filter contents . . . . . log file message format . . . . modem dial backup . . . . . . object trackers . . . . . . . . object tracking . . . . . . . . overview . . . . . . . . . . . RTR . . . . . . . . . . . . . saving settings . . . . . . . . session log . . . . . . . . . . session log example . . . . . session log message format . . setting filters . . . . . . . . . sinks . . . . . . . . . . . . . specifying Syslog output facility Syslog default settings . . . . Syslog server . . . . . . . . . Syslog server example . . . . Syslog server message format . VPN . . . . . . . . . . . . . Logging session, see Logging Logical interfaces . . . . . . . . Loopback interface . . . . . . . . Loops defined . . . . . . . . . . . . preventing in GRE tunneling . . preventing in RIP . . . . . . . Low preference static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 . 213 . 215 . 211 . 213 . 212 . 213 . 215 . 210 . 219 . 209 . 211 . 209 . 221 . 217 . 215 . 284 . 305 . 305 . 209 . 305 . 209 209, 215 . . . 222 . . . 216 . . . 217 . . . 209 . . . 210 . . . 212 . . . 209 . . . 220 . . . 212 . . . 528 . . . . . . . . . 445 . 272, 444, 619, 623 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 . 458 . 487 . 452 M MAC addresses, storing in ARP table . . . . . . . . 482 Managed Security Services, see MSS Map classes applying to all configured Permanent Virtual Channels 316 default . . . . . . . . . . . . . . . . . . . . . 316 number that can be configured . . . . . . . . . 316 parameters . . . . . . . . . . . . . . . . . . . 316 Master Configuration Key CLI commands . . . . . . . . . . . . . . . . . 71 configuring . . . . . . . . . . . . . . . . . . . 69 MCG CLI commands . . . . . . . . . . . . . . . . . 88 MCK (Master Configuration Key) . . . . . . . . . . 68 Media modules . . . . . . . . . . . . . . . . . . . 28 adding, using a USB mass storage device . . . . 111 MM340 . . . . . . . . . . . . . . . . 248, 249, 444 MM342 . . . . . . . . . . . . . . . . 248, 254, 444 upgrading, using a USB mass storage device . . . 111 USP WAN, see MM342 media module WAN . . . . . . . . . . . . . . . . . . . . . 248 Metrics . . . . . . . . . . . . . . . . . . . . . . 497 MGC accessing . . . . . . . . . . . . . . . . . . . . 53 accessing the registered MGC . . . . . . . . . . 87 auto fallback to primary . . . . . . . . . . . . . 83 changing the list . . . . . . . . . . . . . . . . . 86 checking connectivity with . . . . . . . . . . . 272 clearing the list . . . . . . . . . . . . . . . . . 86 displaying the list . . . . . . . . . . . . . . . . 85 monitoring the ICC . . . . . . . . . . . . . . . 87 monitoring the LSP . . . . . . . . . . . . . . . 87 overview . . . . . . . . . . . . . . . . . . . . 82 reporting bandwidth to . . . . . . . . . . . . . 296 running Avaya Communication Manager . . . . . 53 setting reset times . . . . . . . . . . . . . . . . 86 setting the list . . . . . . . . . . . . . . . . . . 84 MGC list SLS entry . . . . . . . . . . . . . . . . . . . 123 MM340 media module configuring . . . . . . . . . . . . . . . . . . 249 E1/T1 WAN interface . . . . . . . . . . . . . 444 MM342 media module configuring . . . . . . . . . . . . . . . . . . 254 USP WAN interface . . . . . . . . . . . . . . 444 Modem configuring . . . . . . . . . . . . . . . . . . 239 configuring console port for use with . . . . . . 244 configuring console port to detect . . . . . . . . 242 configuring type on console port . . . . . . . . 242 connecting to Console port . . . . . . . . . . . . 47 connecting to S8300 Server . . . . . . . . . . . 48 connecting to USB port . . . . . . . . . . . . . 46 connecting via USB modem . . . . . . . . . . . 48 dial backup, see Modem dial backup displaying USB modem status . . . . . . . . . 240 serial . . . . . . . . . . . . . . . . . . . . . 242 USB . . . . . . . . . . . . . . . . . . . . . 239 Modem dial backup activating with object tracking . . . . . . . . . 279 and dynamic CAC . . . . . . . . . . . . . 271, 278 as backup interface . . . . . . . . . . . . . . 272 authentication method . . . . . . . . . . . . . 276 bandwidth available for . . . . . . . . . . . . 271 CHAP authentication . . . . . . . . . . . . . 276 configuration example . . . . . . . . . . . . . 279 726 Administration for the Avaya G450 Media Gateway Index configuring backup routing entering dialer strings . . . feature interactions . . . . FIPS and . . . . . . . . . logging . . . . . . . . . . overview . . . . . . . . . policy lists and . . . . . . prerequisites . . . . . . . RAS configuration . . . . typical installations . . . . using VPN . . . . . . . . Weighted Fair Queuing and Monitoring applications configuring . . . . . . . . MSS CLI commands . . . . . . configuring . . . . . . . . example . . . . . . . . . Overview . . . . . . . . . predefined DoS classes . . reporting mechanism . . . user-defined DoS classes . Multipoint topology support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 . 274 . 278 . 279 . 284 . 271 . 271 . 273 . 273 . 273 . 271 . 271 . . . . . . . . . . . 371 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 . 72 . 77 . 71 . 74 . 72 . 75 . 248 . . . . . . . . . . . . . . . . . . . . . 524 . 524 . 458 . 481 N NAT Traversal configuring . . . . . . . . . . . . . overview . . . . . . . . . . . . . . Nested tunneling . . . . . . . . . . . . NetBIOS . . . . . . . . . . . . . . . Network monitoring applications . . . . . . . . . . . . Next hop lists applying to policy-based routing rules backup routes . . . . . . . . . . . editing . . . . . . . . . . . . . . . entries . . . . . . . . . . . . . . . overview . . . . . . . . . . . . . . Next hops, see FIPS . . . . . . . . . . object tracker configuration . . . . . . . overview . . . . . . . . . . . . . . . . RTR configuration . . . . . . . . . . . . showing routes with tracking . . . . . . . verifying MGC connectivity . . . . . . . . viewing log messages . . . . . . . . . . VPN failover . . . . . . . . . . . . . . Open Shortest Path First protocol see OSPF OSPF advertising static routes . . . . . . . . . CLI commands . . . . . . . . . . . . . compared to RIP . . . . . . . . . . . . configuration . . . . . . . . . . . . . . default metric . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . displaying information . . . . . . . . . . DLCI mapping . . . . . . . . . . . . . . dynamic Cost . . . . . . . . . . . . . . enabling on network . . . . . . . . . . . enabling on system . . . . . . . . . . . interface authentication password . . . . interface authentication type . . . . . . . limitations . . . . . . . . . . . . . . . . metrics . . . . . . . . . . . . . . . . . modem dial backup and . . . . . . . . . priority . . . . . . . . . . . . . . . . . redistributing routing information . . . . . shortest-path-first algorithm . . . . . . . suppressing updates . . . . . . . . . . using with RIP . . . . . . . . . . . . . . OSPF Autonomous System Boundary Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452 . . 495 486, 492 . . 493 . . 497 . . 492 . . 494 . . 318 . . 493 . . 494 . . 494 . . 493 . . 493 . . 493 . . 493 . . 273 . . 494 . . 494 . . 492 . . 494 . . 497 . . 493 302 298 300 455 272 305 309 . . . . . . 371 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625 . 620 . 626 . 625 . 625 . 452 Object tracking activating Dialer interface . . . . . . . . applying to DHCP client . . . . . . . . . applying to PBR next-hops . . . . . . . applying to static routes . . . . . . . . . backup for the FastEthernet interface . . CLI commands . . . . . . . . . . . . . configuration . . . . . . . . . . . . . . configuration workflow . . . . . . . . . enabling logging . . . . . . . . . . . . interface backup via policy-based routing . maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 . 201 . 622 . 452 . 309 . 314 . 299 . 304 . 305 . 312 . 304 O P Packet sniffing analyzing capture file . . . . . . . . . . . analyzing captured packets . . . . . . . . applying a capture-list . . . . . . . . . . . applying rules to an address range . . . . . applying rules to packets with DSCP values . applying rules to packets with ip protocols . . capture list examples . . . . . . . . . . . clearing the capture buffer . . . . . . . . . CLI commands . . . . . . . . . . . . . . configuring . . . . . . . . . . . . . . . . creating capture-list . . . . . . . . . . . . defining rule criteria . . . . . . . . . . . . disabling . . . . . . . . . . . . . . . . . enabling . . . . . . . . . . . . . . . . . enabling the service . . . . . . . . . . . . excepting protocols from rules . . . . . . . excluding ICMP type and code . . . . . . . identifying the interface . . . . . . . . . . information, viewing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Issue 1 January 2008 429 426 423 418 418 418 422 424 432 415 416 416 415 415 425 418 421 430 426 727 Index overview . . . . . . . . . . . . . . . . . . . . 413 packets captured . . . . . . . . . . . . . . . . 414 reducing the size of the capture file . . . . . . . 424 rule criteria commands . . . . . . . . . . . . . 417 scp file upload limit . . . . . . . . . . . . . . . 428 service, starting . . . . . . . . . . . . . . . . . 425 service, stopping . . . . . . . . . . . . . . . . 426 setting buffers . . . . . . . . . . . . . . . . . 424 setting capture list context . . . . . . . . . . . . 416 setting capture list parameters . . . . . . . . . . 416 setting max frame size . . . . . . . . . . . . . 424 settings . . . . . . . . . . . . . . . . . . . . 424 simulating packets . . . . . . . . . . . . . . . 431 specifying bugger size . . . . . . . . . . . . . 424 specifying capture actions . . . . . . . . . . . . 416 specifying ICMP type and code . . . . . . . . . 421 specifying interfaces . . . . . . . . . . . . . . 415 streams that can be captured . . . . . . . . . . 414 streams that cannot be captured . . . . . . . . . 414 streams with conditional capture requirements . . 414 uploading capture file . . . . . . . . . . . . . . 427 uploading capture files to remote servers or USB storage device . . . . . . . . . . . . . . . . . . . . 428 uploading capture files to the S8300 . . . . . . . 428 viewing the capture-list . . . . . . . . . . . . . 423 viewing, captured packet hex dump . . . . . . . 426 Packets, simulating, see Policy . . . . . . . . . . . 611 Password Authentication Protocol . . . . . . . 240, 242 Passwords changing . . . . . . . . . . . . . . . . . . . . 54 managing . . . . . . . . . . . . . . . . . . . 54 overview . . . . . . . . . . . . . . . . . . . . 53 recovery password . . . . . . . . . . . . . . . 67 PBR lists attaching to interface . . . . . . . . . . . . . . 623 attaching to Loopback interface . . . . . . 619, 623 CLI commands . . . . . . . . . . . . . . . . . 633 deleting . . . . . . . . . . . . . . . . . . . . 627 editing rules . . . . . . . . . . . . . . . . . . 625 modifying . . . . . . . . . . . . . . . . . . . 627 name . . . . . . . . . . . . . . . . . . . . . 621 rule criteria . . . . . . . . . . . . . . . . . . . 624 rules . . . . . . . . . . . . . . . . . . . 621, 624 Permanent routes . . . . . . . . . . . . . . . . . 454 Phones supported in SLS mode . . . . . . . . . . 119 PIM accessing . . . . . . . . . . . . . . . . . . . 52 description . . . . . . . . . . . . . . . . . . . 52 SLS configuration . . . . . . . . . . . . . . . . 138 Ping . . . . . . . . . . . . . . . . . . . . . . . . 267 PMI CLI commands . . . . . . . . . . . . . . . . . 81 configuration . . . . . . . . . . . . . . . . . . 80 entering the interface context . . . . . . . . . . 80 explanation . . . . . . . . . . . . . . . . . . . 80 resetting the interface . . . . . . . . . . . . . . 80 setting location information . . . . . . . . . . . . 81 setting system contact information . . . . . . . . 81 setting the system name . . . . . . . . . . . . . 81 showing the PMI . . . . . . . . . . . . . . . . 80 Point to Multi-Point topology . . . . . . . . . . . . 248 Point-to-Point frame relay . . . . . . . . . . . 245, 248 Poison-reverse . . . . . . . . . . . . . . . . 488, 489 Policy access control lists . . . . . . . . . . . . . . 591 attaching policy list to interface at IACL . . . . . 597 attaching policy lists to an interface . . . . . . . 596 attaching QoS list to interface at ingress QoS list 597 changing DSCP table entries . . . . . . . . . . 609 configuring composite operations . . . . . . . . 607 copy list . . . . . . . . . . . . . . . . . . . . 595 create access control lost . . . . . . . . . . . 594 create QoS list . . . . . . . . . . . . . . . . 594 creating policy lists . . . . . . . . . . . . . . 594 creating rules . . . . . . . . . . . . . . . . . 600 default actions . . . . . . . . . . . . . . . . 596 defining global rules . . . . . . . . . . . . . . 599 defining list identification attributes . . . . . . . 595 defining policy lists . . . . . . . . . . . . . . 594 deleting a policy list . . . . . . . . . . . . . . 596 deleting a QoS list . . . . . . . . . . . . . . . 596 destination port range . . . . . . . . . . . . . 602 device wide policy lists . . . . . . . . . . . . . 598 displaying access control lists . . . . . . . . . 599 displaying composite operation lists . . . . . . 599 displaying ip rules . . . . . . . . . . . . . . . 600 displaying policy lists in access control list context 610 displaying policy lists in DSCP table context . . . . 611 displaying policy lists in general context . . . . . 610 displaying policy lists in QoS list context . . . . 610 displaying policy lists in QoS list rule context . . 610 DSCP as rule criteria . . . . . . . . . . . . . 604 DSCP default value . . . . . . . . . . . . . . 608 DSCP methods . . . . . . . . . . . . . . . . 608 DSCP table . . . . . . . . . . . . . . . . . . 608 edit access control list . . . . . . . . . . . . . 594 editing policy lists . . . . . . . . . . . . . . . 594 editing rules . . . . . . . . . . . . . . . . . . 600 example composite operation . . . . . . . . . 608 fragments . . . . . . . . . . . . . . . . . . . 604 ICMP code . . . . . . . . . . . . . . . . . . 603 ICMP type . . . . . . . . . . . . . . . . . . 603 managing policy lists . . . . . . . . . . . . . 594 mapping DSCP to a CoS. . . . . . . . . . . . 608 modem dial backup and . . . . . . . . . . . . 271 network security with access control lists . . . . 592 overview . . . . . . . . . . . . . . . . . . . 591 policy lists and loopback interfaces . . . . . . . 598 policy-based routing, see Policy-based routing precongifured composite operations . . . . . . 605 precongifured for QoS lists . . . . . . . . . . . 606 728 Administration for the Avaya G450 Media Gateway Index QoS fields . . . . . . . . . . . . . . . . . QoS list . . . . . . . . . . . . . . . . . . QoS list parts . . . . . . . . . . . . . . . . QoS lists . . . . . . . . . . . . . . . . . . rule criteria . . . . . . . . . . . . . . . . . sequence of device-wide policy list application sequence of policy list application . . . . . . simulated packet properties . . . . . . . . . simulating packets . . . . . . . . . . . . . source port range . . . . . . . . . . . . . . specifying a destination ip address . . . . . . specifying a source ip address . . . . . . . . specifying an ip protocol . . . . . . . . . . . specifying operations . . . . . . . . . . . . TCP, establish bit . . . . . . . . . . . . . . testing policy lists . . . . . . . . . . . . . . using ip wildcards . . . . . . . . . . . . . . Policy-based routing applications . . . . . . . . . . . . . . . . applying object tracking to next-hops . . . . . attaching list to interface . . . . . . . . . . based on DSCP . . . . . . . . . . . . . . cancelling object tracking on next-hops. . . . changing the object tracker on a next-hop . . defining next hop lists . . . . . . . . . . . . distinguishing between voice and data . . . . object tracking and . . . . . . . . . . . . . overview . . . . . . . . . . . . . . . . . . packets not considered router packets . . . . PBR lists, see PBR lists routing to GRE tunnel . . . . . . . . . . . . rules . . . . . . . . . . . . . . . . . . . . saving the configuration . . . . . . . . . . . used to define backup routes . . . . . . . . VoIP . . . . . . . . . . . . . . . . . . . . Port classification CLI commands . . . . . . . . . . . . . . . Port classification, see Ports . . . . . . . . . . Port mirroring CLI commands . . . . . . . . . . . . . . . configuration . . . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . . Port redundancy CLI commands . . . . . . . . . . . . . . . configuration . . . . . . . . . . . . . . . . disabling . . . . . . . . . . . . . . . . . . displaying information . . . . . . . . . . . . enabling . . . . . . . . . . . . . . . . . . LAN deployment . . . . . . . . . . . . . . secondary port activation . . . . . . . . . . setting redundancy-intervals . . . . . . . . . switchback . . . . . . . . . . . . . . . . . Ports alternate . . . . . . . . . . . . . . . . . . analog line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593 . 594 . 593 . 593 . 599 . 598 . 596 . 611 . 611 . 602 . 601 . 601 . 601 . 604 . 604 . 610 . 599 . . . . . . . . . . . . 620 . 622 . 623 . 620 . 626 . 626 . 622 . 620 . 312 . 619 . 619 . . . . . . 457 . 624 . 623 . 620 . 620 . . 370 . . 369 . . 362 . . 361 . . 361 . . 360 . . 359 . . 359 . . 359 . . 359 . 32, 33 . . 358 . . 359 . . 359 . . 363 . . 325 assigning static VLANs . . . . . . . . . . backup . . . . . . . . . . . . . . . . . . classification . . . . . . . . . . . . . . . configuring administrative state . . . . . . . configuring E1 port . . . . . . . . . . . . configuring name . . . . . . . . . . . . . configuring T1 port . . . . . . . . . . . . configuring VLAN tagging mode . . . . . . disabling . . . . . . . . . . . . . . . . . displaying VLAN binding mode information . Fast Ethernet, see Fast Ethernet port FastEthernet see Fast Ethernet port managing connection type . . . . . . . . . mirroring, see Port mirroring opening traffic . . . . . . . . . . . . . . . roles in RSTP . . . . . . . . . . . . . . . setting priority level . . . . . . . . . . . . setting send/receive mode . . . . . . . . . USP, see USP ports PPP as default WAN protocol . . . . . . . . . . CLI commands . . . . . . . . . . . . . . configuring on WAN line . . . . . . . . . . connection . . . . . . . . . . . . . . . . establishing Layer 3 interface . . . . . . . over channeled and fractional E1/T1 . . . . over USP . . . . . . . . . . . . . . . . . supported on Serial interfaces . . . . . . . PPP over Ethernet, see PPPoE PPP/IPCP address negotiation . . . . . . . . PPPoE . . . . . . . . . . . . . . . . . . . . authentication . . . . . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . shutting down client . . . . . . . . . . . . Priority DLCI applying map classes . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . configuring . . . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . Priority queueing CLI commands . . . . . . . . . . . . . . Priority Queuing . . . . . . . . . . . . . . . Priority queuing general . . . . . . . . . . . . . . . . . . Priority VoIP queuing . . . . . . . . . . . . . Privilege levels changing . . . . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . Provisioning and Installation Manager, see PIM Proxy ARP . . . . . . . . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . PTMP, see Point to Multi-Point topology . . . . . . . . . . . . . . . . . . . . 354 363 369 194 249 195 249 354 194 354 . . 195 . . . . . . . . 363 363 195 194 . . . . . . . . 249 . 258 . 257 46, 47 . 453 . 245 . 245 246, 445 . . . . . . . . . . . . 260 245 260 262 258 261 . . 316 . . 319 264, 318 . . 318 . . 237 . . 235 . . 316 . . 234 . . . 54 . . . 54 . . 485 . . 485 Issue 1 January 2008 729 Index Q QoS analyzing fault and clear trap output . CLI commands . . . . . . . . . . . configuration . . . . . . . . . . . . displaying parameters . . . . . . . . fair packet scheduling . . . . . . . . fault and clear traps . . . . . . . . . metrics for RTP statistics application . policy, see Policy Priority DLCI see Priority DLCI Priority Queuing . . . . . . . . . . queue sizes for VoIP traffic . . . . . resolving conflicts . . . . . . . . . . SNMP traps . . . . . . . . . . . . traps in messages file . . . . . . . . traps, viewing. . . . . . . . . . . . VoIP Queuing . . . . . . . . . . . Weighted Fair VoIP Queuing . . . . QoS list CLI commands . . . . . . . . . . . Queues fair packet scheduling . . . . . . . . Priority . . . . . . . . . . . . . . . Priority Queuing . . . . . . . . . . VoIP . . . . . . . . . . . . . . . . VoIP Queuing . . . . . . . . . . . Weighted Fair VoIP Queuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 . 233 . 232 . 232 . 234 . 383 . 377 . 235 . 232 . 232 . 382 . 393 . 392 . 235 234, 245 . . . . . . 615 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 . 235 . 235 . 235 . 235 234, 245 R RADIUS authentication . . . . . . . . . . . RAS dialer strings for modem dial backup . . . modem dial backup and . . . . . . . . . modem dial backup configuration options. modem dial backup prerequisites . . . . serving multiple branch offices . . . . . . Recovery password . . . . . . . . . . . . CLI commands . . . . . . . . . . . . . Remote Access Server, see RAS Remote services logins . . . . . . . . . . . Restoring the gateway via the gateway USB port . . . . . . . . RIP advertising static routes . . . . . . . . . authentication type . . . . . . . . . . . CLI commands . . . . . . . . . . . . . compared to OSPF . . . . . . . . . . . configuration . . . . . . . . . . . . . . default metric . . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . . . 53, 64 . . . . . . . . . . . . . . . . . . . . . . 283 . 271 . 273 . 273 . 273 . 67 . 67 . . . . 55 . . . . 108 . . . . . . . . . . . . . . . . . . . . . . 452 . 489 . 490 . 492 . 489 . 497 . 486 distribution access lists . . . . . . . . . . . . 488 enabling . . . . . . . . . . . . . . . . . . . 490 learning default route . . . . . . . . . . . . . 489 limitations . . . . . . . . . . . . . . . . . . . 489 poison-reverse . . . . . . . . . . . . . . . . 488 preventing loops. . . . . . . . . . . . . . . . 487 redistributing routing information . . . . . . . . 490 RIPv1 . . . . . . . . . . . . . . . . . . . . 487 RIPv2 . . . . . . . . . . . . . . . . . . . . 487 setting timers . . . . . . . . . . . . . . . . . 490 specifying networks . . . . . . . . . . . . . . 490 specifying version . . . . . . . . . . . . . . . 489 split-horizon . . . . . . . . . . . . . . . . . . 487 using with OSPF . . . . . . . . . . . . . . . 497 versions supported . . . . . . . . . . . . . . 486 RMON agent . . . . . . . . . . . . . . . . . . . . . 371 clearing statistics . . . . . . . . . . . . . . . 372 CLI commands . . . . . . . . . . . . . . 372, 374 creating a history entry. . . . . . . . . . . . . 372 creating an alarm entry . . . . . . . . . . . . 372 creating an event entry . . . . . . . . . . . . 372 displaying alarm entries . . . . . . . . . . . . 372 displaying event entries . . . . . . . . . . . . 372 displaying history entries . . . . . . . . . . . . 372 displaying statistics . . . . . . . . . . . . . . 372 overview . . . . . . . . . . . . . . . . . . . 371 Route redistribution . . . . . . . . . . . . . . . . 486 CLI commands . . . . . . . . . . . . . . . . 498 configuration . . . . . . . . . . . . . . . . . 497 description . . . . . . . . . . . . . . . . . . 497 metric translation . . . . . . . . . . . . . . . 497 metrics . . . . . . . . . . . . . . . . . . . . 497 Router backup . . . . . . . . . . . . . . . . . . . . 498 computing path . . . . . . . . . . . . . . . . 492 configuration commands . . . . . . 63, 64, 66, 68, 69 configuring BOOTP . . . . . . . . . . . . . . 467 configuring broadcast relay . . . . . . . . . . 480 configuring DHCP . . . . . . . . . . . . . . . 467 configuring unnumbered ip addresses . . . . . 449 connecting to fixed router port . . . . . . . . . 193 defining default gateway . . . . . . . . . . . . 455 determining shortest path . . . . . . . . . . . 493 disabling . . . . . . . . . . . . . . . . . . . 443 displaying interfaces . . . . . . . . . . . . . . 449 enabling . . . . . . . . . . . . . . . . . . . 443 enabling RIP . . . . . . . . . . . . . . . . . 490 features . . . . . . . . . . . . . . . . . . . . 443 fragmentation see Fragmentation hello packets . . . . . . . . . . . . . . . . . 494 ID . . . . . . . . . . . . . . . . . . . . . . 494 interfaces . . . . . . . . . . . . . . . . . . . 444 load balancing . . . . . . . . . . . . . . . . 498 730 Administration for the Avaya G450 Media Gateway Index OSPF Autonomous System Boundary . . . . . . 493 overview . . . . . . . . . . . . . . . . . . . . 443 redundancy . . . . . . . . . . . . . . . . . . 498 RIP see RIP setting the borrowed ip interface . . . . . . . . . 449 unnumbered ip interfaces in table . . . . . . . . 449 virtual . . . . . . . . . . . . . . . . . . 498, 500 Router port, connecting to . . . . . . . . . . . . . 193 Routes displaying . . . . . . . . . . . . . . . . . . . 455 distribution policy rules . . . . . . . . . . . . . 489 dynamic, displaying . . . . . . . . . . . . . . . 455 metrics . . . . . . . . . . . . . . . . . . . . . 489 setting route preference . . . . . . . . . . . . . 458 static, displaying . . . . . . . . . . . . . . . . 455 tracing . . . . . . . . . . . . . . . . . . . . . 455 Routing policy based, see Policy . . . . . . . . . . . . . 593 Routing Information Protocol see RIP Routing table CLI commands . . . . . . . . . . . . . . . . . 456 configuration . . . . . . . . . . . . . . . . . . 455 deleting dynamic entries . . . . . . . . . . . . 455 deleting static routes . . . . . . . . . . . . . . 452 description . . . . . . . . . . . . . . . . . . . 451 displaying for destination address . . . . . . . . 455 displaying information . . . . . . . . . . . . . . 455 RSA authentication . . . . . . . . . . . . . . . . 61 RSTP designating ports as edge ports . . . . . . . . . 364 displaying port point-to-point status . . . . . . . 365 displaying the port edge state . . . . . . . . . . 364 fast network convergence . . . . . . . . . . . . 364 features . . . . . . . . . . . . . . . . . . . . 363 manually configure uplink and backbone ports . . 364 role of ports . . . . . . . . . . . . . . . . . . 363 setting port-to-port admin status . . . . . . . . . 365 RSVP . . . . . . . . . . . . . . . . . . . . . . . 233 RTCP . . . . . . . . . . . . . . . . . . . . . . . 225 RTP configuring . . . . . . . . . . . . . . . . . . . 225 overview . . . . . . . . . . . . . . . . . . . . 374 statistics application functionality. . . . . . . . . 375 viewing configuration thresholds . . . . . . . . . 376 RTP header compression, see Header compression RTP session data . . . . . . . . . . . . . . . . . 374 RTP statistics CLI commands . . . . . . . . . . . . . . . . . 412 RTP statistics application configuration and output examples . . . . . . . . 399 configuring . . . . . . . . . . . . . . . . . . . 375 configuring additional trap destinations . . . . . . 382 configuring fault and clear traps . . . . . . . . . 383 configuring QoS traps . . . . . . . . configuring thresholds . . . . . . . . display session information . . . . . displaying VoIP engine RTP statistics . enabling . . . . . . . . . . . . . . enabling traps . . . . . . . . . . . . modifying the statistics window . . . . QoS metric thresholds . . . . . . . . QoS metrics. . . . . . . . . . . . . resetting . . . . . . . . . . . . . . sample network . . . . . . . . . . . setting QoS event thresholds . . . . . setting QoS indicator thresholds . . . setting the trap rate limiter . . . . . . statistics summary report output . . . viewing configuration . . . . . . . . viewing QoS traps in messages file . . RTR, see Object tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 378 386 384 379 383 382 376 377 379 399 379 379 384 384 380 393 S S8300 Server accessing gateway via . . . . . . . . . . . . . . 48 connecting modem . . . . . . . . . . . . . . . 48 remote connection to . . . . . . . . . . . . . . 48 Saving configuration changes commands . . . . . . 40 SCP . . . . . . . . . . . . . . . . . . . . . . . . 63 transferring announcement files using . . . . . 347 Security DoS attack detection . . . . . . . . . . . . . . 71 overview . . . . . . . . . . . . . . . . . . . . 53 special features . . . . . . . . . . . . . . . . . 66 VLANs . . . . . . . . . . . . . . . . . . . . 353 Security Associations (SAs) . . . . . . . . . . . . 505 Serial interfaces . . . . . . . . . . . . . . . . . 445 configuring encapsulation . . . . . . . . . . . 251 default encapsulation . . . . . . . . . . . . . 251 dynamic bandwidth reporting . . . . . . . . . . 296 entering context . . . . . . . . . . . . . . 250, 254 Session log, see Logging Setting synchronization, see Synchronization . . . . 637 show ip ospf commands . . . . . . . . . . . . . 494 shutdown WAN port . . . . . . . . . . . . . . . . . . . 198 SLS Avaya phones supported in SLS . . . . . . . . . 119 call processing not supported by SLS . . . . . . 121 call processing supported by SLS . . . . . . . 120 capabilities . . . . . . . . . . . . . . . . . . . 117 capacities by gateway model . . . . . . . . . . 145 CDR log . . . . . . . . . . . . . . . . . . . 130 CLI command hierarchy . . . . . . . . . . . . 184 configuring . . . . . . . . . . . . . . . . . . 132 configuring Avaya Communication Manager for SLS133 disabling . . . . . . . . . . . . . . . . . . . 143 Issue 1 January 2008 731 Index enabling . . . . . . . . . . . . . . . . . . . entry in MGC list . . . . . . . . . . . . . . . features . . . . . . . . . . . . . . . . . . . interaction with call transfer . . . . . . . . . . . . . . . . contact closure . . . . . . . . . . . . . . Direct Inward Dialing . . . . . . . . . . . . Hold feature . . . . . . . . . . . . . . . . multiple call appearances . . . . . . . . . shared administrative identity with softphone introduction. . . . . . . . . . . . . . . . . . logging . . . . . . . . . . . . . . . . . . . . manual CLI configuration administering BRI parameters . . . . . . . administering dial-pattern parameters . . . . administering DS1 parameters . . . . . . . administering incoming-routing parameters . administering signaling-group parameters . . administering station parameters . . . . . . administering trunk-group parameters . . . . command sub-contexts . . . . . . . . . . commands hierarchy. . . . . . . . . . . . instructions . . . . . . . . . . . . . . . . introduction . . . . . . . . . . . . . . . . preparing SLS data set . . . . . . . . . . prerequisites . . . . . . . . . . . . . . . PIM configuration . . . . . . . . . . . . . . . preparing SLS data set . . . . . . . . . . . . analog stations data . . . . . . . . . . . . ARS dial patterns data . . . . . . . . . . . DCP stations data . . . . . . . . . . . . . DS1 trunks data . . . . . . . . . . . . . . FAC data . . . . . . . . . . . . . . . . . incoming call handling data. . . . . . . . . IP stations data . . . . . . . . . . . . . . ISDN-BRI trunks data . . . . . . . . . . . signaling groups data . . . . . . . . . . . system parameters data . . . . . . . . . . provisioning data . . . . . . . . . . . . . . . states . . . . . . . . . . . . . . . . . . . . registered . . . . . . . . . . . . . . . . . setup . . . . . . . . . . . . . . . . . . . teardown . . . . . . . . . . . . . . . . . unregistered. . . . . . . . . . . . . . . . supported functionality . . . . . . . . . . . . SNMP adding an OID to a view . . . . . . . . . . . . agent-manager communication methods . . . . changing user parameters . . . . . . . . . . . configuration examples . . . . . . . . . . . . configuring traps . . . . . . . . . . . . . . . creating a community . . . . . . . . . . . . . creating a remote user . . . . . . . . . . . . creating OID lists . . . . . . . . . . . . . . . creating user groups . . . . . . . . . . . . . . 143 . 123 . 118 . 127 . 129 . 125 . 126 . 125 . 130 . 117 . 130 . 171 . 181 . 166 . 182 . 180 . 163 . 173 . 159 . 184 . 160 . 144 . 144 . 144 . 138 . 144 . 145 . 157 . 146 . 152 . 155 . 158 . 148 . 154 . 153 . 156 . 122 . 123 . 124 . 124 . 124 . 123 . 120 . 336 . 327 . 330 . 340 . 333 . 336 . 336 . 332 . 332 creating users . . . . . . . . . . . . . . . default security name, read . . . . . . . . default security name, write . . . . . . . . defining the SNMPv3 notification host. . . . deleting an OID from a view . . . . . . . . disabling authentication failure traps . . . . disabling link-up/down notifications/traps . . disabling link-up/down traps on an interface . displaying a list of views . . . . . . . . . . displaying group lists . . . . . . . . . . . displaying information . . . . . . . . . . . displaying notification receiver list . . . . . displaying the engine ID . . . . . . . . . . displaying user lists . . . . . . . . . . . . displaying users and group mapping . . . . DoS alerts . . . . . . . . . . . . . . . . enabling access . . . . . . . . . . . . . . enabling authentication failure traps . . . . enabling frame relay traps . . . . . . . . . enabling link-up/down notifications/traps . . enabling link-up/down traps on an interface . enabling traps and notifications . . . . . . . mapping user groups to views . . . . . . . MSS notifications . . . . . . . . . . . . . overview . . . . . . . . . . . . . . . . . potential agent residences . . . . . . . . . predefined user groups . . . . . . . . . . QoS . . . . . . . . . . . . . . . . . . . removing a group . . . . . . . . . . . . . required information for creating views . . . setting a group . . . . . . . . . . . . . . setting dynamic trap manager parameters . setting SNMPv3 timeout notifications . . . . setting the engine ID . . . . . . . . . . . . snmp-server community . . . . . . . . . . user groups . . . . . . . . . . . . . . . . user-based security model (USM) . . . . . USM security levels . . . . . . . . . . . . version 1 . . . . . . . . . . . . . . . . . version 2 . . . . . . . . . . . . . . . . . version 3 . . . . . . . . . . . . . . . . . versions . . . . . . . . . . . . . . . . . views . . . . . . . . . . . . . . . . . . . SNMP access configuration CLI commands . . . . . . . . . . . . . . SNMP trap configuration CLI commands . . . . . . . . . . . . . . Software, see Firmware . . . . . . . . . . . . Spanning tree CLI commands . . . . . . . . . . . . . . configuration . . . . . . . . . . . . . . . configuring . . . . . . . . . . . . . . . . disabling . . . . . . . . . . . . . . . . . displaying spanning tree information . . . . enabling . . . . . . . . . . . . . . . . . 732 Administration for the Avaya G450 Media Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 329 329 333 336 333 333 334 336 337 333 337 337 337 337 . 72 336 333 333 333 334 333 331 . 72 327 327 331 382 336 332 336 338 333 336 336 331 330 330 329 329 329 328 332 . . 337 . . 335 . . . 41 . . 368 . . 365 . . 362 363, 365 . . 366 . . 365 Index forcing port to send hello packet . . . setting bridge priority for STP . . . . setting default path cost version . . . setting hello time . . . . . . . . . . setting message storage time . . . . setting port cost . . . . . . . . . . setting port spanning tree priority . . setting protocol version . . . . . . . setting the forward delay . . . . . . speed . . . . . . . . . . . . . . . . . Split-horizon . . . . . . . . . . . . . . SSH configuration . . . . . . . . . . . . overview . . . . . . . . . . . . . . Standard Local Survivability, see SLS Static routes advertising . . . . . . . . . . . . . applying object tracking . . . . . . . configuring next hops . . . . . . . . deleting . . . . . . . . . . . . . . description . . . . . . . . . . . . . discard route . . . . . . . . . . . . displaying . . . . . . . . . . . . . dropping packets to . . . . . . . . . establishing . . . . . . . . . . . . High Preference . . . . . . . . . . inactive . . . . . . . . . . . . . . IP addressed next hops . . . . . . . load-balancing . . . . . . . . . . . Low Preference . . . . . . . . . . . permanent . . . . . . . . . . . . . redistributing to RIP and OSPF . . . removing . . . . . . . . . . . . . . types. . . . . . . . . . . . . . . . via interface . . . . . . . . . . . . STP LAN deployment . . . . . . . . . . Survivability auto fallback to primary MGC . . . . configuring the MGC list . . . . . . . connection preserving migration . . . ELS . . . . . . . . . . . . . . . . enhanced local survivability, see ELS MGC list . . . . . . . . . . . . . . modem dial-backup . . . . . . . . . options . . . . . . . . . . . . . . . overview . . . . . . . . . . . . . . setting reset times . . . . . . . . . SLS, see SLS Switch connecting to fixed router port . . . . displaying configuration . . . . . . . displaying VLAN tagging information . displaying VLANs . . . . . . . . . . interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 . 366 . 365 . 366 . 366 . 365 . 365 . 366 . 365 . 198 487, 489 . . . . . . 62 . . . . . . 61 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452 . . . 452 . . . 452 452, 453 . . . 452 . . . 454 . . . 455 . . . 454 . . . 455 . . . 452 . . . 452 . . . 453 . . . 452 . . . 452 . . . 454 . . . 497 . . . 455 . . . 452 . . . 453 . . . . . 34, 35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 84 84 83 83 83 84 83 83 86 . 193 . 267 . 354 . 354 444, 445 Switch ports configuring . . . . . . . . . . . . . . . . . . 194 location . . . . . . . . . . . . . . . . . . . . 193 Switch redundancy LAN deployment . . . . . . . . . . . . . . 33, 35 Switchback . . . . . . . . . . . . . . . . . . . . 359 Switching configuring . . . . . . . . . . . . . . . . . . 351 interface . . . . . . . . . . . . . . . . . 444, 445 SYN attacks protection, see SYN cookies SYN cookies attack notification . . . . . . . . . . . . . . . . 71 clearing counters . . . . . . . . . . . . . . . . 71 configuring . . . . . . . . . . . . . . . . . . . 70 introduction . . . . . . . . . . . . . . . . . . . 69 overview . . . . . . . . . . . . . . . . . . . . 69 statistics . . . . . . . . . . . . . . . . . . . . 71 strategies employed . . . . . . . . . . . . . . . 70 SYN flood attack protection, see SYN cookies Synchronization CLI commands . . . . . . . . . . . . . . . . 639 disassociating specified primary or secondary clock source . . . . . . . . . . . . . . . . . . . 638 displaying synchronization timing . . . . . . . . 639 LED status . . . . . . . . . . . . . . . . . . 638 overview . . . . . . . . . . . . . . . . . . . 637 setting the sync source . . . . . . . . . . . . 637 toggling sync source switching . . . . . . . . . 638 Syslog server see Logging T Target environment . . . . . . . . . . . . . . . . . 27 TCP header compression, see Header compression TCP/IP connection . . . . . . . . . . . . . . . 46, 47 Telnet accessing console port . . . . . . . . . . . . 242 accessing gateway via . . . . . . . . . . . . 46, 47 accessing S8300 via . . . . . . . . . . . . . . . 48 enabling and disabling access . . . . . . . . . . 67 TFTP . . . . . . . . . . . . . . . . . . . . . . . 98 Time slots, mapping . . . . . . . . . . . . . . . 250 TLVs 802.1 (optional) . . . . . . . . . . . . . . . . 206 mandatory . . . . . . . . . . . . . . . . . . 206 optional . . . . . . . . . . . . . . . . . . . . 206 supported . . . . . . . . . . . . . . . . . . . 206 Tools for monitoring . . . . . . . . . . . . . . . . . 371 VMON . . . . . . . . . . . . . . . . . . . . 374 Traffic marking . . . . . . . . . . . . . . . . . . 316 Traffic shaping activating on frame relay interface . . . . . . . 263 displaying configuration . . . . . . . . . . . . 267 Issue 1 January 2008 733 Index DLCI . . . . . . . . . . . . . . enabling on frame relay interface per Virtual Channel . . . . . . . WAN Ethernet port . . . . . . . traffic-shape rate . . . . . . . . . . Transform-sets overview . . . . . . . . . . . . VPN, defining. . . . . . . . . . TRK port see Fixed analog trunk port TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 . 316 . 316 . 197 . 198 . . . . . . . . 506 . . . . . . . . 513 USP ports CLI commands . . . . . . . . . . . . . . . . configuring . . . . . . . . . . . . . . . . . . illustration . . . . . . . . . . . . . . . . . . . USP WAN lines . . . . . . . . . . . . . . . . . default settings . . . . . . . . . . . . . . . . USP WAN media module, see MM342 media module 256 254 247 245 255 254 V . . . . . . . . 463 U UDP header compression . . . . . . . . . . . . . . 226 probe packets . . . . . . . . . . . . . . . . . 455 Unframed E1 . . . . . . . . . . . . . . . . . . . 245 Unnumbered IP interface configuring . . . . . . . . . . . . . . . . . . . 449 Dialer interface . . . . . . . . . . . . . . 272, 279 examples . . . . . . . . . . . . . . . . . . . 449 feature overview . . . . . . . . . . . . . . . . 448 in routing table . . . . . . . . . . . . . . . . . 449 USB mass storage device backing up the gateway . . . . . . . . . . . . . 106 CLI commands . . . . . . . . . . . . . . . . . 112 overview . . . . . . . . . . . . . . . . . . . . 105 restoring the gateway . . . . . . . . . . . . . . 108 upgrading firmware . . . . . . . . . . . . . . . 101 upgrading media modules . . . . . . . . . . . . 111 USB port . . . . . . . . . . . . . . . . . . . . . 105 assigning IP address . . . . . . . . . . . . . . 38 changing the ip peer address . . . . . . . 240, 243 CLI commands . . . . . . . . . . . . . . . . . 241 configuring for modem use . . . . . . . . . . . 46 connecting modem . . . . . . . . . . . . . . . 46 default parameters . . . . . . . . . . . . . . . 239 description . . . . . . . . . . . . . . . . . . . 239 disconnecting USB sessions. . . . . . . . . . . 240 displaying USB-modem interface parameters . . . 240 enabling . . . . . . . . . . . . . . . . . . . . 239 resetting . . . . . . . . . . . . . . . . . . . . 239 resetting the USB modem . . . . . . . . . . . . 239 setting authentication method . . . . . . . . . . 240 setting ip address . . . . . . . . . . . . . . . . 239 setting PPP timeout disconnects . . . . . . . . . 240 setting the PPP baud rate . . . . . . . . . . . . 240 User authentication . . . . . . . . . . . . . . . . 53 SSH . . . . . . . . . . . . . . . . . . . . . . 61 Usernames configuring . . . . . . . . . . . . . . . . . . . 54 managing . . . . . . . . . . . . . . . . . . . 54 overview . . . . . . . . . . . . . . . . . . . . 53 removing . . . . . . . . . . . . . . . . . . . . 54 VAM . . . . . . . . . . . . . . . . . . . . . via interface static routes . . . . . . . . . . . Virtual Channels applying map classes . . . . . . . . . . . assigning by QoS level . . . . . . . . . . described . . . . . . . . . . . . . . . . . Virtual interface. . . . . . . . . . . . . . . . Virtual Private Network see VPN Virtual Private Network, see VPN Virtual router . . . . . . . . . . . . . . . . . Virtual Router Redundancy Protocol, see VRRP Vlan 1 . . . . . . . . . . . . . . . . . . . . VLANs assigning static VLANs to ports. . . . . . . binding modes . . . . . . . . . . . . . . clearing the VLAN table . . . . . . . . . . CLI commands . . . . . . . . . . . . . . configuration examples . . . . . . . . . . configuring . . . . . . . . . . . . . . . . configuring tagging mode . . . . . . . . . deleting the VLAN . . . . . . . . . . . . . description . . . . . . . . . . . . . . . . DHCP/BOOTP requests . . . . . . . . . . displaying configuration and statistics . . . . displaying the VLAN table . . . . . . . . . dynamic bandwidth reporting . . . . . . . . entering configuration mode . . . . . . . . ICC-VLAN . . . . . . . . . . . . . . . . ingress security . . . . . . . . . . . . . . multi VLAN binding . . . . . . . . . . . . multiple interfaces . . . . . . . . . . . . . overview . . . . . . . . . . . . . . . . . setting the VLAN . . . . . . . . . . . . . setting vlan 2 example . . . . . . . . . . . switching interface . . . . . . . . . . . . . table . . . . . . . . . . . . . . . . . . . tagging . . . . . . . . . . . . . . . . . . VLMS . . . . . . . . . . . . . . . . . . . . VMON, for troubleshooting QoS . . . . . . . . VoIP assigning to unique Virtual Channel . . . . available transmission protocols . . . . . . enabling queuing . . . . . . . . . . . . . fair packet scheduling . . . . . . . . . . . 734 Administration for the Avaya G450 Media Gateway . . 347 . . 453 . . . . . . . . 316 318 316 444 498, 500 . . 444 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 352 353 357 354 354 354 354 445 468 354 353 296 354 353 353 352 469 351 354 353 445 353 351 487 374 . . . . . . . . 318 225 232 234 351, . . 444, Index overview . . . . . . . . . . . PPP configuration example . . priority over Dialer interface . . queue delay . . . . . . . . . queue size . . . . . . . . . . routing based on . . . . . . . RSVP protocol . . . . . . . . VoIP queueing . . . . . . . . Weighted Fair VoIP Queuing . VoIP Queuing . . . . . . . . . . VPN . . . . . . . . . . . . . . activating . . . . . . . . . . . assigning an access control list basic parameters . . . . . . . clearing VPN data . . . . . . CLI commands . . . . . . . . commands summary . . . . . components and relationships . components overview . . . . . configuration displaying . . . . . . . . . overview . . . . . . . . . procedure . . . . . . . . . continuous channel . . . . . . coordinating with the VPN peer crypto list assigning to an interface . . configuring . . . . . . . . deactivating . . . . . . . . overview . . . . . . . . . crypto map configuring . . . . . . . . overview . . . . . . . . . failover mechanisms . . . . . introduction. . . . . . . . . . ISAKMP policies configuring . . . . . . . . overview . . . . . . . . . license file . . . . . . . . . . logging . . . . . . . . . . . . maintenance . . . . . . . . . modem dial backup and . . . . NAT Traversal . . . . . . . . object tracking for failover . . . peer configuring . . . . . . . . overview . . . . . . . . . peer-group configuring . . . . . . . . overview . . . . . . . . . show configuration . . . . . . show status . . . . . . . . . simple VPN topology . . . . . site-to-site configuration . . . . transform-sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 . 319 . 271 . 232 . 232 . 620 . 233 . 235 234, 245 . . . 235 444, 456 . . . 525 . . . 524 . . . 511 . . . 528 . . . 586 . . . 508 . . . 507 . . . 506 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 . 511 . 510 . 539 . 511 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525 . 520 . 523 . 506 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 . 506 . 559 . 505 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 . 506 . 510 . 528 . 527 . 271 . 524 . 309 . . . . . . . . . 514 . . . . . . . . . 507 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518 . 507 . 527 . 527 . 530 . 510 configuring . . . . . . . . . overview . . . . . . . . . . typical failover applications failover using a peer-group . failover using DNS . . . . . failover using GRE . . . . . failover using object-tracking overview . . . . . . . . . . typical installations configuring dynamic IP . . . enabling continuous channel full or partial mesh . . . . . full solution . . . . . . . . hub and spokes installation . VRRP CLI commands . . . . . . . . configuration . . . . . . . . . configuration example . . . . . description . . . . . . . . . . . . . . . . . . 513 . . . . . . . . 506 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575 567 560 575 559 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 539 540 552 530 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 500 499 498 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 292 257 249 272 296 245 619 248 444 245 249 257 266 267 W WAN backup interfaces . . . . . . . . . . checking interface status . . . . . . . default encapsulation . . . . . . . . default protocol . . . . . . . . . . . Dialer interface as backup . . . . . . dynamic bandwidth reporting . . . . . features . . . . . . . . . . . . . . . ICMP keepalive . . . . . . . . . . . initial configuration. . . . . . . . . . interfaces . . . . . . . . . . . . . . overview . . . . . . . . . . . . . . PPP . . . . . . . . . . . . . . . . PPP configuration . . . . . . . . . . testing configuration . . . . . . . . . CLI commands . . . . . . . . . . WAN endpoint device connecting to fixed router port . . . . WAN Ethernet port backup interfaces . . . . . . . . . . binding interface to object tracker . . . configuring . . . . . . . . . . . . . traffic shaping . . . . . . . . . . . . WAN Ethernet ports CLI commands . . . . . . . . . . . Weighted Fair VoIP Queuing . . . . . . WFVQ CLI commands . . . . . . . . . . . WFVQ, see Weighted Fair VoIP Queuing 292, . . . . . . . . . . . . . . . . . . . 193 . . . . . . . . . . . . . . . . . . . . 197 197 196 197 . . . . . 198 . 234, 245, 271 . . . . . 235 Issue 1 January 2008 735 Index 736 Administration for the Avaya G450 Media Gateway