Manuals / Avaya / Computer Equipment / Switch

Avaya P3343T-ML manual Configuring the P330 for PBNAC

Models: P3343T-ML

1 178

Download 178 pages 4.71 Kb

Page 105

Configuring the P330 for PBNAC

Chapter 11 Avaya P330 Layer 2 Features

will be blocked.

•When PBNAC is activated, the application immediately places all ports in a blocking state unless they were declared “Force Authenticate”. They will be reverted to “Forwarding” state only when the port is authorized by the RADIUS server.

The actual state of ports configured as “Force Authenticate” is determined by the STA.

Configuring the P330 for PBNAC

This section lists the basic tasks required to configure a P330 stack for PBNAC. To configure P330 for PBNAC, do the following:

•Configure a RADIUS server on a network reachable from the P330:

—Create user names and passwords for allowed users.

—Make sure the EAP option is enabled on this server.

•Configure the P330 for RADIUS:

—Configure RADIUS parameters.

—Enable the RADIUS feature.

—Configure the port used to access the RADIUS server as “force-authorized.” You can configure on the RADIUS server a PVID, static VLAN binding and port level for each authenticated user. If the port that the user is connected to is authorized, those parameters will be assigned to the port.

•Connect the Supplicant—i.e., Windows XP clients—directly to the P330.

•Verify that the dot1x port-control is in auto mode.

•Set the dot1x system-auth-config to enable; the authentication process starts:

—The supplicant is asked to supply a user name and password.

—If authentication is enabled on the port, the Authenticator initiates authentication when the link is up.

—Authentication Succeeds: after the authentication process completes, the supplicant will receive a Permit/Deny notification.

—Authentication Fails: authentication will fail when the Supplicant fails to respond to requests from the Authenticator, when management controls prevent the port from being authorized, when the link is down, or when the user supplied incorrect logon information.

Avaya P334T-ML User’s Guide

89

Image 105

Avaya P3343T-ML manual Configuring the P330 for PBNAC

Contents

SOFTWARE VERSION STACKABLE SWITCHInstallation and Configuration Guide AVAYA P334T-MLDocument no avaya.comContents SectionOverview Section InstallationConfiguring the Terminal Serial Port Parameters Section ConfigurationIngress VLAN Security Port Mirroring Constraints Section Troubleshooting and MaintenanceChapter 15 Updating the Software Safety Information Before you Install the P330-MLPreface FCC NoticeNotes, Cautions, and Warnings WarrantyAvaya P334T-ML User’s Guide Avaya SupportAvaya P334T-ML User’s Guide SECTION 1 OVERVIEW Page Avaya P334T-ML Overview Avaya P334T-ML FeaturesChapter IntroductionCommand Line Interface CLI Layer 3 Features P330-MLNetwork Management and Monitoring Device Manager Embedded WebAvaya Integrated Manager Port MirroringSMON Fans, Power Supply, and BUPS-ML Monitoring Chapter 1 Avaya P334T-ML OverviewAvaya P334T-ML User’s Guide Avaya P330 Standards Supported Standards and CompatibilityIEEE IETF - LayerIETF - Network Monitoring P334T-ML Switch SpecificationsPower Requirements PhysicalSafety - AC Version SafetySafety - DC Version EMC EmissionsInterfaces Stacking Sub-moduleBasic MTBF Basic MTBFApproved SFF/SFP GBIC Transceivers Safety InformationSpecifications InstallationTo Install the SFF/SFP GBIC transceiver To Remove the SFF/SFP GBIC transceiverAgency Approval Gigabit Fiber Optic CablingConsole Pin Assignments Avaya P334T-ML User’s Guide ChapterSECTION 2 INSTALLATION Page Required Tools InstallationSite Preparation ChapterPower Requirements - DC Table 4.2 Power Requirements - ACRack Mounting Optional Installing the X330STK-ML Stacking Sub-Module Optional Connecting Stacked SwitchesTo connect stacked switches 5 Power up the added modules Chapter InstallationAvaya P334T-ML User’s Guide X330RCConnecting Cables to Network Equipment Making Connections to Network EquipmentPrerequisites Page Powering On - Avaya P330 Module AC Powering Up the Avaya P330Powering On - Avaya P330 Switch DC ChapterPost-Installation Avaya P334T-ML Front and Rear Panels Avaya P334T-ML Front PanelChapter LED Name P334T-ML LEDsChapter 6 Avaya P334T-ML Front and Rear Panels Avaya P334T-ML LED Descriptions Continued BUPS-ML connector cover plate removed Avaya P334T-ML Back PanelTable 6.2 Avaya P334T-ML - - Select buttons Figure 6.4 P334T-ML AC version Back Panel with Stacking Sub-moduleFigure 6.6 BUPS-ML Input Connector Sticker BUPS-ML Input ConnectorChapter 6 Avaya P334T-ML Front and Rear Panels Avaya P334T-ML User’s GuideConfiguring the Terminal Serial Port Parameters Establishing Switch AccessConnecting a Terminal to the Avaya P330 Serial port Establishing a Serial ConnectionAssigning P330’s IP Stack Address P330 Sessionssession router The mode can be either switch, router, wan, atm, mgpEstablishing an SSH Connection Establishing a Telnet Connectionset interface ppp enable Connecting a Modem to the Console PortEstablishing a Modem PPP Connection with the P330 OverviewEntering the Supervisor Level Security LevelsEntering the CLI SNMP Support User AuthenticationIntroduction to SNMP Chaptercontrol the P330 Users Groups Views SNMP CommandsIn order to In order to Introduction to SSH SSH Protocol SupportFigure 8.1 SSH Session Establishment Process SSH CommandsSCP Protocol Support Introduction to RADIUS RADIUSUser attempts login Local User account authenticated in switch? No Chapter 8 User AuthenticationUser name and password authenticated? No Authentication Reject sent to switchRadius Commands Telnet Commands Telnet Client SupportIntroduction to Telnet Recovery Password Recovery Password CommandsIntroduction Allowed Managers CLI Commands Allowed ManagersAllowed Managers Introduction Allowed Protocols CLI Commands Allowed ProtocolsAllowed Protocols Introduction Enable Telnet access from the Use the following commandip telnet-client enable switchSECTION 3 CONFIGURATION Page Configuring the Switch P330 Default SettingsAvaya P330 Default Settings ChapterFunction 1 Ensure that the other side is also set to Autonegotiation Enabled PortsPorts 51 Avaya P334T-ML User’s Guide Chapter 9 P330 Default SettingsBasic Switch Configuration Switch ConfigurationChapter IntroductionSystem Parameter Configuration Identifying the systemOperating parameters Network Time Acquiring Protocols Parameter Configuration Uploading and Downloading Device Configurations and ImagesLayer 2 Configuration File In order to Layer 3 Configuration File In order to System Logging Introduction System LoggingApplications SinksSyslog Servers Syslog Configuration CLI Commands In order to Monitoring CPU Utilization Avaya P334T-ML User’s Guide Chapter 10 Switch ConfigurationAvaya P330 Layer 2 Features OverviewChapter Ethernet Configuring Ethernet ParametersFast Ethernet Gigabit EthernetGigabit Ethernet ports MMMMMMSSSSSS MM-MM-MM-SS-SS-SS Ethernet Configuration CLI Commands Chapter 11 Avaya P330 Layer 2 Features Ethernet Implementation in the Avaya P334T-MLSpeed - 10/100 ports 1-48 1G ports 51 Priority queuing - 10/100 ports 4 queues 1G ports 2 queuesVLAN Overview VLAN ConfigurationMulti VLAN Binding VLAN TaggingFigure 11.3 illustrates these binding modes in P330 VLAN CLI Commands Automatic VLAN LearningIngress VLAN Security VLAN Implementation in the Avaya P334T-ML Port Based Network Access Control PBNAC How “Port Based” Authentication WorksPBNAC Implementation in the P330 Family Configuring the P330 for PBNAC PBNAC CLI Commands In order to Spanning Tree Protocol Spanning Tree ProtocolSpanning Tree per Port OverviewRapid Spanning Tree Protocol RSTP Spanning Tree Implementation in the P330 Family Spanning Tree Protocol CLI Commands Set the port point-to-point admin Use the following commandset port point-to-point admin admin and operational RSTP statusMAC Security Implementation in P330 MAC SecurityMAC Security CLI Commands MAC Aging CLI Commands Configuring the P330 for MAC AgingMAC Aging OverviewLAG Overview LAG CLI CommandsLAG Implementation in the Avaya P330 Family of Products Port Redundancy Operation Port RedundancyIntermodule Port Redundancy Port Redundancy CLI Commandsswitch Use the following commandChapter 11 Avaya P330 Layer 2 Features In order toOverview IP Multicast FilteringIP Multicast Implementation in the Avaya P334T-ML IP Multicast CLI CommandsRMON CLI Commands RMONRMON Overview In order to SMON Overview SMONPort Mirroring CLI commands Port Mirroring ConfigurationPort Mirroring Overview Port Mirroring ConstraintsAbout Multilayer Policy Multilayer PolicyMultilayer Policy Implementation in the P334T-ML Configuring the P334T-ML for Multilayer Policy Multilayer Policy CLI Commands In order to Weighted Queuing Implementation of Weighted Queuing in the P330-MLWeighted Queuing CLI Commands Port Classification CLI Commands Port ClassificationOverview Stack Health Stack RedundancyImplementation of Stack Health in the P330 Family OverviewUse the following command Stack Health CLI CommandsInitiate the stack health testing procedureAvaya P334T-ML User’s Guide Chapter 11 Avaya P330 Layer 2 FeaturesWhat is Routing? Avaya P330 Layer 3 FeaturesChapter IntroductionFigure 12.1 Routing Routing Configuration ForwardingMultinetting Multiple Subnets per VLAN IP Configuration CLI Commands IP Configurationset vlan Vlan-id name Vlan-name replacing Vlan-id by the Assigning Initial Router ParametersThe Routerconfigure-ifinterface-name# prompt appears Routerconfigure# interface interface-nameRouterconfigure-ifinterface-name# ip address ip- address netmask Routerconfigure# interface interface-name# ip vlan vland-idTo obtain a License Key that enables routing features Obtaining a Routing License KeyChapter 12 Avaya P330 Layer 3 Features 1 Go to http//license-lsg.avaya.com and click “request new license”4 Enter contact information once per certificate 5 Click Next Chapter 12 Avaya P330 Layer 3 Features6 View number of licenses left Avaya P334T-ML User’s Guideset license module license featureName License Key CLI CommandsActivating a Routing License Key Avaya P334T-ML User’s Guide Chapter 12 Avaya P330 Layer 3 FeaturesRIP Overview RIP Routing Interchange Protocol ConfigurationRIP CLI Commands RIP2Table 12.1 DIfferences Between RIP and RIP2 In order to OSPF Overview OSPF Open Shortest Path First ConfigurationOSPF CLI Commands Static Routing Configuration Static Routing Configuration CLI CommandsStatic Routing Overview Route Preferences Route Redistribution Route Redistribution CommandsARP Overview ARP Address Resolution Protocol Table ConfigurationThe ARP Table ARP CLI CommandsBOOTP/DHCP Overview BOOTP/DHCP Dynamic Host Configuration Protocol Relay ConfigurationBOOTP/DHCP CLI Commands NetBIOS Re-broadcast Configuration NetBIOS OverviewNetBIOS Re-broadcast Configuration CLI Commands VRRP Overview VRRP Virtual Router Redundancy Protocol ConfigurationVRRP Configuration Example Case #2 VRRP CLI CommandsIn order to SRRP Configuration SRRP Configuration ExampleSRRP Overview SRRP CLI Commands Policy Configuration Policy Configuration OverviewPolicy Configuration CLI Commands In order to Figure 12.4 Avaya P330 Policy Policy Configuration ExampleP330-1super# ip access-list 100 2 fwd3 tcp any host P330-1super# ip access-list 100 1 fwd6 tcp 149.49.0.0 0.0.255.255 anyP330-1super# ip access-list 100 3 deny tcp host 192.168.5.33 any eq Policy Configuration ExampleIP Fragmentation and Reassembly IP Fragmentation and Reassembly OverviewIP Fragmentation/Reassembly CLI Commands SECTION 4 TROUBLESHOOTING AND MAINTENANCE Page Troubleshooting the Installation Troubleshooting the InstallationChapter Avaya P334T-ML User’s Guide Chapter 13 Troubleshooting the InstallationReplacing the Stacking Sub-module MaintenanceChapter IntroductionMaintenance ChapterAvaya P334T-ML User’s Guide Software Download Updating the SoftwareObtain Software Online Downloading SoftwareDownload New Version without Overwriting Existing Version