X330WAN with Security | Avaya manual

Enhanced Routing Capabilities

Configuring the X330WAN for use with an External Firewall

There are different ways of connecting the X330WAN modules to provide security to the local network. Figure 4.6 shows a typical configuration where the WAN traffic goes through the X330WAN module out to an external firewall and/or VPN, and then enters the LAN.

Note: When connecting an external firewall/VPN to the Fast Ethernet port, disable the FabricFastEthernet interface using the shutdown command from within the interface FabricFastEthernet1 context, to prevent a direct flow of packets from the WAN to the LAN.

Note: The following example uses sample IP addresses for illustration only.

Figure 4.6 X330WAN with Security

Figure 4.6 illustrates the X330W-2DS1 implementation connected with an external Firewall/VPN. The X330W-2DS1 is connected to the WAN with an E1 link to port 1.

PPPencapsulation is configured over a Channel Group of 31 Time-slots (1-31). The “dirty” side of the external Firewall is connected to the X330W-2DS1 Fast Ethernet port, and the “clean” side is connected to the LAN. The X330W-2DS1’s FabricFastEthernet interface is disabled to prevent direct data flow from the WAN to the LAN.

Avaya X330WAN User’s Guide

43

Image 65

Avaya manual Configuring the X330WAN for use with an External Firewall, X330WAN with Security

Contents

Avaya X330WAN Page Contents Chapter Operational Concepts and Configuration Examples Chapter InstallationChapter Initial Configuration LOS Chapter Troubleshooting Chapter X330WAN CLI Commands Contents Contents Avaya X330WAN User’s Guide Vii Viii Avaya X330WAN User’s Guide Redistribute Router-OSPF context 193 Appendix C Standards and Compliance 233 Appendix a Interface Specifications 223Appendix B Embedded Web Manager 227 Appendix D How to Contact Us 239 Contents Xii Avaya X330WAN User’s Guide List of Tables List of Tables Xiv Avaya X330WAN User’s Guide List of Figures List of Figures Xvi Avaya X330WAN User’s Guide Objectives About This GuideAudience Conventions Preventing Toll Fraud General System InformationDocumentation Accuracy Important Safety Information Preface Avaya X330WAN User’s Guide Overview Introduction Layer 2 Features FeaturesLayer 1 Features Convergence Features Layer 3 Features Branch Office Connectivity to Headquarters Sample Applications Routing WAN AccessFunctional Concepts Overview Avaya X330WAN Network Management Command Line Interface CLISecurity Convergence Multiservice Network Manager Msnm Requirements and SpecificationsEnvironmental Specifications Avaya P330 Device Manager Embedded Web Power & Heat Dissipation Installation Safety Information Installation P330 Software Support for X330WAN Installing an X330WAN Module into an Avaya P330 Switch Power On Self Test LED Name Color Description LED Status X330W-2DS1 Front Panel and LEDs CON X330W-2USP Front Panel and LEDs Avaya P330 LEDs Avaya P330 Front Panel LED Indicators Connecting the E1/T1 WAN Ports Connecting the X330WANConnecting the USP Ports Connecting the Fast Ethernet 10/100Base-T Port Removing an X330WAN Module from an Avaya P330 Switch Establishing a Console Connection Configuring the X330WAN Establishing a Modem Connection Ppp authentication chapnonepapType async mode interactive For example telnet Establishing a Telnet Connection Configuring Fast Ethernet Interfaces Configuring Loopback Interfaces X330WAN-2USP-1super#interface FabricFastEthernet Configuring the FabricFast Ethernet Interface10.10.10.1 20.20.20.1 Configuring E1/T1 Interfaces Configuring the X330WAN PPP Frame Relay Configuring USP InterfacesCLI Interface Context Initial Configuration Use the show ip interface interface-name Saving Your Configuration X330WAN Default Settings DCD Function Default Setting Initial Configuration Avaya X330WAN User’s Guide Physical Interfaces Detailed Interface Concepts Layer 2 Virtual Interfaces T1 Port with PPP Encapsulation USP Port with PPP Encapsulation Enhanced Routing Capabilities Static Route Configuration Via interface Static Route Ospf Dynamic Cost Support Export Default Metric RIP Distribution Access Lists Fragmentation and Reassembly Connecting Branch Offices to Headquarters 10.168.24.1 10.87.56.110.68.10.1 10.23.10.1 10.34.45.1 X330WAN with Security Configuring the X330WAN for use with an External Firewall X330WAN-2DS1-1super#copy running-config startup-config Backup InterfacesX330WAN-2DS1-1super#interface FastEthernet X330WAN-2DS1-1super#interface FabricFastEthernet Backup Interfaces Priority Dlci Frame Relay Encapsulation Traffic Shaping and Marking Priority Queuing Policy Default Composite Operations Table Sets the name for the Policy list Creates/deletes a policy statementSets the owner for the Policy list Sets the Policy list cookie Specifies the action to be mapped to a Dscp Configures the trusted entityValue Sets the Dscp precedence Show ip composite-op Show ip active-access- groups Controlling Network Access to the X330WAN RTP Header Compression cRTP Ip rtp max-time QoS Implementation for PPP Encapsulation QoS and VoIP Treatment Data Mode VoIP Mode 10 PPP VoIP Configuration PPP VoIP Configuration Avaya X330WAN User’s Guide 11.11.11.1 1.1149.49.54.80 Queue-limit 1 X330WAN-2USP-1super-ifSerial1# Ip rtp port-range 2048 4.1 3.133.33.33.1 Speed Scenario 1 Traffic Shaping Frame Relay VoIP Configuration Configuration Example 1 for Site a Single VC Between Sites X330WAN-2USP-1super#map-class frame-relay voip Map-class configuration Voip Configuration Example 1 for Site B Single VC Between Sites Map-class configuration Scenario 2 Priority Dlci and Traffic Shaping Configuration Example 2 for Site a Two VCs Between Sites X330WAN-2USP-1super#map-class frame-relay data X330WAN-2USP-1super#ip default-gateway serialCir out Fragment Configuration Example 2 for Site B Two VCs Between Sites Group 16 VoIP Implementation with Definity Clan and Prowler 12 PPP VoIP Configuration with Definity 10.200.231.250 X330WAN-2DS1-1super#ip default-gateway Serial 10.200.231.251 149.49.47.1 X330WAN-2DS1-1super#ip route 10.200.231.0 24 serial Page Monitoring Traffic Troubleshooting Troubleshooting Handling E1/T1 Alarms For example LOF/RedCorrective Actions RAI/Yellow High BER/MajorAIS/Blue Corrective Action Using Loopbacks Troubleshooting X330W-2USP Local Line Loopback USP Loopback Troubleshooting Avaya X330WAN User’s Guide Introduction About the CLI X330WAN CLI Commands Mode/Context X330W-2DS1 Prompt X330W-2USP Prompt X330WAN CLI Prompts Banner login General Device CommandsBanner post-login No banner login Clear screen Copy running-config startup-configClear snmp trap Clear timezone Copy startup-config tftp Copy running-config tftpCopy running-config tftp filename ip Copy startup-config tftp filename ip Copy tftp startup-config filename ip Copy tftp startup-configCopy tftp EWarchive Copy tftp EWarchive filename ip Dir Copy tftp SWimage Field Description Output Fields Ds-mode e1t1 Ds-mode Erase startup-config Erase startup-configGet time Hostname Nvram initialize Line Banner login/post-login contextSuccessfully logged off Nvram initialize Set boot bank ResetReset Set boot bank value Set logout Set logout timeoutSet snmp trap Set snmp trap rcvraddr Set snmp trap auth Set snmp trap enable frame-relay Set system location Set snmp trap disable frame-relaySet system contact Set time protocol Set system nameSet time client Show banner login Show banner loginSet time server Set timezone Show copy status Show banner post-loginShow boot bank Show erase status Show dev log fileShow image version Show logout Show snmp Show running-configShow module-identity Show tftp download software status Show startup-configShow system Show time Show tftp download/upload statusShow time parameters Show time Sync time Show timezoneTech Terminal length Async mode interactive Console interface context Console RS232 Interface CLI CommandsAsync mode terminal Console interface context Async reset-modem Console interface context Ppp authentication papchapnone Ppp authentication Console interface contextInterface Console Speed Console context Timeout absolute Console interface context Fast Ethernet Interface CLI CommandsTimeout absolute time Autoneg FastEthernet interface context Interface FastEthernet X330WAN-2DS1-1configure#no interface FastEthernetDuplex FastEthernet interface context Speed FastEthernet interface context FabricFast Ethernet Interface CLI CommandsInterface FabricFastEthernet No interface FabricFastEthernet portvlan.ip-interface Cablelength long Controller context Controller CLI Commands X330WAN-2DS1 OnlyX330WAN-2DS1-1configure#interface FabricFastEthernet Cablelength short Controller context Channel-group Controller context Clock source Controller context Clear controller counters X330WAN-2DS1Clear controller counters controller number X330W-2DS1-1super#clear controller counters Controller No description desc Description Controller contextFdl Idle-character X330WAN-2DS1 Controller context Framing X330WAN-2DS1 Controller contextNo framing frame-type No idle-character flagsmarks Linecode Controller context Loopback local Controller context Loopback diag Controller contextLoopback diag Loopback local linepayload No loopback Controller context Loopback remote Controller contextNo channel group Controller context X330WAN-2DS1-1super#remote Reset-errored-ESF-data Remote Controller contextShow controllers Show controllers port Output Example for T1 Avaya X330WAN User’s Guide 127 128 Avaya X330WAN User’s Guide Backup delay Serial interface context Interface Serial CLI CommandsShow controllers remote Shutdown Controller context Backup delay 0 Backup interface Serial interface contextBackup interface Serial Clear ip rtp header-compression Description X330WAN-2USP Serial interface context Clear ip tcp header-compression PPP interfaceIdle-character X330WAN-2USP Serial interface context X330WAN-2USP-1super#clear ip tcp header-compression No ignore-dcd Ignore-dcd X330WAN-2USP Serial interface contextInterface Serial X330WAN-2DS1 Interface Serial Interface Serial X330WAN-2USPInterface Serial 13.1 point-to-point Interface Serial 1.1 point-to-point Load-interval Serial interface context Invert txclock X330WAN-2USPLoopback X330WAN-2USP Serial interface context No invert txclock Nrzi-encoding X330WAN-2USP Serial interface context Mtu Serial interface contextQueue-limit Serial interface context No nrzi-encoding Show ip rtp header-compression interface name Show ip rtp header-compression Show ip tcp header-compression Show ip rtp header-compression briefShow ip rtp header-compression brief interface name Show ip tcp header-compression interface name Show ip tcp header-compression brief interface name Show ip tcp header-compression brief No transmitter-delay number Transmitter-delay X330WAN-2USP Serial interface contextShow queueing Shutdown X330WAN-2USP Serial interface context Voip-queue Serial interface context Frame Relay Configuration CLI CommandsBc out Map-class context Be out Map-class context De-buffer-size Frame Relay Serial interface context Cir out Map-class contextClear frame-relay counters No encapsulation frame-relay type De pre-mark Map-class contextEncapsulation frame-relay Serial interface context Frame-relay class-dlci Serial sub-interface context Fragment Map-class contextFrame-relay interface-dlci Serial sub-interface context No fragment value Frame-relay lmi-n391dte Serial interface context Frame-relay lmi-type Serial interface contextNo frame-relay lmi-type lmi-type No frame-relay lmi-n391dte polling-counter Frame-relay lmi-n393dte Serial interface context Frame-relay lmi-n392dte Serial interface contextNo frame-relay lmi-n392dte threshold No frame-relay lmi-n393dte events 17 18 Frame-relay traffic-shaping Serial interface contextNo frame-relay traffic-shaping No keepalive Seconds Show frame-relay fragment Map-class frame-relayNo map-class frame-relay map-class-name X330WAN-2USP-1super#show frame-relay fragment Show frame-relay lmi Show frame-relay map Show frame-relay map Show frame-relay traffic Show frame-relay pvcShow frame-relay pvc brief Show map-class frame-relay PPP Configuration CLI CommandsIp tcp decompression-connections PPP interfaces Keepalive Serial interface context PPP encapsulation Ppp timeout retry Serial interface context Ppp timeout ncp Serial interface contextNo ppp timeout ncp Seconds No ppp timeout retry Seconds General Layer 2 Interface CLI Commands Loopback CLI CommandsInterface Loopback Bandwidth X330WAN-2USP Interface context Clear counters Default-metric Interface contextShow interfaces X330W-2USP-1super#clear counters Serial Output Example for X330W-2DS1 with PPP on both controllers 156 Avaya X330WAN User’s Guide Avaya X330WAN User’s Guide 157 158 Avaya X330WAN User’s Guide Avaya X330WAN User’s Guide 159 MTU Avaya X330WAN User’s Guide 161 CRC Snmp trap link-status No snmp trap link-status Arp timeout Layer 3 CLI CommandsRouter configure# arp 192.168.7.8 00400d8c2a01 No arp timeout seconds Clear fragment Clear arp-cacheFlush all ARP entries Flush ARP entries for a Vlan Clear ip traffic Clear ip route Default-metric Router-RIP Mode Default-metric Router-OSPF contextDistribution-list Router-RIP Mode No default-metric default metric No fragment chain chain-limit Fragment chainFabricFastEthernet No fragment timeout timeout Fragment timeoutFragment size No fragment size database-limit Ip bootp-dhcp network Interface context Ip admin-state Interface contextIp admin-state up/down Ip address Ip bootp-dhcp server Interface context Ip bootp-dhcp relayNo ip bootp-dhcp relay No ip bootp-dhcp server ip-address X330WAN-2DS1-1configure#ip bootp-dhcp server Ip default-gatewayIp broadcast-address Interface context Ip broadcast-address bc addr No ip directed-broadcast Ip distribution access-default-actionIp directed-broadcast Interface context Ip distribution access-list-cookie Ip distribution access-listIp distribution access-list policy-list-number Ip distribution access-list-cookie list-id cookie X330WAN-2DS1-1configure#ip distribution access-list-copy 1 Ip distribution access-list-copyIp distribution access-list-name Ip max-arp-entries Ip distribution access-list-ownerIp icmp-errors No ip netbios-rebroadcast direction Ip netbios-rebroadcast Interface contextIp max-route-entries No ip max-route-entries value No ip netmask-format mask-format Ip netmask-format Ip ospf cost Interface context Ip ospf authentication-key Interface context Ip ospf dead-interval Interface context Ip ospf hello-interval Interface Mode Ip proxy-arp Interface context Ip ospf priority Interface ModeIp ospf router-id Ip redirects Interface context Ip rip authentication key Interface context Ip rip default-route-mode Interface context Ip rip authentication mode Interface context Ip rip rip-version Interface context Ip rip poison-reverse Interface contextNo ip rip poison-reverse Ip rip rip-version Ip rip send-receive Interface context No ip rip send-receive-mode modedefault route metricIp rip split-horizon Interface context No ip rip split-horizon No ip routing Ip routeIp routing X330WAN-2DS1-1configure#ip routing-mode Rtprimarymgmt Ip routing-mode modeIp routing-mode Interface context Ip vrrp Interface context Ip vrrp auth-key Ip vrrp addressNo ip vrrp vr-idaddress ip-address No ip vrrp vr-idauth-key key-string Ip vrrp override addr owner X330WAN-2DS1-1configure#ip vrrp 1 override addr ownerIp vrrp preempt No ip vrrp vr-idoverride addr owner Ip vrrp priority Ip vrrp primaryNo ip vrrp vr-idprimary ip-address No ip vrrp vr-idpriority pri-value Area Ip vrrp timerNetwork Router-OSPF context Network Router-RIP context No ip distribution access-listNo ip distribution access-list access-list-number No redistribute protocol PingRedistribute Router-OSPF context Router ospf Redistribute Router-RIP contextRouter rip No router ospf Show fragment Router vrrpNo router vrrp Show fragment Show ip arp Show ip distribution access-listsShow ip distribution access-lists distribution-list-number Show ip interface Show ip icmp Show ip interface brief Show ip interface brief Show ip ospf database Show ip ospfShow ip ospf Show ip ospf database Show ip ospf interface interface-name Show ip ospf interfaceRouterospf# show ip ospf database Show ip protocols protocol Show ip ospf neighborShow ip protocols Number of bytes in the address to match Show ip reverse-arpMAC address Destination IP address Show ip routeShow ip route best-match Show ip route summary Show ip route static Show ip traffic Show ip traffic Show ip vrrp Show ip vrrp Show ip vrrp detail Show ip vrrp detail Timers spf Router-OSPF context Timers basic Router-RIP contextNo timers basic update invalid No timers spf spf-holdtime Ip access-default-action Policy CLI CommandsIp access-group Interface context Traceroute Ip access-list Ip access-list-copy Ip access-list-cookieIp access-list-cookie list-id cookie X330WAN-2DS1-1super#ip access-list-cookie 101 Ip access-list-dscp operation Ip access-list-dscp nameIp access-list-dscp precedence X330WAN-2DS1-1super#ip access-list-dscp name 101 16 special X330WAN-2DS1-1super#ip access-list-name 101 morning Ip access-list-dscp trustIp access-list-name X330WAN-2DS1-1super#ip access-list-owner 101 admin Ip access-list-ownerIp composite-op access Ip composite-op name X330WAN-2DS1-1configure#ip composite-op dscp 101 17Ip composite-op dscp Ip composite-op priority Ip composite-op notify 192.67.85.12 Ip simulate Interface context No ip composite-op Show ip access-groupSet qos policy-source Set qos policy-source source Show ip access-lists Show ip access-list-dscpX330WAN-2DS1-1configure#show ip access-group FastEthernet 1 X330WAN-2DS1-1configure#show ip access-list-dscp 101 Show ip access-list-summary Show ip access-lists detailsShow ip access-list-summary Show ip active-access-groups Show ip active-access-groupsShow ip composite-op Validate-group Interface context Error messages not displayed DTE Interface Specifications RTS+ Figure A.2 Avaya serial cable DTE X.21 Cable X330WAN RJ-45 Pin Name Terminal Modem DB-9 Pin DB-25 Pin Console Pin Assignments Windows 95 or NT Windows 98, ME, or System Requirements Running the Embedded Manager Figure B.1 The Welcome Figure B.2 Web-based Manager Installing the Java Plug-in Installing from your Local Web Site Installing from the Avaya Site Software Download Documentation and Online Help ITU-T # Description Ansi Standards ComplianceITU-T Standards Compliance RFC # RFC Standards Compliance Certification Description Nebs Standards ComplianceType Approval Standards Electromagnetic Standards Compliance EMC Safety Standards Compliance TBR13 Telecommunication Standards CompliancePage Country Local Dial-In Number United StatesEmea Europe, Middle East, and Africa Region UAE Cala Caribbean and Latin America Region AP Asia Pacific Region 242 Avaya X330WAN User’s Guide